BA 370 After Midterm/Final BIS

Question 1

All types of software

Answer 1

Operating Systems, Application Programs, Programming Languages, and Firmware

Question 2

1st generation programming language (1GL)

Answer 2

machine level programming language. made of binary numbers, 0 and 1. This makes the language suitable to be understood by the machine/hardware but very much more difficult to be interpreted and learned by the human programmer

Question 3

2 GL

Answer 3

it is still very difficult to read or write – the programmer specifies memory addresses and special codes to perform only simple functions like compare, add, or subtract.

Question 4

3GL

Answer 4

high-level because they are closer to human languages and further from machine language. In contrast, assembly language is considered low-level because it is very close to machine language.

Question 5

SQL

Answer 5

special purpose programming language for retrieving data from an RDBMS and is considered a 4GL. A fourth generation programming language (4GL) attempts to get closer than 3GLs to human languages in terms of thinking and conceptualization.

Question 6

Declarative Programming Language

Answer 6

you just specify what you want without having to say how to do it. With a Procedural Programming Language, you have to specify exact steps to get the job done. For example, SQL is a declarative language because the queries don’t specify steps to produce the result.

Question 7

Source Code

Answer 7

computer code as written by humans and that is understandable by humans. Code written in most programming languages discussed above (except 1 GL) is source code but that code is not directly executable on a computer. A special program translates source code into machine/binary code (series of 0s and 1s) that the computer hardware can execute.

Question 8

Software in two broad categories

Answer 8

System Software and Application Software

Question 9

Operating System (OS)

Answer 9

system software that provides a platform and services for running different types of application software.They manage input and output devices, CPUs, memory, storage, and networking. Examples include:
•Unix
•Linux – an open source OS that is very similar to Unix
•Windows (several versions including the newest desktop Windows 8 and 10)
•Windows Server (An operating system for Servers)
•OS X (Macs)
•iOS (for IPads and IPhones)
•Android (a mobile OS used on phones and tablets)

Question 10

firmware

Answer 10

computer software that is installed into specific devices such as printers, print servers, and various data communication devices. It is usually stored in read only form (on a memory chip called ROM - Read Only Memory - in the device’s hardware.

Question 11

application software

Answer 11

• ERP, CRM, and SCM are examples of large application software.
• Application software also includes:
o General purpose programs with broad horizontal markets like individually focused applications (e.g. MS Office (Word, Excel, Access, Power Point), Phone apps, Audio/Video players/editors …)
o Industry specific programs developed for a specific market (e.g. BlackBoard, EMR, Airline Reservation System) - a vertical-market application
o One of a kind software (Custom Software or Tailor-made software) for very unique needs of a specific client (e.g. a custom e-commerce program for a specific company to sell online or an application that coordinate traffic data for the state of Oregon)

Question 12

open source software

Answer 12

Open Source means the human readable source code (as explained above) is available to the public. The software may be used, altered and distributed in a variety of ways depending on the license but no royalties are paid to the original authors. The Open Source movement is more about software freedom than it is about free software.
• Richard Stallman founded the open source movement in 1983 and developed the general public license agreement -still widely used today
• Linus Torvalds developed an open source operating system similar to Unix which he called Linux in 1991
• IBM has developed a wide range of enterprise applications that run on Linux. Neither they nor their customers have to pay a licensing fee to use Linux

Question 13

examples of open source software

Answer 13

• Apache (a web server)
• Python (a programming language)
• OpenOffice (Personal productivity software)
• MySQL (an RDBMS)
• Audacity (music/sound editing software)
• 7Zip (file compression software)
• Linux (an open source operating system)

Question 14

Q3: software installed on devices such as printers and communication devices, which is usually stored on ROM, is referred to as

Answer 14

firmware

Question 15

Q3: Software that manages the resources of the computer is called

Answer 15

operating system software

Question 16

Q3: Which type of software is created and updated by a worldwide community of programmers and (mostly) available for free

Answer 16

open source

Question 17

Q3: Assembly programming language is an example of a

Answer 17

low level language

Question 18

Q3: Which of the following includes only the names of operating system software

Answer 18

OS X, Windows, iOS, and Android

Question 19

information security (infosec)

Answer 19

“is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).”

Question 20

threat

Answer 20

person or organization seeks to obtain data or other assets illegally, without owner’s permission and often without owner’s knowledge

Question 21

vulnerability

Answer 21

opportunity for threats to gain access to individual or organizational assets

Question 22

safeguard

Answer 22

measure individuals or organizations take to block threat from obtaining an asset

Question 23

target

Answer 23

asset desired by threat

Question 24

ex of threat: pretexting

Answer 24

a nefarious agent pretends to be someone else and tries to get you to disclose valuable information

Question 25

ex of threat: phishing

Answer 25

Essentially pretexting via emails which appear to be from a legitimate source to lure a user to click on a damaging link or provide private information.

Question 26

ex of threat: sniffing

Answer 26

equipment is used to listen in on network traffic (wired or wireless)

Question 27

ex of threat: hacking

Answer 27

by various means, a nefarious agent breaks into a network or computer to extract or damage information
Not all hackers are malicious
White hat hackers- legitimately probe systems for weaknesses to help with security.
Black hat hackers- attack systems for illegitimate reasons.
Grey hat hackers- are white hat hackers who skirt the edges of the law.

Question 28

intrusion

Answer 28

into a computer system / network is an attempt by an “outsider” to illegally gain access to the system /network. An intruder is anyone who accesses equipment, electronic data, files, or any kind of privileged information without proper authorization.
There are three groups of individuals (“outsiders”) that could carry out an attack (intrusion) on an information system:
1. IT personnel- are often given a wide range of access privileges to sensitive data and programs, and those privileges can be misused.
2. Users- are given narrow access, but can still find ways to commit fraud.
3. Hackers- are given no access, but are highly capable.

Question 29

technical safeguards

Answer 29

 Identification, Authentication and Authorization
 Encryption
 Firewalls
 Malware protection

Question 30

identification

Answer 30

username or ID

Question 31

Authentication

Answer 31

verifies the person
– Password or PIN (“what you know”)
– Smart cards with chip and PIN (“what you have”)
– Biometric authentication (“who you are”)

Question 32

authorization

Answer 32

determines what a person can access

Question 33

encryption

Answer 33

the process of transforming clear text into coded, unintelligible text for secure storage or communication.

Question 34

firewall

Answer 34

simply a filter that prevents unauthorized network access. It can be a special-purpose computer or a program on a general-purpose computer or on a router.

Question 35

malicious software (malware)

Answer 35

An antivirus program can help in protecting, detecting and/or removing malware from a computer system. ex: Viruses, Trojan horses, Worms, Spyware and Adware

Question 36

symmetric encryption

Answer 36

Uses same key for encoding and decoding

Question 37

asymmetric encryption

Answer 37

Uses two keys – one for encoding, the other for decoding
Asymmetric Encryption is a form of encryption where keys come in pairs. What one key encrypts, only the other can decrypt.
A type of asymmetric encryption is also known as Public Key Cryptography, since one key is made “public” (open) while the other is kept “private” (secret).

Question 38

Two common models of intrusion detection mechanisms

Answer 38

• Signature-based detection

* Anomaly-based detection

Question 39

Signature-based intrusion detection

Answer 39

method is very effective at detecting known threats but largely ineffective at detecting unknown threats because it compares observed events to existing threat signatures.

Question 40

Anomaly-based intrusion detection

Answer 40

method compares observed activity against expected “normal” usage profiles. When measured activity is outside baseline parameters, the system triggers an alert. Anomaly-based detection can detect new types of attacks

Question 41

Two common types of Intrusion Detection Systems (IDS)

Answer 41

• Host-based IDS

* Network-based IDS

Question 42

Host-based IDS

Answer 42

monitors the characteristics of a single computer/host and the events occurring within that host, such as monitoring network traffic (only for that host), system logs, running processes, file access and modification, and system and application configuration changes.

Question 43

Network-based IDS

Answer 43

analyzes network traffic to identify and stop suspicious activity. They are typically deployed like a network firewall.

Question 44

RAID

Answer 44

Redundant Array of Inexpensive Disks

Question 45

RAID mirroring

Answer 45

every bit of data is written on two disks to protect against data loss

Question 46

RAID Striping

Answer 46

an individual file is spread out in “stripes” on multiple disks to improve access times (multiple read heads get parts of the file)

Question 47

RAID 5

Answer 47

redundant data with less storage. Three disks store two disks worth of data but any one disk can fail without data loss.

Question 48

cloud computing

Answer 48

“Elastic leasing of pooled computer resources over the Internet” Organizations pay for just the resources that they use. Many different organizations are able to share the same physical hardware through the use of virtualization.

Question 49

Three variations of cloud computing

Answer 49

o SaaS – Software as a Service
o PaaS – Platform as a Service
o Iaas – Infrastructure as a Service

Question 50

SaaS

Answer 50

allows users to run existing software applications by getting a subscription. Examples include:
Salesforce.com, iCloud, and Office 365.

Question 51

PaaS

Answer 51

allows users to create their own cloud applications using supplier-specific tools and services
o Vendors provide hosted computers, an OS, and possibly a DBMS
o Organizations/Individualscan develop their own apps on top of the hosted computers using the vendor provided software tools. Examples include: Microsoft Azure and Oracle on Demand

Question 52

IaaS

Answer 52

allows users to run any applications they prefer on cloud software of their own choice. Examples include:
Amazon EC2 (Elastic Cloud Computing), Amazon S3 (Simple Storage Service)

Question 53

Q4: BLANK refers to the process of transforming clear text into unintelligible text for secure storage or communication

Answer 53

encryption

Question 54

Q4: When personal characteristics such as fingerprints or retinal scans are used to authenticate users, it is called

Answer 54

biometric authentication

Question 55

Q4: Amazon.com allows organizations to use (or rent) over the Internet some of amazons computing resources in a “pay as you go” business model. This type of IT service delivery model is referred to as

Answer 55

cloud computing

Question 56

Q4: Which of following statements not an advantage commonly associated with cloud computing?

Answer 56

works equally well with or without access to a network connection

Question 57

Q4: Certain online CRM service providers let the orgs use their software remotely…

Answer 57

software as a service (Saas)

Question 58

LAN (Local Area Network)

Answer 58

supports a “single location” (although there are many other more acceptable definitions of a LAN).

Question 59

WAN (Wide Area Network)

Answer 59

supports different geographical locations.

The distinction is important because a WAN has to use others’ wires/cables to connect various devices

Question 60

internets (lowercase i)

Answer 60

are networks of networks (e.g., LANs and/or WANs that have been connected)

Question 61

The Internet (capital I)

Answer 61

is the biggest internet

Question 62

Intranets

Answer 62

are organizational internets - organizations link their networks together but don’t allow others access - public shared cables might be used but transferred data is protected for internal use only

Question 63

Extranet

Answer 63

are mostly used for business-to-business (B2B) data and information exchange

Question 64

The application layer (communication function)

Answer 64

(a web browser like Chrome or Mozilla) connects users to the network - application layer protocols formulate user tasks with a network in mind
o SMTP (Simple Mail Transfer Protocol ) manages email between clients and servers
o HTTP (Hypertext Transfer Protocol) manages requests and responses for web pages 
o FTP (File Transfer Protocol) is used to transfer files from one computer to another

Question 65

The transport and Internet layers (communication function)

Answer 65

break the message into packets, address them to the right target, and reassemble received packets into usable data

Question 66

Ethernet

Answer 66

a data link layer protocol that allows computers connected to the same hub or connected by a shared cable to talk to each other whenever they are ready

Question 67

802.11

Answer 67

wireless protocol used almost everywhere (although cellular data is different). Widely deployed versions include b, g, and n each of which is faster than the last

Question 68

Transmission speeds are most often measured in

Answer 68

in bps (bits per second); they use similar prefixes to memory sizes but it is bits (lowercase b) for speed and Bytes (capital B) for memory, e.g. kbps (kbps = kilobits per second, mbps = megabits, gpbs = giga, tbps = tera).

Question 69

Copper wires transmit at speeds up to

Answer 69

1 Gbps (Coaxial and twisted pair)

Question 70

ISP (Internet Service Provider)

Answer 70

Connects subscribing organizations to the Internet for a fee

Question 71

ICANN (Internet Corporation for Assigned Names and Numbers

Answer 71

coordinates IP addresses

Question 72

DNS (Domain Name System)

Answer 72

manages a database of domain names and associated IP Addresses. ICANN is the final authority on names. Servers all over the world work together to provide DNS resolution (i.e., finding the IP address for a website, e.g. NBA.com)

Question 73

W3C (World Wide Web Consortium)

Answer 73

Fosters standards such as HTTP (hypertext transfer protocol) and HTML (hypertext markup language)

Question 74

HTML

Answer 74

Hypertext Markup Language
describing how a document should look
Everything is mixed together and Data items are not clearly marked

Question 75

XML

Answer 75

Extensible Markup Language
allows us to create our own tags
lets organizations more easily share data across different platforms.
Structured, Clear, Understandable

Question 76

XBRL

Answer 76

Extensible Business Reporting Language
Provides an XML-based framework that can be used to create, exchange, and analyze financial reporting information. An extension to XML.