Information Security & Risk
- What are the 4 jobs of an operating system?
Answer:The basic functions of an operating system are:
- Booting the computer
- Performs basic computer tasks eg. managing the various peripheral devices eg mouse, keyboard
- Provides a user interface, e.g. command line, graphical user interface (GUI)
- Handles system resources such as computer´s memory and sharing of the central processing unit (CPU) time by various applications or peripheral devices
Booting the computer
The process of starting or restarting the computer is known as booting. A cold boot is when you turn on a computer that has been turned off completely. A warm boot is the process of using the operating system to restart the computer
Performs basic computer task
The operating system performs basic computer tasks, such as managing the various peripheral devices such as the mouse, keyboard and printers. For example, most operating systems now are plug and play which means a device such as a printer will automatically be detected and configured without any user intervention.
Provides a user interface
A user interacts with software through the user interface. The two main types of user interfaces are: command line and a graphical user interface (GUI). With a command line interface, the user interacts with the operating system by typing commands to perform specific tasks. An example of a command line interface is DOS (disk operating system). With a graphical user interface, the user interacts with the operating system by using a mouse to access windows, icons, and menus. An example of a graphical user interface is Windows Vista or Windows 7.
The operating system is responsible for providing a consistent application program interface (API) which is important as it allows a software developer to write an application on one computer and know that it will run on another computer of the same type even if the amount of memory or amount of storage is different on the two machines.
Handles system resources
The operating system also handles system resources such as the computer´s memory and sharing of the central processing unit (CPU) time by various applications or peripheral devices. Programs and input methods are constantly competing for the attention of the CPU and demand memory, storage and input/output bandwidth. The operating system ensures that each application gets the necessary resources it needs in order to maximise the functionality of the overall system.
- How does the Operating system keep track of the different disk drives?
Answer:The main idea behind allocation is effective utilization of file space and fast access of the files. There are three types of allocation:
- contiguous allocation
- linked allocation
- indexed allocation
In addition to storing the actual file data on the disk drive, the file system also stores metadata about the files: the name of each file, when it was last edited, exactly where it is on the disk, and what parts of the disk are "free". Free areas are not currently in use by the file data or the metadata, and so available for storing new files. (The places where this metadata is stored are often called "inodes", "chunks", "file allocation tables", etc.
To keep track of the free space, the file system maintains a free-space list which tracks all the disk blocks which are free. To create a file, the required space is reserved for the file and the corresponding space is removed from the free list.
With contiguous allocation, each file has to occupy contiguous blocks on the disk. The location of a file is defined by the disk address of the first block and its length. Both sequential access and direct/Random access are supported by the contiguous allocation. The disadvantage of contiguous allocation is that it is often difficult to find free space for a new file. Moreover, one is often not sure of the space required while creating a new file. The various methods adopted to find space for a new file suffer from external fragmentation.
In linked allocation, each file is a linked list of disk blocks. The directory contains a pointer to the first and (optionally the last) block of the file. For example, a file of 5 blocks which starts at block 4, might continue at block 7, then block 16, block 10, and finally block 27. Each block contains a pointer to the next block and the last block contains a NIL pointer. The value -1 may be used for NIL to differentiate it from block 0.
With linked allocation, each directory entry has a pointer to the first disk block of the file. This pointer is initialized to nil (the end-of-list pointer value) to signify an empty file. A write to a file removes the first free block and writes to that block. This new block is then linked to the end of the file. To read a file, the pointers are just followed from block to block.
There is no external fragmentation with linked allocation. Any free block can be used to satisfy a request. Notice also that there is no need to declare the size of a file when that file is created. A file can continue to grow as long as there are free blocks. Linked allocation, does have disadvantages, however. The major problem is that it is inefficient to support direct-access; it is effective only for sequential-access files. To find the ith block of a file, it must start at the beginning of that file and follow the pointers until the ith block is reached. Note that each access to a pointer requires a disk read.
Linked allocation does not support random access of files, since each block can only be found from the previous. Indexed allocation solves this problem by bringing all the pointers together into an index block. This type of allocation will have a pointer which has the address of all the blocks of a file. This method solves the problem of fragmentation as the blocks can be stored in any location.
- What kind of natural hazards are not normally insurable?
Earthquakes are a major cause of landslides. Landslides occur when masses of rock, earth material, or debris flows move down a slope due to gravity. Landslides can occur on any terrain if the conditions are right, and cause significant damage and casualties to people and property. In this lesson, students learn about earthquake-induced landslides and the associated hazards, and how and why landslides occur. In addition, students discuss steps they can take to reduce landslide hazards.
- Describe the trends in disaster management.
Answer:Risk-based Planning and Resourcing
As jurisdictions continue to have to figure out how to do more with less, risk-based planning and resourcing will become even more important. It will be more important than ever to be able to identify risk and make assessments of the potential of each risk and assign resources accordingly. Performance measures and the ability to show some benefits from monies spent may too become critical.
Jurisdictions will need to become better at planning for assessed risks and managing those plans and resources to mitigate those risks, while still maintaining the ability to respond to unanticipated events. Emergency management can’t be a response entity but a planning and mitigation one.
Focused Social Media Use
Not everyone in emergency management is taking advantage of the opportunities social media offers, but it’s become a viable, even necessary way to communicate with the public during and after a disaster. Sharing photos is one of the ways social media can help the emergency manager or public safety official. Law enforcement is using it as a tool to identify suspects and glean information on people of interest
Building and Rebuilding for Sustainability
There is no one-size-fits-all solution to developing a resilient community, and while there are usually multiple options to rebuilding, communities often fall into the trap of rebuilding the community as it was, inviting the same disaster scenario. The days of subsidizing bad behavior in the form of non-market-based flood insurance and federal aid that helps communities build back right in the crosshairs of the next disaster are waning. It’s too easy to make the wrong choice and build back as things were.
More and more, the emergency management and public safety fields will be asking for individuals with more education. There is an ongoing debate about education versus experience but both are important in an increasingly complicated world. As emergency management grows as a profession, the knowledge of emergency managers will have to be deeper. It is no longer a profession to “fall into.”
- What is network security and how does it protect you?
Answer:Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired´´, an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to TCP/IP and internetworking. We go on to consider risk management, network threats, firewalls, and more special-purpose secure networking devices.
This is not intended to be a ``frequently asked questions´´ reference, nor is it a ``hands-on´´ document describing how to accomplish specific functionality.
Many network security threats today are spread over the Internet. The most common include:
Viruses, worms, and Trojan horses
Spyware and adware
Zero-day attacks, also called zero-hour attacks
Denial of service attacks
Data interception and theft
Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.
A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.
Network security components often include:
Anti-virus and anti-spyware
Firewall, to block unauthorized access to your network
Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks
Virtual Private Networks (VPNs), to provide secure remote access
- What is the Microsoft Encrypting File System and what are some of its features?
Answer:Encrypting File System (EFS) is a feature of Windows that you can use to store information on your hard disk in an encrypted format. Encryption is the strongest protection that Windows provides to help you keep your information secure.
Some key features of EFS:
- Encrypting is simple; just select a check box in the file or folder´s properties to turn it on.
- You have control over who can read the files.
- Files are encrypted when you close them, but are automatically ready to use when you open them.
- If you change your mind about encrypting a file, clear the check box in the file´s properties.
- What is computer Security?
Answer:Computer Security is the protection of computing systems and the data that they store or access.
Computer security is a branch of Information Security and is often used interchangeably with the term. It encompasses several security measures such as software programs like anti-virus suites, firewalls, and user dependant measures such as activating deactivating certain software features like Java scripts, ActiveX and being vigilant in using the computer and the network resources or the Internet.
Why is Computer Security Important?
Prevention of data theft such as bank account numbers, credit card information, passwords, work related documents or sheets, etc. is essential in today’s communications since many of our day to day actions depend on the security of the data paths.
Data present in a computer can also be misused by unauthorized intrusions. An intruder can modify and change the program source codes and can also use your pictures or email accounts to create derogatory content such as pornographic images, fake misleading and offensive social accounts.
Malicious intents can also be a factor in computer security. Intruders often use your computers for attacking other computers or websites or networks for creating havoc. Vengeful hackers might crash someone’s computer system to create data loss. DDOS attacks can be made to prevent access to websites by crashing the server.
Above factors imply that your data should remain safe and confidential. Therefore, it is necessary to protect your computer and hence the need for Computer Security arises.
- Discuss the concept of Local Security Policies
Answer:Local security policy overview
A security policy is a combination of security settings that affect the security on a computer. You can use your local security policy to edit account policies and local policies on your local computer.
With the local security policy, you can control:
- Who accesses your computer?
- What resources users are authorized to use on your computer.
- Whether or not a user or group´s actions are recorded in the event log.
How policy is applied to a computer that is joined to a domain
If your local computer is joined to a domain, you are subject to obtaining security policy from the domain´s policy or from the policy of any organizational unit that you are a member of. If you are getting policy from more than one source, then any conflicts are resolved in this order of precedence, from highest to lowest:
- Organizational unit policy
- Domain policy
- Site policy
- Local computer policy
When you modify the security settings on your local computer using the local security policy, then you are directly modifying the settings on your computer. Therefore, the settings take effect immediately, but this may only be temporary. The settings will actually remain in effect on your local computer until the next refresh of Group Policy security settings, when the security settings that are received from Group Policy will override your local settings wherever there are conflicts. The security settings are refreshed every 90 minutes on a workstation or server and every 5 minutes on a domain controller. The settings are also refreshed every 16 hours, whether or not there are any changes
There is no case study. Answer the following questions.
- What is the user authentication concept?
Answer:Authentication is an element of information security that enables you to protect the confidentiality, integrity and availability of the information flow, supported by the information systems in your business operations. With the increasing use of distributed systems based on open standards and flexible information sharing with multiple business partners, establishing the identities of communicating parties also becomes an important element in protecting your business operations.
Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access. The permissions and folders returned define both the environment the user sees and the way he can interact with it, including hours of access and other rights such as the amount of allocated storage space.
User authentication occurs within most human-to-computer interactions other than guest accounts, automatically logged-in accounts and kiosk computer systems. Generally, a user has to enter or choose an ID and provide their password to begin using a system.
- Discuss the key mechanism of Firewall.
Answer:Firewalls are computer security systems that protect your office/home PCs or your network from intruders, hackers & malicious code. Firewalls protect you from offensive software that may come to reside on your systems or from prying hackers. In a day and age when online security concerns are the top priority of the computer users, Firewalls provide you with the necessary safety and protection.
Firewalls are software programs or hardware devices that filter the traffic that flows into you PC or your network through an internet connection. They sift through the data flow & block that which they deem (based on how & for what you have tuned the firewall) harmful to your network or computer system.
When connected to the internet, even a standalone PC or a network of interconnected computers make easy targets for malicious software & unscrupulous hackers. A firewall can offer the security that makes you less vulnerable and also protect your data from being compromised or your computers being taken hostage.
How do they work?
Firewalls are setup at every connection to the Internet, therefore subjecting all data flow to careful monitoring. Firewalls can also be tuned to follow "rules". These Rules are simply security rules that can be set up by yourself or by the network administrators to allow traffic to their web servers, FTP servers, Telnet servers, thereby giving the computer owners/administrators immense control over the traffic that flows in & out of their systems or networks.
Rules will decide who can connect to the internet, what kind of connections can be made, which or what kind of files can be transmitted in out. Basically all traffic in & out can be watched and controlled thus giving the firewall installer a high level of security & protection.
Firewalls use 3 types of filtering mechanisms:
Packet filtering or packet purity
Data flow consists of packets of information and firewalls analyse these packets to sniff out offensive or unwanted packets depending on what you have defined as unwanted packets.
Firewalls in this case assume the role of a recipient & in turn sends it to the node that has requested the information & vice versa.
In this case Firewalls instead of sifting through all of the information in the packets, mark key features in all outgoing requests & check for the same matching characteristics in the inflow to decide if it relevant information that is coming through.
Firewalls rules can be customized as per your needs, requirements & security threat levels. You can create or disable firewall filter rules based on such conditions as:
Blocking off a certain IP address or a range of IP addresses, which you think are predatory. What is my IP address? Where is an IP address located?
You can only allow certain specific domain names to access your systems/servers or allow access to only some specified types of domain names or domain name extension like .edu or .mil.
A firewall can decide which of the systems can allow or have access to common protocols like IP, SMTP, FTP, UDP, ICMP, Telnet or SNMP.
Blocking or disabling ports of servers that are connected to the internet will help maintain the kind of data flow you want to see it used for & also close down possible entry points for hackers or malignant software.
Firewalls also can sift through the data flow for a match of the keywords or phrases to block out offensive or unwanted data from flowing in.
Types of Firewall
New generation Operating systems come with built in firewalls or you can buy a firewall software for the computer that accesses the internet or acts as the gateway to your home network.
Hardware firewalls are usually routers with a built in Ethernet card and hub. Your computer or computers on your network connect to this router & access the web.
- Define the term "Disaster" and describe its classification.
Answer:A disaster is a serious disruption of the functioning of a community or a society involving widespread human, material, economic or environmental losses and impacts, which exceeds the ability of the affected community or society to cope using its own resources.
Geophysical: Events originating from solid earth. Eg. Earthquake
Meteorological: Events caused by short-lived/small to meso scale atmospheric processes (in the spectrum from minutes to days). Eg. Storm
Hydrological: Events caused by deviations in the normal water cycle and/or overflow of bodies of water caused by wind set-up .Eg. Flood
Climatological: Events caused by long-lived/meso to macro scale processes (in the spectrum from intra-seasonal to multi-decadal climate variability). Eg. Drough
Biological: Disaster caused by the exposure of living organisms to germs and toxic substances.
- In computer security............. means that the computer sytem assets can be modified only by authorized parties
- A computer security................ means that the information in acomputer sytem only can be accessible for reading by authorized parties
- Which of the following is independent malicious program that need not any host programe?
- Trap Doors
- Trojan horse
- The .................... is code embedded in some legitimate program that is set to explode when certain conditions are met
- Trap doors
- Trojan horse
- Logic bomb
Ans. Logic bomb
- which of the following malicious prog do not replicate authomatically ?
- Trojan Horse
- ......................Programs can be used to accomplish functions indirectly that an unauthorized user not accomplish directly
- Trojan horse
- Logic Bomb
- state whether true of falls 1.A worm mails a copy of itself to other system 2.a worm executes a copy of itself on another system
- true, false
- false, true
- true, true
- false, false
- ............ are used in denial of service attacks, typically against targeted web sites
- Trojan horse
- ..................... is a form of virus explicitely designed to hide itself from detection by antivirus software
- Stealth Virus
- Polymorphic virus
- Parastic virus
- macro virus
- State whether the following statement is true 1. A macro virus is paltform indepecent 2. Macro viruese infect documents, not executabel portions of code
- 1 only
- 2 only
- both 1 & 2
Ans.both 1 & 2
- The type of auto executing macros, in microsoft word is/are
- auto execute
- auto macro
- command macro
- all of the above
Ans. all of the above
- In.................... the virus places an identical copy of itself into other programs or into certain sytem areas on the disk
- Dormat phase
- Propagation phase
- Triggering Phase
- execution phase
- In the world of computing, the essential element that controls how computers are used is
- legal laws
- security requiremnts
- business demands
- The guidelines for the morally acceptable use of computers in socitey are
- computer ethics
- legal system
Ans. computer ethics
- The issues that deal with the collection and use of data about individuals is
- The ethical issue concerned with the correctness of data collected is
- The ethical issue that involves who is able to read and use data is
- The vast industry involves the gathering and selling of personal data is
- direct marketing
- fund raising
- information reselling
- government agencies
Ans. information reselling
Question No. 19
The first step in developing a Business Continuity Plan (BCP) is developing a:
- Business Impact Analysis
- Risk Analysis Sheet
- Risk Mitigation Document
- Risk Assess ment Sheet
Ans.Risk Assess ment Sheet
Question No. 20
An analysis of threats based on impacts and prioritizing business disruptions based on severity and occurrence comes under the second step of developing a BCP, which is:
- Risk Monitoring
- Risk Assessment
- Risk Management
Question No. 21
Testing the BCP regularly comes under the phase:
- Risk Assessment
- Risk Monitoring
- Risk Management
Ans. Risk Management
Question No. 22
Effectiveness of a BCP can be validated through
Question No. 23
By using "__________" option in Windows, you can limit the ability of users and groups to perform various actions by assigning permissions.
- Network and Internet
- Hardware and Sound
- Local Users and Groups
Ans.Local Users and Groups
Question No. 24
A Windows NT ______ is the administrative unit of directory services.
Question No. 25
Domains, Folders, Objects are a part of ________ structure of Windows OS.
- Both Physical and Logical
- None of the above
Question No. 26
Encrypting File System (EFS) is a feature of:
- Microsoft Windows
Ans. Microsoft Windows
Question No. 27
Cyber-attack is a kind of:
- Natural Disaster
- Man-Made disaster
- None of the above
Ans. Man-Made disaster
Question No. 28
Which password management feature ensures that a user cannot re use a password for a specific time?
- Account Locking
- Password Verification
- Password History
- Password Ageing
Ans. Password History
Question No. 29
Composing hard-to-guess passwords is a good practice.
- May or May not be TRUE
- Not Sure
Question No. 30
Study of encryption algorithms in order to find weaknesses in the system so as to retrieve plain text from cipher text without knowing the key/algorithm.
- Key Analysis
- Algorithm Analysis
Question No. 31
Capital ´A´ in CIA triangle stands for:
Question No. 32
When the sender and receiver do not have a possibility of denying sending or receiving data, it is called the principle of:
Question No. 33
While Symmetric key cryptography utilizes ___ key(s) for encryption, the asymmetric key cryptography uses ___ key(s).
Question No. 34 Marks - 10
A software application that monitors network and system activities for malicious content and policy violations is termed as:
- Intrusion Detection System
Ans. Intrusion Detection System
Question No. 35
During an earthquake in Nepal, many computers were destroyed with significant data. This is a kind of:
- Accidental Error
- Malicious use
- Unauthorized access
- Physical Threat
Question No. 36
Process to eliminate means of attack by patching vulnerabilities and turning off inessential services is called:
- Malicious Code elimination
- Attack Prevention Mechanism
- Disaster Management
Question No. 37
The local security policy of a system is a set of information regarding the security of a local computer. It includes trusted _____, ______ accounts and ______ assigned to the accounts.
- Users, domain, privileges
- Domains, user, privileges
- Privileges, user, domains
- None of the above
Ans.Domains, user, privileges
Question No. 38
Administrator and Guest are examples of ____ user accounts.
- None of the above
Question No. 39
Rahul, an IT Engineer, while working on his system, noticed that a new Notepad tab has popped out and a message is being typed. This is an example of
- Unauthorized Access
- Malicious Code
- Network Attack
- Password Attack
Ans. Unauthorized Access
Question No. 40
A secret entry point in the code which could be exploited by malicious users is called:
- Trojan Horse