1

List and explain the considerations that go into any sourcing decision.

A company’s preference to insource, outsource, or hybrid source will be based on several different
factors; the benefits of insourcing versus those of outsourcing; the competitive advantage provided by
each type of sourcing; the location where the work will be performed: the benefits of going offshore;
and, the disadvantages of bringing work back from an offshore location. Although companies are
seeking skilled labor at low wages when they move off shore, they should also consider factors such as
the taxation practices, exchange rates, legal restrictions, and cultural differences of other countries.
These can undermine any advantage gained by cheap labor. For instance, when a company chooses to
outsource, it increases turnaround and cycle time. It also may alienate its American clientele.

management.

An operation is any procedure intended to create a pre defined result. The goal of operations
management is addressing user requests in a consistent and effective manner, and remedying the
problems encountered during daily business operations. When evaluating operations management, IS
auditors should ensure that operation managers and their staff are directly supporting the technical
responses set forth by middle management. In turn, these technical responses should be supporting
the strategic objectives created by executive management. Auditors must be able to differentiate
between volume of work and effectiveness of work; even the busiest workers are of little help to the
organization if their work is not supporting business objectives. Auditors should also ensure the
organization is capable of sustaining its processes, which is only possible if three factors are

systems programmer.

Organizational charts normally include the following IT positions;

4
Q

Explain insourcing, outsourcing, and hybrid sourcing.

Every company must address the sourcing issue, which involves determining a location and a method
for performing key work functions, such as manufacturing, customer support, accounting, payroll,
printing, human resources, record management, and software development. These work functions
can be performed either on-site or off-site by means of insourcing, outsourcing, or hybrid sourcing.
When a company chooses insourcing, its own personnel will perform the work function. If the
company chooses outsourcing, it contracts a third-party vendor to perform the work function.
Outsourcing often involves using !cheaper labor at an offshore location, such as India, China, or
Russia. Yet another method is hybrid sourcing, which combines characteristics of insourcing and
outsourcing: companies maintain control over the work function while contracting any collateral work
over to third-party vendors. This method is particularly useful when a company lacks the resources to
take full advantage of an economic opportunity and must embark on a joint venture.

Explain the organizational chart. Then, explain the responsibilities of the following IT positions: IT
director and IT operations manager.

An organizational chart is essential in defining roles and responsibilities. It lists each position and
describes its corresponding job function within the organization. It also identifies the person in charge
for every level, and explains the reporting relationships between positions. Auditors should ensure
that an auditee’s organizational chart is both current and accurate. Inaccurate or out-of-date charts
reveal internal control problems. Most organizational charts include the following IT positions:

Explain the responsibilities of the following IT positions: applications programmer, information

security manager, and change control manager.

Organizational charts normally include the following IT positions:

Q
Explain change control. Then, explain the auditor’s expectations for IT controls.

Change control includes processes for managing the implementation of change. It enables change to
occur in an orderly and regulated manner, thereby minimizing confusion and resistance among
organizational personnel. It also allows the organization to monitor and respond to any

Explain the first and second component groups of a computer.

A computer’s first component group includes three types of devices: CPU (Central Processing Unit),
high-speed CPU memory cache, and RAM (Random Access Memory). The CPU is the central
component in this group, and is supported by the other two. Using an arithmetic logic unit, it
performs complex calculations far more quickly and accurately than any human can. The high-speed
memory cache serves as a buffer between the CPU and RAM, and enables the CPU to operate at the
highest possible speed and efficiency. RAM is solid-state memory, considerably slower than the other
components but necessary to the CPU’s

positions: data entry staff and help desk.

Organizational charts normally include the following IT positions:

10

Explain compensating controls. Include a discussion of the importance of clearly defining and
separating IT roles. Then, explain the following compensating controls: auditing, and job rotation.

By clearly defining and separating IT roles, the organization ensures that every person is answerable
to someone else, and that no one is capable of arbitrarily carrying out an action or taking assets.
Organizational charts help define and maintain separation between IT roles; however,

11
Q

transaction logs, reconciliation, exception report, and supervisor review.

Compensating controls include the following activities:

12

masking.

Multiprocessor computers contain multiple CPUs. Through a technique known as pipelining, they
alleviate the problems associated with time

13

describe mainframe computers.

Computers can be classified in four primary categories based on their size, processing power, and
throughput, which indicates the amount of information they can process over a specific time interval.
The categories are: mainframe computers, supercomputers, minicomputers, and microcomputers.

14

Explain supervisory state and problem state.

Supervisory state and problem state are the two basic modes under which most computers operate.
The supervisory state is reserved for supervisory users, also known as administrators, superusers, or
root users. It removes security controls and allows the highest level of access to programs and
processing requests. Without this unrestricted level of access, the supervisory user would be unable
to perform his primary job tasks, which include managing change, configuring and maintaining the
system, and performing administrative functions. Every other user must operate under the problem
state, which activates all security controls and denies access to high-level programs and processing
requests. In
15

functional roles that computers are expected to fulfill in an IT environment

Any computer purchased commercially should perform the following tasks: interact with peripheral
devices; run a common software program and operating system; store and retrieve data via a file
system; manage communications and work allocation between the CPU and programs; regulate
access to secure systems and information; and provide a shell,

16

Describe miniccomputers, microcomputers, and supercomputers.

Minicomputers (or midrange computers) lack the processing power and throughput of a mainframe,
but provide a cheaper alternative for organizations of limited size and financial means. Although
midrangec omputers have security controls that are inferior to mainframes, they

17

following data storage media: magnetic tape.

Tape management systems and disk management systems help ensure that data is securely stored
and controlled. They automate the process of tracking and labeling data files, enabling a user to
quickly identify the contents, status, and location of every data storage device.

18

Explain the following data storage medium: magnetic hard disk. Include a discussion of RAID.

Magnetic hard disks are capable of storing anywhere between megabytes and terabytes of
information, and are the most prevalent online storage media. A single disk may be permanently
contained within a closed disk drive, or several disks may be grouped in a storage
19

Explain the following data storage media: magnetic soft disk, optical CD-ROM, optical CD-RW, and
optical DVD

Magnetic soft disks are small, removable, and portable devices such as floppy disks and Zip drives, in
which a reprogrammable disk is contained In a hard, plastic casing. Disks can hold between 1
megabyte and multiple gigabytes of data.

20

Explain Open Systems Interconnect Model (or OSI) and list each OSI layer. Then, explain the
Transmission Control Protocol/Internet Protocol (TCP/IP).

Open System Interconnect Model, or OSI, is a network training model that separates data
communication into multiple networking layers. Each layer of the network has its own special role,
and supports the layer above it Transmission Control Protocol/internet Protocol, or TCP/IP, is a
networking protocol. Like the OSI model, TCP/IP stratifies the network into multiple layers:

21

Explain the following data storage media: read-only memory and flash memory.

Read-only memory, or ROM, contains data that has been permanently programmed on
semiconductor chips by fusing microscopic, integrated circuits. These chips cannot be transferred, nor
can they be upgraded unless they are removed and replaced. ROM provides solid-state storage that is
both nonvolatile and incapable of being altered or erased; consequently, it provides excellent
security, but may prove very limiting if constant upgrades are necessary. The greatest benefit of ROM
is extremely quick loading time.

22

Explain the security problems associated with RAID

A

Every computer has a set of physical input/output ports (I/O), which enable communication with
other computers and storage devices. Unfortunately, a person can use these ports to bypass security
controls and gain an unrestricted level of access to the system; therefore, organizations must
implement port controls. These include physical security controls, which safeguard physical access to
the ports, and logical controls, which are software programs designed to protect data transfers. PCs
are especially vulnerable because they have so many different ports; USB, RS-232, keyboard,
expansion slots, disk channels, etc. Mainframes are vulnerable through their terminal, modem, and
LAN ports. To ensure that the organization has implemented all necessary

23

Explain Layer 1 and Layer 2 of the OSI model.

Layer 1, or the physical layer, identifies the wiring and voltages necessary to establish, sustain, and
break off an electrical connection between multiple computers or systems. Essentially, this layer is a
description of functional specifications.

24

Explain Layer 3 of the OSl model.

Layer 3, or the network layer, includes protocols that direct a data transmission along a speciflc path
and to a specific destination using an Internet Protocol (IP) address. Each system on the network has a
unique IP address, and multiple systems can be grouped together to form larger IP subnetworks, or
subnets. When sending information to a specific location, a computer first determines the IP address
of that location. Then, the computer combines the IP address with its own MAC address.

25

Explain Layer 4 of the OSI model. Then, define unicast and multicast.

Layer 4, or the transport layer, includes protocols that encapsulate the data for transport along the
network. TCP (Transmission Control Protocol) is one such protocol. It methodically breaks down the
data transmission into manageable segments. Each segment contains a sequencing number, which
enables the destination computer to reconstruct the message. TCP is known as a reliable transport
method because it provides delivery confirmation to the computer that sent the data. Other transport
protocols, such as UDP (User Datagram Protocol),

26

Explain Local Area Network, or LAN.

Loacal Area Networks, or LANS are simply localized computer networks, usually covering a home,
office, building, or other small geographical area. LANs allow multiple computers to exchange
information and partake in certain services, such as email, file sharing, and printing. Data is
transmitted through the network using one of th following methods:

27

Explain network routing, static routing, and dynamic routing.

Network routing is the method by which routers direct traffic to the correct locations along the
network. There are two methods of routing: static and dynamic. In static routing, the network
administrator manually enters a TO-FROM map containing every IP address into the routing table of
each router. Although static routing is very secure, it is impractical for networks with complex or
unpredictable traffic.

28

Explain Layers 5, 6, and 7 of the OSl model.

Layer 5, or the session layer, includes the protocols that initiate and manage communication sessions
between systems on the network. Using these protocols (such as SQL net database and Network File
System), the user’s system will set up, govern, and terminate data transmissions to other systems.

29

Q
Explain Ethernet.

An Ethernet is a type of network usually configured with a bus or star topology. It is most often used
when network traffic consists of voice or data transmissions and all network media are confined to
one location .

30

collisions.

Because collisions are so common, Ethernets have two primary mechanisms designed to preserve
data integrity: CSMA/CD and CSMA/CA. CSMA/CD enables network devices to detect collisions and

31

Explain star topology. Then, explain the relationship between routers and LANs.

A star topology connects every network node (computer workstations and other devices) to a central
hub or switch. These hubs/switches

32

Explain network meshing.

Meshing increases redundancy by creating additional connections between critical backbone points
on a network. Meshing is very common in star topoiogies; the IT department identifies all links across
the network, and determines which alternate link should be used when the primary one is severed.
This information is then entered into the router. Networks can be meshed using two primary
methods:

33

topology.
A

Network topology describes the configuration of all network components, including its computers,
cables, routers, hubs, switches, and other devices. Most networks will follow one of three standard
topologies: bus, star, or ring. IS auditors should ensure that networks have the following controls:

34

Explain ring topology.

A ring topology links all network devices in a closed loop, creating high speed and high performance.
Because there is no hub or switch linking the network nodes (computer workstations and other
devices), they rely on each other for communication; consequently, in a simple ring topology, a single
malfunctioning device can disrupt the entire network.

35

Explain cable plant. Then, explain unshielded twisted pair cable.

A cable plant is simply another name for a network cable installation. Although auditing does not
require the ability to design a network, auditors should have a basic understanding of the three
different cable types—UTP, coaxial, and fiber-optic—and their respective strengths and weaknesses .

36

Explain coaxial cable and fiber-optic cable.

Coaxial cable contains a mesh shielding that protects it from electrical interference. It is an older form
of cable used in earlier bus topology Ethernets, and has largely been replaced by faster cables, such as
UTP.

37

Explain the following network components: hubs, switches, and routerrs.

A

A hub links a group of network devices. It amplifies, sends, and retimes the electrical signals of each
device across all access ports. In this way, data traffic is spread over the entire network. Hubs are
included in layer 2 of the OSI model.

38

Explain Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP).

Domain Name Service, or DNS, enables a user to access a website even if he does not know its IP
address. He simply types in a fully qualified

39

Explain the following network components: Wi-Fi transmitter, rpeaters and bridges.

Wi-Fi transmitters are short-range, wireless communications devices. They link laptops, PDAs, and
other handheld devices to the network.

40

Explain virtual LANs, or VLANs.

A virtual LAN, or VLAN, simulates a subnetwork for a group of computers. It is created using the
following techniques:

41

List and explain the steps of Dynamic Host Configuration Protocol (DHCP).

The Dynamic Host Configuration Protocol, or DHCP, involves the following steps:
42

Explain Wide Area Network, or WAN.

A Wide Area Network, or WAN, is simply a computer network capable of covering a much wider
geographical region than a LAN. Organizations implement WAN equipment and protocols at OSl layers
1,2, and 3 (physical, data link, and network), and may rent communication lines from the
telecommunications industry, creating networks that span multiple states. Public Switched Telephone
Networks (PSTN) and Integrated Services Digital Network (ISDN) can provide dialup services for
WANs, which can also utilize message switching, circuit switching, and packet switching. WANs
communicate using three possible methods; simplex, meaning one direction; half-duplex, meaning
one direction at a time; and, full duplex, meaning both directions simultaneously using separate
circuits. WANs use both switch and dedicated circuits, and follow the same communication protocols
that LANs follow.

43

and DSL.

Users can access a network using the following wired connections:

44

Explain the following wired network devices: X.25 and frame-relay.

Users can access a network using the following wired connections:

45

multiplexor.

A LAN can acquire access to a WAN using the following dialup devices:
46

and ISDN.

Users can access a network using the following wired connections:

47

radio and Satellite radio.

Users can access a network using the following wireless connections:

48

Explain the following wireless network devices: microwaves and lasers

Users can access a network using the following wireless connections:

49

Explain radio frequency identification (RFID) tags.

A radio frequency identification (RFID) tag is a short-range wireless communication device that
consists of silicon chips and antennas. It enables automated tracking of products and inventory. IS
auditors should be aware of the basic kinds of RFID tags. Passive tags, for instance, are detected by
scanners at a certain distance, and are frequently used to track inventory. Some passive tags are small
enough to be constructed into products or implanted into living hosts. Despite the privacy issues
raised by such devices, hospitals have considered using them to track newborn children and elderly
patients. Other, nonpassive RFID devices may have the ability to broadcast signals. These tags receive
queries from a broadcast source and then transmit a response using an imbedded transponder. Non-
passive RFID devices

50
Q

Explain simple network management protocol, or SNMP.

Using a simple network management protocol (SNMP), a network administrator monitors and checks
the status of routers, servers,

51

network (PAN).

Metropolitan area networks (MANs) link computers located in different buildings within the same
city. They are larger than a LAN and smaller than a WAN.

52

Explain syslog and automated cable tester.

The syslog and automated cable tester are tools of network management, and assist the network
administrator as he monitors

53

Explain protocol analyzer and remote monitoring protocol version 2 or RMON2.

A protocol analyzer, also known as a packet sniffer, is another software tool that assists network
administrators as they monitor and manage a network. It records all data transmissions and
communications passing through a specific segment of the network, including the passwords used to
gain access. A packet sniffer helps identify potential problems, but cannot see beyond the individual
segment it is monitoring. Because sniffers capture passwords and user IDs, they can become major
security risks if accessed by a hacker. The remote monitoring protocol version 2, or RMON2, can
monitor every layer of the OSl network model simultaneously, recording hours or even years of
transmissions and communication. This information is usually stored long-term within an SQL
database. By contrast, a pocket sniffer can only monitor the first three layers of the OSl network
model for a time period exceeding no more than several hours.

54

Explain firewalls.

Study These Flashcards

Firewalls protect a network against unauthorized access by another network. They can consist of
either hardware or software, and can be

55

Compare and contrast strategic systems and traditional systems.

Study These Flashcards

Strategic systems enable an organization to drastically alter the manner in which its business is run,
improve its business performance,

56

Explain ISO 9001 and ISO 9126.

Study These Flashcards

According to ISO standard 9001:2000 (which was updated in the year 2000), an organization cannot
claim ISO compliance unless it writes and

57

List and explain the access requirements of most firewalls. Then, explain the auditor’s role in firewalls.

Study These Flashcards

A

Most firewalls evaluate incoming traffic against the following criteria;

58

Explain International Organization for Standardization Then, explain ISO 15504, or Spice.

Study These Flashcards

International Organization for Standardization, also known as ISO, incorporates and promotes many
American best practices for quality in manufacturing. Following the teachings of Joseph Juran, Philip
Crosby, and W. Edwards Deming, ISO seeks to reduce the number of product defects in all processes.
Software development usually follows one of three possible ISO standards: ISO 15504, ISO 9001, and
ISO 9126. ISO 15504, or Spice, is simply a variation on CMM. It rates processes according to five levels:

59

Explain critical Success factor and scenario approach.

Study These Flashcards

The IT steering committee must select and design software that best supports and aligns with the
organization’s strategic objectives. When

60

Explain business justification.

Study These Flashcards

An organization will not undertake a project unless it produces a quantifiable financial benefit This
benefit is known as a business Justification. Before any project can commence, the organization must
prove a justification by undertaking the foliowing steps;

61
Q

Explain request for proposal (RFP).

Study These Flashcards

A request for proposal, or RFP, becomes necessary when an organization is required to design and
write custom software. The organization appoints a project team, who distributes RFPs to a select

62

Explain the two primary philosophies of managing software development.

Study These Flashcards

Auditors should understand the two primary organizational

63

impact, and buy vs. build.

Study These Flashcards

Alignment occurs when organizational software supports business objectives.

64

proposal.

Study These Flashcards

The process of selecting a vendor proposal should be as fair and unbiased as possible; for this reason,
auditors ensure that each proposal is weighed against the following criteria:

65
Q

Development L Ife Cycle, or SDLC.

Study These Flashcards

According to ISACA, the lifecycle of every software program follows six

66

the auditor’s responsibilities during phase 1.

Study These Flashcards

Phase 1, or the feasibiliQr study phase, involves determining and

67

the auditor’s responsibility at phase 2.

Study These Flashcards

Phase 2, or the requirements definition phase, identifies and documents a list of specific business
requirements for the proposed software. This list includes the inputs and outputs of the program, as

68

the auditor’s responsibility during phase 3.

Study These Flashcards

Phase 3, or the system design phase, develops the work breakdown structure for the project as well
as the basic plan and design for the software prototype, which will be written in phase 4. Any plan
should create a separation of duties by implementing preventive controls, detective controls, and
corrective controls. During phase 3, the project team decompiles flowcharts into separate program
modules, and may use techniques such as reverse engineering, reengineering, and software baseline.
Auditors at this phase should perform the following tasks:

69

Explain constructive cost model.

Study These Flashcards

The constructive cost model, or COCOMO, estimates the cost, schedule, and resource requirements of
acquiring new software. It was created by

70

flowcharts.

Study These Flashcards

The entity-relationship diagram technique, or ERD, is used during phase 2 of the SDLC. It helps identify
and define software requirements by determining the relationships between entities. An entity is
simply a database containing various data storage mediums (reports, memos, disks, etc.) relevant to
the software project. A relationship may involve information, concepts, and personnel. An ERD first
identifies information that will be used by the software. Then, it creates a data dictionary, which
includes reference terms for each database element. Using this dictionary, it structures all information
contained in the database within a database schema. With this information, the project team can
create high-level flowcharts, which illustrate business logic, and

71

the auditor’s responsibility during phase 4.

Study These Flashcards

During phase 4, or the development phase, the software is written (coded), tested, and debugged.
Programmers may use a number of programming languages (such as BASIC, Java, COBOL, etc.),
depending on organizational preference, and are supported by systems analysts, who provide ideas
and insight. At this phase, an auditor has the following responsibilities:

72

scheduling in software development.

Study These Flashcards

Programmers must implement quality control standards and maintain a

73

Explain integrated development environment, or IDE.

Study These Flashcards

Integrated development environment or IDE, is a type of fourth generation programming tool. It

creates an environment within which software can be designed, coded, and debugged. IDE is
important because most modem-day programmers do not write code manually;

74

code

Study These Flashcards

A software program can take two forms: source code or object code.

75

languages.

Study These Flashcards

A
Programming languages have become increasingly user-friendly with

76

Explain agile development method and rapid application development (RAD).

Study These Flashcards

The agile development method and rapid application development

77

Explain version control and configuration management.

Study These Flashcards

Version control and configuration management are techniques for

78

SDLC phase 4.

Study These Flashcards

Software is subjected to numerous tests during SDLC phase 4, and

79

the auditor’s responsibility during phase 5.

Study These Flashcards

Phase 5, or the implementation phase, prepares the new, fully

80

Explain changeover.

Study These Flashcards

Changeover (also known as going live or cutting over) occurs during

81

Explain white-box testing and black-box testing.

Study These Flashcards

Software is subjected to numerous tests during SDLC phase 4, and

82

accreditation.

Study These Flashcards

Certification indicates that the software fulfills a certain standard, and

83

the auditor’s re sponsibility at phase 6.

Study These Flashcards

Phase 6, or the post-implementation phase, closes out the project and

84
Q

Explain e-commerce.

Study These Flashcards

E-commerce describes business transactions that are conducted

85

referential integrity and relational integrity.

Study These Flashcards

Databases are only effective if their information is accurate, complete,

86

Explain decision support system.

Study These Flashcards

When deciding an issue, a user may rely on a decision support system, which is a database containing
information relevant to the issue in question. Decision support systems find the necessary
information using heuristics (or a set of program rules), and include three basic categories:

87

databases

Study These Flashcards

A database provides a structured and organized medium for storing

88
Q

transaction management

Study These Flashcards

Normalization seeks to eliminate any duplications or inconsistencies within the database. It is

achieved by ensuring the following:

89

as they relate to decision support systems.

Study These Flashcards

Data mining is the process of searching data stored within numerous

90

Explain the balanced scorecard

Study These Flashcards

The goal of the balanced scorecard is to eliminate wasteful activities and, in the case of IT, to create
better alignment between IT activities and business objectives. A balanced scorecard relies on metrics
created from the following organizational objectives: business processes (critical success factors, key
performance indicators, and business mission]; growth and learning (organizational growth plans,
training that enables workers and employees to fulfill organizational objectives); financial (financial
and stakeholder goals]; and, customer (organizational image within marketplace). According to ISACA,
an IT balanced scorecard should apply these organizational objectives across the following IT scoring
layers:

91

Explain service-level agreement or SLA

Study These Flashcards

A

A service-level agreement (or SLA] is a formal contract between an organization and a vendor. It
specifies the desired service, its quality and quantity, coverage periods, and renewal options. An SLA
has the

92

Explain the following system access controls: user login account

Study These Flashcards

A user login account is type of system access control in which an ID and password are distributed to
each system user. An employee’s login

93

Explain metrics. Then list and explain the types of metrics

Study These Flashcards

Metrics are quantifiable standards for evaluating organizational

94

List and briefly explain the four types of security controls for information assets

Study These Flashcards

Auditors must understand the four types of controls protecting information assets:

95

Explain the following system access controls: privileged login accounts and maintenance login
accounts
Study These Flashcards

Privileged login accounts are reserved for system administrators, who should also possess a
conventional login for their daily work functions. Administrators should only access their privileged
login account when performing administrative or maintenance duties; for any other work,

96

processing controls, and system control parameters.

Study These Flashcards

Standing data controls prevent unauthorized access to data stored

97

Explain the following type of application processing controls: processing controls.

Study These Flashcards

Processing controls maintain data accuracy and transaction validity by

98

List the most common types of threats and crimes confronting organizations.

Study These Flashcards

Organizations should implement administrative, technical, and physical

99

input controls and output controls.

Study These Flashcards

Input controls prevent data transactions from accepting unauthorized

100

and recovery, and project management.

Study These Flashcards

System maintenance should not begin until backup and recovery plans

101

Define and explain hacker. Include a discussion of white hat.

Study These Flashcards

A hacker, also known as a cracker, is a computer programmer seeking

102

Explain passive attack. Then, list and explain the types of passive attacks

Study These Flashcards

Active attacks seek to steal organizational resources or disrupt normal

103

Explain teh following active attacks: social engineering, phishing and denial of service (Dos)

Study These Flashcards

A

Dumpster diving is the act of sorting through an organization’s garbage

104

Explain teh following attacks: brute force, crash-restart, and salami technique

Study These Flashcards

Remote access is the act of accessing an insecure computer network

105

Explain active attack. Then, list and explain the following active attacks: viruses, worms, and logic
bombs

Study These Flashcards

Passive attacks acquire important information by monitoring an

106

Explain the following active attacks: dumpster diving, trapdoor, and IP fragmentation

Study These Flashcards

Social engineering is the act of gaining access by misrepresenting one’s

107

Explain the following active attack: remote access

Study These Flashcards

A
Brute force: a method of attack that brings overwhelming

108

accounts and cross-network connectivity

Study These Flashcards

Email spamming is the act of distributing large quantities of identical

109

and message modification.

Study These Flashcards

Information security management seeks to maintain the

110

information

Study These Flashcards

Context describes the manner in which information is used, and helps

111

Explain the folic wing active attacks: email spamming, email spoofing, and packet replay

Study These Flashcards

Maintenance accounts facilitate system support As a feature of many

112

security management.

Study These Flashcards

Source routing is a special protocol that enables a data transmission to

113

Explain context Then, explain data retention.

Study These Flashcards

An important aspect of IT security governance is categorizing

114

access points.

Study These Flashcards

Physical protection includes any harriers or controls designed to

115

the types of technical controls.

Study These Flashcards

Locks safeguard doorways, and include the follovnng:

116
Q

explain the three types of authentication.

Study These Flashcards

Fingerprints are commpnly used to authenticate a user’s identity. In

117

television, guards, and burglar alarms.

Study These Flashcards

Auditors should identify who has been granted physical access to IT

118

locks and biometrics

Study These Flashcards

Technical (or logical) protection restricts data access. It is

119

palm print, hand geometry, and face scan.

Study These Flashcards

When a user is trying to gain access to certain data systems or

120

Q
retina scans, voice patterns, and signature dynamics.

Study These Flashcards

Iris scans authenticate users according to the characteristics of their

121

Explain Kerberos single sign-on system,

Study These Flashcards

The Kerberos single sign-on system is a security system implemented

122

Explain virtual private network, or VPN.

Study These Flashcards

Through a virtual private network, users can gain remote access and

123

biometric systems.

Study These Flashcards

Biometric systems pose a number of problems. They often encounter

124

three basic firewall configurations.

Study These Flashcards

Although a firewall reduces the number of external attacks, it cannot

125

and explain the two types of IDS.

Study These Flashcards

An intrusion detection system (IDS) alerts the administrator when

126

and honey nets.

Study These Flashcards

An intrusion detection system (IDS) can use three technical methods for

127

with encryption keys.

Study These Flashcards

A digital signature is unique to a specific person, much like a written

128

transaction, or SET. Then, explain S/MIME.

Study These Flashcards

A

The following network security protocols help ensure the safety of ec

129

List and explain the two primary encryption systems.

Study These Flashcards

The first encryption method is the private-key system, which uses

130

Explain public-key infrastructure, or PKI

Study These Flashcards

Using a public key infrastructure (PKI), multiple users can share

131

Then, explain technical self-assessment

Study These Flashcards

Alternate routing is the practice of transmitting data along multiple paths. In this way, data integrity is
maintained even if the primary transmission pathway fails. Alternate routing is best-suited for WANs