Deck 5: Protecting Information Resources

A worm travels from computer to computer in a network,but it does not usually erase data.

Confidentiality,integrity,and availability are collectively referred to as the CIA triangle.

An intrusion detection system can protect against both external and internal access.

Part of ensuring integrity is identifying authorized users and granting them access privileges.

When a program containing a virus is used,the virus attaches itself to other files,and the cycle continues.

A proxy server acts as an intermediary between network users and the Internet.

If a drive in the RAID system fails,data stored on it can be reconstructed from data stored on the remaining drives.

Social engineering techniques are easily detectable because they involve threatening employees with physical violence.

Application-filtering firewalls are less expensive than packet-filtering firewalls.

Social engineering takes advantage of the human element of security systems.

When using mirror disks,if one of the two disks containing the same data fails,the other disk also fails.

Level 1 security protects the back-end systems to ensure confidentiality,accuracy,and integrity of data.

A distributed denial-of-service (DDoS)attack involves hundreds of computers working together to bombard a Web site with thousands of requests for information in a short period.

Trojans do not replicate themselves,as viruses and worms do.

Viruses can only be transmitted through direct computer-to-computer contact.

A firewall cannot reject an incoming packet,but instead sends a warning to the network administrator.

Spoofing is sending fraudulent e-mails that seem to come from legitimate sources,such as a bank or university.

Social engineering is an example of an unintentional security threat.

Hand geometry is an example of a biometric security measure.

Backup facilities should never be shared in an attempt to reduce costs.

The main advantage of asymmetric encryption is that it is faster and requires only a small amount of processing power.

Terminal resource security is a software feature that erases the screen and signs the user off automatically after a specified length of inactivity.

The cost of setting up a virtual private network is usually high.

An ideal password should be eight characters or longer.

In symmetric encryption,the same key is used to encrypt and decrypt the message.

An intrusion detection system cannot prevent DoS attacks.

Symmetric encryption is also called public key encryption.

Data encryption transforms data into a scrambled form called ciphertext.

Corner bolts are secured to a computer at the power outlet.

A(n)____________________ contains code intended to disrupt a computer,network,or Web site,and it is usually hidden inside a popular program.

____________________ is an attack that takes advantage of the human element of security systems.

____________________ means that a system must prevent disclosing information to anyone who is not authorized to access it.

A(n)____________________ is a security threat that combines the characteristics of computer viruses,worms,and other malicious codes with vulnerabilities found on public and private networks.

____________________ are independent programs that can spread themselves without having to be attached to a host program.

____________________ ensure availability in the event of a system failure by using a combination of hardware and software.

A(n)____________________ consists of self-propagating program code that is triggered by a specified time or event.

A(n)____________________ is a combination of hardware and software that acts as a filter or barrier between a private network and external computers or networks.

____________________ are inexperienced,usually young hackers who use programs that others have developed to attack computer and network systems.

____________________ outlines procedures for keeping an organization operational in the event of a natural disaster or network attack.

____________________ is a software feature that erases the screen and signs the user off automatically after a specified length of inactivity.

____________________ means that computers and networks are operating and authorized users can access the information they need.

In ____________________ encryption,the same key is used to encrypt and decrypt the message.

A(n)____________________ is software that acts as an intermediary between two systems.

The ____________________ biometric security method translates words into digital patterns,which are recorded and examined for tone and pitch.