Information Security Concepts

Flashcards covering key vocabulary and concepts related to information security.

Security

refers to policies, procedures, and technical measures used to prevent unauthorized access, alternation, theft, or physical damage to information systems.

Controls

refers to all of the methods, policies, and organizational procedures that ensure the safety of the organizations assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

SQL injection attacks

Which of the following does not pose a security threat to wireless networks?

Hackers create a botnet by 

causing other people's computers to become "zombie" PCs following a master computer

Sniffing is a security challenge that is most likely to occur in which of the following points of a corporate network?  

communications lines  

Inputting data into a poorly programmed Web form in order to disrupt a company’s systems and networks is called 

an SQL injection attack.  

Which of the following statements about the Internet security is not true? 

VoIP is more secure than the switched voice network.

An independent computer program that copies itself from one computer to another over a network is called a

worm

A salesperson clicks repeatedly on the online ads of a competitor in order to drive the competitor’s advertising costs up. This is an example of  

click fraud

In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor’s site, a small program called Mitglieder was downloaded to the user’s machine. The program enabled outsiders to infiltrate the user’s machine. What type of malware is this an example of?

trojan horse

Redirecting a Web link to a different address is a form of

spoofing

A keylogger is a type of  

spyware

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a ________ attack.

DDoS

An example of phishing is

setting up a fake medical Web site that asks users for confidential information.

Evil twins are

bogus wireless network access points that look legitimate to users.  

Pharming involves

redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.  

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called  

social engineering.

How do software vendors correct flaws in their software after it has been distributed?  

issue patches

The Gramm-Leach-Bliley Act

requires financial institutions to ensure the security of customer data.  

The Sarbanes-Oxley Act

imposes responsibility on companies and management to safeguard the accuracy of financial information.

Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)  

risk assessment.  

An authentication token is a(n)

gadget that displays passcodes.  

Which of the following is not a trait used for identification in biometric systems? 

hair color

Downtime refers to periods of time in which a 

computer system is not operational

Currently, the protocols used for secure information transfer over the Internet are

SSL, TLS, and S-HTTP.

With respect to the general classes of computers, a ________ is the most expensive and most powerful kind of computer, which is used primarily to assist in solving massive scientific problems.

supercomputer

Which of the following statements is true about servers?

They are used to provide services to users within large organizations or to Web users.

Which of the following is an example of an operating system?

Ubuntu Linux

. ________ software is the collection of programs that control the basic operations of computer hardware.

system

is designed to shield programmers from having to build applications for different underlying operating systems, particularly in heterogeneous, distributed environments.

middleware

Governmental regulations such as the ________ Act mandate archiving business documents and relevant internal communication, including e-mail and instant messages

Sarbanes-Oxley

. ________ define the procedures that different computers follow when they transmit and receive data.

protocols

________ is the transmission capacity of a computer or communications channel, which represents how much binary data can be reliably transmitted over the medium in one second.

bandwidth

A ________ is any computer on the network, or any software application that uses only the services provided by the server.

client

Web servers process user requests for pages using the

Hypertext Transfer Protocol

Which of the following is the host name in the URL "labs.google.co.in/jack carver”?

labs

Most companies allow their employees to use ________ networks to connect to the company's intranet while on the road or working from home.

virtual private

Data centers managed by a third party that rents out space to multiple organizational customers are known as

collocation facilities

The prediction that the number of transistors on a chip would double about every two years is known as

Moore's law

Under the ________ model, organizations "rent" resources such as processing, data storage, or networking from an external provider on an as-needed basis and pay only for the services used.

cloud computing

As defined by the National Institute of Standards and Technology (NIST), "________ is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

Cloud computing

The ability to adapt to increases or decreases in demand for processing or data storage is known as

scalability

Which of the following statements is true about the software as a service model?

The customer has no knowledge or control over the underlying infrastructure and the cloud may host preinstalled applications which users just buy access to.

Which of the following statements is true about the platform as a service model?

The customer can run his or her own applications that are typically designed using tools provided by the service provider.

Which of the following statements is true about a public cloud?

It can be used by any interested party on a pay-per-use basis.

________ is used to solve large-scale computing problems.

Grid computing

ImmuneEarth, a research and development company, has a motto to "eradicate all diseases." It has numerous departments that research the cure of various diseases. One of its largest departments includes the AIDS department where more than 500 scientists are researching the cure for AIDS. ImmuneEarth has numerous computers that have been grouped into a cohesive system for this purpose. Recently, one of its computers was updated because it had low performance which had slowed the entire system. Which of the following is ImmuneEarth using to research the cure for AIDS?

grid computing

With respect to the recent trends in IS hardware infrastructure management, ________ is moving processing and data storage away from a centralized location to the "corners" of a network.

edge computing

________, the use of the Internet protocol (IP) for transporting voice, video, fax, and data traffic, has allowed enterprises to make use of new forms of communication and collaboration, as well as traditional forms of communication, at much lower costs.

IP convergence

The protocol used by the Internet is called the

Transmission Control Protocol (TCP)