BIS 255 CH. 5 EXAM QUESTIONS AND ANSWERS
LATEST UPDATE
Spyware
Software that secretly gathers info about users while they browse the Web; should
install anti-spyware software
Adware
Form of spyware that collects info about the user to determine which ads to display in
user's Web browser. Install ad-blocking feature
Phishing
Sending fraudulent emails that seem to come from legitimate sources (ex. Bank); will
redirect you and get your personal info
Pharming
Directing Internet users to fraudulent websites to take personal info; usually hijack an
official website and altering the IP address
Keystroke loggers
Monitor and record keystrokes and can be software or hardware devices (ex. Collects
credit card numbers)
Sniffing
Capturing and recording network traffic: can be used for legit reasons, but hackers often
use to intercept info
Three important aspects of computer and network security (McCumber Cube)
Confidentiality, integrity and availability
Confidentiality
A system must prevent disclosing info to anyone who is not authorized to access it
Integrity
Accuracy of information resources within an organization
Availability
Computers and networks are operating, and authorized users can access the info they
need. Also means quick recovery in the event of a system failure
Level 1 of comprehensive security system
Front-end servers: available to both internal and external users, must be protected
against unauthorized access (email and Web servers)
Level 2 of comprehensive security system
Back-end systems: must be protected to ensure confidentiality, accuracy, and integrity
of data (ex. users' workstations and internal database servers)
Level 3 of comprehensive security system
The corporate network must be protected against intrusion, denial-of-service attacks,
and unauthorized access
Fault-tolerant systems
Ensure availability in the event of a system failure by using a combination of hardware
and software
RAID (redundant array of independent disks)
LATEST UPDATE
Spyware
Software that secretly gathers info about users while they browse the Web; should
install anti-spyware software
Adware
Form of spyware that collects info about the user to determine which ads to display in
user's Web browser. Install ad-blocking feature
Phishing
Sending fraudulent emails that seem to come from legitimate sources (ex. Bank); will
redirect you and get your personal info
Pharming
Directing Internet users to fraudulent websites to take personal info; usually hijack an
official website and altering the IP address
Keystroke loggers
Monitor and record keystrokes and can be software or hardware devices (ex. Collects
credit card numbers)
Sniffing
Capturing and recording network traffic: can be used for legit reasons, but hackers often
use to intercept info
Three important aspects of computer and network security (McCumber Cube)
Confidentiality, integrity and availability
Confidentiality
A system must prevent disclosing info to anyone who is not authorized to access it
Integrity
Accuracy of information resources within an organization
Availability
Computers and networks are operating, and authorized users can access the info they
need. Also means quick recovery in the event of a system failure
Level 1 of comprehensive security system
Front-end servers: available to both internal and external users, must be protected
against unauthorized access (email and Web servers)
Level 2 of comprehensive security system
Back-end systems: must be protected to ensure confidentiality, accuracy, and integrity
of data (ex. users' workstations and internal database servers)
Level 3 of comprehensive security system
The corporate network must be protected against intrusion, denial-of-service attacks,
and unauthorized access
Fault-tolerant systems
Ensure availability in the event of a system failure by using a combination of hardware
and software
RAID (redundant array of independent disks)
