Deck 3: Auditing Operating Systems and Networks

A) a hacker gaining access to the system because of a security flaw
B) a hardware flaw that causes the system to crash
C) a virus that formats the hard drive
D) the systems programmer accessing individual user files

A) install antivirus software
B) install factory-sealed application software
C) assign and control user passwords
D) install public-domain software from reputable bulletin boards

A) logic bomb
B) Trojan horse
C) worm
D) back door

A) spoofing.
B) spooling.
C) dual-homed.
D) screening.

A) translates third-generation languages into machine language
B) assigns memory to applications
C) authorizes user access
D) schedules job processing

A) Trojan horse
B) worm
C) logic bomb
D) none of the above

A) verifying that only authorized software is used on company computers
B) reviewing system maintenance records
C) confirming that antivirus software is in use
D) examining the password policy including a review of the authority table

A) incompatible functions have been segregated
B) application programs are protected from unauthorized access
C) physical security measures are adequate to protect the organization from natural disaster
D) illegal access to the system is prevented and detected

A) failure to change passwords on a regular basis
B) using obscure passwords unknown to others
C) recording passwords in obvious places
D) selecting passwords that can be easily detected by computer criminals

A) Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate the contents of message packets.
B) An Intrusion prevention system works in parallel with a firewall at the perimeter of the network to act as a filer that removes malicious packets from the flow before they can affect servers and networks.
C) A distributed denial of service attack is so named because it is capable of attacking many victims simultaneously who are distributed across the internet.
D) None of the above are true statements.

A) detection and correction of message loss due to equipment failure
B) prevention and detection of illegal access to communication channels
C) procedures that render intercepted messages useless
D) all of the above

A) LAN
B) decentralized network
C) multidrop network
D) Intranet

A) special materials used to insulate computer facilities
B) a system that enforces access control between two networks
C) special software used to screen Internet access
D) none of the above

A) echo check
B) parity bit
C) public key encryption
D) message sequencing

A) all EDI transactions are authorized
B) unauthorized trading partners cannot gain access to database records
C) authorized trading partners have access only to approved data
D) a complete audit trail is maintained

A) file server
B) network interface card
C) multiplexer
D) bridge

A) hardware access procedures
B) antivirus software
C) parity checks
D) data encryption

A) the policy on the purchase of software only from reputable vendors
B) the policy that all software upgrades are checked for viruses before they are implemented
C) the policy that current versions of antivirus software should be available to all users
D) the policy that permits users to take files home to work on them

A) firewalls
B) one-time passwords
C) field interrogation
D) data encryption

A) value added networks can compare passwords to a valid customer file before message transmission
B) prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database
C) the recipient's application software can validate the password prior to processing
D) the recipient's application software can validate the password after the transaction has been processed

A) access the vendor's accounts receivable file with read/write authority
B) access the vendor's price list file with read/write authority
C) access the vendor's inventory file with read-only authority
D) access the vendor's open purchase order file with read-only authority

A) is a printout of all incoming and outgoing transactions
B) is an electronic log of all transactions received, translated, and processed by the system
C) is a computer resource authority table
D) consists of pointers and indexes within the database

A) facilitate physical connection between network devices
B) provide a basis for error checking and measuring network performance
C) promote compatibility among network devices
D) result in inflexible standards

A) echo check
B) encryption
C) vertical parity bit
D) horizontal parity bit

A) message transaction log
B) data encryption standard
C) vertical parity check
D) request-response technique

A) transaction authorization and validation
B) access controls
C) EDI audit trail
D) all of the above

A) the network consists of a central computer which manages all communications between nodes
B) has a host computer connected to several levels of subordinate computers
C) all nodes are of equal status; responsibility for managing communications is distributed among the nodes
D) information processing units rarely communicate with each other

A) combines the messages of multiple users into a "spoofing packet" where the IP addresses are interchanged and the messages are then distributes randomly among the targeted users.
B) is a form of masquerading to gain unauthorized access to a web server.
C) is used to establish temporary connections between network devices with different IP addresses for the duration of a communication session.
D) is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the IP address needed by other users.

A) a denial of service attack
B) digital signature forging
C) Internet protocol spoofing
D) URL masquerading

A) is the document format used to produce Web pages.
B) controls Web browsers that access the Web.
C) is used to connect to Usenet groups on the Internet.
D) is used to transfer text files, programs, spreadsheets, and databases across the Internet.
E) is a low-level encryption scheme used to secure transmissions in higher-level () format.

A) individual workstations can communicate with each other
B) individual workstations can function locally but cannot communicate with other workstations
C) individual workstations cannot function locally and cannot communicate with other workstations
D) the functions of the central site are taken over by a designated workstation

A) combines the messages of multiple users into one packet for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users.
B) is a method for partitioning a database into packets for easy access where no identifiable primary user exists in the organization.
C) is used to establish temporary connections between network devices for the duration of a communication session.
D) is a denial of service technique that disassembles various incoming messages to targeted users into small packages and then reassembles them in random order to create a useless garbled message.

A) is the document format used to produce Web pages.
B) controls Web browsers that access the Web.
C) is used to connect to Usenet groups on the Internet
D) is used to transfer text files, programs, spreadsheets, and databases across the Internet.
E) is a low-level encryption scheme used to secure transmissions in higher-level () format.

A) is a password-controlled network for private users rather than the general public.
B) is a private network within a public network.
C) is an Internet facility that links user sites locally and around the world.
D) defines the path to a facility or file on the web.
E) none of the above is true.

A) Packet switching combines the messages of multiple users into a "packet" for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users.
B) The decision to partition a database assumes that no identifiable primary user exists in the organization.
C) Packet switching is used to establish temporary connections between network devices for the duration of a communication session.
D) A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users.

A) defines the path to a facility or file on the web.
B) is the unique address that every computer node and host attached to the Internet must have.
C) is represented by a 64-bit data packet.
D) is the address of the protocol rules and standards that governing the design of internet hardware and software.

A) is best suited to the token-ring topology because the random-access method used by this model detects data collisions.
B) distributes both data and processing tasks to the server's node.
C) is most effective used with a bus topology.
D) is more efficient than the bus or ring topologies.

A) the encrypted mathematical value of the message sender's name
B) derived from the digest of a document that has been encrypted with the sender's private key
C) the computed digest of the sender's digital certificate
D) allows digital messages to be sent over analog telephone lines

A) is more intensive that a Dos attack because it emanates from single source
B) may take the form of either a SYN flood or smurf attack
C) is so named because it effects many victims simultaneously, which are distributed across the internet
D) turns the target victim's computers into zombies that are unable to access the Internet

A) for a wide area network with a mainframe for a central computer
B) for centralized databases only
C) for environments where network nodes routinely communicate with each other
D) when the central database does not have to be concurrent with the nodes

A) is the document format used to produce Web pages.
B) controls Web browsers that access the Web.
C) is used to connect to Usenet groups on the Internet
D) is used to transfer text files, programs, spreadsheets, and databases across the Internet.
E) is a low-level encryption scheme used to secure transmissions in higher-level () format.

A) is the basic protocol that permits communication between Internet sites.
B) controls Web browsers that access the WWW.
C) is the file format used to produce Web pages.
D) is a low-level encryption scheme used to secure transmissions in HTTP format.

A) URL masquerading
B) digital signature forging
C) Internet protocol spoofing
D) a smurf attack
E) none of the above is true