Shoulder surfing - Attack wherein any person nearby could "look over the shoulder" of the user to obtain the password.
Piggybacking - Unauthorized persons following authorized persons into restricted areas.
Dumpster diving - Attack wherein critical information is obtained trash box.
Impersonation - refers to someone acting as an employee in an attempt to retrieve desired information.
# As high complex criteria can be set in CIS, it is the best technique to identify transactions as per pre-defined criteria. Continuous and Intermittent Simulation (CIS) is a moderately complex set of programs that during a process run of a transaction, simulates the instruction execution of its application. As each transaction is entered, the simulator decides whether the transaction meets certain predetermined criteria and if so, audits the transaction. If not, the simulator waits until it encounters the next transaction that meets the criteria. Audits hooks which are of low complexity focus on specific conditions instead of detailed criteria in identifying transactions for review. ITF is incorrect because its focus is on test versus live data.
# A warm site has the basic infrastructure facilities, such as power, air conditioning and networking and some of computers. However, all computing device are not installed. Hence before resumption of services from warm site, timely availability of hardware is major concern. A cold site is basically availability of space and basic infrastructure. No communication equipments and computers are installed. Cold site is characterized by at least providing for electricity and HVAC (heat, ventilation and air-conditioning). No other computing facilities are available at cold site.
# It is the responsibility of the IT sterring committee to ensure the efficient use of IT resources.
# Strategy committee is responsible for advising board members about new projects.
# Absence of a project steering committee represents a major risk. A steering committee would provide a liaison between the IS department and the user department. It monitors the IT project prioritization as per business requirements.
# The responsibilities of a telecommunications analyst include reviewing network load requirements in terms of current and future transaction volumes (choice B), assessing the impact
of network load or terminal response times and network data transfer rates (choice C), and recommending network balancing procedures and improvements (choice D).
- Monitoring systems performance and tracking problems as a result of program changes (choice A) would put the analyst in a self-monitoring role.
# Social engineering is based on the divulgence of private information through dialogues, interviews, inquiries, etc., in which a user may be indiscreet regarding his/her or other's personal data.
- A sniffer is a computer tool to monitor the traffic in networks.
- Back doors are computer programs left by hackers to exploit vulnerabilities.
- Trojan horses are computer programs that pretend to supplant a real program; thus, the functionality of the program is not authorized and is usually malicious in nature.
# For unit testing appropriate strategy is white box approach (as both involves testing of internal logic).Unit testing involves testing of individual program or module. In white box testing, program logic is tested. It is applicable for unit testing and interface testing. White box testing examines the internal structure of a module.
In black box, only functionality is tested. Program logics are not tested and hence not relevant for unit testing.
Piggybacking - Unauthorized persons following authorized persons into restricted areas.
Dumpster diving - Attack wherein critical information is obtained trash box.
Impersonation - refers to someone acting as an employee in an attempt to retrieve desired information.
# As high complex criteria can be set in CIS, it is the best technique to identify transactions as per pre-defined criteria. Continuous and Intermittent Simulation (CIS) is a moderately complex set of programs that during a process run of a transaction, simulates the instruction execution of its application. As each transaction is entered, the simulator decides whether the transaction meets certain predetermined criteria and if so, audits the transaction. If not, the simulator waits until it encounters the next transaction that meets the criteria. Audits hooks which are of low complexity focus on specific conditions instead of detailed criteria in identifying transactions for review. ITF is incorrect because its focus is on test versus live data.
# A warm site has the basic infrastructure facilities, such as power, air conditioning and networking and some of computers. However, all computing device are not installed. Hence before resumption of services from warm site, timely availability of hardware is major concern. A cold site is basically availability of space and basic infrastructure. No communication equipments and computers are installed. Cold site is characterized by at least providing for electricity and HVAC (heat, ventilation and air-conditioning). No other computing facilities are available at cold site.
# It is the responsibility of the IT sterring committee to ensure the efficient use of IT resources.
# Strategy committee is responsible for advising board members about new projects.
# Absence of a project steering committee represents a major risk. A steering committee would provide a liaison between the IS department and the user department. It monitors the IT project prioritization as per business requirements.
# The responsibilities of a telecommunications analyst include reviewing network load requirements in terms of current and future transaction volumes (choice B), assessing the impact
of network load or terminal response times and network data transfer rates (choice C), and recommending network balancing procedures and improvements (choice D).
- Monitoring systems performance and tracking problems as a result of program changes (choice A) would put the analyst in a self-monitoring role.
# Social engineering is based on the divulgence of private information through dialogues, interviews, inquiries, etc., in which a user may be indiscreet regarding his/her or other's personal data.
- A sniffer is a computer tool to monitor the traffic in networks.
- Back doors are computer programs left by hackers to exploit vulnerabilities.
- Trojan horses are computer programs that pretend to supplant a real program; thus, the functionality of the program is not authorized and is usually malicious in nature.
# For unit testing appropriate strategy is white box approach (as both involves testing of internal logic).Unit testing involves testing of individual program or module. In white box testing, program logic is tested. It is applicable for unit testing and interface testing. White box testing examines the internal structure of a module.
In black box, only functionality is tested. Program logics are not tested and hence not relevant for unit testing.
No comments :
Post a Comment