Chapter 3—Security Part I: Auditing Operating Systems and Networks TRUE/FALSE
In a computerized environment, the audit trail log must be printed onto paper document.
Disguising message packets to look as if they came from another user and to gain access to the host’s network is called spooling.
A formal log-on procedure is the operating system’s last line of defense against unauthorized access.
Computer viruses usually spread throughout the system before being detected.
A worm is software program that replicates itself in areas of idle memory until the system fails.
Viruses rarely attach themselves to executable files.
Operating system controls are of interest to system professionals but should not concern accountants and auditors.
The most frequent victims of program viruses are microcomputers.
Operating system integrity is not of concern to accountants because only hardware risks are involved.
Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual keystrokes and event-oriented logs.
In a telecommunications environment, line errors can be detected by using an echo check.
Firewalls are special materials used to insulate computer facilities
The message authentication code is calculated by the sender and the receiver of a data transmission.
The request-response technique should detect if a data communication transmission has been diverted.
Electronic data interchange translation software interfaces with the sending firm and the value added network.
A value added network can detect and reject transactions by unauthorized trading partners.
Electronic data interchange customers may be given access to the vendor's data files.
The audit trail for electronic data interchange transactions is stored on magnetic media.
A firewall is a hardware partition designed to protect networks from power surges.
To preserve audit trails in a computerized environment, transaction logs are permanent records of transactions.
Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating subschemas.
The standard format for an e-mail address is DOMAIN NAME@USER NAME.
The network paradox is that networks exist to provide user access to shared resources while one of its most important objectives is to control access.
IP spoofing is a form of masquerading to gain unauthorized access to a Web server.
The rules that make it possible for users of networks to communicate are called protocols.
A factor that contributes to computer crime is the reluctance of many organizations to prosecute criminals for fear of negative publicity.
Cookies are files created by user computers and stored on Web servers.
Because of network protocols, users of networks built by different manufacturers are able to communicate and share data.
The client-server model can only be applied to ring and star topologies.
Only two types of motivation drive DoS attacks: 1) to punish an organization with which the perpetrator had a grievance; and 2) to gain bragging rights for being able to do it.
A distributed denial of service (DDoS) attack may take the form of a SYN flood but not a smurf attack.
The bus topology connects the nodes in parallel.
A network topology is the physical arrangement of the components of the network.
A digital signature is a digital copy of the sender’s actual signature that cannot be forged.
A bus topology is less costly to install than a ring topology.
A smurf attack involves three participants: a zombie, an intermediary, and the victim.
In a hierarchical topology, network nodes communicate with each other via a central...
Please join StudyMode to read the full document