CH6 Flashcards
Analysis provides the starting point for _______
design
Design provides the starting point for __________
implementation
T/F: Analysis and design results are documented to
coordinate the work.
T
Objective of (design/analysis/implentation) is to define, organize, and structure the components of the final solution to serve as a blue print for construction.
design
T/F: Design is a graph building activity.
F, model.
The _________ of the project will dictate the type, complexity, and depth of models.
formality
T/F: Agile/iteration projects typically build a lot of models.
F, they build fewer models, but models are still created.
Jumping to programming without ________ often causes less than optimum solutions and may require rework.
design
T/F: Design activities correspond to components of the new system.
T, such as describing the enviorment, designing the application components, the user interface, the database, and the software classes and method.
During the ‘Describe the enviorment’ design activity, there are two key elements in the enviroment: Communications with _________ systems, and conforming to an existing ______________.
External, Technology Architecture
T/F: Communications with the external system during the ‘Describe the enviroment’ design activity, include: message formats, web and networks, communication protocols, security methods, error detection and recovery.
T
What are the system design activities?
describing the enviroment
defining the application components
designing the user interface
designing the database
designing the software classes and methods
__________ is a well-defined unit of software that performs some function(s).
Application component
Name the issues that involve how to package components?
- Scope and size,
- Programming language,
- Build or buy.
Package diagram, Component Diagram, and Deployment diagram are all typical models for which design activity?
defining application components
T/F: To the system designer, the User Interface is the system.
F, the User Interface is the system for the user
T/F: The user interface has large impact of user productivity.
T
T/F: Designing the User Interface includes both Analysis and Design tasks.
T
T/F: Designing the User Interface doesn’t require a lot of user involvement.
F, it requires heavy involvement
T/F: Current needs require multiple user interfaces.
T, as there are many different devices and enviroments
Storyboards, System Sequence diagrams, and small screen menu prototype are all typical models for?
User Interface design
By definition, an Information System requires data – usually in a ______________.
database
T/F: Current technology frequently use Relational Database Management Systems (RDBMS)
T
Designing the database, Requires converting the data model to a _______________.
relational database
Designing the database, Requires addressing of many other technical issues such as _______________, and ___________.
Throughput and response time, Security.
Which design activity is also known as Detailed Design?
Designing the software classes and methods
T/F: Designing the software classes and methods is a model building activity.
T
Design class diagram, sequence diagrams, and state-machine diagrams are all models for which design activity?
Designing software classes and methods
System controls and security include __________ controls and ________ controls.
Integrity, Security
____________ Controls are Controls that maintain integrity of inputs, outputs and data and programs.
Integrity
_________ Controls are Controls that protect the assets from threats, internal and external.
Security
Which design activity is integrated into application programs and DBMS?
Designing the system controls and security (integrity controls)
Ensuring that only appropriate and correct business transactions are accepted, is an objective of (security/integrity) controls.
integrity
Ensuring that transactions are recorded and processed correctly is an objective of (security/integrity) controls.
integrity
T/F: To protect and safeguard assets such as the
database is an objective of integrity controls.
T
_________ Controls prevent invalid or erroneous data from entering the system.
Input
Value limit controls, Completeness Controls, Data validation controls, and Field Combination controls are all (Input/Output) Controls.
Input
Name the Input Control:
Checks the range of inputs for reasonableness.
Value Limit Controls
Name the Input Control:
Ensures all the data has been entered.
Completenesss Controls
Name the input control:
Ensures that specific data values are correct.
Data Validation Controls
Name the input control:
Ensurse data is correct based on relationships between fields.
Field Combination Control
_________ Controls ensure that output arrives at proper
destination (for authorized eyes) and is accurate, current, and complete.
Output
Physical access to printers and display devices is an example of _________ controls.
Output
T/F: Labels on printed and electronic output to correctly
identify source of data is an example of input controls.
F, Output Controls
T/F: Discarded data – protect from “dumpster diving” is an example on input controls.
F, Output controls.
_______________ Protect data and systems from catastrophes.
Redundancy, Backup and Recovery
T/F: Redundancy, Backup and Recovery is to have On-site versus off-site copies.
T
___________________ is critical to prevent internal fraud,
embezzlement, or loss
Fraud Prevention
**important will come in test
The fraud triangle consists of: _________, __________, and _____________.
Opportunity, Motive, Rationalization
**important will come in test
T/F: Separation of duties is a technique for risk reduction.
F, it is a factor affecting fraud risk
Records and audit trails are factors affecting _________.
fraud risk
T/F: Monitoring, Asset control reconciliation, and security are all factors affecting fraud risk.
T
T/F: One of the objectives of security control design is to Protect information and transactions during
transmission across networks and Internet.
T
T/F: One of the objectives of Security Control Design is to protect and maintain a stable, functioning
operating environment 24/7 (equipment, operating
systems, DBMSs)
T
_________ Controls limit a person’s ability to
access servers, files, data, applications
Access
_______________ is for identifying users.
Authentication
______________ is a list of valid users.
Access Control List
______________ is an authenticated user’s list of
permission level for each resource.
Authorization
___________ Users are those users with authorization
Registered
_____________ Users are anyone not registered.
Unauthorized
_________ Users are those that maintain lists and systems.
Privileged
Identify the type of user:
Hackers and former employees are _______ users.
Unauthorized
Identify the type of user:
Internet customers and employees are _______ users.
Registered
Identify the type of user:
Managers and System administrators are _______ users.
privileged
Identify the type of user:
Suppliers and System Developers are _______ users.
Registered
______________ is a method to secure data (stored or in transmission).
Data Encryption
______________ alters data so it is unrecognizable.
Encryption
______________ is the converted encrypted data back to readable format.
Decryption
_______________ is the mathematical transformation of the data.
Encryption Algorithm
______________ is a long data string that allows the
same algorithm to produce unique encryptions.
Encryption Key
______________ Encryption is an encryption method that uses the same key to encrypt and decrypt.
Symmetric Key
_______________ Encryption is an encryption method that uses different keys to encrypt and decrypt.
Asymmetric Key
(Asymmertic/Symmertic) Key Encryption is also known as the Public Key Encryption.
Asymmetric
_____________________ is a technique where a document is encrypted using a private key.
Digital Signature
T/F: A Digital Signature Document is encrypted with private key, but then can only be decrypted with correct private key.
False, decrypted with the correct public not private key.
__________________ is an organizations name and
public that is encrypted and certified by an authorized third party.
Digital Certificate
In a Digital Certificate, the _____________ is the authorized third party.
Certifying Authority
T/F: Digital Certificates are widely known and accepted and built into Web browsers.
T
_____________ is the standard set of protocols for authentication and authorization.
Secure Sockets Layer (SSL)
_________________ is an Internet standard equivalent to SSL.
Transport Layer Security (TLS)
___________________ is the internet security protocol at a low-level transmission.
IP Security (IPSec)
_____________ is the internet standard to transmit Web pages.
Hypertext Transfer Protocol Secure (HTTPS)
