Deck 16: IT Controls : Security and Access

A) a hacker gaining access to the system because of a security flaw
B) a hardware flaw that causes the system to crash
C) a virus that formats the hard drive
D) the systems programmer accessing individual user files

A) checkpoint
B) backup database
C) transaction log
D) database authority table

A) backups are created using the grandfather-father-son approach
B) processing a transaction file against a maser file creates a backup file
C) files are backed up immediately before an update run
D) if the master file is destroyed, it cannot be reconstructed

A) detect unauthorized access to systems
B) facilitate reconstruction of events
C) reduce the need for other forms of security
D) promote personal accountability

A) failure to change passwords on a regular basis
B) using obscure passwords unknown to others
C) recording passwords in obvious places
D) selecting passwords that can be easily detected by computer criminals

A) logic bomb
B) Trojan horse
C) worm
D) back door

A) password
B) retina prints
C) voice prints
D) signature characteristics

A) protecting the OS from users
B) protesting users from each other
C) protecting users from themselves
D) protecting the environment from users

A) grandparent-parent-child approach
B) staggered backup approach
C) direct backup
D) remote site, intermittent backup

A) antivirus software
B) database authorization table
C) passwords
D) voice prints

A) spoofing.
B) spooling.
C) dual-homed.
D) screening.

A) Trojan horse
B) worm
C) logic bomb
D) none of the above

A) translates third-generation languages into machine language
B) assigns memory to applications
C) authorizes user access
D) schedules job processing

A) the number of backup versions retained depends on the amount of data in the file
B) off-site backups are not required
C) backup files can never be used for scratch files
D) the more significant the data, the greater the number of backup versions

A) install antivirus software
B) install factory-sealed application software
C) assign and control user passwords
D) install public-domain software from reputable bulletin boards

A) message transaction log
B) data encryption standard
C) vertical parity check
D) request-response technique

A) transaction authorization and validation
B) access controls
C) EDI audit trail
D) all of the above

A) incompatible functions have been segregated
B) application programs are protected from unauthorized access
C) physical security measures are adequate to protect the organization from natural disaster
D) illegal access to the system is prevented and detected

A) access the vendor's accounts receivable file with read/write authority
B) access the vendor's price list file with read/write authority
C) access the vendor's inventory file with read-only authority
D) access the vendor's open purchase order file with read-only authority

A) is a printout of all incoming and outgoing transactions
B) is an electronic log of all transactions received, translated, and processed by the system
C) is a computer resource authority table
D) consists of pointers and indexes within the database

A) the policy on the purchase of software only from reputable vendors
B) the policy that all software upgrades are checked for viruses before they are implemented
C) the policy that current versions of antivirus software should be available to all users
D) the policy that permits users to take files home to work on them

A) hardware access procedures
B) antivirus software
C) parity checks
D) data encryption

A) all EDI transactions are authorized
B) unauthorized trading partners cannot gain access to database records
C) a complete audit trail of EDI transactions is maintained
D) backup procedures are in place and functioning properly

A) value added networks can compare passwords to a valid customer file before message transmission
B) prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database
C) the recipient's application software can validate the password prior to processing
D) the recipient's application software can validate the password after the transaction has been processed

A) verifying that only authorized software is used on company computers
B) reviewing system maintenance records
C) confirming that antivirus software is in use
D) examining the password policy including a review of the authority table

A) inspecting biometric controls
B) reconciling program version numbers
C) comparing job descriptions with access privileges stored in the authority table
D) attempting to retrieve unauthorized data via inference queries

A) biometric controls
B) encryption controls
C) backup controls
D) inference controls

A) the vendor's price list file
B) the vendor's accounts payable file
C) the vendor's open purchase order file
D) none of the above

A) all EDI transactions are authorized
B) unauthorized trading partners cannot gain access to database records
C) authorized trading partners have access only to approved data
D) a complete audit trail is maintained

A) special materials used to insulate computer facilities
B) a system that enforces access control between two networks
C) special software used to screen Internet access
D) none of the above

A) detection and correction of message loss due to equipment failure
B) prevention and detection of illegal access to communication channels
C) procedures that render intercepted messages useless
D) all of the above

A) firewalls
B) one-time passwords
C) field interrogation
D) data encryption

A) echo check
B) encryption
C) vertical parity bit
D) horizontal parity bit

A) verifying that the security group monitors and reports on fault tolerance violations
B) confirming that backup procedures are adequate
C) ensuring that authorized users access only those files they need to perform their duties
D) verifying that unauthorized users cannot access data files

A) echo check
B) parity bit
C) public key encryption
D) message sequencing

A) a smurf attack.
B) IP Spoofing.
C) an ACK echo attack
D) a ping attack.
E) none of the above

A) operating system.
B) user manual.
C) database schema.
D) user view.
E) application listing.

A) operating system.
B) database management system.
C) utility system
D) facility system.
E) object system.

A) a 64 -bit private key encryption technique
B) a 128-bit private key encryption technique
C) a 128-bit public key encryption technique
D) a 256-bit public encryption technique that has become a U.S. government standard

A) Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate the contents of message packets.
B) An Intrusion prevention system works in parallel with a firewall at the perimeter of the network to act as a filer that removes malicious packets from the flow before they can affect servers and networks.
C) A distributed denial of service attack is so named because it is capable of attacking many victims simultaneously who are distributed across the internet.
D) None of the above are true statements.