Test 3 Materials

7/29/2019 Test 3 Materials

1/29

Chapter 10

Multiple Choice

1. IT applications can be developed in which of the following ways?

a) build the system in-house

b) buy an application and install it

c) lease software from an application service providerd) outsource it

e) all of the above

Ans: e

Response: See page 302

2. The information systems planning process proceeds in which order?a) organization mission organization strategic plan IS strategic plan new IT architecture

b) organization mission IS strategic plan organization strategic plan IS operational plan

c) organization strategic plan organization mission IS strategic plan new IT architecture

d) IT architecture IS strategic plan organization strategic plan organization mission

e) IS development projects IS operational plan new IT architecture organization mission

Ans: a

Response: See page 306-307

3. A typical IS operational plan contains which of the following elements?

a) mission of the IS functionb) summary of the information needs of the functional areas and of the entire organization

c) IS functions estimate of its goals

d) application portfolio

e) all of the above

Ans: e


4. Which of the following is not a part of the typical IS operational plan?

a) mission of the IS function

b) organizational missionc) IT architecture

d) application portfolio

e) IS functions estimate of its goals

Ans: b



2/29

5. Evaluating the benefits of IT projects is more complex than evaluating their costs for which of the

following reasons?

a) benefits are harder to quantify

b) benefits are often intangible

c) IT can be used for several different purposesd) probability of obtaining a return from an IT investment is based on the probability of implementation

successe) all of the above

Ans: e


6. Evaluating the benefits of IT projects is more complex than evaluating their costs for all of the following

reasons except:

a) benefits are harder to quantify

b) benefits are often tangible

c) IT can be used for several different purposes

d) probability of obtaining a return from an IT investment is based on the probability of implementation

success

Ans: bResponse: See page 308

7. The _____ method converts future values of benefits to todays value by discounting them at the

organizations cost of funds.

a) net present value

b) cost-benefit analysisc) return on investment

d) internal rate of return

e) business case approach

Ans: a


8. The _____ method measures the effectiveness of management in generating profits with its available

assets.

a) net present value

b) cost-benefit analysis

c) return on investment

d) internal rate of return

e) business case approach

Ans: cResponse: See page 308

9. Which of the following are advantages of the buy option for acquiring IS applications?

a) many different types of off-the-shelf software are available

b) software can be tried out


3/29

c) saves time

d) company will know what it is getting

e) all of the above

Ans: eResponse: See page 309

10. Which of the following is not an advantage of the buy option for acquiring IS applications?

a) few types of off-the-shelf software are available, thus limiting confusion

b) software can be tried out

c) saves timed) company will know what it is getting

e) all of the above

Ans: a


11. Which of the following are disadvantages of the buy option for acquiring IS applications?

a) software may not exactly meet the companys needsb) software may be impossible to modify

c) company will not have control over software improvements

d) software may not integrate with existing systems

e) all of the above

Ans: e


12. Which of the following systems acquisition methods results in software that can be tried out, has beenused for similar problems in other organizations, and can save time?

a) systems development life cycle

b) prototyping

c) end-user development

d) buy optione) object-oriented development

Ans: d


13. Which of the following systems acquisition methods results in software that is controlled by anothercompany, may be difficult to enhance or modify, and may not support desired business processes?

a) systems development life cycleb) prototyping


d) buy option

e) component-based development

Ans: d



4/29

14. Which of the following systems acquisition methods forces staff to systematically go through every

step in the development process and has a lower probability of missing important user requirements?a) systems development life cycle

b) prototypingc) end-user development

d) external acquisition

e) object-oriented development

Ans: a


15. Which of the following systems acquisition methods is time-consuming, costly, and may produce

excessive documentation?


b) prototyping

c) end-user developmentd) external acquisition

e) object-oriented development

Ans: a


16. Place the stages of the systems development life cycle in order:

a) investigation analysis design programming testing implementation operation maintenanceb) investigation design analysis programming testing implementation maintenance operation

c) analysis design investigation operation maintenance programming testing implementation

d) investigation analysis design programming testing maintenance operation implementation

Ans: a


17. The feasibility study addresses which of the following issues?

a) economic feasibility

b) technical feasibility

c) behavioral feasibility

d) all of the above

Ans: dResponse: See page 313

18. The _____ that changes are made in the systems development life cycle, the _____ expensive these

changes become.

a) sooner, less

b) later, less

c) more frequently, more


5/29

d) more extensively, more

e) sooner, more

Ans: a


19. ____ feasibility determines if the hardware, software, and communications components can be

developed and/or acquired to solve the business problem.

a) technical

b) economic

c) organizationald) behavioral

Ans: a


20. _____ feasibility determines if the project is an acceptable financial risk and if the organization canafford the expense and time needed to complete the project.

a) technicalb) economic

c) organizational

d) behavioral

Ans: b


21. _____ feasibility addresses the human issues of an information systems project.

a) technicalb) economic

c) organizational

d) behavioral


22. _____ feasibility concerns a firms policies and politics, power structures, and business relationships.

a) technical

b) economic

c) organizationald) behavioral

Ans: c


23. Which of the following is not a part of systems analysis?

a) definition of the business problem


6/29

b) identification of the causes of, and solution to, the business problem

c) identification of the information requirements that the solution must satisfy

d) identification of the technical specifications of the solution


24. Systems analysts use which of the following techniques to obtain the information requirements for the

new system?

a) direct observation

b) structured interviewsc) unstructured interviews

d) document analysis

e) all of the above

Ans: e


25. Which of the following is not a technique used to obtain the information requirements for the newsystem?

a) direct observation

b) structured interviews

c) unstructured interviews

d) use the system themselves

e) document analysis


26. Which of the following are problems associated with eliciting information requirements?

a) business problem may be poorly defined

b) users may not know exactly what the business problem is

c) users may disagree with each otherd) the problem may not be related to information systems

e) all of the above

Ans: e


27. _____ is the systems development stage that determines how the information system will do what is

needed to solve the business problem.a) systems design

b) systems analysis

c) systems implementation

d) systems development

e) operation and maintenance

Ans: a


7/29


28. Logical systems design refers to _____, while physical systems design refers to _____.a) the collection of user requirements, the development of software

b) what the system will do, how the tasks are accomplishedc) how the tasks are accomplished, what the system will do

d) the order of task accomplishment, how the tasks are accomplished

e) operation of the system, debugging the system

Ans: b


29. Systems design answers the question, _____:

a) How will the information system do what it must to obtain a solution to the business problem?

b) Why must the information system do what it must to obtain a solution to the business problem?

c) What is the problem the information system must address?

d) Who will benefit from use of the information system being developed?e) What is the effective operational life of the system?

Ans: a


30. When users ask for added functionality during a systems development project, this is called:

a) user-defined software

b) scope creepc) bloatware

d) out-of-control project

e) runaway project

Ans: b


31. Structured design advocates the use of software modules. Which of the following items are advantages

of this approach?

a) modules can be reused

b) modules cost less to develop

c) modules are easier to modify

d) all of the above

Ans: d


32. Structured programming includes which of the following restrictions?

a) each module has one, and only one, function

b) each module has one entrance and one exit

c) no GOTO statements allowed


8/29

d) has only three techniques: sequence, decision, loop

e) all of the above

Ans: d


33. Which of the following is not a restriction of structured programming?

a) each module has multiple functions

b) each module has one entrance and one exit

c) no GOTO statements allowed

d) has only three techniques: sequence, decision, loope) none of the above

Ans: a


34. In structured programmings _____ structure, the logic flow branches depending on certain conditionsbeing met.

a) decisionb) sequence

c) decision

d) return

e) parallel

Ans: a


35. In structured programmings _____ structure, the software executes the same program, or parts of it,until certain conditions are met.

a) decision

b) sequence

c) decision

d) returne) parallel

Ans: c


36. _____conversion is the process where the old system and the new system operate simultaneously for aperiod of time.

a) parallelb) direct

c) pilot

d) phased

Ans: a



9/29

37. _____ conversion is the process where the old system is cut off and the new system is turned on at a

certain point in time.

a) parallelb) direct

c) pilotd) phased

Ans: b


38. _____ conversion is the process where the new system is introduced in one part of the organization.

a) parallel

b) direct

c) pilot

d) phased


39. _____ conversion is the process where components of the new system are introduced in stages.

a) parallel

b) direct

c) pilot

d) phased

Ans: d


40. The riskiest type of conversion process is:

a) parallel

b) directc) pilot

d) phased

Ans: b


41. If a firm shuts down its old COBOL legacy system and starts up the new PeopleSoft ERP system

immediately, this is called _____:a) phased conversion

b) direct conversion

c) parallel conversion

d) pilot conversion

Ans: b



10/29

42. As systems age, maintenance costs _____:

a) decreaseb) increase

c) stay the samed) remain negligible

e) are not considered

Ans: b


43. Maintenance includes which of the following types of activities?

a) debugging

b) updating the system to accommodate changes in business conditions, but not adding functionality

c) adding new functionality to the system

d) all of the above

Ans: d


44. Which of the following systems acquisition methods helps clarify user requirements, promotes genuine

user participation, and may produce part of the final system?


b) prototyping

c) end-user developmentd) external acquisition


Ans: b


45. Which of the following systems acquisition methods may encourage inadequate problem analysis, is

not practical with large numbers of users, and may result in a system with lower quality.


b) prototyping




Ans: b


46. The _____ approach to systems development defines an initial list of user requirements, then develops

the system in an iterative fashion.

a) integrated computer-assisted software engineering

b) joint application design


11/29

c) rapid application development

d) prototyping

e) systems development life cycle


47. The _____ approach to systems development is a group-based tool for collecting user requirements.

a) integrated computer-assisted software engineering


c) rapid application developmentd) prototyping

e) systems development life cycle

Ans: b


48. The _____ approach to systems development uses specialized tools to automate many of the tasks in the

systems development life cycle.a) integrated computer-assisted software engineering


c) rapid application development

d) prototyping

Ans: a


49. Which of the following is not an advantage of the Joint Application Design approach to systemsdevelopment?

a) involves fewer users in the development process

b) saves time

c) greater user acceptance of the new system

d) can produce a system of higher quality

Ans: a


50. Computer-aided software engineering tools provide which of the following advantages?

a) can produce systems with longer effective operational livesb) can produce systems that more closely meet user requirements

c) can speed up the development processd) can produce systems that are more adaptable to changing business conditions

e) all of the above

Ans: e



12/29

51. Which of the following is not an advantage of computer-aided software engineering tools?

a) can produce systems with longer effective operational lives

b) can produce systems that more closely meet user requirements

c) can require fewer developersd) can speed up the development process

Ans: c


52. Computer-aided software engineering tools provide which of the following disadvantages?a) produce initial systems that are more expensive to build and maintain

b) require more extensive and accurate definition of user requirements

c) difficult to customize

d) difficult to use with existing systems

e) all of the above

Ans: e


53. Which of the following is not a disadvantage of computer-aided software engineering tools?

a) produce initial systems that are more expensive to build and maintain

b) require more extensive and accurate definition of user requirements

c) require more developers

d) difficult to customize


54. Advantages of Rapid Application Development include which of the following?

a) active involvement of users in the development process

b) faster development process

c) system better meets user needsd) reduction in training costs

e) all of the above

Ans: e


55. Which of the following systems acquisition methods bypasses the IT department, avoids delays, and

results in increased user acceptance of the new system?a) systems development life cycle

b) prototyping




Ans: c


13/29


56. Which of the following systems acquisition methods may eventually require maintenance assistancefrom the IT department, produce inadequate documentation, and result in a system with inadequate

interfaces to existing systems?a) systems development life cycle

b) prototyping




Ans: c


57. Which of the following is the most difficult and crucial task in evaluating a vendor and a software

package?

a) identifying potential vendorsb) determining the evaluation criteria

c) evaluating vendors and packagesd) choosing the vendor and package

e) negotiating a contract

Ans: b


Chapter 3

1. Various organizations that promote fair and responsible use of information systemsoften develop _____:

a) a code of ethics

b) a strategic planc) a mission statement

d) responsibility charters

e) a goals outline

Ans: a


2. A_____ is intellectual work that is known only to a company and is not based onpublic information.

a) copyright

b) patent

c) trade secret


14/29

d) knowledge base

e) private property

Ans: c


3. A_____ is a document that grants the holder exclusive rights on an invention for 17years.

a) copyright

b) patent

c) trade secretd) knowledge base

e) private property notice


4. _____ is a statutory grant that provides the creators of intellectual property withownership of it for 28 years.

a) copyright

b) patent

c) trade secretd) knowledge base

e) private property

Ans: a


5. Which of the following is not an ethical issue?

a) privacyb) accuracy

c) transferability

d) propertye) accessibility



15/29

6. _____ issues involve collecting, storing and disseminating information about

individuals.

a) privacyb) accuracy

c) transferability


Ans: aResponse: See page 62

7. _____ issues involve the authenticity and fidelity of information that is collected and

processed.

a) privacy

b) accuracyc) transferability



8. _____ issues involve the ownership and value of information.

a) privacy


d) property

e) accessibility

Ans: d


9. _____ issues involve who may obtain information and how much they should pay forthis information.

a) privacy


d) property

e) accessibility


16/29

Ans: e


10. Which of the following factors are increasing the threats to information security?a) smaller computing devices

b) cheaper computing devices

c) the Internetd) increased computer literacy

e) all of the above

Ans: eResponse: See page 68

11. Which of the following factors are not increasing the threats to information security?

a) smaller computing devicesb) cheaper computing devices

c) the Internet

d) decreased computer literacye) intranets

Ans: d


12. A _____ is any danger to which an information resource may be exposed.

a) vulnerability

b) riskc) control

d) threat

e) compromise

Ans: d


13. A(n) _____ is the harm, loss, or damage that can result if an information resource iscompromised.

a) vulnerability

b) risk

c) control


17/29

d) threat

e) exposure

Ans: e


14. An information systems _____ is the possibility that the system will suffer harm bya threat.

a) vulnerability

b) risk

c) controld) danger

e) compromise


15. Earthquakes, floods, power failures, and fires are examples of which type of threat?a) intentional

b) environmental

c) social engineering

d) disasterse) none of the above


16. Unintentional threats to information systems include all of the following except:

a) malicious software

b) fire and floodc) computer system failures

d) lack of user experience

d) all of the above

Ans: a

Response: See pages 69-70

17. Which of the following is not an unintentional threat to information systems?


18/29

a) human errors

b) viruses

c) environmental hazardsd) computer system failures

e) none of the above

Ans: b


18. Which of the following is not an intentional threat to information systems?

a) environmental hazardsb) theft of data

c) deliberate manipulation in processing data

d) destruction from viruses and denial of service attacks


Ans: aResponse: See page 69-70

19. Rank the following in terms of dollar value of the crime, from highest to lowest.

a) robbery white collar crime cybercrime

b) white collar crime extortion robberyc) cybercrime white collar crime robbery

d) cybercrime robbery white collar crime

e) white collar crime burglary robbery

Ans: c


20. An employee used his computer to steal 10,000 credit card numbers from a creditcard company. He is a_____:

a) hacker

b) crackerc) jacker

d) trespasser


Ans: b



19/29

21. _____ involves building an inappropriate trust relationship with employees for thepurpose of gaining sensitive information or unauthorized access privileges.

a) cracking

b) hackingc) spoofing

d) social engineering

e) spamming

Ans: d


22. The fastest growing white collar crime is _____ :

a) extortionb) identity theft

c) insider tradingd) stock fraud

e) software piracy

Ans: b


23. _____ are segments of computer code that attach to existing computer programs and

perform malicious acts.a) viruses

b) worms

c) Trojan horsesd) back doors

e) alien software


24. _____ are destructive computer programs that replicate themselves without requiring

a host program.a) viruses

b) worms

c) Trojan horses

d) back doors


20/29

e) alien software


25. _____ are software programs that hide in other computer programs and reveal their

designed behavior only when they are activated.a) viruses

b) worms

c) Trojan horses

d) back doorse) alien software

Ans: c


26. _____ are segments of computer code embedded within an organizations existing

computer programs, that activate and perform a destructive action at a certain time ordate.

a) viruses

b) worms


e) logic bomb

Ans: e


27. _____ is/are usually a password that allows an attacker to bypass any security

procedures.a) viruses

b) worms


e) alien software

Ans: d



21/29

28. In a_____ attack, the attacker sends so many information requests to a target that the

target cannot handle them all and may crash.a) phishing

b) denial-of-service

c) wormd) back door

e) Trojan horse

Ans: b


29. In a_____ attack, a coordinated stream of requests is launched against a target system

from many compromised computers at the same time.

a) phishingb) denial-of-service

c) wormd) back door

e) distributed denial-of-service

Ans: e


30. _____ is clandestine software that is installed on your PC through duplicitous

channels, but is not very malicious.a) pestware

b) virus

c) wormd) back door

e) logic bomb


31. The vast majority of pestware is _____ :

a) spywareb) spamware

c) adware

d) virus

e) worm


22/29

Ans: c


32. A(n) _____ is an automated computer program that removes a particular software

package entirely.

a) removerb) uninstaller

c) cancellation program

d) eraser

e) worm

Ans: b


33. _____ is designed to help pop-up advertisements appear on your screen.

a) spyware

b) spamwarec) adware

d) virus

e) worm

Ans: c


34. Keylogger programs are examples of _____:a) spyware

b) spamware

c) adware

d) viruse) worm


35. Password capture programs are examples of _____:

a) spyware

b) spamware


23/29

c) adware

d) virus

e) worm

Ans: a


36. _____ is designed to use your computer as a launch pad for sending unsolicited e-

mail to other computers.

a) spyware

b) spamwarec) adware

d) virus

e) worm

Ans: b


37. _____ uses deception to fraudulently acquire sensitive personal information by

masquerading as an official e-mail.

a) pharming

b) denial-of-servicec) distributed denial-of-service

d) phishing

e) brute force dictionary attack

Ans: d


38. In a _____ attack, the attacker fraudulently acquires the Domain Name for acompanys Web site, so that when victims type in that companys URL, they are directed

to the attackers site.

a) pharmingb) denial-of-service

c) distributed denial-of-service

d) phishinge) brute force dictionary attack

Ans: a



24/29

39. A(n) _____ is an intellectual work that is a company secret and is not based on public

information.

a) patentb) trade secret

c) copyright

d) insider informatione) none of the above

Ans: b


40. A(n) _____ is a document that grants the holder exclusive rights on an invention orprocess for 20 years.


c) copyright

d) insider informatione) none of the above

Ans: a


41. A(n) _____ is a statutory grant that provides the creators of intellectual property with

ownership of the property for the life of the creator plus 70 years.


c) copyright

d) insider information


Ans: c


42. _____ is the process in which an organization assesses the value of each asset being

protected, estimates the probability that each asset might be compromised, and compares

the probable costs of each being compromised with the costs of protecting it.

a) risk management


25/29

b) risk analysis

c) risk mitigation

d) risk acceptancee) risk transference


43. In _____, the organization takes concrete actions against risks.

a) risk management

b) risk analysisc) risk mitigation

d) risk acceptance

e) risk transference

Ans: c


44. In _____, the organization continues operating without controls and plans to absorb

any damages that occur.

a) risk management

b) risk analysisc) risk mitigation

d) risk acceptance


Ans: d


45. In _____, the organization implements controls that minimize the impact of a threat.a) risk limitation

b) risk analysis

c) risk mitigationd) risk acceptance


Ans: a



26/29

46. In _____, the organization purchases insurance as a means to compensate for any

loss.a) risk management

b) risk analysis

c) risk mitigationd) risk acceptance


Ans: e


47. _____ prevent unauthorized individuals from gaining access to a companys

computer facilities.

a) access controlsb) physical controls

c) data security controlsd) administrative controls

e) input controls

Ans: b


48. _____ restrict unauthorized individuals from using information resources and are

concerned with user identification.a) access controls

b) physical controls

c) data security controlsd) administrative controls

e) input controls


49. Biometrics are an example of:

a) something the user isb) something the user wants

c) something the user has

d) something the user knows

e) something the user does


27/29

Ans: a


50. Retina scans and fingerprints are examples of:

a) something the user is

b) something the user wantsc) something the user has



Ans: a


51. ID cards, smart cards, and tokens are examples of:a) something the user is

b) something the user wants

c) something the user hasd) something the user knows



52. Voice and signature recognition are examples of:

a) something the user isb) something the user wants




Ans: e


53. Passwords and passphrases are examples of:

a) something the user is

b) something the user wants



28/29



Ans: d


54. _____ passwords will always overcome _____ security.a) strong, strong

b) weak, weak

c) weak, strong

d) strong, weake) none of the above

Ans: c


55. Which of the following is not a characteristic of strong passwords?

a) should be difficult to guessb) should contain special characters

c) should not be a recognizable word

d) should not be a recognizable string of numbers

e) should be shorter rather than longer

Ans: e


56. Bob is using public key encryption to send a message to Ted. Bob encrypts the

message with Teds _____ key and Ted decrypts the message using his _____ key.

a) public, public

b) public, privatec) private, private,

d) private, public

Ans: b


57. Information systems auditing consists of which of the following?

a) auditing around the computer


29/29

b) auditing through the computer

c) auditing with the computer

d) all of the above

Ans: d


58. Which of the following is not a part of information systems auditing?



c) auditing with the computerd) auditing without the computer



59. _____ means verifying processing by checking for known outputs using specificinputs.



c) auditing with the computerd) auditing without the computer


60. _____ means using a combination of client data, auditor software, and client and

auditor hardware.

a) auditing around the computerb) auditing through the computer

c) auditing with the computer

d) auditing without the computer

Ans: c


Test 3 Materials

Documents

Transcript of Test 3 Materials