Info Sys 3 real type shi Flashcards by Aayush Patel

We have identified three general approaches to the acquisition of information processing
functionalities and the introduction of IT-based information systems. Which of the
following is not one of them?
A. Custom design and development
B. System selection and acquisition
C. End-user development
D. Open source development
E. None of the above

Open source development

How well did you know this?

Not at all

Perfectly

What are the three steps that occur during the implementation phase of the SDLC?
A. Programming, Testing, Installation
B. Investigation, Installation, Operations
C. Programming, Installation, Maintenance
D. Installation, Operations, Maintenance
E. Investigation, Testing, Installation

Installation, Operations, Maintenance

How well did you know this?

Not at all

Perfectly

In which of the following phases should you expect to be most involved as a general or
functional manager?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C

A and C

How well did you know this?

Not at all

Perfectly

In which phase(s) do the system development life cycle (SDLC) and the system selection
process differ most substantially?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C

A and B

How well did you know this?

Not at all

Perfectly

The three generic phases of a system life-cycle process are:
A. Definition, Design, and Testing
B. Definition, Build, and Implementation
C. Planning, Testing, and Implementation
D. Build, Testing, and Deployment
E. None of the above

Definition, Build, and Implementation

How well did you know this?

Not at all

Perfectly

Why is the Systems development Life Cycle methodology typically referred to as “the
waterfall model”?
A. Because it was first popularized in a town with many waterfalls
B. To stress the fact that phases are sequential and iteration (or going back) should be
avoided as much as possible.
C. Because the SDLC, like prototyping, is not iterative.
D. To convey the notion that getting good user requirements is important and there
should be multiple opportunities to elicit user requirements.
E. B and D

To stress the fact that phases are sequential and iteration (or going back) should be avoided as much as possible.

How well did you know this?

Not at all

Perfectly

Your book describes the systems selection process in-depth. Which of the following is
not a step in the system selection process?
A. Compile an RFP
B. Develop a vendor short list.
C. Solicit proposals.
D. Visit vendor sites.
E. Have vendors provide demonstrations.

Visit vendor sites

How well did you know this?

Not at all

Perfectly

Which of the following are not approaches to acquisition of information processing
functionalities?
A. Custom Design
B. Custom Development
C. System Selection and Acquisition
D. End-user Development
E. Open Source Development

Open Source Development

How well did you know this?

Not at all

Perfectly

Which of the following is not one of the advantages related to making your own systems?
A. Unique Tailoring
B. Flexibility
C. Control
D. Faster Roll-Out
E. All of these are advantages

Faster Roll-Out

How well did you know this?

Not at all

Perfectly

Which of the following is not one of the advantages related to purchasing an off-the-shelf
system?
A. Unique Tailoring
B. Faster Roll-Out
C. Knowledge Infusion
D. Economical Attractiveness
E. High Quality

Unique Tailoring

How well did you know this?

Not at all

Perfectly

The Systems Development Life Cycle has three main phases. These are:
A. Definition, System Design, and Implementation
B. Feasibility Analysis, Programming, and Implementation
C. Definition, Build, and Implementation
D. Investigation, Feasibility Analysis, and System Analysis
E. Installation, Operations, and Maintenance

Definition, System Design, and Implementation

How well did you know this?

Not at all

Perfectly

The IS department workers that experts in both technology and the business processes are
called what?
A. Programmers
B. Analysts
C. Functional Managers
D. Help Desk Personnel
E. Technicians.

Analysts

How well did you know this?

Not at all

Perfectly

Which stage of the SDLS typically results in a “go” or “no-go” decision?
A. Feasibility Analysis
B. Systems Analysis
C. System Design
D. Programming
E. Testing

Feasibility Analysis

How well did you know this?

Not at all

Perfectly

A bank upgrades a computer system at one of its branches. If this works correctly, then
the upgraded system will be installed at the other branches. Which migration approach is
this most likely related to?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional

Pilot

How well did you know this?

Not at all

Perfectly

A bank upgrades the computer systems of its branches, one branch at a time. This is
most likely which of the following migration strategies?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional

Phased

How well did you know this?

Not at all

Perfectly

The Build phase of the SDLC is used to ensure that the software is properly integrated
with the other components of the information system.

True or False?

False

How well did you know this?

Not at all

Perfectly

The SDLC and prototyping methodologies are one and the same.

True or False?

False

How well did you know this?

Not at all

Perfectly

Both the SDLC and prototyping methodologies are use d to create custom systems.

True or False?

True

How well did you know this?

Not at all

Perfectly

Off-the-shelf systems enable infusion of knowledge in the organization

True or False?

True

How well did you know this?

Not at all

Perfectly

End-user development: The process by which an organization’s non–IT specialists create
software applications.

True or False?

True

How well did you know this?

Not at all

Perfectly

Custom software development is a systems development approach predicated on the notion that it impossible to clearly estimate and plan in detail such complex endeavors as information systems design and development projects.

True or False?

False

How well did you know this?

Not at all

Perfectly

A system analyst is a highly skilled IT professional who takes the system requirements document (i.e., what the applications should do) and designs the structure of the system
(i.e., how the application will perform its tasks).

True or False?

False

How well did you know this?

Not at all

Perfectly

Risk Audit provides the basis for:
A. Risk Reduction
B. Risk Transference
C. Risk Analysis
D. Reward Mechanism
E. Risk increase

Risk Analysis

How well did you know this?

Not at all

Perfectly

Security should be on managers’ radar screens because of peculiar characteristics that run
the risk of leaving it what?
A. Underfunded
B. Overfunded
C. Overstaffed
D. Irrelevant
E. Neutralized

Underfunded

How well did you know this?

Not at all

Perfectly

Why is security considered a negative deliverable? A. It costs money B. It produces only tangible benefits C. It does not affect profits whether it is done well or poorly D. It is largely ignored E. It produces no revenue or efficiency

It produces no revenue or efficiency

Risk mitigation allows the organization to do what? A. Devise optimal strategies B. Prevent security issues from every happening in the first place C. Keep both costs and risks at minimum levels D. Maximize failure costs E. Reward IT workers when no issues arise

Devise optimal strategies

When a company is faced with a security threat, they have which three strategies available to them? A. Acceptance, avoidance, and transference B. Acceptance, reduction, and transference C. Avoidance, reduction, and transference D. Acceptance, avoidance, and reduction E. All of the above

B. Acceptance, reduction, and transference

Which of the following strategies is associated with increased potential for failure? A. Acceptance B. Avoidance C. Reduction D. Transference E. Analysis

Acceptance

Insurance costs are most directly associated with which risk strategy? A. Acceptance B. Avoidance C. Reduction D. Transference E. Analysis

Transference

Increased anticipation costs are most directly associated with which risk strategy? A. Acceptance B. Avoidance C. Reduction D. Transference E. Analysis

Reduction

Which of the following is an example of an internal threat? A. Viruses B. Intrusions C. Social Engineering D. Backdoors E. Angry Employees

Angry Employees

Which of the following refers to code built into a program to allow the programmer a way to bypass password protection? A. Password Spoofing B. Bugs C. Viruses D. Phishing E. Backdoors

Backdoors

Which of the following is an automated method of seeking passwords? A. Phishing B. Social Engineering C. Software bugs D. Backdoors E. Careless behavior

Phishing

Which of the following is not a form of malware? A. Viruses B. Spyware C. Sniffers D. Keyloggers E. Worms

Sniffers

Why is a Trojan horse not a virus? A. It does not have a payload B. It does not have a trigger event C. It does not replicate D. It is a legitimate form of security protection E. It does not do anything harmful

It does not replicate

Why is spyware usually not considered a virus? A. It does not replicate B. It does not have a payload C. It does not do anything other than watch what the user does D. It only shows advertisements E. None of the above. They are always viruses

It does not replicate

Which of the following is a viable method of dealing with internal security threats? A. Antivirus software B. Policies regarding what computing resources are accessible to whom C. Firewalls D. Policies that mandate frequent updates to programs and such E. Not immediately deleting terminated employees

Policies regarding what computing resources are accessible to whom

Generally, a company should buy instead of make if 80% of the required functionality is present in a COTS solution. This rule holds unless the remaining 20% functionality is of strategic importance to the company. True or false?

True

A business school has developed a new leave portal for all its employees and decides to immediately switch from the old platform to the new one. This migration is considered a low risk endeavor for the school and its employees. This type of migration approach is considered as: direct parallel phased pilot

Direct

An organization takes the decision in favor of “make: versus “buy” if no commercially available implementation of a design idea exists in the market. True or false?

True

Apple, Inc. provides its users the opportunity to develop applications which can later be downloaded and used via the Apple App Store. This approach of design and development where a software application is created or improved by its users is called: a. custom design and development b. end-user development c. system selection and acquisition d. none of the above

end-user development

Company A is implementing a new HR system. The new system will roll out using a direct installation approach. Which of the following is critical to the successful installation of the new HR system? A. agile development B. change management C. system analysis D. testing

change management

Company A is thinking about using blockchain technology in managing its supply chain. The company is thinking of using the Ethereum blockchain, an existing blockchain solution, rather than developing its unique solution. Which of the following is advantage of using the existing blockchain solution? A. faster-roll out B. flexibility and control C. no advantage D. unique tailoring

faster-roll out

COTS is an acronym for “customized off-the-shelf” software. A. false B. true

false

Creating the IT core is sufficient to fulfill the information processing needs of the firm. A. false B. true

false

Go or no-go recommendations for a project are provided at what phase of the systems development life cycle (SDLC)? A. build phase (just after system design and before programming) B. definition phase (just after feasibility analysis and before system analysis) C. definition phase (just after investigation and before feasibility analysis) D. definition phase (just after system analysis and before investigation)

definition phase (just after feasibility analysis and before system analysis)

Mr. Smith, an owner of a media-services provider, decided to stop depending on applications that are available on the market, and instead, to start developing unique applications internally. Which of the following describes Mr. Smith’s decision? A. moving from custom design and development to end user development B. moving from custom design and development to system selection and acquisition C. moving from system selection and acquisition to custom design and development D. moving from system selection and acquisition to end user development

moving from system selection and acquisition to custom design and development

Scope creep is the reason why system requirements are frozen once stakeholders signoff the systems requirement document. Scope creep can lead to: A. improved efficiency in project deployment B. significant decrease in cost and faster development of the project C. significant increase in cost and delay in development of the project D. none of the above

significant increase in cost and delay in development of the project

Software-as-a-service (SaaS) solutions can be classified as COTS applications. A. false B. true

true

Technical feasibility is concerned with taking the system requirements document and producing a robust, secure, and efficient application. A. false B. true

false

Technology development must take into account which three key considerations? A. people, processes and structure B. people, project funding and structure C. people, shareholders and structure D. none of the above

people, processes and structure

The build phase of the systems development life cycle (SDLC) consists of which of the following sub-processes: A. installation, operations, maintenance B. investigation, feasibility analysis, system analysis C. system design, programming, testing D. none of the above

investigation, feasibility analysis, system analysis

The SNCF rail network in France recently introduced a new app to book train tickets by the name of “oui SNCF”. The app was expressly made for serving the needs of the many SNCF customers who travel between cities in France over the rail network. What can you infer about the design and development approach of the application? A. custom design and development B. end-user development C. system selection and acquisition D. none of the above

custom design and development

The technology development and the IS development processes are often sequential. A. false B. true

false

The US subsidiary of a major food producer decided to implement SAP within their organization. SAP is an openly available enterprise software to manage business operations and customer relations. Which type of design and development approach does the commercially available SAP software fall into? A. custom design and development B. end-user development C. system selection and acquisition D. none of the above

none of the above

When fulfilling the IS processing needs, what does the firm has to do in the information systems development process? A. assess current IS within the firm B. develop capabilities to develop the IS C. generate the IT core D. integrate the technology with other components of the organization (i.e. people, processes, structure)

integrate the technology with other components of the organization (i.e. people, processes, structure)

When YouTube launched its video-sharing platform in 2005, it had to develop its own IS. This is an example of system selection and development. A. false B. true

false

Which of the following are the two main processes of fulfilling information processing needs? A. capability development and IT development B. custom IS development and technical skills development C. IS research and IS development D. technology development and IS development

custom IS development and technical skills development

Which of the following are two critical processes that take place during the installation phase? A. change management and prototyping B. end-user training and change management C. end-user training and prototyping D. programming and testing

end-user training and change management

Which of the following is an advantage of custom development? A. economically attractive B. faster roll-out C. flexibility and control D. knowledge infusion

flexibility and control

Which of the following is not an advantage of custom development of software applications within an organization? A. cost savings B. flexibility and control C. unique tailoring D. none of the above

cost savings

Which of the following is not an advantage of open source software? A. creativity B. limited lock-in C. robustness D. security

security

Which of the following is not an advantage of purchasing? A. faster rollout B. flexibility C. high quality D. knowledge infusion

flexibility

Which of the following is not an approach to the acquisition of information processing functionalities and the introduction of IT-based information systems? A. customer design and development B. end-user development C. supervised development D. system selection and acquisition

supervised development

Which of the following statements is not a part of the “agile manifesto” for software development: A. customer collaboration over contract negotiation B. processes and tools over individuals and interactions C. responding to change over following a plan D. working software over comprehensive documentation

processes and tools over individuals and interactions

Cybersecurity is a negative deliverable because: A. It limits the possibility that future positive gains can be made B. It limits the possibility of both future negative fallout and positive gains would occur C. It limits the possibility that future negative fallout will happen D. None of the above

It limits the possibility that future negative fallout will happen

Risk assessment consists of which of the following processes? A. Risk audit (technical & human resources), risk analysis B. Risk analysis, risk mitigation C. Risk audit (technical & human resources), risk mitigation D. None of the above

Risk audit (technical & human resources), risk analysis

Risk analysis is the process by which a firm attempts to quantify the hazards identified in the risk audit. A. True B. False

true

Rational decision making suggests that the amount invested in cyber security safeguards should be proportional to the extent of threats and its potential negative side effects. A. True B. False

true

After completing a risk assessment of the Information Systems security within company X, the directors have decided to purchase an insurance against cyber security threats. What type of risk mitigation strategy is this? A. Risk reduction B. Risk acceptance C. Risk transference D. Risk reduction & risk acceptance

Risk transference

Mr. K has been a long term corporate sales account manager at a telecommunication company. He has been angling for a promotion for the past 10 years however almost always someone younger is promoted because they are more qualified. Disgruntled by bis workplace he has resigned from office. On the last day of his job he decides to teach them all a lesson by selling confidential customer information to a competitor. What kind of behavior does this situation represent? A. Careless behavior B. Carless and unintentional malicious behavior C. Intentional malicious behavior D. Unintentional malicious behavior

Intentional malicious behavior

Mary received an email on her outlook inbox that claimed it was from the IT helpdesk at her office. The email asked her to change the password on her official account using a link within the email in the next 15 minutes or she would automatically loose access to her account on all devices. Reading this message prompts her to click on the link which redirects her to webpage that looks just like the outlook security settings page. What kind of external intrusion threat is this? A. Phishing B. Backdoors and exploits C. Social engineering D. None of the above

Phishing

A trojan horse like a virus delivers malicious payload and self-replicates. A. True B. False

False

Which of the following malicious codes do not self-replicate? A. Viruses and worms B. Just worms C. Trojan horses and spyware D. None of the above

Trojan horses and spyware

The distributed denial of service (DDoS) attack uses a single compromised system while a denial of service (DoS) attack uses a large network of compromised systems. A. False B. True

False

The difference between cybersecurity and privacy is that whereas cybersecurity is about safe keeping of collected data, privacy is about informed consent and permission to collect and use identifying information. A. False B. True

True

Function creep is the situation where data collected for a stated or implied purpose is later on reused for the same purpose. A. True B. False

False

An organization's ethical code of conduct communicates to all parties the organization's principles of ethical information system use and its formal stance enabling detection of, and distancing from, unethical choices made by any member of the organization. A. True B. False

True

Which of the following best describes a firm’s set of defenses to mitigate threats to its technology infrastructure? A. Reducing threat of new entrants B. Longevity risk mitigation C. Cybersecurity D. Answer is not listed

Cybersecurity

Cyber security risk assessment is a process of auditing ONLY the current technological resources, in an effort to map the current state of the art on IS security in the organization. A. False B. True

False

Which of the following mitigation strategies has high failure costs but low anticipation costs? A. Risk acceptance B. Risk reduction C. Risk transference D. Risk transference and risk reduction

Risk acceptance

Which of the following best explains why internal exploits are hard to detect? A. Because internal exploits often use advanced techniques that are hard to detect B. Because companies often limit the number of employees who can access sensible information C. Because users are authorized on the network and their actions can go undetected unless they make a careless mistake or discuss their behaviors with others D. Answer is not listed

Because users are authorized on the network and their actions can go undetected unless they make a careless mistake or discuss their behaviors with others

In 2010, an Apple software engineer left a prototype of the iPhone 4 in a bar. the person who found the phone sold it to the gadget blog Gizmodo for $5,000, who disassembled it and posted its characteristics online. Which of the following cyber security threats best describe this example? A. An internal threat due to intentional malicious behavior B. An internal threat due to careless behavior C. An external threat due to an intrusion D. An external threat due to online fake news

An internal threat due to careless behavior

An intrusion threat consists of any situation where an unauthorized attacker gains access to organizational IT resources. A. True B. False

True

Mr. Smith received a phone call from a person claiming to be from his bank. The unknown person told Mr. Smith that he needed to update his account security details. the caller asked for Mr. Smith’s account, card and personal details in order to confirm his identity. Mr. Smith refused to provide any details to the unknown caller, and instead, called his bank which confirmed that the phone call was a scam. Which of the following best describes the mentioned scam? A. Backdoor exploit B. Malicious code C. Whaling D. Social engineering

Social engineering

Someone posing as an IT tech requests information about your computer configuration. What kind of attack is this? A. Social engineering B. Inside threats C. Phishing D. Whaling

Social engineering

A multinational cooperation is rethinking how it is managing its information systems’ security. The organization needs to prove to its customers, partners and other stakeholders that it complies with international cyber security standards. Which of the following frameworks are best suited for the cooperation? A. NIST cyber security framework B. Cyber kill chain framework C. NERC CIP D. ISO 27001

ISO 27001

Many organizations limit their employees’ access to certain websites and prevent the individual installation of new software. Which of the following best describes this practice? A. Mitigating internal threats through monitoring B. Detecting internal threats through monitoring C. Detecting external threats through monitoring D. Answer is not listed

Mitigating internal threats through monitoring

Firewalls cans be used to decrease internal cyber security threats. A. True B. False

True

Which of the following is an example of function creep? A. Data on number of soda cans sold by a vending machine used only to compute revenues B. An online website that does not save or share user data without their permission C. A research institute that uses data for its implied purpose only D. A social network selling users’ data to third parties

A social network selling users’ data to third parties

Protection of intellectual property in the internet is not an ethical issue. A. False B. True

False

Ethical conduct is often ensured through computer software. A. True B. False

False

Info Sys 3 real type shi Flashcards

(92 cards)