Term
1. ________ refers to all of the methods, policies, and organizational procedures that ensure the
safety of the organization's assets, the accuracy and reliability of its accounting records, and
operational adherence to management standards.
A) Legacy systems
B) SSID standards
C) Vulnerabilities
D) Controls |
|
Definition
|
|
Term
2. Firms providing financial services must comply with the ______________ for electronic records
management
A) Health Insurance Portability and Accountability Act (HIPAA)
B) Warren Buffet Act
C) Gramm‐Leach‐Bliley Act
D) Sarbanes‐Oxley Act
E) National Security Policy Act |
|
Definition
| C) Gramm‐Leach‐Bliley Act |
|
|
Term
3. You have been hired as a security consultant for a law firm. Which of the following constitutes
the greatest source of security threats to the firm?
A) Wireless network
B) Employees
C) Authentication procedures
D) Lack of data encryption |
|
Definition
|
|
Term
4. The HIPAA Act of 1996:
A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of
financial information.
D) outlines medical security and privacy rules. |
|
Definition
| D) outlines medical security and privacy rules. |
|
|
Term
5. In ___________ eavesdroppers drive by buildings or park outside and try to intercept wireless
network traffic.
A) SQL injection attacks.
B) phishing.
C) war driving.
D) social engineering. |
|
Definition
|
|
Term
6. ___________ focuses on how the company can restore business operations after a disaster
strikes.
A) security policy.
B) AUP.
C) business continuity planning.
D) business impact analysis |
|
Definition
| C) business continuity planning. |
|
|
Term
7. A(n) ______ determines the level of risk to the firm if a specific activity or process is not properly
controlled. Business managers working with IS specialists determine the value of information
assets, points of vulnerability, the likely frequency of a problem, and the potential for damage.
A) security policy.
B) AUP.
C) MIS audit.
D) risk assessment. |
|
Definition
|
|
Term
8. ________ feature full‐time monitoring tools placed at most vulnerable points or “hot spots” of
corporate networks to detect and deter intruders continually.
A) Stateful inspections
B) Intrusion detection systems
C) Application proxy filtering technologies
D) Packet filtering technologies |
|
Definition
| B) Intrusion detection systems |
|
|
Term
9. A digital certificate system:
A) uses third‐party CAs to validate a user’s identity.
B) uses digital signatures to validate a user’s identity.
C) uses tokens to validate a user’s identity.
D) is used primarily by individuals for personal correspondence |
|
Definition
| A) uses third‐party CAs to validate a user’s identity. |
|
|
Term
10. For 100% availability, online transaction processing requires:
A) high‐capacity storage.
B) a multi‐tier server network.
C) fault‐tolerant computer systems.
D) dedicated phone lines. |
|
Definition
| C) fault‐tolerant computer systems. |
|
|
Term
11. Downtime refers to periods of time in which a:
A) computer system is malfunctioning.
B) computer system is not operational.
C) company or organization is not operational.
D) computer is not online. |
|
Definition
| B) computer system is not operational. |
|
|
Term
12. Smaller firms may outsource some or many security functions to:
A) MSSPs.
B) MISs.
C) SSLs.
D) CAs. |
|
Definition
|
|
Term
13. Most antivirus software is effective against:
A) only those viruses active on the Internet and through e‐mail.
B) any virus.
C) any virus except those in wireless communications applications.
D) only those viruses already known when the software is written. |
|
Definition
| D) only those viruses already known when the software is written. |
|
|
Term
14. An authentication token is a(n):
A) device the size of a credit card that contains antivirus software to verify the presence of
computer viruses.
B) type of hardware and software control that prevents unauthorized users from Internet
accessing the organization’s private internal networks.
C) gadget that displays passcodes.
D) electronic marker attached to a digital authorization file. |
|
Definition
| C) gadget that displays passcodes. |
|
|
Term
15. Using numerous computers to inundate and overwhelm the network from numerous launch
points is called a ________ attack.
A) DDoS
B) social engineering
C) SQL injection
D) phishing |
|
Definition
|
|
Term
16. _________ an independent computer program that copies itself from one computer to another
over a network. Unlike viruses, _______ can operate on their own without attaching to other
computer program files.
A) worm
B) trojan horse
C) bug
D) keyloggers |
|
Definition
|
|
Term
17. Hackers create a botnet by:
A) infecting Web search bots with malware.
B) using Web search bots to infect other computers.
C) causing other people's computers to become "zombie" PCs following a master computer.
D) infecting corporate servers with "zombie" Trojan horses that allow undetected access
through a back door. |
|
Definition
| C) causing other people's computers to become "zombie" PCs following a master computer. |
|
|
Term
18. Tricking employees to reveal their passwords by pretending to be a legitimate member of a
company is called:
A) sniffing.
B) social engineering
C) phishing.
D) pharming |
|
Definition
|
|
Term
1. Which process defines the objectives of the new or modified system and develops a detailed
description of the functions that a new information system must perform?
A) Feasibility study
B) Requirements analysis
C) Systems design
D) Test plan development |
|
Definition
|
|
Term
2. System testing:
A) includes all the preparations for the series of tests to be performed on the system.
B) tests the functioning of the system as a whole.
C) tests each program separately.
D) provides the final certification that the system is ready to be used in a production setting. |
|
Definition
| B) tests the functioning of the system as a whole. |
|
|
Term
3. Acceptance testing:
A) includes all the preparations for the trials.
B) tests the functioning of the system as a whole.
C) tests each program separately.
D) provides the final certification that the system is ready to be used in a production setting. |
|
Definition
| D) provides the final certification that the system is ready to be used in a production setting. |
|
|
Term
4. In a direct cutover conversion strategy, the new system:
A) is tested by an outsourced company.
B) replaces the old one at an appointed time.
C) and the old are run together.
D) is introduced in stages. |
|
Definition
| B) replaces the old one at an appointed time. |
|
|
Term
5. Changes in hardware, software, documentation, or production to a production system to correct
errors, meet new requirements, or improve processing efficiencies are termed:
A) compliance.
B) production.
C) maintenance.
D) acceptance. |
|
Definition
|
|
Term
6. The ________ feature of an application software package allows an organization to modify the
package to meet its unique requirements without destroying the integrity of the packaged
software.
A) prototype.
B) rapid application design.
C) joint application design.
D) customization. |
|
Definition
|
|
Term
7. A ________ shows each task as a horizontal bar whose length is proportional to the time
required to complete it.
A) Gantt chart
B) DFD
C) feasibility study
D) PERT chart |
|
Definition
|
|
Term
8. Which one of the following is the oldest method of building information systems?
A) prototyping
B) end‐user development
C) application software packages
D) systems development life cycle |
|
Definition
| D) systems development life cycle |
|
|
Term
9. A document that shows how specific information systems fit into a company’s overall business
plan and business strategy is called a(n) ________. :
A) project plan.
B) request for proposal.
C) information systems plan.
D) mission statement. |
|
Definition
| C) information systems plan. |
|
|
Term
10. Which process is used to develop risk profiles for a firm's information system projects and
assets?
A) Information systems plan
B) Scoring model
C) Portfolio analysis
D) Feasibility study |
|
Definition
|
|
Term
11. You have been hired by a pharmaceutical company to evaluate its portfolio of systems and IT
projects. Which types of projects would be best avoided?
A) Any high risk projects
B) Any low‐benefit projects
C) High‐risk, low benefit projects
D) None — any project might be beneficial |
|
Definition
| C) High‐risk, low benefit projects |
|
|
Term
12. A working version of an information system intended as only a preliminary model is called a(n).
A) customization.
B) structured methodology.
C) end‐user interface.
D) prototype. |
|
Definition
|
|
Term
13. When systems are created rapidly, without a formal development methodology:
A) end users can take over the work of IT specialists.
B) the organization quickly outgrows the new system.
C) hardware, software, and quality standards are less important.
D) testing and documentation may be inadequate. |
|
Definition
| D) testing and documentation may be inadequate. |
|
|
Term
14. Which one of the following tools may help identify risk areas associated with employee
acceptance of a new information system?
A) Formal planning and control tools
B) Organizational impact analysis
C) System prototype
D) Feasibility study |
|
Definition
| B) Organizational impact analysis |
|
|
Term
15. The process of creating workable information systems in a very short period of time is called:
A) RAD
B) JAD
C) Prototyping
D) End‐user development |
|
Definition
|
|
Term
16. The entire system‐building effort is driven by:
A) organizational change.
B) feasibility studies.
C) data.
D) user information requirements. |
|
Definition
| D) user information requirements. |
|
|
Term
17. The primary tool for representing a system's component processes and the flow of data
between them is the :
A) data dictionary.
B) process specifications diagram.
C) user documentation.
D) data flow diagram. |
|
Definition
|
|
Term
18. You are an IT project manager for an advertising firm. The firm wishes to create an online survey
tool that will be used to survey focus group reactions to products in development. The most
important consideration for the firm is being able to offer the tool as soon as possible as a new
corporate service. However, you know that many of the senior managers that are business
owners of this project have difficulty in understanding technical or software development
issues, and are more likely to change their requirements during the course of development.
What development method would be most successful for this project?
A) RAD
B) Prototyping
C) JAD
D) End‐user development |
|
Definition
|
|
Term
1. Which of the following best describes how new information systems result in legal gray areas?
A) They work with networked, electronic data, which are more difficult to control than
information stored manually.
B) They result in new situations that are not covered by old laws.
C) They are implemented by technicians rather than managers.
D) They are created from sets of logical and technological rules rather than social or
organizational mores. |
|
Definition
| B) They result in new situations that are not covered by old laws. |
|
|
Term
2. The use of computers to combine data from multiple sources and create electronic dossiers of
detailed information on individuals is called:
A) profiling
B) phishing.
C) spamming.
D) targeting. |
|
Definition
|
|
Term
3. Most American and European privacy laws are based on a regime called
A) privacy rights of individuals
B) conspiracy theories
C) opt‐out models of informed consent
D) fair information practices (FIP). |
|
Definition
| D) fair information practices (FIP). |
|
|
Term
4. A colleague of yours frequently takes, for his own personal use, small amounts of office supplies,
noting that the loss to the company is minimal. You counter that if everyone were to take the
office supplies, the loss would no longer be minimal. Your rationale expresses which historical
ethical principle?
A) Kant's Categorical Imperative
B) The Golden Rule
C) The Risk Aversion Principle
D) The "No free lunch" rule |
|
Definition
| A) Kant's Categorical Imperative |
|
|
Term
5. The Federal Trade Commission FIP principle of Notice/Awareness states that:
A) customers must be allowed to choose how their information will be used for secondary
purposes other than the supporting transaction.
B) data collectors must take responsible steps to assure that consumer information is accurate
and secure from unauthorized use.
C) there is a mechanism in place to enforce FIP principles.
D) Web sites must disclose their information practices before collecting data. |
|
Definition
| D) Web sites must disclose their information practices before collecting data. |
|
|
Term
6. A(n) ________ model of informed consent permits the collection of personal information until
the consumer specifically requests that the data not be collected.
A) opt‐in
B) opt‐out
C) P3P
D) PGP |
|
Definition
|
|
Term
7. _______ refers to the principles of right and wrong that individuals, acting as free moral agents,
use to make choices to guide their behavior.
A) Ethics
B) intellectual property
C) fair use doctrine
D) copyright |
|
Definition
|
|
Term
8. ________ are not held liable for the messages they transmit.
A) Regulated common carriers
B) Private individuals
C) Organizations and businesses
D) Elected officials |
|
Definition
| A) Regulated common carriers |
|
|
Term
9. It is not feasible for companies to produce error‐free software because:
A) any programming code is susceptible to error.
B) it is too expensive create perfect software.
C) errors can be introduced in the maintenance stage of development.
D) any software of any complexity will have errors. |
|
Definition
| B) it is too expensive create perfect software |
|
|
Term
10. The most common source of business system failure is:
A) software bugs.
B) software errors.
C) hardware or facilities failures.
D) data quality. |
|
Definition
|
|
Term
11. The term "________ divide" refers to large disparities in access to computers and the Internet
among different social groups and different locations.
A) computer
B) technology
C) digital
D) electronic |
|
Definition
|
|
Term
12. European privacy protection is ________ than in the United States.
A) much more stringent
B) less far‐reaching
C) less liable to laws
D) much less stringent |
|
Definition
|
|
Term
13. Small text files deposited on a computer hard drive when a user visits certain Web sites are
called
A) web critters
B) cookies.
C) digital crumbs
D) viruses |
|
Definition
|
|
Term
14. Re‐designing and automating business processes can be seen as a double‐edged sword because:
A) increases in efficiency may be accompanied by job losses.
B) increases in efficiency may be accompanied by poor data quality.
C) support for middle‐management decision making may be offset by poor data quality.
D) reliance on technology results in the loss of hands‐on knowledge. |
|
Definition
|
|
Term
15. The practice of spamming has been growing because:
A) telephone solicitation is no longer legal.
B) it is good advertising practice and brings in many new customers.
C) It helps pay for the Internet.
D) it is so inexpensive and can reach so many people. |
|
Definition
| D) it is so inexpensive and can reach so many people. |
|
|
Term
16. The introduction of new information technology has a:
A) dampening effect on the discourse of business ethics.
B) ripple effect, raising new ethical, social, and political issues.
C) beneficial effect for society as a whole, while raising dilemmas for consumers.
D) waterfall effect in raising ever more complex ethical issues. |
|
Definition
| B) ripple effect, raising new ethical, social, and political issues. |
|
|
Term
17. The health risks computer cause is(are):
A) CTS
B) CVS
C) technostress
D) all of the above |
|
Definition
|
|
Term
18. Which of the following tools was designed to help protect Web user privacy?
A) P3P
B) NAI
C) FIP
D) DoubleClick |
|
Definition
|
|
