Module 7 and 8 Reviewer PDF

MODULE 7_GENCON_NETWORK Multiple Choice 1. Which type of firewall provides a higher level of customizable network security? ○ A) Network-level firewall ○ B) Proxy firewall ○ C) Application-level firewall ○ D) Transport firewall ○ Answer: C) Application-level firewall 2. What is a common cause of data loss in network communications? ○ A) Firewall malfunction ○ B) Equipment noise ○ C) Subversive threats ○ D) Data redundancy ○ Answer: B) Equipment noise 3. The method of encryption that uses two different keys for encoding and decoding is called: ○ A) Symmetric encryption ○ B) Digital signature ○ C) Private key encryption ○ D) Public key encryption ○ Answer: D) Public key encryption 4. What is the role of a digital certificate? ○ A) Encrypt data for transmission ○ B) Authenticate sender identity ○ C) Encrypt data using private keys ○ D) Ensure message tampering ○ Answer: B) Authenticate sender identity 5. Which of the following is not a type of Denial of Service (DoS) attack? ○ A) SYN Flood Attack ○ B) Smurf Attack ○ C) Firewall Breach Attack ○ D) Distributed DoS (DDoS) Attack ○ Answer: C) Firewall Breach Attack 6. Which type of encryption technique uses a 128-bit encryption standard? ○ A) AES (Advanced Encryption Standard) ○ B) RSA ○ C) Triple-DES ○ D) DES ○ Answer: A) AES (Advanced Encryption Standard) 7. The three-way handshake process involves sending which three packets? ○ A) SYN, SYN-ACK, ACK ○ B) SYN, ACK, FIN ○ C) SYN, SYN-ACK, FIN ○ D) ACK, SYN, FIN ○ Answer: A) SYN, SYN-ACK, ACK 8. What is the role of a callback device in network security? ○ A) To encrypt data using public keys ○ B) To provide a backup connection ○ C) To authenticate users by reconnecting after verifying identity ○ D) To monitor network traffic ○ Answer: C) To authenticate users by reconnecting after verifying identity 9. Which type of firewall primarily uses a screening router to examine source and destination addresses? ○ A) Network-level firewall ○ B) Application-level firewall ○ C) Dual-homed firewall ○ D) Stateful firewall ○ Answer: A) Network-level firewall 10. Which of the following is a method to prevent SYN flood attacks? ○ A) Blocking inbound packets with invalid IPs ○ B) Allowing all outbound traffic ○ C) Blocking outbound message packets with invalid internal IPs ○ D) Allowing only SYN packets ○ Answer: C) Blocking outbound message packets with invalid internal IPs 11. Which method ensures that a message sequence cannot be deleted, reordered, or duplicated during transmission? ○ A) Digital envelope ○ B) Message Sequence Numbering ○ C) Call-back device ○ D) Parity check ○ Answer: B) Message Sequence Numbering 12. What technique helps detect and prevent DDoS attacks by inspecting packets? ○ A) Firewall monitoring ○ B) Digital signature ○ C) Echo check ○ D) Deep Packet Inspection (DPI) ○ Answer: D) Deep Packet Inspection (DPI) 13. Which of the following encryption methods is computationally intensive and used alongside DES in a digital envelope? ○ A) AES ○ B) RSA ○ C) Triple-DES ○ D) Public key encryption ○ Answer: B) RSA 14. What is the purpose of an EDI audit trail? ○ A) To maintain a control log of transactions ○ B) To validate user identity ○ C) To encrypt EDI messages ○ D) To verify packet sequences ○ Answer: A) To maintain a control log of transactions 15. What is the main purpose of an echo check-in data transmission? ○ A) To validate user credentials ○ B) To encrypt data ○ C) To create an audit trail ○ D) To compare the returned message with the original to detect errors ○ Answer: D) To compare the returned message with the original to detect errors True or False 1. A SYN flood attack involves the initiating host not sending the final acknowledgment packet. ○ Answer: True 2. EDI systems completely eliminate the need for audit trails in transactions. ○ Answer: False 3. Triple-DES encryption provides more security than standard Data Encryption Standard (DES). ○ Answer: True 4. Message sequence numbering is used to verify the integrity of transmitted data. ○ Answer: True 5. Echo checks involve comparing the returned message with a stored copy of the original. ○ Answer: True 6. Public key encryption requires the sender and receiver to share a single private key. ○ Answer: False - private key encryption 7. A Smurf attack uses the victim's IP address to send echo requests to other devices. ○ Answer: True 8. Digital certificates are used to encrypt messages in the EDI system. ○ Answer: False - Encryption in EDI systems typically uses public key or private key encryption methods, which convert data into a secure code to protect the content during transmission. The digital certificate only confirms the sender's identity and does not directly encrypt or decrypt the message content. 9. A call-back device is a network security feature that verifies the identity of the caller. ○ Answer: True 10. The parity check method adds an extra bit to ensure data integrity during transmission. ○ Answer: True 11. Network-level firewalls provide comprehensive transmission logging and user authentication. ○ Answer: False - application-level firewall 12. A Digital Envelope uses both DES and RSA encryption methods together. ○ Answer: True Identification 1. Identify the encryption standard that uses a single key known to both sender and receiver. ○ Answer: AES (Advanced Encryption Standard) 2. Name the tool that hackers can use to flood a network with messages using a forged IP address. ○ Answer: Smurf Attack 3. What is the term for the technique that uses both DES and RSA encryption methods together? ○ Answer: Digital Envelope 4. Define the process where each message is logged with user ID, access time, and terminal location. ○ Answer: Message Transaction Log 5. What is the most common issue in data communications that can lead to message corruption? ○ Answer: Line Errors 6. Which device verifies the caller's identity by reconnecting after initial contact is made? ○ Answer: Callback Device 7. What is the name of the encryption technique that enhances DES for better security? ○ Answer: Triple-DES 8. What type of firewall uses a screening router to filter traffic? ○ Answer: Network-level Firewall 9. Which encryption method involves a 128-bit standard commonly used by the U.S. government? ○ Answer: AES (Advanced Encryption Standard) 10. What is the authentication method that verifies the sender's identity using a trusted third party? ○ Answer: Digital Certificate 11. What method allows users to encrypt data with the speed of secret key encryption and the security of public key encryption? ○ Answer: Digital Envelope 12. What is the additional bit added in data transmission to detect errors known as? ○ Answer: Parity Bit 13. Which type of attack involves using zombie computers to overwhelm a network? ○ Answer: Distributed Denial of Service (DDoS) Attack 14. What is the method called where the recipient of a message sends it back to the sender to verify accuracy? ○ Answer: Echo Check 15. What is the type of firewall that adds overhead to connectivity but offers customizable security? ○ Answer: Application-level Firewall MODULE 8_SYSDEVT_APPLICATION CONTROLS Multiple Choice What document provides a detailed written description of a user’s needs in the systems development process? A) System specification document B) User specification document C) Development specification document D) Technical design document Answer: B) User specification document What is the purpose of an SPL management system (SPLMS)? A) To compile and link programs for production B) To control storage, retrieval, deletion, and documentation of program changes C) To encrypt sensitive programs D) To develop and test new program modules Answer: B) To control storage, retrieval, deletion, and documentation of program changes Which type of input control is used to check for both transcription and transposition errors? A) Check digit B) Limit check C) Range check D) Reasonableness check Answer: A) Check digit Which of the following controls is designed to ensure that unauthorized copies of output are not produced? A) Report distribution B) Output spooling C) Print program controls D) Transaction log Answer: C) Print program controls What is the purpose of batch totals in processing controls? A) To authenticate users B) To monitor data as they are entered C) To ensure each processing step handles the batch correctly and completely D) To log all user transactions Answer: C) To ensure each processing step handles the batch correctly and completely Which input control verifies that all required fields contain data before processing? A) Missing data check B) Range check C) Validity check D) Numeric-alphabetic check Answer: A) Missing data check Which feature of SPLMS automatically assigns a new version number to modified programs? A) Program audit trail B) Version tracking C) Program version number D) Maintenance command control Answer: C) Program version number The primary output threat in digital output controls is: A) Unauthorized access to SPL B) Loss of transaction log C) Interception or disruption of output message D) System overload Answer: C) Interception or disruption of output message Which of the following is NOT a part of audit procedures for systems development? A) Reviewing test results B) Confirming feasibility studies C) Verifying SPL backup procedures D) Ensuring user needs analysis was completed Answer: C) Verifying SPL backup procedures What control method checks if the data entered meets specific numeric or alphabetic criteria? A) Range check B) Validity check C) Numeric-alphabetic check D) Limit check Answer: C) Numeric-alphabetic check True or False The internal auditor plays a key role in the control of systems development by ensuring knowledge transfer between users and systems professionals. Answer: True A check digit helps identify errors in data transcription and transposition. Answer: True The SPLMS allows unauthorized users to modify production programs directly. Answer: False Run-to-run control is a technique used to verify the accuracy of batch processing by comparing batch totals. Answer: True End-user controls ensure that output reports are examined for correctness after they have been printed or viewed. Answer: True A reasonableness check ensures that data values fall within a predefined range. Answer: False (It ensures data values are logical or reasonable within context.) System output that has served its purpose should be securely stored until its retention period expires, after which it should be shredded. Answer: True Application controls are only relevant for financial applications like SAP or Oracle ERP. Answer: False Hash totals are part of batch controls that help detect errors in transaction data. Answer: True The audit trail for a system includes transaction logs and listings of all successful transactions. Answer: True Identification What document describes the user’s view of a problem for system developers? Answer: User specification document What technique is used to add an extra digit to detect data coding errors? Answer: Check digit Which control checks that data fields contain values of the correct type (numeric or alphabetic)? Answer: Numeric-alphabetic check What process prevents the production of unauthorized output copies? Answer: Print program control Name the system that manages storage and retrieval in a Source Program Library. Answer: SPL Management System (SPLMS) What tool provides a journal-like record of all successful transactions? Answer: Transaction log What is the control technique that detects transcription and transposition errors in data entry? Answer: Check digit Which type of check prevents missing or incomplete data in required fields? Answer: Missing data check What is the name of the procedure used to verify each processing step in batch processing? Answer: Run-to-run control What feature ensures that each new version of a program is tracked in the SPL? Answer: Program version number

Module 7 and 8 Reviewer PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue