Info Systems Exam 2

Question 1

Computer security, cybersecurity or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

Answer 1

Cyber Security

Question 2

Bad things happen online

Answer 2

Spyware SPAM Vishing
Adware Phishing Smishing
Malware Pharming Spear Phishing

Question 3

Hackers are not all the same

Answer 3

Script Kiddies
Sophisticated Networks
White Hats
Criminal Organizations
Black Hats
Government Sponsored

Question 4

Happens to Everyone

Answer 4

The question is not “Have we been hacked”
The right question is “To what extent have we been hacked, and how vulnerable are we going forward.”
How do we respond / position ourselves. PR.

Question 5

You can not protect against all attacks…
You should still protect yourself from attacks.

Make sure you are a difficult target.

Answer 5

Target hardening

Question 6

Ways to Cause Issues - warez

Answer 6

Sniffing AirSnort

Spoofing Altering Packet Headers

Question 7

Attacks - Offense

Answer 7

DoS
DDoS
Cain and Abel (Man in the middle)
Commonly associated with hotels
Brute Force Attack

Question 8

Attacks - Offense 2

Answer 8

Viruses Blended
Worms Logic Bombs
Trojan Horses Ransomware
Social Engineering Backdoors
SQL Injection

Question 9

Segments - where

Answer 9

network
drive
app or OS

Question 10

Segments - How

Answer 10

social engineering
technology- 0s and 1s
Policies- Exploits

Question 11

Segments - What happens

Answer 11

reveal secrets
Change data
Prevent Access

Question 12

Some Things To Do - Defense

Answer 12

Biometrics - fingerprints / eye scans / gait / size
Mantraps - think airlock - 2 doors, 1 at a time
Firewalls - so many meanings
Intrusion Detection Systems - IDS
“Air Gap” - talk about stuxnet

Question 13

Defense

Answer 13

Policies and Procedures
Audit and test

User Training
Recurring and everyone

Question 14

Honeypot - Defense

Answer 14

A honeypot is setup to detect, and then mitigate attacks.
Think of fake email accounts used on common sites to see if they start to receive attacks after visiting a potentially dangerous site.

Question 15

Password Policies

Answer 15

Complexity / Length / Strength
Frequency of change
Proper care for Passwords - KeePass

Question 16

you are who you claim to be

Answer 16

Authentication

Question 17

you have access some things

Answer 17

Authorization

Question 18

e-Commerce Three step process:

Answer 18

Authentication - validates identity
Confirmation - sender gets a receipt
Non Repudiation - no backing out of the deal

Question 19

Return to previous state

Answer 19

Disaster Recovery

Question 20

Keep going forward

Answer 20

Business Continuity
Backups Cold Swap
Hot Swap SneakerNet

Question 21

is a set of one or more fields/columns that can identify a record uniquely in a table. There can be multiple ___ Keys in one table. Each ____ Key could work as the Primary Key.

Answer 21

Candidate Key

Question 22

s a set of one or more fields/columns of a table that uniquely identify a record in database table. It can not accept null as a value. No duplicate values.

Answer 22

Primary Key

Question 23

is a key that can be work as a primary key. Basically it is a candidate key that currently is not defined as the primary key.

Answer 23

Alternate / Alternative Key

Question 24

is a combination of more than one fields/columns of a table. Any of the other keys can be a ____ key simply by including multiple fields.

Answer 24

Composite / Compound Key

Question 25

is a set of one or more fields/columns of a table that uniquely identify a record in database table. It is like Primary key but it can accept only one null value and it can not have duplicate values.

Answer 25

Unique Key

Question 26

is a field (or set of fields) in a database table that is the primary key in another table. It can accept multiple null, duplicate values.

Answer 26

Foreign Key

Question 27

Any key that is comprised of data that exists in the real world - not system generated.

Answer 27

Natural Key

Question 28

A system generated key. Typically incremented integers…. 1 2 3 4

Answer 28

Surrogate or Artificial Key

Question 29

UUID and GUID

Answer 29

Universal Unique Identifier Globally Unique Identifier - MS’s UUID

Question 30

Issues around data

Answer 30

Legal What the government cares about Professional Organizations and compliance Ethical Balancing costs and benefits Standards Many different levels Personal What do you care about? Guidance Pythonic, for example

Question 31

All kinds of language

Answer 31

EULA Acceptable Usage Policies Good Actor Policies Policies and Procedures - operations - NOCs Non Repudiation - No opting out

Question 32

Compliance / Standards

Answer 32

PCI - PCI DSS: Payment Card Information Data Security Standard SAS 70 → SSAE 16: Auditing and reporting standards for service organizations

Question 33

NDA

Answer 33

Non Disclosure Agreements

Question 34

Non Competes -

Answer 34

Limited Time Limited Market - Geography Limited Market - Business Segment

Question 35

SLA

Answer 35

Service Level Agreement We will try very hard to meet an agreed to standard

Question 36

SLO

Answer 36

Service Level Objective We will deliver on the standard or we will pay a penalty

Question 37

SLI

Answer 37

Service Level Indicator We will measure ____ to see if we are in compliance

Question 38

IP - Not just an address

Answer 38

Intellectual Property - who owns the code and what can they do with it? What can you patent?

Question 39

Globalization - The World Is Flat

Answer 39

Friedman defines 10 “Flatteners”: Outsourcing Informing Supply Chaining Offshoring Nearshoring Workflow Insourcing Uploading Netscape

Question 40

The Dangers of Consulting

Answer 40

Partnering and clear divisions of responsibility can be very useful - they can also lead to something called “The clay layer”, as demonstrated in the video below.

Question 41

Sharing browsing history / viewing data among many major sites provides for analytics and tailored advertisements. You can see this: Browse “porter cable air compressors” on Amazon and see how long it takes to show up on other sites you visit.

Answer 41

Tracking

Question 42

A simple idea that snowballs into massive data capture and marketing. Small amount of data stored locally on the client browser between sessions. Browsers can remember things - so nice.

Answer 42

Cookies

Question 43

A way to understand a sequence of website requests as a single context. Connecting data across multiple requests, so they can provide a unified experience for the end user.

Answer 43

Session

Question 44

A record of each request made to a server. It ends up looking just like a database table

Answer 44

Log Files

Question 45

Moving data from one location to another

Answer 45

Data Communication

Question 46

Bandwidth

Answer 46

Broadband - multiple signals at once, reassembled at the other end Narrowband - ordered, much smaller capacity

Question 47

As the communication travels further, it loses signal strength

Answer 47

Attenuation:

Question 48

Used to connect to the network - mostly built into routers.

Answer 48

Modem:

Question 49

very simple devices - not sophisticated

Answer 49

Hubs

Question 50

smarter than hubs, same thing

Answer 50

Switches

Question 51

Knows about other networks

Answer 51

Routers -

Question 52

Manages connection to your ISP (most corporate routers do this)

Answer 52

Modems

Question 53

Types of connection

Answer 53

From a Book - Conducted - physical connections STP / UTP / Coaxial / Fiber (Fiber Optic) Radiated - wireless Frequency ranges / Microwave / Satellite

Question 54

how will the “handshake” be defined? What are you expecting the messages to look like? What is the agreed upon sequence of things?

Answer 54

Protocols

Question 55

Running Out of Addresses

Answer 55

NIC - Network Interface Card IP Addresses vs MAC addresses IPv4 - IPv6 LAN / MAN / WAN

Question 56

The dominant model is called 3-Tier or N-Tier N-Tier means there can be many, many layers

Answer 56

Client Server

Question 57

Wiring & Convergence

Answer 57

RJ-11 - 4 wires - voice RJ-45 - 8 wires - data - A quick walkthrough Cat5 / Cat5e / Cat6 different kinds of network cables LINK Convergence - single cable, all the data!

Question 58

Where it started

Answer 58

1969 - ARPNET - US Defense Department 1980’s - The Internet 1989 - The World Wide Web 1992 - First visual web browser

Question 59

The Basic Building Blocks: Internet vs The Web

Answer 59

Internet = Connected computers The Web = Connected documents

Question 60

The Basic Building Blocks

Answer 60

The Backbone - Core connections HTML - a standard format / language Search - A way to find “things”

Question 61

.com / .org / .net / .mil / .edu Now it is the wild west - so many TLD

Answer 61

TLD - Top Level Domains