MIS

Question 1

Which of the following is an automated method of seeking passwords?

a) Phishing
b) Social Engineering
c) Software Bugs
d) Backdoors
e) Careless behavior

Answer 1

Phishing

Chapter 13 (page 353)
The process of social engineering can be “automated” using a technique called phishing.
The act of phishing is the act of collecting personal information, and a number of creative methods have been devised to direct traffic to the phony website and fool people into complying by crafting official-sounding messages from reputable institutions.

Question 2

Why is spyware usually not considered a virus?

a) It does not have a payload
b) It does not do anything other than
watch what the user does
c) It does not self-replicate
d) It only show advertisements
e) None of the above. They are
always viruses

Answer 2

It does not self-replicate

Chapter 13 (page 357)
Spyware is software that, unbeknownst to the owner of the computer, monitors behavior, collects information, and either transfer this information to a third party via the Internet or performs unwanted operations.
While spyware differs from viruses, in that it cannot self-replicate, it can create significant problems for an organization. . Beyond the malicious and often fraudulent effects of spyware, these programs divert resources and often slow down the user’s legitimate work.

Question 3

Why is a trojan horse not a virus?

a) It does not have a payload
b) It does not have a trigger event
c) It does not self-replicate
d) It is a legitimate form of security
protection
e) It does not do anything harmful

Answer 3

It does not self-replicate

Chapter 13 (page 356)
A computer program that claims to, and sometimes does, delivers some useful functionality. But the Trojan horse hides a dark side and, like a virus, delivers a malicious payload.

Question 4

Which of the following refers to code built into a program to allow the programmer a way to bypass password protection?

a) Password Spoofing
b) Bugs
c) Viruses
d) Phishing
e) Backdoors

Answer 4

Backdoors

Chapter 13 (page 353)

Code built into software programs to allow access to an application by circumventing password protection

Question 5

Function creep is the situation where data collected for a stated or implied purpose is later on reused for the same purpose. True or false?

Answer 5

False

Chapter 13 (page 371)

Function creep occurs when data collected for a stated or implied purpose are then reused for other, unrelated objectives.

Question 6

Malicious cyberactivity is decreasing due to improvements in software protection systems. True or False?

Answer 6

False

Chapter 13

Question 7

Creating security policies that spell out the behaviors that should be followed in order to minimize security risks and auditing the policies to ensure compliance will mitigate security risks. True or False>

Answer 7

True

Chapter 13

Question 8

Audit the current resources, technological, and human, provides the basis for:

a) Risk Reduction
b) Risk Transference
c) Risk Assessment
d) Risk Increase
e) Reward Mechanism

Answer 8

Risk Assessment

Chapter 13 (page 349)
The risk assessment process consists of auditing the current resources, technological as well as human, in an effort to map the current state of the art of information systems security in the organization.

Question 9

Why is security considered a negative deliverable?

a) It costs money
b) It is largely ignored
c) It does not affect profits whether it is done well or poorly
d) It produces no revenue or efficiency
e) It produces only tangible benefits

Answer 9

It produces no revenue or efficiency

Chapter 13

Question 10

Which of the following is a viable method of dealing with internal security threats?

a) Antivirus software
b) Firewalls
c) Policies regarding what computing resources are accessible to whom
d) Policies that mandate frequent updates to program and such
e) Not immediately deleting terminated employees

Answer 10

Policies regarding what computing resources are accessible to whom

Chapter 13 (page 351)

Question 11

Which of the following risk strategies is associated with increased potential for failure?

a) Avoidance
b) Acceptance
c) Analysis
d) Transference
e) Reduction

Answer 11

Acceptance

Chapter 13 (page 350)
Risk acceptance
This strategy consists of not investing in countermeasures and not reducing the security risk. The more an organization gravitates toward this strategy, the higher the potential failure cost it faces while minimizing anticipation costs.

Question 12

Which of the following is an example of an internal threat?

a) Backdoors
b) Viruses
c) Social Engineering
d) External Intrusions
e) Employee’s careless behavior

Answer 12

Employee’s careless behavior

Chapter 13 (page 351)
Internal threats are those posed by individuals who have direct, on-premises access to the firm’s technology infrastructure or those who have legitimate reasons t be using the firm’s assets.
When addressing internal security threats, we can separate them into two categories:
Intentional Malicious Behavior and
Careless Behavior

Question 13

Risk mitigation allows the organization to do what?

a) Devise optimal strategies given the security risk the organization faces
b) Prevent security issues from ever happening in the first place
c) Keep both costs and risks at minimum levels
d) Minimize failure costs
e) Reward IT workers when no issues arise

Answer 13

Devise optimal strategies given the security risk the organization faces

Chapter 13 (page 349)
Risk mitigation is the process of matching the appropriate response to the cybersecurity threats your firm has identified.

Question 14

Function Creep, when used in terms of privacy risks, refers to new technological advances and devices that generate more data than ever. True or False?

Answer 14

False

Chapter 13 (page 371)

Function creep occurs when data collected for a stated or implied purpose are then reused for other, unrelated objectives.

Question 15

Risk audit provides the basis for:

a) Risk Reduction
b) Risk Transference
c) Risk Analysis
d) Risk Increase
e) Reward Mechanism

Answer 15

Risk Analysis

Chapter 13 (page 349)
Risk analysis is the process by which the firm attempts to quantify the hazards identified in the audit.

Question 16

When a company is faced with a security threat, they have which three strategies available to them?

a) Acceptance, avoidance, and transference
b) Acceptance, reduction, and transference
c) Avoidance, reduction, and transference
d) Acceptance, avoidance, and reduction
e) All of the above

Answer 16

Acceptance, reduction , and transference

Chapter 13 (page 350)

Question 17

Increased anticipation costs are most directly associated with which risk strategy?

a) Acceptance
b) Avoidance
c) Analysis
d) Reduction
e) Transference

Answer 17

Reduction

Chapter 13 (page 350)
Risk Reduction
This strategy consists of actively investing in the safeguards designed to mitigate security threats. The more an organization gravitates toward this strategy, the higher the anticipation cost if faces while actively reducing failure costs.

Question 18

Insurance costs are most directly associated with which risk strategy?

a) Acceptance
b) Avoidance
c) Analysis
d) Reduction
e) Transference

Answer 18

Transference

Chapter 13 (page 350)
Risk transference
This strategy consists of passing a portion (or all) of the risks associated with cybersecurity to a third party (e.g., by outsourcing security or buying insurance).

Question 19

IT Risk Management is the process of identifying and measuring information systems security risks to devise the optimal mitigation strategy. True or False?

Answer 19

True

Chapter 13

Question 20

Which of the following is not a form of malware?

a) Viruses
b) Spyware
c) Sniffers
d) Keyloggers
e) Worms

Answer 20

Sniffers

Chapter 13 (page 356)
Malicious code also known as malware refers to software programs that are designed to cause damage to individuals’ and/or organizations’ IT assets.

Question 21

1-2

a)
b)
c)
d)
e)

Answer 21

1-2

Question 22

1-3

Answer 22

1-3

Question 23

1-4

Answer 23

1-4

Question 24

1-5

Answer 24

1-5

Question 25

1-6

Answer 25

1-6

Question 26

1-7

Answer 26

1-7

Question 27

1-8

Answer 27

1-8

Question 28

1-9

Answer 28

1-9

Question 29

1-10

Answer 29

1-10

Question 30

1-11

Answer 30

1-11

Question 31

1-12

Answer 31

1-12

Question 32

1-13

Answer 32

1-13

Question 33

1-14

Answer 33

1-14

Question 34

1-15

Answer 34

1-15

Question 35

1-16

Answer 35

1-16

Question 36

1-17

Answer 36

1-17

Question 37

1-18

Answer 37

1-18

Question 38

1-19

Answer 38

1-19

Question 39

1-20

Answer 39

1-20

Question 40

2-1

Answer 40

2-1

Question 41

2-2

Answer 41

2-2

Question 42

2-3

Answer 42

2-3

Question 43

2-4

Answer 43

2-4

Question 44

2-5

Answer 44

2-5

Question 45

2-6

Answer 45

2-6

Question 46

2-7

Answer 46

2-7

Question 47

2-8

Answer 47

2-8

Question 48

2-9

Answer 48

2-9

Question 49

2-10

Answer 49

2-10

Question 50

2-11

Answer 50

2-11

Question 51

2-12

Answer 51

2-12

Question 52

2-13

Answer 52

2-13

Question 53

2-14

Answer 53

2-14

Question 54

2-15

Answer 54

2-15

Question 55

2-16

Answer 55

2-16

Question 56

2-17

Answer 56

2-17

Question 57

2-18

Answer 57

2-18

Question 58

2-19

Answer 58

2-19

Question 59

In a recent board meeting the CFO remarked the necessity to ‘attack on capital expenditures (CAPEX) favoring more variable cost structures. What could the CIO do to support this transition?

a. To accelerate the planned investments in the IT infrastructure.
b. To migrate part of the infrastructure to the cloud.
c. To migrate to a NoSQL architecture.
d. to reduce the non-local IT staff

Answer 59

To migrate part of the infrastructure to the cloud.

Chapter 3

Question 60

Batch processing is a vestige of the past and is increasingly abandoned.
True
False

Answer 60

False

Chapter 3 (page 67)

Question 61

Which kind of analytics are typically present in reports and visualizations through executive dashboards, OLAP tools or scorecards?

a. Big data analytics
b. Descriptive analytics
c. Predictive analytics
d. Prescriptive analytics

Answer 61

Descriptive analytics

Chapter 3

Question 62

What kind of analytics consists of optimization algorithms that seek to identify targets to guide decisions or monitor current operations?

a. Big data analytics
b. Descriptive analytics
c. Predictive analytics
d. Prescriptive analytics

Answer 62

Prescriptive analytics

Chapter 3 (page 65)

Question 63

Which are the three dimensions in trade-off considered by the CAP theorem?

a. Certain, available, and processed
b. Coherence, access, and portion
c. Compliance, analysis, and processing
d. Consistency, availability, and partition

Answer 63

Consistency, availability, and partition

Chapter 3

Question 64

Which among these trends was the catalyst for the current attention to analytics?

a. Analytics becoming more important
b. Declining costs of computing power
c. Declining storage costs
d. Proliferation of data generated by sensors, machines and humans

Answer 64

Proliferation of data generated by sensors, machines and humans

Chapter 3 (page 67)

Question 65

In a recent conversation with your CIO she evoked the need to adopt for certain operations, a document-oriented database with dynamic schema. To which category of DMBS was she referring?

a. MySQL databases
b. NoSQL databases
c. Relational databases
d. SQL databases

Answer 65

NoSQL databases

Chapter 3

Question 66

Which is the focus of ‘descriptive analytics?

a. To better understand what has occurred
b. To better understand what should occur
c. To better understand what will occur
d. To guide managerial decisions

Answer 66

To better understand what has occurred

Chapter 3 (page 65)

Question 67

In a recent brief the CIO announced the decision to adopt a new ERP system embedding industry’s best practices. What did it mean when he referred to ‘best practices?

a. The best-in-class solutions are integrated to provide optimal performance
b. That industry’s optimal techniques, activities and processes are identified and codified in the software
c. That the best software applications are integrated in the new ERP
d. That the coders made the greatest effort to improve the efficiency of the ERP

Answer 67

That industry’s optimal techniques, activities and processes are identified and codified in the software

Chapter 3 (page 60)

Question 68

We identified four main eras of data processing in business, what characterizes the ‘business intelligence era?

a. The use of new technologies and management practices to leverage the increasing amounts of collected data.
b. The use of transactions for decision support
c. Transactions were batched and processed by a mainframe as they occurred
d. Transactions were stored in large mainframe databases called ‘batch’

Answer 68

The use of transactions for decision support

Chapter 3 (page 71)

Question 69

What is the focus of ‘predictive analytics’ ?

a. To better understand what has occurred
b. To better understand what should occur
c. To better understand what will occur
d. To guide managerial decisions

Answer 69

To better understand what will occur

Chapter 3 (page 65)

Question 70

Online transaction processing (OLTP) systems are designed to provide real-time or near real-time results.
True
False

Answer 70

True

Chapter 3 (page 69)

Question 71

BitTorrent is a software that enables data and file sharing on the Internet directly among users. Which of the following best describes its architecture?

a. Centralized
b. Client-server
c. Distributed
d. Peer-to-peer

Answer 71

Peer-to-peer

Chapter 3

Question 72

What does the term ‘business analytics’ mean?

a. The activities performed by business analysts
b. The examination of business data in an effort to reveal useful insight for better decision-making.
c. The use of advanced data processing techniques on business data
d. The use of computers to explore large pools of data

Answer 72

The examination of business data in an effort to reveal useful insight for better decision-making.

Chapter 3 (page 65)

Question 73

Which kind of the following best describes the cloud delivery model of Amazon Web Services (AWS)?

a. Infrastructure as a service (IaaS)
b. Packaged software
c. Platform as a service (Paas)
d. Software as a service (SaaS)

Answer 73

Infrastructure as a service (IaaS)

Chapter 3

Question 74

A NoSQL database adhere to the relation model.
True
False

Answer 74

False

Chapter 3

Question 75

We identified four main eras of data processing in business, what characterizes the ‘big data era’?

a. The use of new technologies and management practices to leverage the increasing amounts of collected data.
b. The use of transactions for decision support
c. Transactions were batched and processed by a mainframe as they occurred
d. Transactions were stored in large mainframe databases called ‘batch’

Answer 75

The use of new technologies and management practices to leverage the increasing amounts of collected data

Chapter 3

Question 76

Why is a trojan horse not a virus?

Question 77

Audi

Question 78

Risk mitigation allows the organization to do what?

Chapter 13

Answer 78

Devise optimal strategies given the security risk the organization faces

Chapter 13 (page 349)
Risk mitigation is the process of matching the appropriate response to the cybersecurity threats your firm has identified.

Question 79

Risk mitigation allows the organization to do what?

Chapter 13

Answer 79

Devise optimal strategies given the security risk the organization faces

Chapter 13 (page 349)
Risk mitigation is the process of matching the appropriate response to the cybersecurity threats your firm has identified.

Question 80

Risk mitigation allows the organization to do what?

Chapter 13

Answer 80

Devise optimal strategies given the security risk the organization faces

Chapter 13 (page 349)
Risk mitigation is the process of matching the appropriate response to the cybersecurity threats your firm has identified.

Question 81

Insurance costs are most directly associated with which risk strategy?

a) Acceptance
b) Avoidance
c) Analysis
d) Reduction
e) Transference

Answer 81

Transference

Chapter 13 (page 350)
Risk transferences
The strategy consists of actively investing in the safeguards designed to mitigate security threats. The more an organization gravitates toward this strategy, the higher the anticipation cost it faces while actively reducing failure costs.