Exam 8: Information Systems Controls for System Reliability Part 1: Information Security

The ________ disseminates information about fraud,errors,breaches and other improper system uses and their consequences.

Murray Snitzel called a meeting of the top management at Snitzel Capital Management.Number one on the agenda was computer system security."The risk of security breach incidents has become unacceptable," he said,and turned to the Chief Information Officer."This is your responsibility! What do you intend to do?" Which of the following is the best answer?

The process that screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header is known as

Describe four requirements of effective passwords .

In 2007,a major U.S.financial institution hired a security firm to attempt to compromise its computer network.A week later,the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found.This is an example of a

Which of the following is not one of the three fundamental information security concepts?

This network access control determines which IP packets are allowed entry to a network and which are dropped.

The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as

This is an authorized attempt by an internal audit team or an external security consultant to attempt to break into the organization's information system.

Information technology managers are often in a bind when a new exploit is discovered in the wild.They can respond by updating the affected software or hardware with new code provided by the manufacturer,which runs the risk that a flaw in the update will break the system.Or they can wait until the new code has been extensively tested,but that runs the risk that they will be compromised by the exploit during the testing period.Dealing with these issues is referred to as

Identify three ways users can be authenticated and give an example of each.

Which of the following is an example of a detective control?

Verifying the identity of the person or device attempting to access the system is

When new employees are hired by Folding Squid Technologies,they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(an)

According to the Trust Services Framework,the reliability principle of integrity is achieved when the system produces data that

Which of the following is an example of a corrective control?

There are "white hat" hackers and "black hat" hackers.Cowboy451 was one of the "black hat" hackers.He had researched an exploit and determined that he could penetrate the target system,download a file containing valuable data,and cover his tracks in eight minutes.Six minutes into the attack he was locked out of the system.Using the notation of the time-based model of security,which of the following must be true?

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Explain social engineering.

The process that allows a firewall to be more effective by examining the data in the body of an IP packet,instead of just the header,is known as