Domain III – Information Technology – Section A: Application and System Software

Question 1

The Systems Development Life Cycle (SDLC)

Answer 1

is a theoretical description of the phases through which an information system is developed. Generally, there are five phases in a SDLC:
 Phase 1: Systems Planning and Investigation Phase
 Phase 2: Systems Analysis
 Phase 3: Systems Design and Development
 Phase 4: System Implementation
 Phase 5: Systems Operations and Maintenance

Question 2

Parallel Conversion

Answer 2

the new system operates concurrently with the old system for a period of time.

Question 3

Phased Conversion

Answer 3

implementation would start in selected units and operations of the new systemare closely monitored and evaluated. Once management is satisfied with the newsystem, it would gradually replace the old system in all the other units.

Question 4

Pilot Conversion

Answer 4

the system would be initially tested at a pilot site while users are still using the old system. Once the new system is operating satisfactorily in the pilot site, it is introduced to the whole organization.

Question 5

Direct Conversion

Answer 5

occurs when the new system immediately replaces the old system.

Question 6

IT change management can be defined

Answer 6

as the set of processes executed within
the organization’s IT department designed to manage the enhancements, updates, incremental fixes, and patches to production systems, which include:
1. Application code revisions.
2. System upgrades (e.g., applications, operating systems, and databases).
3. Infrastructure changes (e.g., servers, cabling, routers, and firewalls).

Question 7

Program

Answer 7

is a set of instructions that tells the computer what to do. The computer is a dumb machine, it does nothing on its own until instructed to do so.

Question 8

Code Generators

Answer 8

are tools that generate program code based on parameters defined by the systems analyst. They are usually used in association with CASE products.

Question 9

Test Data Generators

Answer 9

are tools used to systematically generate random data that can be used to test programs.

Question 10

Computer Aided Software Engineering (CASE)

Answer 10

is the use of automated software packages that aid in the development of all phases of an information system
(requirements definition, analysis, design, code production, testing, document generation).

Question 11

Fourth Generation Languages

Answer 11

are user‐friendly computer languages used in computer programming. They are nonprocedural problem‐oriented programming languages that
simplify the programming process.

Question 12

Object‐oriented techniques

Answer 12

are system development techniques that combine
both data and procedures in what is called an object as contrasted with the traditional structure which considers data separately from the procedures that act
on them.

Question 13

User‐developed applications (UDAs)

Answer 13

are applications that are developed by end users,
usually in a non‐controlled IT environment (sometimes it is called end‐user computing).
=> UDAs typically consist of spreadsheets and databases created and used by end users to extract, sort, calculate, and compile organizational data.

Question 14

Rapid Application Development (RAD)

Answer 14

is an application development methodology that
allows for the development of strategically significant systems quickly. RAD allows for a reduction in time, costs, and maintaining quality of developed systems.

Question 15

Database

Answer 15

is a structured collection of data intended to be accessible and used by multiple users in various ways.

Question 16

Data

Answer 16

is any sequence of symbols given meaning by specific actions of interpretations.
=> Data can be stored, processed, and transmitted in the form of electrical signals. Data requires interpretation to become information.

Question 17

A field

Answer 17

is a space that contains one data value. Fields are the smallest units of information in database systems. In spreadsheets, fields are called cells.
=> Examples of fields in a customer’s database include the name of the customer, the address, the telephone number, or the account number.

Question 18

A record

Answer 18

is a basic data structure. Records in a database are usually called rows. Each row consists of several column fields. Every row in a table has the same set of columns.
=> In a customer’s database, each record would be dedicated to a particular customer and include all information related to that customer such as name, address, telephone number, and account number.

Question 19

An object

Answer 19

can be a table, a form, or an association between data and a database entity.
=> For example, in Microsoft Access, an object could be a table, a query, a form, or a report.

Question 20

A database schema

Answer 20

is the structure of the database that defines the objects and relations in the database.
=> It defines how the data is organized and how the relations among them are associated.

Question 21

A query

Answer 21

is a request of information from a database.

Question 22

Database Management System (DBMS)

Answer 22

is a software package that controls the development, use, and maintenance of the organizational databases.
=> This includes more control over the organization, storage and retrieval of data, in addition to more security and integrity of the database.

Question 23

Hierarchal (database Structure)

Answer 23

organizes data in a parent‐child relationship. Each child has only one
parent, however, parents may have many children.
Difficult to apply when children need to relate to more than one parent.

Question 24

Network (database structure)

Answer 24

organizes data in a parent‐child relationship, however, in addition to each parent having more than one child, each child may also have more than one parent.
Due to the complexity of the structures, they may be difficult to comprehend, modify, or reconstruct in case of failure.

Question 25

Relational (database structure)

Answer 25

organizes data independent from the physical implementation of the data structure and establishes relationships amongst the data.
Relational database technology separates data from the application.

Question 26

Data definition language

Answer 26

is used to define (that is, determine) the database. It is used by the database administrators to establish the structure of database tables.

Question 27

Data control language

Answer 27

is used to specify privileges and security rules.

Question 28

Data manipulation language

Answer 28

provides programmers with a facility to update the database.

Question 29

Data query language

Answer 29

is used for ad‐hoc queries.

Question 30

Network analysis (passive attack)

Answer 30

describes the practice to obtain a complete profile of an organization’s network security infrastructure.

Question 31

Eavesdropping (passive attack)

Answer 31

describes the practice of intercepting communication lines to obtain copies of communications and messages flowing into and out of the organization’s network systems.

Question 32

Traffic analysis (passive attack)

Answer 32

describes the practice of determining the nature of flow between the organization and third parties.

Question 33

Brute‐force attack (active attack)

Answer 33

involves the use of password cracking software to gain unauthorized access to restricted systems.

Question 34

Masquerading (active attack)

Answer 34

is the use of an identity other than the user’s to gain unauthorized access.

Question 35

E‐mail bombing (active attack)

Answer 35

involves sending an identical message to an e‐mail address repeatedly.

Question 36

E‐mail spamming (active attack)

Answer 36

involves sending a message to a significant amount of users.

Question 37

E‐mail spoofing (active attack)

Answer 37

involves receiving an e‐mail that appears to be from a source while in actuality it is from a different source.

Question 38

Management information system (MIS)

Answer 38

provide middle management with reports that summarize and categorize information derived from all the company databases.

Question 39

Transaction processing system (TPS)

Answer 39

is an information system supporting day‐to‐day business operating activities or transactions, usually the first and most important objective of an information system.

Question 40

Decision support system (DSS)

Answer 40

is a computer‐based information system for assisting managers in planning and decision‐making.

Question 41

Enterprise‐wide Resource Planning (ERP) System

Answer 41

is a software that allows the integration and automation of the significant business processes in a company. It is considered the backbone of e‐businesses as it generally integrates the manufacturing, distribution, sales, accounting, finance, human resources processes (amongst others).
=> Amongst the larger ERP software manufacturers are the SAP®, Peoplesoft® and Oracle®.

Question 42

Governance, Risk management and Compliance GRC System

Answer 42

GRC system is software a that allows organizations to pursue a systematic approach to develop and implement GRC strategy including managing regulations, compliance, and risks in the organization’s key operations. GRC software provide a single centralized platform to control the various functions and procedures related to GRC.

Question 43

Customer Relationship Management (CRM) System

Answer 43

CRM system is a software that allows organizations to manage their relationships and interactions with current and potential customers. CRM systems compile data from different channels, including an organization’s email, website, telephone, chat, sales
records, customer service, marketing materials, and social media. Compiling customer data in one place provides for a better customer relationship management.

Question 44

Distributed Databases

Answer 44

the use of distributed databases that are continuously updated facilitates the filing, processing, and retrieval of data from an organizational system that
has widely dispersed operations. Using distributed databases allows for minimizing total interruption of processing throughout a distributed information technology system as there is a capability to continue processing at all sites except a nonfunctioning one (usually referred to as fail‐soft protection).