IA Knowledge VI Flashcards Preview

CIA PT 3 > IA Knowledge VI > Flashcards

Flashcards in IA Knowledge VI Deck (110)
Loading flashcards...
1
Q

A computer network made up of local-area networks over a large area (e.g., nation or world) using multiple transmission media.

A

Wide-area network (WAN)

2
Q

Self-replicating malicious software that can disrupt networks or computers.

A

Worm

3
Q

Malicious code that attaches itself to storage media, documents, or executable files and is spread when the files are shared with others.

A

Virus

4
Q

Use open Internet protocols and standards to create stand-alone, modular software called services that are capable of describing themselves and integrating with other similar services.

A

Web services

5
Q

The combination of transfer protocol, domain name, directory path, and document name.

A

Uniform Resource Locator

6
Q

A secure method of connecting two points on the Internet, often run by an Internet service providers.

A

Virtual private network (VPN)

7
Q

A type of firewall that enhances packet filtering by monitoring packet flows in general.

A

Stateful inspection

8
Q

Process or transaction-level controls that must be in place for management and governance controls to be effective. They are usually specific to a given application but may also control larger technical processes such as system access rights.

A

Technical controls

9
Q

Unsolicited bulk e-mail.

A

Spam

10
Q

A network topology in which each device is wired to a central device that routes data to or from other devices, eliminating the need to wire between devices.

A

Star network

11
Q

A contract between an organization and a software vendor specifying terms of use.

A

Software license agreement

12
Q

Making illegal duplicate copies of software or installation of software beyond what is allowed in a license agreement.

A

Software piracy

13
Q

A powerful computer with high bandwidth dedicated to a specific task such as providing access to files or managing the common application needs of an organization.

A

Server

14
Q

A software system design that allows for sharing of Web services as needed; a service consumer gets Web services from various service providers.

A

Service-oriented architecture (SOA)

15
Q

The overall rules for a database.

A

Schema

16
Q

The processes an organization puts into place so that security controls and expenditures are fully commensurate with the risks to which the organization is exposed.

A

Security risk management

17
Q

The acceptable levels of variation relative to the achievement of objectives.

A

Risk tolerance

18
Q

In terms of networking hardware, an intelligent processor that networks devices using protocols.

A

Router

19
Q

A database management system that is arranged into two-dimensional files called tables, with links between tables that share a common attribute.

A

Relational database

20
Q

A network topology in which the network is arranged in a circle, so two paths for data are available.

A

Ring network

21
Q

In a database, a logical grouping of fields.

A

Record

22
Q

A hardware control in which each transmitted data element receives an additional bit (character) of data mathematically related to the data; abnormal changes will void the mathematical relationship.

A

Redundant character check

23
Q

Automated error checks built into computer processing as well as segregation of duties such as controlling programmers’ access to files and records. They check that data processing tasks are accurate, complete, and valid.

A

Processing controls

24
Q

An encryption method in which two keys are created, private and public. The sender places the public key in a directory or an application automatically applies it to lock sent data; to decrypt the data, the private key must be used

A

Public key encryption

25
Q

In a database, a unique key field number (i.e., a proper noun) used to identify a specific entity.

A

Primary key

26
Q

An encryption method in which a sender creates an encryption key and sends it to a trusted receiver, who can use it to decrypt all messages in that session.

A

Private key encryption

27
Q

In terms of networking hardware, a physical connection point to a device

A

Port

28
Q

A type of proactive control that deters undesirable events from occurring.

A

Preventive control

29
Q

A type of computer network that is a direct connection between two computers.

A

Peer-to-peer network

30
Q

The means of preventing access to an asset such as locks and/or key cards preventing access to a building, to data centers, and to key operational areas.

A

Physical access controls

31
Q

A type of firewall that compares source and destination addresses to an allowed list, examining headers and other fields in packets of data.

A

Packet filtering

32
Q

The installation of released bug fixes to applications that are already in production.

A

Patch management

33
Q

Process or transaction-level controls that find errors and verify the accuracy, completeness and validity of output data after processing is complete.

A

Output controls

34
Q

A general term describing a logical grouping of data passing through network layers.

A

Packet

35
Q

A method of defining how messages should be sent through a network so that unrelated products can work together.

A

Open Systems Interconnection (OSI) reference model

36
Q

The software interface between the hardware and the applications and end user.

A

Operating system (O/S)

37
Q

Hardware and software systems on a network that analyze incoming packet content, dropping malicious packets.

A

Network IPS (NIPS)

38
Q

Software that allows multiple perspectives for a set of data to be analyzed.

A

Online analytical processing (OLAP)

39
Q

Networking hardware that combines multiple channels into a single channel, such as multiple phone lines sharing a single physical phone line.

A

Multiplexer

40
Q

Used by firewalls with packet filtering and stateful inspection to hide the internal host computer IP addresses from sniffer utilities.

A

Network address translation (NAT)

41
Q

IT controls that determine and mitigate risks to critical assets, sensitive data, or operations, including standards, organizational structure, and physical and environmental controls.

A

Management controls

42
Q

Type of processing that is halfway between batch and real-time processing. Creates real-time entries that are posted to a temporary memo file (which allows the updated information to be viewed); at a designated time the memo file is batch-processed to update the master file.

A

Memo posting

43
Q

A type of computer network for a limited geographical area such as a building.

A

Local-area network (LAN)

44
Q

A large computer capable of supporting massive inputs and outputs and many concurrent users.

A

Mainframe computer

45
Q

In a database, the field used to identify an entity, such as employee number.

A

Key field

46
Q

A type of control that requires data to be entered twice, by different persons if possible, and highlights any differences.

A

Keystroke verification

47
Q

An organization that provides connection to the Internet via a TCP/IP (Transmission Control Protocol/Internet Protocol) connection or provides network services (IP network).

A

Internet service provider (ISP)

48
Q

An internal network for employees built using thin-client tools, standards, and protocols of the World Wide Web and the Internet.

A

Intranent

49
Q

A series of high-capacity trunk lines owned and operated by network service providers (e.g., long-distance telephone companies or governments).

A

Internet backbone

50
Q

Numeric address for a specific computer located on the Internet, e.g., 128.6.13.42.

A

Internet protocol (IP) address

51
Q

A process designed to provide reasonable assurance regarding the achievement of objectives in the categories of effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

A

Internal control

52
Q

A network of networks that have devoted a portion of their processing power and data to public use.

A

Internet

53
Q

A type of control intended to prevent computer errors by controlling data as it manually or electronically enters the system.

A

Input controls

54
Q

A type of control that tracks all read-only access to records.

A

Inquiry log

55
Q

The illegal use of sensitive information to impersonate an individual over computer networks in order to defraud the person or commit a crime without the perpetrator’s true identity being known.

A

Identity theft

56
Q

The risk that inaccurate information is used to make a business decision.

A

Information risk

57
Q

Regular and encrypted versions of the communications standard for Internet message formatting and transmission.

A

HTTP/HTTPS (Hypertext Transfer Protocol/Secure HTTP)

58
Q

In terms of networking hardware, a port switching communications device.

A

Hub

59
Q

Entity-level IT controls that applies generally to the IT environment or overall mix of systems, networks, data, people, and processes.

A

General control

60
Q

Software that functions at the operating system kernel level to detect and block abnormal application behavior before it executes.

A

Host IPS (HIPS)

61
Q

Networking hardware that connects networks with dissimilar architectures.

A

Gateway

62
Q

A type of firewall that stops traffic flowing to a specific application such as File Transfer Protocol.

A

Gateway firewall

63
Q

A hardware/software combination that routes all communications to or from the outside world through it, blocking unauthorized traffic.

A

Firewall

64
Q

A type of control that checks to see that data is entered in an acceptable format.

A

Format check

65
Q

In a database, a collection of related records.

A

File

66
Q

Allows transfer of large files between computers on a network or the Internet.

A

File Transfer Protocol (FTP)

67
Q

In a database, a business object such as a name or an asset.

A

Field

68
Q

A type of control that involves a check to see if information in an entry field is complete.

A

Field check

69
Q

A network that is similar to an intranet but is designed for customers, external partners, or suppliers.

A

Extranet

70
Q

Components that have redundancies in hardware or software to allow continued operations if a system fails.

A

Fault-tolerant components

71
Q

In a database, a record that relates to a person, place, or thing.

A

Entity

72
Q

Software systems that capture the knowledge of a professional using a series of decision points; used to automate complex situations requiring judgment, such as the probability of loan default.

A

Expert systems

73
Q

A portfolio of technologies that help disparate applications communicate.

A

Enterprise application integration (EAI)

74
Q

Modular suites of business applications that share data between modules seamlessly and store all data in a single repository.

A

Enterprise resource planning (ERP) systems

75
Q

A type of control that involves automated tests on data fields.

A

Edit check

76
Q

Use of a mathematical algorithm to scramble data so that it cannot be unscrambled without a numeric key code.

A

Encryption

77
Q

A hardware control in which a process is done twice and compared.

A

Duplicate process check

78
Q

A hardware control in which received data is returned to the sender for comparison.

A

Echo check

79
Q

A hierarchical server network that maintains the domain names for conversion to IP addresses.

A

Domain name system (DNS)

80
Q

An input/output node for a mainframe system, consisting of either just a display and entry devices or a PC running terminal emulation software.

A

Dumb terminal

81
Q

Uses public key encryption and a hashing algorithm (information about the transmitted data) to prevent an original message from being reconstructed.

A

Digital signature

82
Q

A plain language label referring to a numeric IP address.

A

Domain name

83
Q

An application that links users and programs to a database and allows the database to be manipulated by multiple applications.

A

Database management system (DBMS)

84
Q

A broad category of software systems designed not to make decisions but to enhance information available to management in making decisions.

A

Decision support systems (DSS)

85
Q

Database designed to collect the information from one or more transactional databases for purposes of multiyear storage of records and reporting.

A

Data warehouse

86
Q

Any repository of data in a computer system.

A

Database

87
Q

A user-friendly method of querying a database for information.

A

Data query language

88
Q

An input/output node for a mainframe system, consisting of either just a display and entry devices or a PC running terminal emulation software.

A

Data terminal

89
Q

A language that has commands for viewing or changing a database.

A

Data manipulation language

90
Q

The capability of sifting through and analyzing large volumes of data to find certain patterns or associations.

A

Data mining

91
Q

A master record concerning the data in a database.

A

Data dictionary

92
Q

In a database, the specific data in fields.

A

Data items

93
Q

The removal of redundancies and errors in a database.

A

Data cleansing

94
Q

Describes the data and the relationships between data in a database, including logical access paths and records.

A

Data definition language

95
Q

Files intended to be accessible only by the creator that are used to store data about a user’s preferences.

A

Cookies

96
Q

IT controls that are used once errors, fraud, or other control issues have been detected. These are designed to allow manual or automated correction of errors or irregularities discovered by detective controls.

A

Corrective controls

97
Q

A computer network formed by a group of organizations to assist in intercommunications.

A

Consortium network

98
Q

A system of internal controls for managing the availability of computer and other resources and data after a processing disruption.

A

Contingency planning

99
Q

A network architecture that uses servers for specialized functions; clients (the recipients of these functions) are PCs that send requests to the servers.

A

Client/server architecture

100
Q

The sum of all infrastructure and applications required to connect two or more network nodes (computers and devices).

A

Computer network

101
Q

Any alphanumeric key; the item that is second-lowest in the database hierarchy.

A

Character

102
Q

A type of control in which an extra digit is added that has an algorithmic relationship to the remaining digits to show if the number was incorrectly entered such as by transposition.

A

Check digits

103
Q

A network topology that has a main line (bus); all devices are connected to the line.

A

Bus network

104
Q

A set of processes developed for the entire enterprise, outlining the actions to be taken by the information technology (IT) organization, executive staff, and various business units in order to quickly resume operations in the event of a business disruption or service outage.

A

Business continuity plan

105
Q

A binary digit; the item that is lowest in the database hierarchy.

A

Bit

106
Q

Networking hardware that connects two or more LANs with similar architectures.

A

Bridge

107
Q

In a database, fields relating to entities.

A

Attributes

108
Q

A type of processing that accumulates data changes until a set time and then releases them to the database.

A

Batch processing

109
Q

An IT control related to the specific functioning of an application system that supports a specific business process.

A

Application control

110
Q

A type of firewall that serves as an intermediary for communications between the external world and private internal servers; intercepts external packets and, after inspection, relays a version of the information, called a proxy, to the private server, and vice versa.

A

Application gateway/proxy server