Shared Flashcard Set

Details

Chapter 7: Stuff he said we should know
Chapter 7. Stuff he said we need to know
30
Computer Science
12th Grade
02/11/2013

Additional Computer Science Flashcards

 


 

Cards

Term

The feature that could allow a CD to load malicious code is called what? 

 

A. A false negative

 

B. A CD-Key

 

C. A MBR, or Master Boot Record

 

D. Autorun

Definition

D. 

 

Autorun allows CDs to execute code automatically.

Term

Why is water not used for fire suppression in data centers?

 

A. It would cause a flood.

 

B. Water cannot put out an electrical fire.

 

C. Water would ruin all the electronic equipment.

 

D. Building code prevents it.

Definition

C. 

 

Electronic components would be ruined by a water-based fire-suppression

system.

Term

Which one is not a unique biometric? 

 

A. Fingerprint

 

B. Eye retina

 

C. Hand geometry

 

D. Shoulder-to-waist geometry

Definition

D. 

 

Shoulder-to-waist geometry is not unique. All the other examples are biometrics that are unique.

Term

Why is physical security so important to good network security?

 

A. Because encryption is not involved

 

B. Because physical access defeats nearly all network security measures 

 

C. Because an attacker can steal biometric identities

 

D. Authentication

Definition

B. 

 

Physical access to a computer system will almost always defeat any security measures put in place on the system.

Term

How does multiple-factor authentication improve security?

 

A. By using biometrics, no other person can authenticate.

 

B. It restricts users to smaller spaces.

 

C. By using a combination of authentications, it is more difficult for someone to gain illegitimate access.

 

D. It denies access to an intruder multiple times.

Definition

C. 

 

Multiple-factor authentication gives an attacker several systems to overcome, making the unauthorized access of systems much more difficult.

Term

Why is access to an Ethernet jack a risk?

 

A. A special plug can be used to short out the entire network. 

 

B. An attacker can use it to make a door entry card for himself. 

 

C. Wireless traffic can find its way onto the local area network.

 

D. It allows access to the internal network.

Definition

D. 

 

An exposed Ethernet jack available in a public place can allow access to the internal network, typically bypassing most of the network’s security systems.

Term

When a biometric device has a false positive, it has done what?

 

A. Generated a positive charge to the system for which compensation is required

 

B. Allowed access to a person who is not authorized

 

C. Denied access to a person who is authorized

 

D. Failed, forcing the door it controls to be propped open

Definition

B. 

 

A false positive means the system granted access to an unauthorized person based on a biometric being close to an authorized person’s biometric.

Term

Why does an IP-based CCTV system need to be implemented carefully?

 

A. Camera resolutions are lower.

 

B. They don’t record images; they just send them to web pages. 

 

C. The network cables are more easily cut.

 

D. They could be remotely attacked via the network.

Definition

D. 

 

Any device attached to the IP network can be attacked using a traditional IP-based attack.

Term

Which of the following is a very simple physical attack? 

 

A. Using a custom RFID transmitter to open a door

 

B. Accessing an Ethernet jack to attack the network 

 

C. Outright theft of the computers

 

D. Installing a virus on the CCTV system

Definition

C. 

 

The theft of a computer is a very simple attack that can be carried out surprisingly effectively. This allows an attacker to compromise the stolen machine and its data at his leisure.

Term

A perfect bit-by-bit copy of a drive is called what?

 

A. Drive picture 

 

B. Drive image 

 

C. Drive copy

 

D. Drive partition

Definition

B. 

 

A drive image is a perfect copy of a drive that can then be analyzed on another computer.

Term

What about physical security makes it more acceptable to other employees?

 

A. It is more secure.

 

B. Computers are not important.

 

C. It protects the employees themselves.

 

D. It uses encryption.

Definition

C. 

 

Physical security protects the people, giving them a vested interest in its support.

Term

On whom should a company perform background checks?

 

A. System administrators only

 

B. Contract personnel only

 

C. Background checks are not needed outside of the military

 

D. All individuals who have unescorted physical access to the facility

Definition

D. 

 

All unescorted people entering the facility should be background checked.

Term

What is a common threat to token-based access controls?

 

A. The key

 

B. Demagnetization of the strip 

 

C. A system crash

 

D. Loss or theft of the token

Definition

D. 

 

The loss or theft of the token is the most common and most serious threat to the system; anyone with a token can access the system.

Term

Why should security guards get cross-training in network security?

 

A. They are the eyes and ears of the corporation when it comes to security. 

 

B. They are the only people in the building at night.

 

C. They are more qualified to know what a security threat is.

 

D. They have the authority to detain violators.

Definition

A. 

 

Security guards are the corporation’s eyes and ears and have a direct responsibility for security information.

Term

Why can a USB flash drive be a threat?

 

A. They use too much power.

 

B. They can bring malicious code past other security mechanisms. 

 

C. They can be stolen.

 

D. They can be encrypted.

Definition

B. 

 

USB drives have large storage capacities and can carry some types of malicious code past traditional virus filters.

Term
What should the temperature be between in a data structure building?
Definition
Between 70 - 74 degrees.
Term
What are the primary defenses against a majority of physical attacks?
Definition

Walls (Great Wall of China, Berlin)

 

Doors and Windows (should be locked)

 

Drop-Ceilings (in server rooms)

 

Guards

Term
What do physical security policies and procedures relate to?
Definition

1) Those that affect computers themselves.

 

2) Those that affect the users.

Term
What does access control mean?
Definition
Control of doors and entry points
Term
What is a "bump key"?
Definition

A key cut with all notches to the maximum depth, also known as "all nines." This key uses a technique that has been around for a long time.

 

The key is inserted into the lock and then sharply struck, bouncing the lock pinds up and above the hear line and allowing the lock to open.

Term
What is "Layered Access" as it related to physical security?
Definition

Putting in place multiple physical security measures in a building. 

 

- Access Tokens

- Contactless Access Cards (A card and a seperate pin required to open the door)

- Mantrap (2 doors that require a user to sequentially go through to gain access)

- CCTV cameras for surveillance.

Term
What are some environmental controls?
Definition

1) HVAC (Heating, Ventilating and Air Conditioning) systems are critical for keeping data centers cool.

 

2) Environmental Monitoring - The electronic tracking of temperature and humidity in data certers (call-out protection monitors the thermostats and sends out call/alarm if temp gets too high/low).

 

3) Fire detectors... explained in a later card..

Term
What is a "privilege creep"?
Definition
Somebody that has access to things he/she shouldn't have access too.
Term
What is the #1 concern for IT security?
Definition
Employees.
Term
What are the 4 types of fire suppressants/extinguishers?
Definition

1) Common Combustibles (wood, paper) Fire Suppression:

    • Water
    • Soda Acid

2) Liquid Fire Suppression:

    • CO2
    • Soda Acid

3) Electrical Fire Suppressions:

    • FM200
    • C02 - If humans are around, it's bad. If there are only machines in a room though, it's OK and starves the fire of oxygen. 

4) Metal Fire Suppression: 

    • Dry Powders
Term
What should a company ask itself in regards to physical "risks"?
Definition

1) Are we going to accept the risk?

 

2) Are we going to avoid the risk?

 

3) Are we going to transfer the risk?

Term
What is "Authentication"?
Definition

The process by which a user proves that he/she is who he/she says she is:

 

- Biometrics ("something you are")

- Token ("something you have")

- Username/Password ("something you know")

Term
What is "multi-factor" authentication?
Definition

The combination of two or more types of authentication that are not of the same type:

 

1) Tokens

2) Retina or Iris scans

3) Password

 

This is considered very strong authentication.

Term
What are examples of biometrics...
Definition

1) Fingerprints

 

2) Retina scan (scans blood vessels in eye, more secure than iris scan)

 

3) Iris scan (scans the unique pattern in one's iris)

 

4) Rhythm scan (used to identify a person based on a set rhythm-- such as voice tone and speed)

Term

What is a "False Acceptance Rate"?

 

What is a "False Rejection"

 

Why is the professor wrong on his termonology? :-P

Definition

"A False Acceptance Rate is a breach in authentication where a bad person is let in, and the good person is not. A False Rejection allows the good person in." ~ Professor's direct words....  He's not right :-P

 

Book:

 

1) False Positive -- occurs when a biometric is scanned and allows access to someone who is not authorized. 

 

2) False negative -- occurs when the system denies access to someone who is actually authorized.

Supporting users have an ad free experience!