Chapter 3 Flashcards by Unknown Unknown

The operating system performs all of the following tasks except
a. translates third-generation languages into machine language
b. assigns memory to applications
c. authorizes user access
d. schedules job processing

How well did you know this?

Not at all

Perfectly

Which of the following is considered an unintentional threat to the integrity of the
operating system?
a. a hacker gaining access to the system because of a security flaw
b. a hardware flaw that causes the system to crash
c. a virus that formats the hard drive
d. the systems programmer accessing individual user files

How well did you know this?

Not at all

Perfectly

A software program that replicates itself in areas of idle memory until the system fails is
called a
a. Trojan horse
b. worm
c. logic bomb
d. none of the above

How well did you know this?

Not at all

Perfectly

A software program that allows access to a system without going through the normal
logon procedures is called a
a. logic bomb
b. Trojan horse
c. worm
d. back door

How well did you know this?

Not at all

Perfectly

All of the following will reduce the exposure to computer viruses except
a. install antivirus software
b. install factory-sealed application software
c. assign and control user passwords
d. install public-domain software from reputable bulletin boards

How well did you know this?

Not at all

Perfectly

Hackers can disguise their message packets to look as if they came from an authorized
user and gain access to the host’s network using a technique called
a. spoofing.
b. spooling.
c. dual-homed.
d. Screening.

How well did you know this?

Not at all

Perfectly

Passwords are secret codes that users enter to gain access to systems. Security can be
compromised by all of the following except
a. failure to change passwords on a regular basis
b. using obscure passwords unknown to others
c. recording passwords in obvious places
d. selecting passwords that can be easily detected by computer criminals

How well did you know this?

Not at all

Perfectly

Which control will not reduce the likelihood of data loss due to a line error?
a. echo check
b. Encryption
c. vertical parity bit
d. horizontal parity bit

How well did you know this?

Not at all

Perfectly

Which method will render useless data captured by unauthorized receivers?
a. echo check
b. parity bit
c. public key encryption
d. message sequencing

How well did you know this?

Not at all

Perfectly

Which method is most likely to detect unauthorized access to the system?
a. message transaction log
b. data encryption standard
c. vertical parity check
d. request-response technique

How well did you know this?

Not at all

Perfectly

All of the following techniques are used to validate electronic data interchange
transactions except
a. value added networks can compare passwords to a valid customer
b. prior to converting the message, the translation software of the rec password against
a validation file in the firm’s database
c. the recipient’s application software can validate the password PRIOR
d. the recipient’s application software can validate the password AFTER

How well did you know this?

Not at all

Perfectly

All of the following tests of controls will provide evidence that adequate computer virus
control techniques are in place and functioning except
a. verifying that only authorized software is used on company computers
b. reviewing system maintenance records
c. confirming that antivirus software is in use
d. examining the password policy including a review of the authority table

How well did you know this?

Not at all

Perfectly

Audit objectives for communications controls include all of the following except
a. detection and correction of message loss due to equipment failure
b. prevention and detection of illegal access to communication channels
c. procedures that render intercepted messages useless
d. all of the above

How well did you know this?

Not at all

Perfectly

When auditors examine and test the call-back feature, they are testing which audit
objective?
a. incompatible functions have been segregated
b. application programs are protected from unauthorized access
c. physical security measures are adequate to protect the organization
d. illegal access to the system is prevented and detected

How well did you know this?

Not at all

Perfectly

In an electronic data interchange (EDI) environment, when the auditor compares the
terms of the trading partner agreement against the access privileges stated in the
database authority table, the auditor is testing which audit objective?
a. all EDI transactions are authorized
b. unauthorized trading partners cannot gain access to database reco
c. authorized trading partners have access only to approved data
d. a complete audit trail is maintained

How well did you know this?

Not at all

Perfectly

In determining whether a system is adequately protected from attacks by computer
viruses, all of the following policies are relevant except
a. the policy on the purchase of software only from reputable vendors
b. the policy that all software upgrades are checked for viruses before
c. the policy that current versions of antivirus software should be ava
d. the policy that permits users to take files home to work on them

How well did you know this?

Not at all

Perfectly

In an electronic data interchange environment, customers routinely

a. access the vendor’s accounts receivable file with read/write author
b. access the vendor’s price list file with read/write authority
c. access the vendor’s inventory file with read-only authority
d. access the vendor’s open purchase order file with read-only authori

How well did you know this?

Not at all

Perfectly

In an electronic data interchange environment, the audit trail
a. is a printout of all incoming and outgoing transactions
b. is an electronic log of all transactions received, translated, and processed by
the system
c. is a computer resource authority table
d. consists of pointers and indexes within the database

How well did you know this?

Not at all

Perfectly

All of the following are designed to control exposuresfrom subversive threats except
a. Firewalls
b. one-time passwords
c. field interrogation
d. data encryption

How well did you know this?

Not at all

Perfectly

Many techniques exist to reduce the likelihood and effects of data communication
hardware failure. One of these is
a. hardware access procedures
b. antivirus software
c. parity checks
d. data encryption

How well did you know this?

Not at all

Perfectly

Which of the following deal with transaction legitimacy?
a. transaction authorization and validation
b. access controls
c. EDI audit trail
d. all of the above

How well did you know this?

Not at all

Perfectly

Firewalls are
a. special materials used to insulate computer facilities
b. a system that enforces access control between two networks
c. special software used to screen Internet access
d. none of the above

How well did you know this?

Not at all

Perfectly

Which of the following is true?
a. Deep Packet Inspection uses a variety of analytical and statistical techniques to
evaluate the contents of message packets.
b. An Intrusion prevention system works in parallel with a firewall at t filer that removes
malicious packets from the flow before they can
c. A distributed denial of service attack is so named because it is cap simultaneously
who are distributed across the internet.
d. None of the above are true statements.

How well did you know this?

Not at all

Perfectly

A system of computers that connects the internal users of an organization that is
distributed over a wide geographic area is a(n)
a. LAN
b. decentralized network
c. multidrop network
d. Intranet

How well did you know this?

Not at all

Perfectly

Network protocols fulfill all of the following objectives except a. facilitate physical connection between network devices b. provide a basis for error checking and measuring network performance c. promote compatibility among network devices d. result in inflexible standards

To physically connect a workstation to a LAN requires a a. file server b. network interface card c. multiplexer d. bridge

Packet switching a. is used to establish temporary connections between network devices for the duration of a communication session. b.is a denial of service technique that disassembles various incoming messages to targeted users into small packages and then reassembles them in random order to create a useless garbled message. c. combines the messages of multiple users into one packet for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users. d. is a method for partitioning a database into packets for easy access where no identifiable primary user exists in the organization

A virtual private network: a.is a private network within a public network. b.is an expensive zippie de doo dah c.is an Internet facility that links user sites locally and around the world. d.is a password-controlled network for private users rather than the general public. e.defines the path to a facility or file on the web

An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an) a.utility system. b.object system. c.operating system. d.database management system. e.facility system

A user's application may consist of several modules stored in separate memory locations, each with its own data. One module must not be allowed to destroy or corrupt another module. This is an objective of a.data resource controls b.application controls c.operating system controls d.computer center and security controls

Network protocols fulfill all of the following objectives except a.provide a basis for error checking and measuring network performance b.facilitate physical connection between network devices c.promote compatibility among network devices d.result in inflexible standards

In a star topology, when the central site fails a.individual workstations can communicate with each other b.the functions of the central site are taken over by a designated workstation c.individual workstations can function locally but cannot communicate with other workstations d.individual workstations cannot function locally and cannot communicate with other workstations

Which method will render useless any data captured by unauthorized receivers? a.parity bit b.echo check c.message sequencing d.public key encryption

Audit objectives for communications controls include which of the following? a.detection and correction of message loss due to equipment failure b.procedures that render intercepted messages useless c.prevention and detection of illegal access to communication channels d.all of the other listed items are valid audit objectives regarding communications controls

An IP Address: unauthorized a.is represented by a 64-bit data packet. b.is the destination of an internet pumpkin toss c.is the unique address that every computer node and host attached to the Internet must have. d.defines the path to a facility or file on the web. e.is the address of the protocol rules and standards that governing the design of internet hardware and software.

To physically connect a workstation to a LAN requires a a.network interface card b.multiplexor c.file server d.wire e.bridge

All of the following techniques are used to validate electronic data interchange transactions except a.value added networks can compare passwords to a valid customer file before message transmission b.prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database c.the recipient's application software can validate the password after the transaction has been processed d.the recipient's application software can validate the password prior to processing

Which method is most likely to detect unauthorized access to the system? a.message transaction log b.data encryption standard c.vertical parity check d.request-response technique

Firewalls are a.a system that enforces access control into/from a private network b.special software used to screen Internet access c.none of the other items is correct d.special materials used to insulate computer facilities

Which of the following statements is correct? TCP/IP a.is the file format used to produce Web pages. b.controls Web browsers that access the WWW. c.is a low-level encryption scheme used to secure transmissions in HTTP format d.is the basic protocol that permits communication between Internet sites

All of the following are objectives of operating system control except a.protecting users from themselves b.protecting the environment from users c.protecting the OS from users d.protecting users from each other

In a ring topology a.the network consists of a central computer which manages all communications between nodes b.all nodes are of equal status; responsibility for managing communications is distributed among the nodes c.has a host computer connected to several levels of subordinate computers d.information processing units rarely communicate with each other

To ensure privacy in a public key encryption system, knowledge of which of the following keys is required to decode the received message? I. Private II. Public a.I b.Neither I nor II c.Both I and II d.II

Which of the following is an indication that a computer virus is present? a. Frequent power surges that harm computer equipment. b. Numerous copyright violations due to unauthorized use of purchased software. c. Unexplainable losses of or changes to data. d. Inadequate backup, recovery, and contingency plans

The encryption technique that requires two keys, a public key that is available to anyone for encrypting messages and a private key that is known only to the recipient for decrypting messages, is a.Advanced encryption standard (AES). b.A cypher lock. c.Modulator-demodulator. d.Rivest, Shamir, and Adelman (RSA).

An organization installed antivirus software on all its personal computers. The software was designed to prevent initial infections, stop replication attempts, detect infections after their occurrence, mark affected system components, and remove viruses from infected components. The major risk in relying on antivirus software is that antivirus software may a. Consume too many system resources. b. Make software installation overly complex. c. Interfere with system operations. d. Not detect certain viruses.

An insurance firm uses a wide area network (WAN) to allow agents away from the home office to obtain current rates and client information and to submit approved claims using notebook computers and dial-in modems. In this situation, which of the following methods will provide the best data security? a. End-to-end data encryption. b. Dedicated phone lines. c. Call-back features. d. Frequent changes of user IDs and passwords.

Managers at a consumer products company purchased personal computer software only from recognized vendors and prohibited employees from installing nonauthorized software on their personal computers. To minimize the likelihood of computer viruses infecting any of its systems, the company should also a. Institute program change control procedures. b. Recompile infected programs from source code backups. c. Test all new software on a stand-alone personal computer. d. Restore infected systems with authorized version

A control feature designed to negate the use of utility programs to read files that contain all authorized access user codes for the network is a. A password hierarchy. b. Internally encrypted passwords. c. Logon passwords. d. A peer-to-peer network.

The telecommunication control of dial-up/disconnect/dial-back can be circumvented by using a. Encryption algorithms. b. Dedicated line technology. c. High baud rate lines. d. Automatic call forwarding

What do you call a system of computers that connects the internal users of an organization that is distributed over a wide geographic area? a.multidrop network b.LAN c.decentralized network d.Intranet

HTML a. is used to transfer text files, programs, spreadsheets, and databases across the Internet. b. is used to connect to Usenet groups on the Internet. controls Web browsers that access the Web. c. is a low-level encryption scheme used to secure transmissions in higher-level format. d. is the document format used to produce Web pages.

FTP a. is used to transfer text files, programs, spreadsheets, and databases across the Internet. b. is used to connect to Usenet groups on the Internet. controls Web browsers that access the Web. c. is a low-level encryption scheme used to secure transmissions in higher-level () format. d. is the document format used to produce Web pages.

Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, is a. IP Spoofing. b. a smurf attack. c. a ping attack. d. an ACK echo attack e. none of the other listed items

D Correct Answer: Denial of service attacks

All of the following are designed to control exposures from subversive threats except a. deep packet inspection b. data encryption c. firewalls d. field interrogation

HTTP a. is used to transfer text files, programs, spreadsheets, and databases across the Internet. format. b. is a low-level encryption scheme used to secure transmissions in higher-level () c. is the document format used to produce Web pages. d. controls Web browsers that access the Web. e. is used to connect to Usenet groups on the Internet

Which control will not reduce the likelihood of data loss due to a line error? a. vertical parity bit b. horizontal parity bit c. echo check d. encryption

Audit trails cannot be used to a. detect unauthorized access to systems b. facilitate reconstruction of events c. reduce the need for other forms of security d. promote personal accountability

A distributed denial of service attack a. turns the target victim's computers into zombies that are unable to access the Internet b. none of the other items makes any sense c. is so named because it effects many victims simultaneously, which are distributed across the internet d. is more intensive that a Dos attack because it emanates from single source e. may take the form of either a SYN flood or smurf attack

Which of the following statements is correct? The client-server model a. is most effective used with a bus topology. b. is more efficient than the bus or ring topologies. c. distributes processing between the user's computer and the central file server. d. is best suited to the token-ring topology because the random-access method used e. by this model detects data collisions.

C. Another acceptable answer: distributes both data and processing tasks to the server‟s node.

An equipment manufacturer maintains a secure website for access to its order-entry system for the convenience of its pre-approved customers worldwide so they may order parts. Because of the cost and sensitive nature of certain electronic parts, the manufacturer maintains secure access to its order-entry system. The best technique for monitoring the security of access is a. Integrated test facility for the order-entry system. b. Logging of unsuccessful access attempts. c. Tracing of transactions through the order-entry system. d. Transaction selection of order-entry transactions.

In an electronic data interchange environment, the audit trail a. is a printout of all incoming and outgoing transactions b. is a computer resource authority table consists of pointers and indexes within the database c. is very, very long d. is an electronic log of all transactions received, translated, and processed by the system

Which of the following might be used to secretly capture IDs and passwords from users? a. Trojan horse b. virus c. logic bomb d. worm

All of the following will reduce the exposure to computer viruses except a. install factory-sealed application software b. install public-domain software from reputable bulletin boards c. assign and control user passwords d. install antivirus software

Audit objectives in the electronic data interchange (EDI) environment include all of the following except a. unauthorized trading partners cannot gain access to database records b. complete audit trail of EDI transactions is maintained c. backup procedures are in place and functioning properly d. all EDI transactions are authorized

When auditors examine and test the call-back feature, they are testing which audit objective? a. application programs are protected from unauthorized access b. incompatible functions have been segregated c. physical security measures are adequate to protect the organization from natural disaster d. illegal access to the system is prevented and detected

A message that is made to look as though it is coming from a trusted source but is not is called a. a denial of service attack b. URL masquerading c. digital signature forging d. Internet protocol spoofing

In an electronic data interchange environment, customers routinely access a. none of the other listed items b. the vendor's open purchase order file c. the vendor's accounts payable file d. the vendor's price list file

An Internet firewall is designed to provide adequate protection against which of the following a. Unauthenticated logins from outside users. b. A computer virus. c. A Trojan horse application. d. Insider leaking of confidential information.

A software program that allows access to a system without going through the normal logon procedures is called a a. logic bomb b. worm c. Trojan horse d. trap door e. back door

Which of the following deal with transaction legitimacy in an EDI environment a. access controls b. EDI audit trail c. all of the other listed items d. transaction authorization and validation

An attack where outgoing messages from the client are reflected back onto the client, preventing outside access, as well as flooding the client with the sent packets is know as a(n) a. reflected attack b. unintentional attack c. brute force attack d. buffer overflow attack e. spamming attack f. packet replay g. trap door attack h. banana attack

Personal computers generally configured with minimal hardware features with the intent being that most processing occurs at the server level using software are know as a. LAN computers b. WAN computers c. thin client computers d. PDA processors e. laptop computers f. mainframe computers g. high end computers

If you were maintaining your company's data on a series of connected storage devices and servers, you would be using what is best described as a(n) a. PDN b. MAN c. PAN d. SAN e. WAN f. LAN

Wireless access presents a number of exposures and risks. Which of the following would not be considered one of those exposures or risks? a. loss of data b. misuse of devices c. disclosure of sensitive information d. loss of device e. user authentication f. brain cancer g. data collisions

An executable, machine-independent software program run on the server that can be called and executed by a web server is called a(n) a. cookie b. bookmark c. script d. apple e. servlet f. botnet g. server

If you were using a system where processing may take place on different machines with each processing component being mutually dependent on the others, you would be using which of the following network architectures? a. distributed data processing architecture b. star architecture c. centralized data processing architecture d. DHCP architecture e. client server architecture f. wireless architecture g. LAN architecture

The use of digital tools in pursuit of nonviolent political gains is called a. hactivism b. scrip kiddies c. heroic d. crackers e. hackers

If your company has an automated communication channel that acts in response to receipt of a stream of data, the company may be vulnerable to which of the following types of attack a. War dialing attack b. unintentional attack c. packet replay d. reflected attack e. banana attack f. spamming attack g. trap door attack

Bluetooth is the most dominant form of which of the following technologies? a. WPANs b. LANs c. All of the other items are d. capable of wireless configurations e. ad hoc networks f. WANs

If there are inadequate protection mechanisms in place for peer-to-peer connections, the major risk involved would be a. infection by trojan horses b. infection by a virus c. peer access to sensitive data d. IP spoofing e. flipping f. eavesdropping

If you wanted to build a computer system to predict hurricanes, which type of computer would you use? a. laptop b. smartphone c. supercomputer d. server e. personal computer f. mainframe

One advantage of network technology is a. a single universal topology facilitates the transfer of data among all networks b. bridges and gateways connect one workstation with another workstation c. the network interface card permits different networks to share data d. file servers permit software and data to be shared with other network users E. file servers permit software and data to be shared with other network users

Which of the following is not a test of access controls? a. biometric controls b. encryption controls c. backup controls d. inference controls

A star topology is appropriate a. when the central database does not have to be concurrent with the nodes b. for a wide area network with a mainframe for a central computer c. for environments where network nodes routinely communicate with each other d. for centralized databases only for a wide area network with a mainframe for a central computer

Which one of the following statements is correct? a. Cookies always contain encrypted data. b. Web browsers cannot function without cookies. c. Cookies contain the URLs of sites visited by the user. d. Cookies are text files and never contain encrypted data

Which is not a biometric device? a. password b. retina prints c. voice prints d. signature characteristics

Which of the following statements is correct? a. Packet switching combines the messages of multiple users into a "packet" for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users. b. The decision to partition a database assumes that no identifiable primary user exists in the organization. c. Packet switching is used to establish temporary connections between network devices for the duration of a communication session. d. A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users

A digital signature is a. the encrypted mathematical value of the message sender's name b. derived from the digest of a document that has been encrypted with the sender's private key c. the computed digest of the sender's digital certificate d. allows digital messages to be sent over analog telephone lines

Which topology has a large central computer with direct connections to a periphery of smaller computers? Also in this topology, the central computer manages and controls data communications among the network nodes. a. star topology b. bus topology c. ring topology d. client/server topology

A ping signal is used to initiate a. a smurf attack. b. Internet protocol spoofing. c. digital signature forging d. URL masquerading e.a SYN-ACK Packet

Chapter 3 Flashcards

(93 cards)