Info Sys 3 real type shi Flashcards
We have identified three general approaches to the acquisition of information processing
functionalities and the introduction of IT-based information systems. Which of the
following is not one of them?
A. Custom design and development
B. System selection and acquisition
C. End-user development
D. Open source development
E. None of the above
Open source development
What are the three steps that occur during the implementation phase of the SDLC?
A. Programming, Testing, Installation
B. Investigation, Installation, Operations
C. Programming, Installation, Maintenance
D. Installation, Operations, Maintenance
E. Investigation, Testing, Installation
Installation, Operations, Maintenance
In which of the following phases should you expect to be most involved as a general or
functional manager?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C
A and C
In which phase(s) do the system development life cycle (SDLC) and the system selection
process differ most substantially?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C
A and B
The three generic phases of a system life-cycle process are:
A. Definition, Design, and Testing
B. Definition, Build, and Implementation
C. Planning, Testing, and Implementation
D. Build, Testing, and Deployment
E. None of the above
Definition, Build, and Implementation
Why is the Systems development Life Cycle methodology typically referred to as “the
waterfall model”?
A. Because it was first popularized in a town with many waterfalls
B. To stress the fact that phases are sequential and iteration (or going back) should be
avoided as much as possible.
C. Because the SDLC, like prototyping, is not iterative.
D. To convey the notion that getting good user requirements is important and there
should be multiple opportunities to elicit user requirements.
E. B and D
To stress the fact that phases are sequential and iteration (or going back) should be avoided as much as possible.
Your book describes the systems selection process in-depth. Which of the following is
not a step in the system selection process?
A. Compile an RFP
B. Develop a vendor short list.
C. Solicit proposals.
D. Visit vendor sites.
E. Have vendors provide demonstrations.
Visit vendor sites
Which of the following are not approaches to acquisition of information processing
functionalities?
A. Custom Design
B. Custom Development
C. System Selection and Acquisition
D. End-user Development
E. Open Source Development
Open Source Development
Which of the following is not one of the advantages related to making your own systems?
A. Unique Tailoring
B. Flexibility
C. Control
D. Faster Roll-Out
E. All of these are advantages
Faster Roll-Out
Which of the following is not one of the advantages related to purchasing an off-the-shelf
system?
A. Unique Tailoring
B. Faster Roll-Out
C. Knowledge Infusion
D. Economical Attractiveness
E. High Quality
Unique Tailoring
The Systems Development Life Cycle has three main phases. These are:
A. Definition, System Design, and Implementation
B. Feasibility Analysis, Programming, and Implementation
C. Definition, Build, and Implementation
D. Investigation, Feasibility Analysis, and System Analysis
E. Installation, Operations, and Maintenance
Definition, System Design, and Implementation
The IS department workers that experts in both technology and the business processes are
called what?
A. Programmers
B. Analysts
C. Functional Managers
D. Help Desk Personnel
E. Technicians.
Analysts
Which stage of the SDLS typically results in a “go” or “no-go” decision?
A. Feasibility Analysis
B. Systems Analysis
C. System Design
D. Programming
E. Testing
Feasibility Analysis
A bank upgrades a computer system at one of its branches. If this works correctly, then
the upgraded system will be installed at the other branches. Which migration approach is
this most likely related to?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional
Pilot
A bank upgrades the computer systems of its branches, one branch at a time. This is
most likely which of the following migration strategies?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional
Phased
The Build phase of the SDLC is used to ensure that the software is properly integrated
with the other components of the information system.
True or False?
False
The SDLC and prototyping methodologies are one and the same.
True or False?
False
Both the SDLC and prototyping methodologies are use d to create custom systems.
True or False?
True
Off-the-shelf systems enable infusion of knowledge in the organization
True or False?
True
End-user development: The process by which an organization’s non–IT specialists create
software applications.
True or False?
True
Custom software development is a systems development approach predicated on the notion that it impossible to clearly estimate and plan in detail such complex endeavors as information systems design and development projects.
True or False?
False
A system analyst is a highly skilled IT professional who takes the system requirements document (i.e., what the applications should do) and designs the structure of the system
(i.e., how the application will perform its tasks).
True or False?
False
Risk Audit provides the basis for:
A. Risk Reduction
B. Risk Transference
C. Risk Analysis
D. Reward Mechanism
E. Risk increase
Risk Analysis
Security should be on managers’ radar screens because of peculiar characteristics that run
the risk of leaving it what?
A. Underfunded
B. Overfunded
C. Overstaffed
D. Irrelevant
E. Neutralized
Underfunded
Why is security considered a negative deliverable?
A. It costs money
B. It produces only tangible benefits
C. It does not affect profits whether it is done well or poorly
D. It is largely ignored
E. It produces no revenue or efficiency
It produces no revenue or efficiency
Risk mitigation allows the organization to do what?
A. Devise optimal strategies
B. Prevent security issues from every happening in the first place
C. Keep both costs and risks at minimum levels
D. Maximize failure costs
E. Reward IT workers when no issues arise
Devise optimal strategies
When a company is faced with a security threat, they have which three strategies available
to them?
A. Acceptance, avoidance, and transference
B. Acceptance, reduction, and transference
C. Avoidance, reduction, and transference
D. Acceptance, avoidance, and reduction
E. All of the above
B. Acceptance, reduction, and transference
Which of the following strategies is associated with increased potential for failure?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis
Acceptance
Insurance costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis
Transference
Increased anticipation costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis
Reduction
Which of the following is an example of an internal threat?
A. Viruses
B. Intrusions
C. Social Engineering
D. Backdoors
E. Angry Employees
Angry Employees
Which of the following refers to code built into a program to allow the programmer a way
to bypass password protection?
A. Password Spoofing
B. Bugs
C. Viruses
D. Phishing
E. Backdoors
Backdoors
Which of the following is an automated method of seeking passwords?
A. Phishing
B. Social Engineering
C. Software bugs
D. Backdoors
E. Careless behavior
Phishing
Which of the following is not a form of malware?
A. Viruses
B. Spyware
C. Sniffers
D. Keyloggers
E. Worms
Sniffers
Why is a Trojan horse not a virus?
A. It does not have a payload
B. It does not have a trigger event
C. It does not replicate
D. It is a legitimate form of security protection
E. It does not do anything harmful
It does not replicate
Why is spyware usually not considered a virus?
A. It does not replicate
B. It does not have a payload
C. It does not do anything other than watch what the user does
D. It only shows advertisements
E. None of the above. They are always viruses
It does not replicate
Which of the following is a viable method of dealing with internal security threats?
A. Antivirus software
B. Policies regarding what computing resources are accessible to whom
C. Firewalls
D. Policies that mandate frequent updates to programs and such
E. Not immediately deleting terminated employees
Policies regarding what computing resources are accessible to whom
Generally, a company should buy instead of make if 80% of the required functionality is present in a COTS solution. This rule holds unless the remaining 20% functionality is of strategic importance to the company.
True or false?
True
A business school has developed a new leave portal for all its employees and decides to immediately switch from the old platform to the new one. This migration is considered a low risk endeavor for the school and its employees. This type of migration approach is considered as:
direct
parallel
phased
pilot
Direct
An organization takes the decision in favor of “make: versus “buy” if no commercially available implementation of a design idea exists in the market.
True or false?
True
Apple, Inc. provides its users the opportunity to develop applications which can later be downloaded and used via the Apple App Store. This approach of design and development where a software application is created or improved by its users is called:
a. custom design and development
b. end-user development
c. system selection and acquisition
d. none of the above
end-user development
Company A is implementing a new HR system. The new system will roll out using a direct
installation approach. Which of the following is critical to the successful installation of the
new HR system?
A. agile development
B. change management
C. system analysis
D. testing
change management
Company A is thinking about using blockchain technology in managing its supply chain. The
company is thinking of using the Ethereum blockchain, an existing blockchain solution, rather
than developing its unique solution. Which of the following is advantage of using the existing
blockchain solution?
A. faster-roll out
B. flexibility and control
C. no advantage
D. unique tailoring
faster-roll out
COTS is an acronym for “customized off-the-shelf” software.
A. false
B. true
false
Creating the IT core is sufficient to fulfill the information processing needs of the firm.
A. false
B. true
false
Go or no-go recommendations for a project are provided at what phase of the systems
development life cycle (SDLC)?
A. build phase (just after system design and before programming)
B. definition phase (just after feasibility analysis and before system analysis)
C. definition phase (just after investigation and before feasibility analysis)
D. definition phase (just after system analysis and before investigation)
definition phase (just after feasibility analysis and before system analysis)
Mr. Smith, an owner of a media-services provider, decided to stop depending on applications
that are available on the market, and instead, to start developing unique applications
internally. Which of the following describes Mr. Smith’s decision?
A. moving from custom design and development to end user development
B. moving from custom design and development to system selection and acquisition
C. moving from system selection and acquisition to custom design and development
D. moving from system selection and acquisition to end user development
moving from system selection and acquisition to custom design and development
Scope creep is the reason why system requirements are frozen once stakeholders signoff the
systems requirement document. Scope creep can lead to:
A. improved efficiency in project deployment
B. significant decrease in cost and faster development of the project
C. significant increase in cost and delay in development of the project
D. none of the above
significant increase in cost and delay in development of the project
Software-as-a-service (SaaS) solutions can be classified as COTS applications.
A. false
B. true
true
Technical feasibility is concerned with taking the system requirements document and
producing a robust, secure, and efficient application.
A. false
B. true
false
Technology development must take into account which three key considerations?
A. people, processes and structure
B. people, project funding and structure
C. people, shareholders and structure
D. none of the above
people, processes and structure
The build phase of the systems development life cycle (SDLC) consists of which of the
following sub-processes:
A. installation, operations, maintenance
B. investigation, feasibility analysis, system analysis
C. system design, programming, testing
D. none of the above
investigation, feasibility analysis, system analysis
The SNCF rail network in France recently introduced a new app to book train tickets by the
name of “oui SNCF”. The app was expressly made for serving the needs of the many SNCF
customers who travel between cities in France over the rail network. What can you infer
about the design and development approach of the application?
A. custom design and development
B. end-user development
C. system selection and acquisition
D. none of the above
custom design and development
The technology development and the IS development processes are often sequential.
A. false
B. true
false
The US subsidiary of a major food producer decided to implement SAP within their
organization. SAP is an openly available enterprise software to manage business operations
and customer relations. Which type of design and development approach does the
commercially available SAP software fall into?
A. custom design and development
B. end-user development
C. system selection and acquisition
D. none of the above
none of the above
When fulfilling the IS processing needs, what does the firm has to do in the information
systems development process?
A. assess current IS within the firm
B. develop capabilities to develop the IS
C. generate the IT core
D. integrate the technology with other components of the organization (i.e. people, processes,
structure)
integrate the technology with other components of the organization (i.e. people, processes,
structure)
When YouTube launched its video-sharing platform in 2005, it had to develop its own IS. This
is an example of system selection and development.
A. false
B. true
false
Which of the following are the two main processes of fulfilling information processing needs?
A. capability development and IT development
B. custom IS development and technical skills development
C. IS research and IS development
D. technology development and IS development
custom IS development and technical skills development
Which of the following are two critical processes that take place during the installation phase?
A. change management and prototyping
B. end-user training and change management
C. end-user training and prototyping
D. programming and testing
end-user training and change management
Which of the following is an advantage of custom development?
A. economically attractive
B. faster roll-out
C. flexibility and control
D. knowledge infusion
flexibility and control
Which of the following is not an advantage of custom development of software applications
within an organization?
A. cost savings
B. flexibility and control
C. unique tailoring
D. none of the above
cost savings
Which of the following is not an advantage of open source software?
A. creativity
B. limited lock-in
C. robustness
D. security
security
Which of the following is not an advantage of purchasing?
A. faster rollout
B. flexibility
C. high quality
D. knowledge infusion
flexibility
Which of the following is not an approach to the acquisition of information processing
functionalities and the introduction of IT-based information systems?
A. customer design and development
B. end-user development
C. supervised development
D. system selection and acquisition
supervised development
Which of the following statements is not a part of the “agile manifesto” for software
development:
A. customer collaboration over contract negotiation
B. processes and tools over individuals and interactions
C. responding to change over following a plan
D. working software over comprehensive documentation
processes and tools over individuals and interactions
Cybersecurity is a negative deliverable because:
A. It limits the possibility that future positive gains can be made
B. It limits the possibility of both future negative fallout and positive gains would occur
C. It limits the possibility that future negative fallout will happen
D. None of the above
It limits the possibility that future negative fallout will happen
Risk assessment consists of which of the following processes?
A. Risk audit (technical & human resources), risk analysis
B. Risk analysis, risk mitigation
C. Risk audit (technical & human resources), risk mitigation
D. None of the above
Risk audit (technical & human resources), risk analysis
Risk analysis is the process by which a firm attempts to quantify the hazards identified in the
risk audit.
A. True
B. False
true
Rational decision making suggests that the amount invested in cyber security safeguards
should be proportional to the extent of threats and its potential negative side effects.
A. True
B. False
true
After completing a risk assessment of the Information Systems security within company X, the
directors have decided to purchase an insurance against cyber security threats. What type of
risk mitigation strategy is this?
A. Risk reduction
B. Risk acceptance
C. Risk transference
D. Risk reduction & risk acceptance
Risk transference
Mr. K has been a long term corporate sales account manager at a telecommunication
company. He has been angling for a promotion for the past 10 years however almost always
someone younger is promoted because they are more qualified. Disgruntled by bis workplace
he has resigned from office. On the last day of his job he decides to teach them all a lesson by
selling confidential customer information to a competitor. What kind of behavior does this
situation represent?
A. Careless behavior
B. Carless and unintentional malicious behavior
C. Intentional malicious behavior
D. Unintentional malicious behavior
Intentional malicious behavior
Mary received an email on her outlook inbox that claimed it was from the IT helpdesk at her
office. The email asked her to change the password on her official account using a link within
the email in the next 15 minutes or she would automatically loose access to her account on all devices. Reading this message prompts her to click on the link which redirects her to webpage
that looks just like the outlook security settings page. What kind of external intrusion threat is
this?
A. Phishing
B. Backdoors and exploits
C. Social engineering
D. None of the above
Phishing
A trojan horse like a virus delivers malicious payload and self-replicates.
A. True
B. False
False
Which of the following malicious codes do not self-replicate?
A. Viruses and worms
B. Just worms
C. Trojan horses and spyware
D. None of the above
Trojan horses and spyware
The distributed denial of service (DDoS) attack uses a single compromised system while a
denial of service (DoS) attack uses a large network of compromised systems.
A. False
B. True
False
The difference between cybersecurity and privacy is that whereas cybersecurity is about safe
keeping of collected data, privacy is about informed consent and permission to collect and use
identifying information.
A. False
B. True
True
Function creep is the situation where data collected for a stated or implied purpose is later on
reused for the same purpose.
A. True
B. False
False
An organization’s ethical code of conduct communicates to all parties the organization’s
principles of ethical information system use and its formal stance enabling detection of, and
distancing from, unethical choices made by any member of the organization.
A. True
B. False
True
Which of the following best describes a firm’s set of defenses to mitigate threats to its
technology infrastructure?
A. Reducing threat of new entrants
B. Longevity risk mitigation
C. Cybersecurity
D. Answer is not listed
Cybersecurity
Cyber security risk assessment is a process of auditing ONLY the current technological
resources, in an effort to map the current state of the art on IS security in the organization.
A. False
B. True
False
Which of the following mitigation strategies has high failure costs but low anticipation costs?
A. Risk acceptance
B. Risk reduction
C. Risk transference
D. Risk transference and risk reduction
Risk acceptance
Which of the following best explains why internal exploits are hard to detect?
A. Because internal exploits often use advanced techniques that are hard to detect
B. Because companies often limit the number of employees who can access sensible
information
C. Because users are authorized on the network and their actions can go undetected unless
they make a careless mistake or discuss their behaviors with others
D. Answer is not listed
Because users are authorized on the network and their actions can go undetected unless
they make a careless mistake or discuss their behaviors with others
In 2010, an Apple software engineer left a prototype of the iPhone 4 in a bar. the person who
found the phone sold it to the gadget blog Gizmodo for $5,000, who disassembled it and
posted its characteristics online. Which of the following cyber security threats best describe
this example?
A. An internal threat due to intentional malicious behavior
B. An internal threat due to careless behavior
C. An external threat due to an intrusion
D. An external threat due to online fake news
An internal threat due to careless behavior
An intrusion threat consists of any situation where an unauthorized attacker gains access to
organizational IT resources.
A. True
B. False
True
Mr. Smith received a phone call from a person claiming to be from his bank. The unknown
person told Mr. Smith that he needed to update his account security details. the caller asked
for Mr. Smith’s account, card and personal details in order to confirm his identity. Mr. Smith
refused to provide any details to the unknown caller, and instead, called his bank which
confirmed that the phone call was a scam. Which of the following best describes the
mentioned scam?
A. Backdoor exploit
B. Malicious code
C. Whaling
D. Social engineering
Social engineering
Someone posing as an IT tech requests information about your computer configuration. What
kind of attack is this?
A. Social engineering
B. Inside threats
C. Phishing
D. Whaling
Social engineering
A multinational cooperation is rethinking how it is managing its information systems’ security.
The organization needs to prove to its customers, partners and other stakeholders that it
complies with international cyber security standards. Which of the following frameworks are
best suited for the cooperation?
A. NIST cyber security framework
B. Cyber kill chain framework
C. NERC CIP
D. ISO 27001
ISO 27001
Many organizations limit their employees’ access to certain websites and prevent the
individual installation of new software. Which of the following best describes this practice?
A. Mitigating internal threats through monitoring
B. Detecting internal threats through monitoring
C. Detecting external threats through monitoring
D. Answer is not listed
Mitigating internal threats through monitoring
Firewalls cans be used to decrease internal cyber security threats.
A. True
B. False
True
Which of the following is an example of function creep?
A. Data on number of soda cans sold by a vending machine used only to compute revenues
B. An online website that does not save or share user data without their permission
C. A research institute that uses data for its implied purpose only
D. A social network selling users’ data to third parties
A social network selling users’ data to third parties
Protection of intellectual property in the internet is not an ethical issue.
A. False
B. True
False
Ethical conduct is often ensured through computer software.
A. True
B. False
False
