Test 3 Info Systems Flashcards
1
Q
System Selection Process /6 (SCSDEN)
A
- System analysis
- Formulate Evaluation criteria
- Compile short list of Vendors
- Compile and Distribute the RFP
- Evaluate Alternatives
- Negotiate K
2
Q
Open Source Development meaning?
A
development method for software that harnesses the power of distributed peer review and transparency of process promising better quality and allowing users to access to the source code
3
Q
Cybersecurity Definition
A
refers to the set of defense an organization puts in place to mitigate threats to its technological infrastructure and digital assets
4
Q
Cybersecurity Framework /5 (IPDRR)
A
- Identify
- Protect
- Detect
- Respond
- Recover
5
Q
- We have identified three general approaches to the acquisition of information processing functionalities and the introduction of IT-based information systems. Which of the following is not one of them?
A. Custom design and development
B. System selection and acquisition
C. End-user development
D. Open source development
E. None of the above
A
Ans: D
Open source development
6
Q
- What are the three steps that occur during the implementation phase of the SDLC?
A. Programming, Testing, Installation
B. Investigation, Installation, Operations
C. Programming, Installation, Maintenance
D. Installation, Operations, Maintenance
E. Investigation, Testing, Installation
A
Ans: D
Installation, Operations and Maintenance
7
Q
- In which of the following phases should you expect to be most involved as a general or functional manager?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C
A
Ans: E
A & C (Definition and Implement)
8
Q
- In which phase(s) do the system development life cycle (SDLC) and the system selection process differ most substantially?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C
A
Ans: D
A & B (Definition and Build)
9
Q
- The three generic phases of a system life-cycle process are:
A. Definition, Design, and Testing
B. Definition, Build, and Implementation
C. Planning, Testing, and Implementation
D. Build, Testing, and Deployment
E. None of the above
A
Ans: B
Definition, build and implement
10
Q
- Why is the Systems development Life Cycle methodology typically referred to as “the waterfall model”?
A. Because it was first popularized in a town with many waterfalls
B. To stress the fact that phases are sequential and iteration (or going back) should be avoided as much as possible.
C. Because the SDLC, like prototyping, is not iterative.
D. To convey the notion that getting good user requirements is important and there should be multiple opportunities to elicit user requirements.
E. B and D
A
Ans: B
To stress the fact that phases are sequential and iteration (or going back) should be avoided as much as possible
11
Q
- Your book describes the systems selection process in-depth. Which of the following is not a step in the system selection process?
A. Compile an RFP
B. Develop a vendor short list.
C. Solicit proposals.
D. Visit vendor sites.
E. Have vendors provide demonstrations
A
Ans: D
visit Vendor Sites
12
Q
- Which of the following are not approaches to acquisition of information processing functionalities?
A. Custom Design
B. Custom Development
C. System Selection and Acquisition
D. End-user Development
E. Open Source Development
A
Ans: E
Open-source development
13
Q
- Which of the following is not one of the advantages related to making your own systems?
A. Unique Tailoring
B. Flexibility
C. Control
D. Faster Roll-Out
E. All of these are advantages
A
Ans: D
Faster roll-out
14
Q
- Which of the following is not one of the advantages related to purchasing an off-the-shelf system?
A. Unique Tailoring
B. Faster Roll-Out
C. Knowledge Infusion
D. Economical Attractiveness
E. High Quality
A
Ans: A
Unique tailoring
15
Q
- The Systems Development Life Cycle has three main phases. These are:
A. Definition, System Design, and Implementation
B. Feasibility Analysis, Programming, and Implementation
C. Definition, Build, and Implementation
D. Investigation, Feasibility Analysis, and System Analysis
E. Installation, Operations, and Maintenance
A
Ans: C
Definition, Build and Implementation
16
Q
- The IS department workers that experts in both technology and the business processes are called what?
A. Programmers
B. Analysts
C. Functional Managers
D. Help Desk Personnel
E. Technicians.
A
Ans: B
Analysts
17
Q
- Which stage of the SDLS typically results in a “go” or “no-go” decision?
A. Feasibility Analysis
B. Systems Analysis
C. System Design
D. Programming
E. Testing
A
Ans: A
Feasibility Analysis
18
Q
- A bank upgrades a computer system at one of its branches. If this works correctly, then the upgraded system will be installed at the other branches. Which migration approach is this most likely related to?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional
A
Ans: D
Pilot
19
Q
- A bank upgrades the computer systems of its branches, one branch at a time. This is most likely which of the following migration strategies?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional
A
Correct answer: C
Pilot
20
Q
- The Build phase of the SDLC is used to ensure that the software is properly integrated with the other components of the information system. (T/F)
A
False
21
Q
- The SDLC and prototyping methodologies are one and the same. (T/F)
A
False
22
Q
- Both the SDLC and prototyping methodologies are use d to create custom systems. (T/F)
A
True
23
Q
- Off-the-shelf systems enable infusion of knowledge in the organization (T/F)
A
True
24
Q
- End-user development: The process by which an organization’s non–IT specialists create software applications. (T/F)
A
True
25
6. Custom software development is a systems development approach predicated on the notion that it impossible to clearly estimate and plan in detail such complex endeavors as information systems design and development projects. (T/F)
False
26
7. A system analyst is a highly skilled IT professional who takes the system requirements document (i.e., what the applications should do) and designs the structure of the system (i.e., how the application will perform its tasks). (T/F)
False
27
What are Cobots?
they are robots that work with humans rather than take over the overall job
28
What do robots help with? /2
1. Enabling human productivity
2. Handling menial tasks
29
What is Quantum Computing?
A new technology using quantum mechanics to solve complex problems. Processing many different probabilities
30
Blockchain?
A digital Database that facilitates the sharing of info among its members
31
Can Blockchain guarantee confidentiality without the need for a 3rd party?
Yes
32
Mitigation Tactics for Blockchain? /2
1. Network Nodes surveillance
2. Checking user credentials
33
Types of Blockchain /4 (PPPC)
1. Public
2. Private
3. Permisssioned
4. Consortium
34
What is Virtualization and Docker technology
Has to do with a virtual computer system and how it is packaged into standardized units.
35
What is Cloud computing?
A delivery model for applications and storage components. (IaaS, SaaS, PaaS)
36
1. Risk Audit provides the basis for:
A. Risk Reduction
B. Risk Transference
C. Risk Analysis
D. Reward Mechanism
E. Risk increase
Ans: C
Risk Analysis
37
2. Security should be on managers’ radar screens because of peculiar characteristics that run the risk of leaving it what?
A. Underfunded
B. Overfunded
C. Overstaffed
D. Irrelevant
E. Neutralized
Ans: A
Underfunded
38
3. Why is security considered a negative deliverable?
A. It costs money
B. It produces only tangible benefits
C. It does not affect profits whether it is done well or poorly
D. It is largely ignored
E. It produces no revenue or efficiency
Ans: E
It produces no revenue or efficiency
39
4. Risk mitigation allows the organization to do what?
A. Devise optimal strategies
B. Prevent security issues from ever happening in the first place
C. Keep both costs and risks at minimum levels
D. Maximize failure costs
E. Reward IT workers when no issues arise
Ans: A
Devise Optimal Strategies
40
5. When a company is faced with a security threat, they have which three strategies available to them?
A. Acceptance, avoidance, and transference
B. Acceptance, reduction, and transference
C. Avoidance, reduction, and transference
D. Acceptance, avoidance, and reduction
E. All of the above
Ans: B
Acceptance, Reduction, and Transference
41
6. Which of the following strategies is associated with increased potential for failure?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis
Ans: A
Acceptance
42
7. Insurance costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis
Ans: D
Transference
43
8. Increased anticipation costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis
Ans: C
Reduction
44
9. Which of the following is an example of an internal threat?
A. Viruses
B. Intrusions
C. Social Engineering
D. Backdoors
E. Angry Employees
Ans: E
Angry Employees
45
10. Which of the following refers to code built into a program to allow the programmer a way to bypass password protection?
A. Password Spoofing
B. Bugs
C. Viruses
D. Phishing
E. Backdoors
Ans: E
Backdoors
46
11. Which of the following is an automated method of seeking passwords?
A. Phishing
B. Social Engineering
C. Software bugs
D. Backdoors
E. Careless behavior
Ans: A
Phishing
47
12. Which of the following is not a form of malware?
A. Viruses
B. Spyware
C. Sniffers
D. Keyloggers
E. Worms
Ans: C
Sniffers
48
13. Why is a Trojan horse not a virus?
A. It does not have a payload
B. It does not have a trigger event
C. It does not replicate
D. It is a legitimate form of security protection
E. It does not do anything harmful
Ans: C
It does not replicate
49
14. Why is spyware usually not considered a virus?
A. It does not replicate
B. It does not have a payload
C. It does not do anything other than watch what the user does
D. It only shows advertisements
E. None of the above. They are always viruses
Ans: A
It does not replicate
50
15. Which of the following is a viable method of dealing with internal security threats?
A. Antivirus software
B. Policies regarding what computing resources are accessible to whom
C. Firewalls
D. Policies that mandate frequent updates to programs and such
E. Not immediately deleting terminated employees
Ans: B
Policies regarding what computing resources are accessible to whom
51
1. True or False: IT Risk Management is the process of identifying and measuring information systems security risks to devise the optimal mitigation strategy. (T/F)
True
52
2. True or False: Creating security policies that spell out the behaviors that should be follow in order to minimize security risks and auditing the policies to ensure compliance will mitigate security risks.(T/F)
True
53
3. True or False: Function Creep, when used in terms of privacy risks, refers to new technological advances and devices that generate more data than ever. (T/F)
False
54
4. Malicious cyberactivity is decreasing due to improvements in software protection systems. (T/F)
False
55
5. Biometrics refers to the use of a measurement of some biological parameter to uniquely identify users. (T/F)
True
56
3 types of risk mitigation strategies (ART)
1. Risk Acceptance
2. Risk Reduction
3. Risk Transference
57
Can 3D printers often replicate the product the same way? (T/F)
False
58
2 Primary Types of AR
1. Marker-Based
2. Market-Less
59
What is Addiction by Design
It uses positive reinforcement to encourage users to spend more time on their platform
