section 4C Flashcards
(126 cards)
A ____uniquely identifies the sender of an electronic message
A valid digital signature does not verify the identity of the private key’s owner. It only proves that the message was sent by the owner of the private key T/F
Employees are often identified by something they possess, such as an ID card. T/F
……Their disadvantage: They can be lost, stolen, or given away.
Since no single authentication method is foolproof, multi-factor authentication, such as requiring a smart card and a password, provides much stronger authentication than either method alone T/F
digital signature
true
True
True
True
Biometric devices would not able to adapt to slight personal changes, such as bloodshot eyes. T/F
They may allow access to unauthorized people. T/F
The biometric templates (the digital representation of an individual's fingerprints or voice) must be stored. Any compromise would not create an issue.
False -yes it can
True – malfunctions happen
False - Any compromise of those templates would cause serious problems for people.
Which of the following security controls would best prevent unauthorized access to sensitive data via an unattended data terminal directly connected to a mainframe?
Use of a screen saver with a password
Prevention of booting from a diskette by removing the diskette drive
Encryption of data files
Automatic log-off of inactive users
Automatic log-off of inactive users
Automatic log-off of inactive data terminals may prevent the viewing of sensitive data on an unattended data terminal.
Screen savers do not prevent the viewing of data on an unattended data terminal.
Data terminals do not have diskette drives.
Encryption of data files will not prevent the viewing of data on an unattended data terminal.
In traditional information systems, computer operators are generally responsible for backing up software and data files on a regular basis. In distributed or cooperative systems, ensuring that adequate backups are taken is the responsibility of PROGRAMMERS
RANDOM
___ means providing the ability for a firm to engage in continuous operation. A ____plan would incorporate more than a disaster recovery plan, which only deals with recovery (and continuity) of the computer processing capability of the organization.
False - it is user management
Business continuity
Backup files can be transported to the remote site in two ways
1. Physically (mail,etc)
2. Electronic Vaulting. Two ways to do this.
…..a. ___ approach - company slectronically sends items to be backed up
…..b ___ pull approach – electronic vault service installs its software on the company computers and automatically backs up the data
To protect data privacy, all data should be \_\_\_before being transmitted.
Push
Pull
encrypted
Batch processing files are backed up using the ___
When a master file is updated, a new master file is created.
A destroyed master file can be recreated using prior generations of the master file and the appropriate transaction file.
For example, if Wednesday’s master file is destroyed it could be recreated using Tuesday’s master file and Wednesday’s transaction file.
If Tuesday’s master file was also destroyed, it could be recreated using Monday’s master file and Tuesday’s transaction file.
grandfather-father-son concept.
Online databases are also backed up.
- a ___ is created when a copy of the database in the point in time is made.
- The checkpoint data is stored on a separate storage medium. T/F
- A database is re-created from the last check point t/f
check point
true
true
A critical aspect of a disaster recovery plan is to be able to regain operational capability as soon as possible. In order to accomplish this, an organization can have an arrangement with its computer hardware vendor to have a fully operational facility available that is configured to the user’s specific needs. This is best known as a cold site
false -a hot site
A hot site is a completely operational data processing facility configured to meet the user’s requirements that can be made available to a disaster-stricken organization on short notice.
A cold site is a location that provides everything necessary to quickly install computer equipment in the event of a disaster striking an organization.
A ____site is a location that provides everything necessary to quickly install computer equipment in the event of a disaster striking an organization.
A ___site is a completely operational data processing facility configured to meet the user’s requirements that can be made available to a disaster-stricken organization on short notice.
Cold
Hot
Which of the following statements does not describe how routers control the flow of information on the internet?
Data is divided into packets and transmitted to recreate the original message or data.
Every internet protocol packet contains two parts: a header and a body.
The router reads the destination address in the IP body to determine where it is to be sent.
A border router connects the information system to the internet.
The router reads the destination address in the IP body to determine where it is to be sent
A router reads the destination address in the header (not the body) to determine where the information is to be sent.
A company’s management is aware that it cannot foresee every contingency even with the best planning. Management believes, however, that a more thorough recovery plan increases the ability to resume operations quickly after an interruption and thus to:
maintain the same level of employment.
minimize the cost of facility repair.
fulfill its obligations to customers.
receive the maximum benefit from planning.
fulfill its obligations to customers.
The better the recovery plans, the more likely the company would be to resume operations quickly and fulfill its obligations to customers.
Thorough planning may or may not minimize the cost of facility repair, i.e., the best approach may be to undergo more expensive repair sooner in order to resume operations sooner.
Which of the following risks is more likely to be encountered in an end-user computing (EUC) environment as compared to a mainframe computer system?
Inability to afford adequate uninterruptible power supply systems
User input screens without a graphical user interface (GUI)
Applications that are difficult to integrate with other information systems
Lack of adequate utility programs
Applications that are difficult to integrate with other information systems
Applications that are difficult to integrate with other information systems are a risk that is considered unique to end-user computer (EUC) system development.
Which of the following describes the primary purpose of a disaster recovery plan?
To document how data will be backed up to expedite recovery
To document the location of off-site replacement facilities
To test how well prepared the company is to recover data
To specify the steps required to resume operations
To specify the steps required to resume operations
The primary purpose of a disaster recovery plan is to specify the steps required to efficiently and effectively restore/resume data processing operations when there is a disaster
PC hard drives can be backed up on CDs, diskettes, and tape files. T/F
The company should periodically practice restoring a system from the backup data so employees know how to quickly restart the system if a failure occurs. T/F
True
true
The performance audit report of an information technology department indicated that the department lacked a disaster recovery plan. Which of the following steps should management take first to correct this condition?
Bulletproof the information security architecture
Designate a hot site
Designate a cold site
Prepare a statement of responsibilities for tasks included in a disaster recovery plan
Prepare a statement of responsibilities for tasks included in a disaster recovery plan
Disaster Recovery Plans Include
Setting ___priorities
Providing the necessary ___
Providing for backup computer and telecommunications facilities T/F
Having procedures for periodic ___ and ___
Complete ___of the process
recovery insurances true testing and revision documentation
Greater reliance of management on information systems increases the exposure to:
unauthorized third-party access to systems.
systematic programming errors.
inadequate knowledge bases.
business interruption.
Biz interruption
Greater reliance of management on information systems increases the exposure to business interruption. As management relies more on information systems for crucial functions, system failures have the potential to interrupt business.
A company has a significant e-commerce presence and self-hosts its website. To assure continuity in the event of a natural disaster, the firm should adopt which of the following strategies?
Back up the server database daily
Store records off-site
Purchase and implement RAID technology
Establish an off-site mirrored web server
Establish an off-site mirrored web server
A natural disaster could destroy the onsite web server as well as any backup server at the same location. A disaster could also destroy communications channels to that site. A second identical server (a mirror) with separate communications channels located remotely would facilitate continuity in a disaster.
A new accounts receivable clerk, working for a wholesaler, noticed that a customer had apparently changed addresses. The clerk had accessed the customer’s computer file and revised all addresses. One week later the customer complained that goods were being sent to the wrong address. The primary control to prevent this occurrence is TRAINING ON DATA ENTRY
False - It is database security
The primary control to prevent someone from accessing the customer’s computer file and revising all addresses is database security. Proper security would prevent changes by an accounts receivable clerk.
All of the following are classifications of controls used to make systems more secure except:
nonphysical access controls.
segregation of system duties.
logical access controls.
internet and telecommunications controls.
nonphysical access controls.
Nonphysical access controls are not one of the five classifications of controls used to make systems more secure.
The five classifications of controls used to make systems more secure are:
segregation of duties
, physical access controls,
logical access controls,
personal computers and client/server network protection,
internet and telecommunications controls.
During the process of electronically transmitting data, which of the following IT controls would provide the most assurance that unauthorized disclosure of sensitive information would be prevented?
Encryption
Restricted access
A strongly worded confidentiality warning
Separate transmission of the data file and its password
encryption
Encryption provides the most assurance that unauthorized disclosure of sensitive information is prevented. Encryption is transforming data, called plaintext, into unreadable gibberish, called ciphertext. Decryption reverses this process, transforming ciphertext back into plaintext.
A digital signature is used primarily to determine that a message is:
unaltered in transmission.
not intercepted en route.
received by the intended recipient.
sent to the correct address.
unaltered
A digital signature allows the creator of a message to digitally “sign” the data and provides proof of authorization. Because a digital signature cannot be altered, it allows the recipient to determine that a message has been unaltered in transmission.
SOC 2: Report on Controls at a Service Organization Relevant to: CAPS ….CAPS SOC (Suck)
Confidentiality
Availability
Processing Integrity
Security