Section: The process of Auditing Information System

Section: Protection of Information Assets
Explanation:
Passwords are the first defensive line in protecting your data and information. Your users need to be made
aware of what a password provides them and what can be done with their password. They also need to be
made aware of the things that make up a good password versus a bad password. A good password has
mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more
characters.

Section: Protection of Information Assets
Explanation/Reference:
Immunizers defend against malware by appending sections of themselves to files - sometime in the same
way Malware append themselves. Immunizers continuously check a file for changes and report changes as
possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving
the malware the impression that the malware has already infected to the computer. This method is not
always practical since it is not possible to immunize file against all known malware.
For your exam you should know below mentioned different kinds of malware Controls
A. Scanners- Look for sequences of bit called signature that are typical malware programs.
The two primary types of scanner are
1. Malware mask or Signatures - Anti-malware scanners check files, sectors and system memory for
known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware
masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic
malware, the scanner sometimes has algorithms that check for all possible combinations of a signature
that could exist in an infected file.
2. Heuristic Scanner - Analyzes the instructions in the code being scanned and decide on the basis of
statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that
malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false
positive errors (they indicate that malware may be present when, in fact, no malware is present)
Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that
match a known malware. Scanners, therefore, need to be updated periodically to remain effective.
B. Immunizers - Defend against malware by appending sections of themselves to files - sometime in the
same way Malware append themselves. Immunizers continuously check a file for changes and report
changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and
work by giving the malware the impression that the malware has already infected to the computer. This
method is not always practical since it is not possible to immunize file against all known malware.
C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or
the master boot record, or making changes to executable files. Blockers can potentially detect malware at
an early stage. Most hardware based anti-malware mechanism are based on this concept.
D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored
in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when
that program is called to execute, it checks for changes to the file as compare to the database and report
possible infection if changes have occurred. A match means no infection; a mismatch means change in the
program has occurred. A change in the program could mean malware within it. These scanners are
effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC
checker can only detect subsequent changes to files, because they assume files are malware free in the
first place. Therefore, they are ineffective against new files that are malware infected and that are not
recorded in the database. Integrity checker take advantage of the fact that executable programs and boot
sectors do not change often, if at all.
E. Active Monitors - Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for
malware like actions. Active monitors can be problematic because they can not distinguish between a user
request and a program or a malware request. As a result, users are asked to confirm actions, including
formatting a disk or deleting a file or set of files.
The following were incorrect answers:
Scanners -Look for sequences of bit called signature that are typical malware programs.
Active Monitors - Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for
malware like actions. Active monitors can be problematic because they can not distinguish between a user
request and a program or a malware request. As a result, users are asked to confirm actions, including
formatting a disk or deleting a file or set of files.
Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the
master boot record, or making changes to executable files. Blockers can potentially detect malware at an
early stage. Most hardware based anti-malware mechanism are based on this concept.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 354 and 355

Explanation/Reference:
Fiber optics cables are used for long distance, hard to splice, not vulnerable to cross talk and difficult to tap. It supports voice data, image and video.
For your exam you should know below information about transmission media:
Copper Cable
Copper cable is very simple to install and easy to tap. It is used mostly for short distance and supports voice and data.
Copper has been used in electric wiring since the invention of the electromagnet and the telegraph in the
1820s.The invention of the telephone in 1876 created further demand for copper wire as an electrical conductor.
Copper is the electrical conductor in many categories of electrical wiring. Copper wire is used in power generation, power transmission, power distribution, telecommunications, electronics circuitry, and countless types of electrical equipment. Copper and its alloys are also used to make electrical contacts.
Electrical wiring in buildings is the most important market for the copper industry. Roughly half of all copper mined is used to manufacture electrical wire and cable conductors.
Copper Cable

Coaxial cable
Coaxial cable, or coax (pronounced 'ko.aks), is a type of cable that has an inner conductor surrounded by a tubular insulating layer, surrounded by a tubular conducting shield. Many coaxial cables also have an insulating outer sheath or jacket. The term coaxial comes from the inner conductor and the outer shield sharing a geometric axis. Coaxial cable was invented by English engineer and mathematician Oliver Heaviside, who patented the design in 1880.Coaxial cable differs from other shielded cable used for carrying lower-frequency signals, such as audio signals, in that the dimensions of the cable are controlled to give a precise, constant conductor spacing, which is needed for it to function efficiently as a radio frequency transmission line.
Coaxial cable is expensive and does not support many LAN's. It supports data and video.
Coaxial Cable

Fiber optics
An optical fiber cable is a cable containing one or more optical fibers that are used to carry light. The optical fiber elements are typically individually coated with plastic layers and contained in a protective tube suitable for the environment where the cable will be deployed. Different types of cable are used for different applications, for example long distance telecommunication, or providing a high-speed data connection between different parts of a building.
Fiber optics used for long distance, hard to splice, not vulnerable to cross talk and difficult to tap. It supports voice data, image and video.
Fiber Optics

Microwave radio system
Microwave transmission refers to the technology of transmitting information or energy by the use of radio waves whose wavelengths are conveniently measured in small numbers of centimeter; these are called microwaves.
Microwaves are widely used for point-to-point communications because their small wavelength allows conveniently-sized antennas to direct them in narrow beams, which can be pointed directly at the receiving antenna. This allows nearby microwave equipment to use the same frequencies without interfering with each other, as lower frequency radio waves do. Another advantage is that the high frequency of microwaves gives the microwave band a very large information-carrying capacity; the microwave band has a bandwidth 30 times that of all the rest of the radio spectrum below it. A disadvantage is that microwaves are limited to line of sight propagation; they cannot pass around hills or mountains as lower frequency radio waves can.
Microwave radio transmission is commonly used in point-to-point communication systems on the surface of the Earth, in satellite communications, and in deep space radio communications. Other parts of the microwave radio band are used for radars, radio navigation systems, sensor systems, and radio astronomy.
Microwave radio systems are carriers for voice data signal, cheap and easy to intercept.
Microwave Radio System

Satellite Radio Link
Satellite radio is a radio service broadcast from satellites primarily to cars, with the signal broadcast nationwide, across a much wider geographical area than terrestrial radio stations. It is available by subscription, mostly commercial free, and offers subscribers more stations and a wider variety of programming options than terrestrial radio.
Satellite radio link uses transponder to send information and easy to intercept.
Radio System
Radio systems are used for short distance, cheap and easy to tap.
Radio is the radiation (wireless transmission) of electromagnetic signals through the atmosphere or free space.
Information, such as sound, is carried by systematically changing (modulating) some property of the radiated waves, such as their amplitude, frequency, phase, or pulse width. When radio waves strike an electrical conductor, the oscillating fields induce an alternating current in the conductor. The information in the waves can be extracted and transformed back into its original form.
The following answers are incorrect:
Copper Cable- Copper cable is very simple to install and easy to tap. It is used mostly for short distance and supports voice and data.
Satellite Radio Link - Satellite radio link uses transponder to send information and easy to tap.
Coaxial cable - Coaxial cable are expensive and does not support many LAN's. It supports data and video The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 265