Chapter 12

Question 1

four types of maintenance

Answer 1

corrective maintenance is perform to fix errors
adaptive maintenance adds new capability and enhancements.
perfective maintenance improve efficiency
preventive maintenance reduces the possibility of future system failure

Question 2

configuration management

Answer 2

sometimes referred to as change control (CC), is a process for controlling changes in a system requirements during software development.
configuration management is also an important tool for managing system changes and costs after a system becomes operational.

Question 3

Version control

Answer 3

the process of tracking system releases or versions. when an ew version of a system is installed, prior release is archived, stored, if a new version causes a system to fail, a company can reinstall the prior version to restore operations.

Question 4

baseline

Answer 4

a formal reference point that measures system characteristics at a specific time, systems analysts use baselines as yardsticks to document features and performance during the systems development process. the three types of baselines are functional, allocated, and product.

Question 5

functional baseline

Answer 5

the configuration of the system documented at the beginning of the project. it consists of all the necessary system requirements and design constraints

Question 6

allocated baseline

Answer 6

documents the system at the end of the design phase and identifies any changes since ethe functional baseline. the allocated baseline includes testing and verification of all system requirements and features.

Question 7

product baseline

Answer 7

describes the system at the beginning of system operation. the product baseline incorporates any changes made since the allocated baseline and includes the results of performance and acceptance tests for the operational system.

Question 8

benchmark testing

Answer 8

uses a set of standard tests to evaluate system performance and capacity.

Question 9

throughput

Answer 9

measures actual system performance under specific circumstances and is affected by network loads and hardware efficiency. like bandwidth, throughput is expressed as a data transfer rate, such as Kbps, Mbps, or Gbps, just as traffic jams delay highway traffic, throughput limitations can slow system performance and response time.

Question 10

turnaround time

Answer 10

applies to centralized batch processing operations, such as customer billing or credit card statement processing. turnaround time measures the time between submitting a request for information and the fulfillment of the request. turnaround time can be also used to measure the quality of IT support or services by measuring the time from a user request for help to the resolution of the problem.

Question 11

CIA triangle

Answer 11

the three main elements of system security: confidentiality, integrity, and availability.

confidentiality protects information from unauthorized disclosure and safeguards privacy.

integrity prevents unauthorized users from creating, modifying, or deleting information

availability ensures that authorized users have timely and reliable access to necessary information.

Question 12

Risk management

Answer 12

managers must balance the value of the assets being protected, potential risks to the organization, and security costs. to achieve the best results most firms use a risk management approach that involves constant attention to three interactive tasks: risks identification, risk assessment, and risk control.

risk identification analyzes the organization’s assets, threats, and vulnerabilities.
risk assessment measures risk likelihood and impact.
risk control develops safeguards that reduce risks and their impact.

Question 13

threat

Answer 13

in risk management, an internal or external or external entity that could endanger an asset

Question 14

vulnerability

Answer 14

a security weakness or soft spot

Question 15

spoofing

Answer 15

IP address is forced to match a trusted host, and similar content may be displayed to simulate the real site for unlawful purposes.

Question 16

security levels

Answer 16

to provide system security six separate but interrelated levels must be considered: physical, network, application, file, user, and procedural security.

Question 17

Firewall

Answer 17

the main line of defense between a local network, or intranet, and the internet. a firewall must have at least one network interface with the internet, and at least one network interface with a local network or intranet. Firewall software examines all network traffic sent to and from each network interface. preset rules establish certain conditions that determine whether the firewall will allow their traffic to pass.

Question 18

security token

Answer 18

a physical device that authenticates is a legitimate user. some firms provide employees with security tokens that generate a numeric validation code, which the employee enters in addition to his or her normal password

Question 19

backup types

Answer 19

full backup is a complete backup of every file on the system. frequent full backups are time consuming and redundant if most files are unchanged since the last full backup.

differential backup, which is faster because it backs up only the files that are new or changed since the last full backup.

incremental backup, only includes recent files that never have been backup by any method. this approach, however, requires multiple steps to restore the data - one for each incremental backup.

continuous backup, which is a real-time streaming method that records all system activity as it occurs. this method requires hardware, software, and substantial network capacity. however a system restoration is rapid and effective because data is being captured in real time, as it occurs. continuous backup ofter uses a RAID (redundant array of independent disks) system that mirrors the data. RAID systems are called fault tolerant because a failure of any one disk does not disable the system.

Question 20

business continuity plan (BCP)

Answer 20

which goes beyond a recovery plan, and defines how critical business functions can continue in the event of a major disruption. some BCP’s specify the use of a hot site. A host site is an alternate IT location, anywhere in the world, that can support critical systems in the vent of a power outage, system crash or physical catastrophe.

Question 21

system obsolescence

Answer 21

a system becomes obsolete when it no longer supports user needs, or when the platform becomes outmoded. the most common reason for discontinuing a system is that it has reached the end of its economically useful life.

the system’s maintenance history indicates that adaptive and corrective maintenance are increasing steadily

operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse o slow the trend

a software package is available that provides the same or additional services faster, better, and less expensively than the current system.

new technology offers a way to perform the same or additional functions more efficiently

maintenance changes or additions are difficult and expensive to perform

users request significant new features to support businsess requirements

Question 22

privilege escalation attack

Answer 22

an unauthorized attempt to increase permission levels.

Question 23

dumpster diving

Answer 23

in which an intruder raids desks or trash bins for valuable information. paper shredders should be used to destroy sensitive documents.

Question 24

network intrusion detection system (NIDS)

Answer 24

suppose an intruder attempts to gain access to the system. obviously, an intrusion alarm should be sounded when certain activity or known attack patterns are detected. the NIDS is like a burglar alarm that goes off when it detects a configuration violation. the NIDS can also alert the administrator when it detects suspicious network traffic patterns. A NIDS requires fine-tuning to detect the difference between legitimate network traffic and an attack.

Question 25

Systems implementation phase report

Answer 25

the report should include the following

Final versions of all system documentation

planned modifications and enhancements to the system that have been identified.

recap all the system development cost and schedules

comparison of actual costs and schedules to the original estimates

post-implementation evaluation, if it has been performed.

Question 26

software logs

Answer 26

operating systems and applications typically maintain a log documents all events, including dates, times, and other specific information. logs can be important in understanding past attacks and preventing future intrusions.

Question 27

encryption

Answer 27

encryption scrambles the contents of a file or documents to protect it from unauthorized access. all corporate data must be protected. but encryption is especially important for sensitive material, such as personnel or financial record. user data can be an encrypted using features built-in to modest modern operating systems