Large Sys Exam 2

Card Set Information

Large Sys Exam 2
2011-10-31 17:05:19
IT security databases

IT security databases voip
Show Answers:

  1. We discussed several types of Database Management
    Systems including:
    Hierarchical, Relational, Network, Object Oriented, Object Relational.
  2. A query in SQL is written in the following format:
    • “Select <something> From <Table> Where <Conditions>”.
    • Note that you should always include a “Where” clause to limit your results. This will help keep you from attempting to retrieve potentially enormous amounts of unneeded information from a database.
  3. A Session Database is
    a database type that is used to store web session data for high availability.
  4. An OLTP Database (On-Line Transactional Processing)
    facilitates data entry and retrieval of transaction processing and is built for Insert/Update performance. An example of a system that would use this is the ATM (automatic teller machine).
  5. A Data Warehouse is
    a repository of an organization’s electronically stored data that is sourced from various operational systems and is designed for analysis and reporting.
  6. A Data Mart is
    a subset of a Data Warehouse that is used to hold data for a specific business function.
  7. In a Flat File System,
    • data is stored in individual files and these files are not linked.
    • Problems with using flat files to store data include data redundancy, locking issues, performance issues and limited recoverability.
  8. OLAP (On-Line Analytical Processing) databases are used for
    • Multi-Dimensional Analysis of data.
    • This data is typically used for marketing, business process management, budgeting and forecasting, etc. It involves complex analysis diverse data.
  9. Business is concerned with turning raw ____ into _____ that can be used applied to any number of functions – growth, marketing, finance, online sales, etc.
    • DATA
  10. An example of a major application that is based on a Flat File model is the______ messaging system. In contrast to that, ______ is based on the Relational Database model.
  11. Information Security is imperative to insure the
    following – known as the CIA Triad:
    • Confidentiality
    • Integrity
    • Availability

    Note that many believe that Authenticity – the guarantee that the data is genuine - should be added as well.
  12. The Principle of Least Privilege is a key Security Concept that is defined as an individual, program or process that is not granted any more access privilege than is necessary to perform a task describes which of the following?
  13. A Threat is
    anything that has potential to cause harm to the information system.
  14. Access to information is controlled through
  15. The attributes of Three Factor Authentication are
    • 1. Something you KNOW
    • 2. Something you ARE
    • 3. Something you HAVE
  16. Your ID and Password are things that you KNOW – this is
    Single Factor Authentication
  17. In addition to the first factor, something that you HAVE may be a security fob that generates a pre-determined code or a signed digital certificate. An example of is the RSA SecurID fob. - This along with the first factor is
    Two Factor Authentication
  18. The third factor is something that you ARE and examples of this are all biometric such as a finger print, voice or hand print. The most recognized form of this is a retinal scan. – All Three together make up
    Three Factor Authentication
  19. CONFIDENTIALITY refers to
    the concealment of information and/or resources – the prevention of the disclosure of information to unauthorized individuals or systems.
  20. From the perspective of IT Security, _____ refers to the Trustworthiness of the data – a guarantee that the data was not modified without authorization.
    the ability to use the information or resource. (A DENIAL of SERVICE attack targets this)
  22. All viruses or worms attack one or more aspects of the
    CIA Triad
  23. Keep in mind that the more secure you make a system or device, the ______ it becomes. This is a trade-off and each business must find a ____ between ____ and _____.
    • Less Usable
    • Balance
    • Security
    • Usability
  24. With Respect to IT Security, A RISK is
    the LIKELIHOOD that something bad will happen to cause harm to an information system.
  25. A Vulnerability is
    a weakness that could be used to endanger or cause harm to an information system.
  26. The purpose of the principle of Separation of Duties is
    to insure that no individual can complete a critical task alone.
  27. Companies use the __________ (or ____) to assess the effectiveness of its security and to determine how to correct any deficiencies found.
    Penetration Test or PEN Test
  28. The PEN Test is concerned with answering the following questions: (Name the 3 ques.)
    • What can an attacker access and obtain?
    • What can an attacker do with what is obtained?
    • Would an attack be noticed?
  29. The Traditional, or Analog, phone system is known as the ________. Also known as _________.
    • PSTN – The Public Switched Telephone Network.
    • POTS – the Plain Old Telephone System.
  30. In call centers, ______ is the method of delivering those calls to the next available or most suitable agent.
    Call Routing
  31. Interactive Voice Response (IVR) allows
    a computer to detect voice and keypad Inputs and allows customers to access a database based upon entries on the touchtone keypad or through voice recognition.
    technology that links computer systems and telephone systems for call handling, call routing and IVR.
  33. The CTI manages the event flow that is generated by the telephony switch during the life cycle of the call – For example:
    • -Call Setup
    • -Delivery (ring)
    • -Establish (answer)
    • -Clear (hang up)
    • -End
  34. Some characteristics the CTI include the following:
    • -provides communication between a telephone and computer
    • -enhances call center capabilities
    • -manages call switches during life cycle of the call
    • -works with ACD or Skills Based Delivery to show status of availability of the agent
  35. Some advantages to Call Routing include:
    • -Increased Agent Utilzation
    • -Shortened Call Handling Time
    • -Shorter Call Queues
  36. The business advantage to using the IVR is
    • is that the IVR responds to customer calls with pre-recorded or dynamically played audio to direct users how to proceed through the system.
    • It increases the efficiency of a customer’s entry into your network.
  37. Instead of answering calls in the order in which they are received, _______ allows callers to be directed to either the next available or most suitable agent, improving customer service.
    Intelligent Call Routing
  38. We discussed two basic Call Routing Strategies
    • ACD (Automatic Call Distribution)
    • Skills Based Call Routing
  39. With the ACD System, Agents are assigned
    • to Queues where the next available agent gets the next incoming call.
    • It is difficult to manage these queues to make sure that only agents with the ability to handle the call receive the call.
    Agents are assigned to Skills and an agent only receives calls for the skills that they are assigned to.
  41. ___ allows data collected from the ___ to be used as input data to query databases with customer information
    • CTI
    • IVR
  42. VoIP– Voice over IP – is
    the transmission of Voice and Video over IP Networks
  43. VoIP uses _____ (As opposed to the traditional ______ that we discussed in several classes) to transmit the voice and video data.
    • Packet Routing Technology
    • Circuit Switched Technology
  44. Voice and Video are broken down into ____ and transmitted over the ______.
    • Packets
    • IP network
  45. Quality of Service or QOS is
    • one of the main mechanisms in place on VoIP networks.
    • It insures that voice and video receive transmission priority on the IP Network by creating queues for the network traffic and prioritizing the data in those queues.
  46. Mechanisms must be put into place on the network to deal with the possible problems that may arise during the transmission of voice and video. These include:
    • Delay – taking too long for a voice packet to arrive. The packet is generally discarded if this happens.
    • Jitter – Inconsistent delay on the network.
    • Packet Loss – Packets arriving out of order or not a tall – Packet Loss Concealment used to handle this
  47. What is the main difference between email and Instant Messaging?
    eMail is based on a store and forward model, while Instant Messaging is Real Time
  48. What was the major limitation of the first email system that was discussed in class. (The MIT CTSS System)
    Users had to be logged onto the SAME SYSTEM to be able to send and receive messages.
  49. What are the characteristics of a Circuit Switched Network, as described in the Messaging and Collaboration Presentation.
    A circuit switched network consists of a dedicated circuit between two endpoints, allowing communication to only one person at a time.
  50. What is the significance of ARPANET?
    It was the world’s first Packet Switched network, and the source from which modern email systems were developed.
  51. What are Three main protocols used for email transport?
  52. The reasons that business have adopted email include
    • -the fact that it eliminates the delay of sending messages through standard postal mail
    • -it is easy to use and understand and it helps solve problems of logistics
    • -synchronization by allowing communication regardless of physical location.
  53. There are many potential problems or risks associated with email and Instant Messaging that include but are not
    limited to the following:
    • General:
    • Time Management – People spend significant portions of the day reading and responding to email
    • SPAM– The overload of unwanted information
    • Real possibility of information duplication – waste of time and space on servers
    • Security:
    • Email has been a favorite attack vector for hackers
    • Email Spoofing – header manipulated to look like it came from trusted source
    • Email Bombing – Denial of Service attack with large volumes of email
    • Privacy:
    • Protection of confidential company and personal information
    • Sarbanes/Oxley And PCI
    • Inappropriate Use:
    • Sending inappropriate content using
    • corporate messaging systems
  54. Instant Messaging was originally used to
    facilitate communication between users on the same machine.
  55. Like email, Instant Messaging pre-dated
    the development of the Internet.
  56. The ability to have real-time quick conversations is one of the main reasons that ________ has been adopted in _____.
    • Instant Messaging
    • businesses
  57. Collaboration Applications build on the ____________, allowing remote teams to interact while working on projects regardless of their ___________.
    • Cloud Computing Model
    • physical locations
  58. _______ is a recursive process where two or more people interact and work together to achieve some goal. The ability to bring diverse groups of people together regardless of location is a main driver in business adopting this technology.
  59. Technologies like OLIVE – On-Line Interactive Virtual Environment – are being utilized in business to
    facilitate interaction between dispersed teams, conduct training classes and conduct presentations all within a “virtual world.” As we discussed, the use of use of these virtual worlds in business is rapidly defining new levels of collaboration that were previously impossible.