10. How can passwords actually circ

10. How can passwords actually circumvent security?
11. Explain how the one – time password approach works.
12. Explain howsmurf attacks and SYN flood attacks can be controlled.
13. Discuss the risks from equipment failure and how they can be controlled.
14. Does every organization that has a LAN need a firewall?
15. Describe three ways in which IPS can be used to protect against DDos attacks.
16. What problem is common to all private key encryption techniques?
17. What is RSA encryption?
18. Explain the triple – DES encryption techniques known as EEE3 and EDE3.
19. Distinguish between a digital signature and a digital certificate.
20. Describe a digest within the context of a digital signature.
21. What is a digital envelope?
22. Why is inadequate segregation of duties a problem in the personal computer environment?
23. Why is the request – response technique important? Discuss the reasons an intruder may wish to prevent or delay the receipt of a message.
24. Discuss how the widespread use of laptop and notebook computers is making data encryption standards more easily penetrable.
25. Discuss the unique control problems EDI creates.
26. “In an EDI system, only the customer needs to verify that the order being placed is from a valid supplier and not vice versa.” Do you agree with this statement? Why or why not?
27. Discuss how EDI creates an environment in which sensitive information, such as inventory amounts and price data, is no longer private. What potential dangers exist if the proper controls are not in place? Give an example.
28. What purpose do protocols serve?
29. Explain the purpose of the two elements of TCP / IP.
30. Distinguish betweenthe FTP and TELNET protocols.
31. Distinguish betweena network – level firewall and an application – level firewall.
32. What is a certification authority, and what are the implications for the accounting profession?
33. Discuss the key aspects of the following five seal granting organizations : BBB, TRUSTe, Veri – Sign, Inc., ICSA, and AICP / CICA Web Trust.
34. Differentiate between a LAN and a WAN. Do you have either or both at your university or college?



MULTIPLE – CHOICE QUESTIONS

1. Sniffer software is
a. used by malicious Web sites to sniff data from cookies stored on the user’s hard drive.
b. used by network administrators to analyze network traffic.
c. used by bus topology intranets to sniff for carriers before transmitting a message to avoid data collisions.
d. an illegal program downloaded from the Web to sniff passwords from the encrypted data of Internet customers.
e. illegal software for decoding encrypted messages transmitted over a shared intranet channel.
2. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (n)
a. operating system.
b. database management system.
c. utility system.
d. facility system.
e. object system.
3. A user’s application may consist of several modules stored in separate memory locations, each with its own data. One module must not be allowed to destroy or corrupt another module. This is an objective of
a. operating system controls.
b. data resource controls.
c. computer center and security controls.
d. application controls.
4. A program that attaches to another legitimate program but does NOT replicate itself is called a
a. virus.
b. worm.
c. Trojan horse.
d. logic bomb.
หน้า 125
5. Which of the following is NOT a data communications control objective?
a. maintaining the critical application list
b. correcting message loss due to equipment failure
c. preventing illegal access
d. rendering useless any data that a perpetrator successfully captures
6. Hackers can disguise their message packets to look as if they come from an authorized user and gain access to the host’s network using a technique called
a. spoofing.
b. IP spooling.
c. dual – homed.
d. screening.
7. Transmitting numerous SYN packets to a targeted receiver, buy NOT responding to an ACK, is form of
a. a DES message.
b. request – response control.

c. denial of service attack.
d. call = back device.
8. A message that is contrived to appear to be coming from a trusted of authorized source is called
a. a denial of service attack.
b. digital signature forging.
c. Internet protocol spoofing.
d. URL masquerading.
e. a SYN – ACK packet.
9. A DDos at