You are on page 1of 4

Audit in CIS Environment

Assignment
August 26, 2015
I.

What these acronyms stand for? (for the purpose of quiz, understand these
terms)
1. DDP
2. DRP
3. IP
4. Dos
5. DDos
6. SYN
7. IRC
8. LAN
9. IPS
10.
11.
12.
13.
14.

AES
DES
RSA
CA
PKI

15.
16.
17.
W
18.
19.
IP
20.
P
21.
22.
P
23.
P

EDI
EFT
WW
URL
TCP/
SNM
SSL
NNT
HTT

24.
L
25.
26.
27.
S
28.
29.
30.
31.
32.
S
33.

HTM
WAN
POS
DBM
DDL
DML
SQL
DBA
IDM
GPC

34.
SDL
C
35.
CAA
TTs
36.
DFD
37.
OOD
38.
3GL
39.
COB
OL
40.
FOR
TRAN
41.
GUI
42.
SPL

43.
L
44.
45.
O
46.
S
47.
48.
E
49.
50.

XBR
XML
COS
GDI
GVM
BCS
ITF
GAS

II. Identify the term or concept being described in the following


1. It is the computers control program. It allows users and their applications to
share and access common computer resources.
2. They involve policies, procedures, and controls that determine who can access
the operating system, which resources they can use, and what actions they can
take.
3. The operating systems first line of defense against unauthorized access.
4. What is created after a successful log-on attempt? It contains key information
about the user, including their ID, password, user group, and privileges granted
to the user.
5. It is assigned to IT resources to control access to the resources. They contain
information that defines the access privileges for all valid users of the resource.
6. That which is granted to end users who may control resources in distributed data
processing systems which allow them to grant access privileges to other users.
7. Two types of threats to operating system integrity.
8. Four areas being examined by the auditors to test operating system integrity.
9. It is a secret code the user enters to gain access to systems, applications, data
files, or a network server.
10.
In this method of password control, user defines the password to the
system once and then reuses it to gain future access.
11.
Under this approach, the users password changes continuously.
12.
These are longs that record activity at the system, application, and user
level.
13.
They involve recording both the users keystrokes and the systems
responses.
14.
It summarizes key activities related to system resources.
15.
They consist of small LANS and large WANs that may contain thousands of
individual nodes.
16.
It is a form of masquerading to gain unauthorized access to a web server
and/or to perpetrate an unlawful act without revealing ones identity. To
accomplish this, a perpetrator modifies the IP address of the originating
computer to disguise his or her identity.
17.
It is an assault on a web server to prevent it from servicing its legitimate
users. They are particularly devastating to business entities that are prevented
from receiving and processing business transactions from their customers.
18.
A system that enforces access control between two networks.
19.
They provide efficient but low-security access control. This type of firewall
consists of screening router that examines the source and destination addresses
that are attached to incoming message packets.
20.
Two general types of firewalls.
21.
The conversion of data into secret code for storage in databases and
transmission over networks.
22.
Two fundamental components of a Caesar cipher.
23.
It is an electronic authentication that cannot be forged. It ensures that the
message or document the sender transmitted was not tampered with after the
signature is applied.
24.
It is a device which requires dial-in user to enter a password and be
identified.
25.
A technique to detect and correct data errors involving the receiver of the
message returning the message to the sender. The sender compares the
returned message with a stored copy of the original.
26.
The intercompany exchange of computer-processible business information
in standard form.

27.
An internet facility that links user sites locally and around the world.
28.
It is the address that defines the path to a facility or file on the web.
29.
These are rules and standards governing the design of hardware and
software that permit users of networks, which different vendors have
manufactured, to communicate and share data.
30.
Basic protocol that permits communication between internet sites.
31.
A protocol used to transfer text files, programs, spreadsheets, and
databases across the internet
32.
The document format used to produce web pages. It defines the page
layout, fonts, and graphic elements as well as hypertext links to other
documents on the web.
33.
The physical arrangement of the components of the network.
34.
They are networks often confined to a single room in a building, or they
may link several building within a close geographic area.
35.
Networks which exceed the geographic limitations of the LAN.
36.
That which results when two or more signals are transmitted
simultaneously which destroys both messages.
37.
A program (usually destructive) that attaches itself to a legitimate
program to penetrate the operating system and destroy application programs,
data files, and the operating system itself.
38.
A software program that virtually burrows into the computers memory and
replicates itself into areas of idle memory.
39.
A destructive program, such as a virus, that some predetermined event
riggers.
40.
A software program that allows unauthorized access to a system without
going through the normal log-on procedure.
41.
A program whose purpose is to capture ID, and passwords from
unsuspecting user.
42.
Data files that contain records with no structured relationships to other
files.
43.
Replication of essentially the same data in multiple files which results to
certain problems in a flat-file environment.
44.
It identifies the names and the relationship of all data elements, records,
and files that constitute the database.
45.
Database view describing the structures of data records, the linkages
between files, and the physical arrangement and sequence of records in a file.
46.
Database view which describes the entire database. It represents the
database logically and abstractly, rather than the way it is physically stored.
47.
Database view which defines the users section of the database the
portion that an individual user is authorized to access.
48.
The proprietary programming language that a particular DBMS uses to
retrieve, process and store data.
49.
The standard query language for both mainframe and microcomputer
DBMS considered as the fourth-generation, non-procedural language with many
commands that allow users to input, retrieve, and modify data easily.
50.
A function of the Database Administrator which describes every data
element in the database. This enable all users to share a common view of the
data resource, thus greatly facilitating the analysis of user needs.
51.
The lowest level of the database, and the only level that exists in physical
form.
52.
They allow records to be located, stored, and retrieved, and enables
movement from one record to another.
53.
It refers to the way records are physically arranged on the secondary
storage device.

54.
The technique used to locate records and to navigate through the
database.
55.
It is an abstract representation of the data about entities, including
resources (assets), events (transactions), and agents (personnel or customers,
etc.) and their relationships in an organization.
56.
A single item of data, such as customers name, account balance, or
address.
57.
A database representation of an individual resource, event, or agent about
which we choose to collect data.
58.
Formed when data attributes that logically defined an entity are grouped
together.
59.
Set of record types that an organization needs to support its business
processes.
60.
Record types that constitute a database exist in relation to other record
types.
61.
Distributed database which splits the central database into segments or
partitions that are distributed to their primary users.
62.
These controls are designed to prevent unauthorized individuals from
viewing, retrieving, corrupting, or destroying the entitys data.
63.
Controls which ensure that in the event of data loss due to unauthorized
access, equipment failure, or physical disaster the organization can recover its
database.
64.
Procedures which allows the user to create a personal security program or
routine to provide more positive user identification than a single password.
65.
Devices which measure various personal characteristics, such as
fingerprints, voice prints, retina prints, or signature characteristics.
66.
Controls in place to prevent users from inferring, through query features,
specific data values that they otherwise are unauthorized to access.
67.
A commercial system that are completely finished and tested systems that
are ready for implementation, These are often general-purpose systems or
systems customized to a specific industry.
68.
A system which provide a basic system structure on which to build. They
come with all the primary processing modules programmed.
69.
Its objective is to link individual system projects or applications to the
strategic objectives of the firm.
70.
In this phase of systems development process, database structures are
created and populated with data, equipment is purchased and installed,
employees are trained, the system is documented, and the new system is
installed.

You might also like