Shared Flashcard Set

Details

Chapter 9
NA
72
Computer Science
Graduate
04/05/2014

Additional Computer Science Flashcards

 


 

Cards

Term
___ is important because it is the principal element of any information system.
Definition
Data
Term
When can attacks against data happen?
Definition
when it is stored transmitted or processed
Term
using a ___ can prevent attacks while data is being transmitted
Definition
secure cryptographic system
Term
properly ___ and ___ can help protect data while it is being processed
Definition
hardened hosts
securely coded applications
Term
backups help achieve the ___ security goal
Definition
availability
Term
what is backup scope?
Definition
the amount of information on a hard drive that is backed up.
Term
what are the three degrees of completeness in backing up
Definition
only data files and directories
image backup of the entire hard drive
shadowing each file being worked on.
Term
what is the most common type of backup. describe it.
Definition
file/directory data backup.
only backs up data - not programs, registry settings or other customization settings
Term
What is a good corporate policy on deciding what to back up?
Definition
backup all data files
Term
what is an image backup
Definition
contains the entire contents of the hard drive which is copied to backup media. This is the slowest form of backup
Term
what is shadowing
Definition
a backup copy of each file being worked on is written every few minutes to the hard drive at another location
Term
What happens when shadow storage space is used?
Definition
the oldest files are deleted to make room for the newest
Term
what is an incremental backup?
Definition
only saves the data that was changed since the most recent backup
Term
what is the process for restoring an incremental backup?
Definition
first restore the full backup, then all incrementals in order.
Term
when are incremental backups disposed of?
Definition
during the next full backup
Term
traditionally, companies did ___. what is this?
Definition
local backup.
each computer was backed up individually meaning there was no way to enforce policy
Term
___ backup is done over the network from a central ___.
Definition
network
backup console
Term
why is it economical to buy good backup equipment with centralized backup?
Definition
only one or two computers need the backup hardware
Term
___ is when each site backs up the other. This is done in ___
Definition
continuous data protection (CDP)
realtime
Term
Why is CDP expensive?
Definition
needs high speed data transmission
Term
what is a mesh backup?
Definition
the client PCs in an organization back each other up
Term
What is the biggest issue with mesh backup?
Definition
security. when a client PC receives a backup, the user mustn't be able to read it
Term
what are pro's and con's of magnetic tape?
Definition
lowest cost per bit
store vast amounts of data

recording and read back are very slow
Term
what is a two tier backup?
Definition
storing information on disk then archiving on tape
Term
how much data can a dual layer DVD hold?
Definition
8GB
Term
What is a disk array? what are some advantages?
Definition
writing data to an array of hard drives.

limits catastrophic data loss if a hard drive dies.

increased read-write performance due to writing/reading simultaneously
Term
what does RAID mean?
Definition
redundant array of independent disks
Term
How many disks are needed for the following raid levels and what are the speeds?
None
Raid 0
Raid 1
Raid 5
Definition
None = 1 = normal
Raid 0 = 2 = very fast
Raid 1 = 2 = normal
Raid 5 = 3 = fast read, slow write
Term
what are some other names for the following RAID levels? Raid 0 Raid 1 Raid 5
Definition
Raid 0 = striping Raid 1 = mirroring Raid 5 = distributed parity
Term
what is the primary disadvantage of a single drive backup system?
Definition
it can't recover from a disk failure without additional backup
Term
Describe Raid 0 and a disadvantage
Definition
Uses process called stripping. This is writing data across multiple disks and breaks up the backup to several hard drives.
If one hard drive dies, data on ALL disks are lost
Term
describe Raid 1
Definition
the client OS writes data to both the primary hard drive and the backup hard drive at the same time. It is known as mirroring.
Term
What is the Recovery time objective (RTO)
Definition
the time required to recover from a disaster and restore normal operations
Term
What is the main downside of RAID 1?
Definition
it requires a backup warehouse which is costly
Term
what is the recovery point objective (RPO)
Definition
the point in time BEFORE the disaster to which all prior data must be recoverable
Term
what is the acceptable data loss?
Definition
The amount of data that can be lost in a disaster. for example, if the last backup was a week before the disaster, then the RPO is one week and the acceptable data loss is one week of data
Term
What is RAID 5?
Definition
stripes data across multiple disks to increase data transfer speeds. Reliability is provided by parity bits. RAID 5 can recover from a single drive failure, but not multidrive failure
Term
what are parity bits?
Definition
it stores parts of the back up on multiple disks. For example
disk 1 has: Disk 2 Has: Disk 3:
part 1 part 2 parity 1&2
part 3 parity 3&4 part 4
Parity 5&6 part 5 part 6
Term
where does backup management begin?
Definition
with an understanding of the current system and future needs?
Term
what should backup policies address?
Definition
what data should be backed up, how frequently and how frequently restorations should be tested
Term
What should backup encryption policies require
Definition
all backup media should be encrypted which will make backup times longer.
Term
what should be taken into account for retention policies for backups?
Definition
business requirements
legal requirements
Term
what is retention?
Definition
coordinated use of online storage and backup storage for messages
Term
lawyers can use ___ in lawsuits to dredge up messages on illegal activity
Definition
discovery process
Term
what are dangers of retention?
Definition
discovery process
defendant must supply relevant emails
potentially damaging information
expensive
firms must pay to complete the task
Term
what are two controls that are needed to reduce spreadsheet threats?
Definition
testing for errors and fraud indicators
spreadsheet vault servers
Term
what are databases?
Definition
integrated collections of data and metadata stored con computers
Term
most databases are ___. what is this
Definition
relational databases
they store data in relations commonly referred to as tables
Term
what are entities (in a DB).
Definition
types of objects that represent:
persons
places
things
events
Term
in a DB a row is sometimes called a ___
attributes are called
each DB will have a ___ that is comprised of one, or more, attributes that uniquely identifies each row
Definition
tuple or record.
columns
key
Term
what are the types of SQL triggers and what can they do?
Definition
DDL and DML
initiate immediate responses to prohibited behaviors
Term
how can you limit the viewing of data in databases?
Definition
Limit access to:
tables
columns
rows
limiting granularity
limiting structural information (data model
Term
what is granularity?
Definition
level of detail in queries
Term
what are some popular database management systems?
Definition
microsoft SQL server
MySQL
IBM DB2
oracle
Term
data coming into the DB should be ___ to remove unacceptable characters taht could be used to manipulate the SQL statement?
Definition
sanitized
Term
what should be audited in a DB?
Definition
logins
changes (stored procedures, functions, triggers, structure, accounts/priviliges, backups, crypto)
warnings
exceptions
special access
Term
what is a trigger in a DB
Definition
pieces of SQL code that are automatically run when changes are made to a DB
Term
what are Data Definition Language (DDL) triggers used for?
Definition
to produce automatic responses if the STRUCTURE of the DB has been altered
Term
what are Data Manipulation Language (DML) triggers used for
Definition
used to produce automatic responses if DATA have been altered
Term
what is a mulit-tiered architecture?
Definition
a type of database that separates the presentation (webserver) application processing (Middleware server) and database management (database server) functions
Term
what is a simple way of discouraging attacks on a DB?
Definition
change the default port
Term
what are the default ports for Microsoft SQL server and MySQL?
Definition
1433
3306
Term
what is key escrow?
Definition
a solution to key loss that automatically saves the key so it can be stored off the computer
Term
___ stores cryptographic keys
Definition
hardware security module
Term
what are the two options for encrypting information on a disk?
Definition
file/directory encryption
whole disk encrytpion
Term
encryption is typically only as strong as your ___
Definition
login password which tend to be poor
Term
___ obscures data such that it can't identify a specific person, but remains practically useful
Definition
data masking
Term
what is information triangulation?
Definition
data from multiple sources can be combined to identify individuals
Term
___ restricts what people can do with data
Definition
digital rights management (DRM)
Term
what are the types of document restrictions?
Definition
digital rights management (DRM)
data extrusion management
extrusion prevention
Term
what is the most often overlooked mechanisms used to reduce data loss?
Definition
employee training
Term
what are the four types of data deletion? describe them
Definition
nominal: press delete key. doesn't actually delete data
basic file: empty recycle bin. pointer referring to the data are gone, but the data in those sectors remain
wiping/clearing: logically and physically erasing data so it is unrecoverable
Destruction: physical destruction of the media
Supporting users have an ad free experience!