Audit in CIS Environment

Quiz
August 28, 2015
I.

What these acronyms stand for? (for the purpose of quiz, understand these
terms)
1. Dos
2. DDos
3. IRC
4. IPS
5. AES
6. DES
7. RSA
8. CA
9. PKI
10.
EDI

11.
12.
13.
IP
14.
P
15.
16.
P

EFT
URL
TCP/
SNM
SSL
NNT

17.
P
18.
L
19.
20.
21.
22.
23.

HTT
HTM
WAN
POS
DDL
DML
SQL

24.
S
25.
26.
C
27.
TTs
28.
29.
30.

IDM
GPC
SDL
CAA
DFD
OOD
3GL

31.
32.
33.
L
34.
35.
S

GUI
SPL
XBR
XML
GDI

II. Identify the term or concept being described in the following

1.
2.
3.
4.
5.
6.

Two types of threats to operating system integrity.

Four areas being examined by the auditors to test operating system integrity.
These are logs that record activity at the system, application, and user level.
It summarizes key activities related to system resources.
A system that enforces access control between two networks.
They provide efficient but low-security access control. This type of firewall
consists of screening router that examines the source and destination addresses
that are attached to incoming message packets.
7. Two general types of firewalls.
8. The conversion of data into secret code for storage in databases and
transmission over networks.
9. Two fundamental components of a Caesar cipher.
10.
It is an electronic authentication that cannot be forged. It ensures that the
message or document the sender transmitted was not tampered with after the
signature is applied.
11.
A technique to detect and correct data errors involving the receiver of the
message returning the message to the sender. The sender compares the
returned message with a stored copy of the original.
12.
The intercompany exchange of computer-processible business information
in standard form.
13.
An internet facility that links user sites locally and around the world.
14.
It is the address that defines the path to a facility or file on the web.
15.
These are rules and standards governing the design of hardware and
software that permit users of networks, which different vendors have
manufactured, to communicate and share data.
16.
Basic protocol that permits communication between internet sites.
17.
The document format used to produce web pages. It defines the page
layout, fonts, and graphic elements as well as hypertext links to other
documents on the web.
18.
The physical arrangement of the components of the network.
19.
They are networks often confined to a single room in a building, or they
may link several building within a close geographic area.
20.
Networks which exceed the geographic limitations of the LAN.
21.
A program (usually destructive) that attaches itself to a legitimate
program to penetrate the operating system and destroy application programs,
data files, and the operating system itself.
22.
A destructive program, such as a virus, that some predetermined event
riggers.
23.
A software program that allows unauthorized access to a system without
going through the normal log-on procedure.
24.
Data files that contain records with no structured relationships to other
files.
25.
It identifies the names and the relationship of all data elements, records,
and files that constitute the database.
26.
The lowest level of the database, and the only level that exists in physical
form.
27.
They allow records to be located, stored, and retrieved, and enables
movement from one record to another.
28.
It refers to the way records are physically arranged on the secondary
storage device.
29.
The technique used to locate records and to navigate through the
database.

30.
It is an abstract representation of the data about entities, including
resources (assets), events (transactions), and agents (personnel or customers,
etc.) and their relationships in an organization.
31.
A single item of data, such as customers name, account balance, or
address.
32.
A database representation of an individual resource, event, or agent about
which we choose to collect data.
33.
Formed when data attributes that logically defined an entity are grouped
together.
34.
Set of record types that an organization needs to support its business
processes.
35.
Record types that constitute a database exist in relation to other record
types.
36.
These controls are designed to prevent unauthorized individuals from
viewing, retrieving, corrupting, or destroying the entitys data.
37.
Controls which ensure that in the event of data loss due to unauthorized
access, equipment failure, or physical disaster the organization can recover its
database.
38.
Procedures which allows the user to create a personal security program or
routine to provide more positive user identification than a single password.
39.
Devices which measure various personal characteristics, such as
fingerprints, voice prints, retina prints, or signature characteristics.
40.
Controls in place to prevent users from inferring, through query features,
specific data values that they otherwise are unauthorized to access.