MIS Test 3 Flashcards

1
Q

We have identified three general approaches to the acquisition of information processing
functionalities and the introduction of IT-based information systems. Which of the
following is not one of them?
A. Custom design and development
B. System selection and acquisition
C. End-user development
D. Open source development
E. None of the above

A

Open source development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three steps that occur during the implementation phase of the SDLC?
A. Programming, Testing, Installation
B. Investigation, Installation, Operations
C. Programming, Installation, Maintenance
D. Installation, Operations, Maintenance
E. Investigation, Testing, Installation

A

Installation, Operations, Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In which of the following phases should you expect to be most involved as a general or
functional manager?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C

A

A and C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In which phase(s) do the system development life cycle (SDLC) and the system selection
process differ most substantially?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C

A

A and B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The three generic phases of a system life-cycle process are:
A. Definition, Design, and Testing
B. Definition, Build, and Implementation
C. Planning, Testing, and Implementation
D. Build, Testing, and Deployment
E. None of the above

A

Definition, Build, and Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why is the Systems development Life Cycle methodology typically referred to as “the
waterfall model”?
A. Because it was first popularized in a town with many waterfalls
B. To stress the fact that phases are sequential and iteration (or going back) should be
avoided as much as possible.
C. Because the SDLC, like prototyping, is not iterative.
D. To convey the notion that getting good user requirements is important and there
should be multiple opportunities to elicit user requirements.
E. B and D

A

To stress the fact that phases are sequential and iteration (or going back) should be avoided as much as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your book describes the systems selection process in-depth. Which of the following is
not a step in the system selection process?
A. Compile an RFP
B. Develop a vendor short list.
C. Solicit proposals.
D. Visit vendor sites.
E. Have vendors provide demonstrations.

A

Visit vendor sites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following are not approaches to acquisition of information processing
functionalities?
A. Custom Design
B. Custom Development
C. System Selection and Acquisition
D. End-user Development
E. Open Source Development

A

Open Source Development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is not one of the advantages related to making your own systems?
A. Unique Tailoring
B. Flexibility
C. Control
D. Faster Roll-Out
E. All of these are advantages

A

Faster Roll-Out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is not one of the advantages related to purchasing an off-the-shelf
system?
A. Unique Tailoring
B. Faster Roll-Out
C. Knowledge Infusion
D. Economical Attractiveness
E. High Quality

A

Unique Tailoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The Systems Development Life Cycle has three main phases. These are:
A. Definition, System Design, and Implementation
B. Feasibility Analysis, Programming, and Implementation
C. Definition, Build, and Implementation
D. Investigation, Feasibility Analysis, and System Analysis
E. Installation, Operations, and Maintenance

A

Definition, System Design, and Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The IS department workers that experts in both technology and the business processes are
called what?
A. Programmers
B. Analysts
C. Functional Managers
D. Help Desk Personnel
E. Technicians.

A

Analysts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which stage of the SDLS typically results in a “go” or “no-go” decision?
A. Feasibility Analysis
B. Systems Analysis
C. System Design
D. Programming
E. Testing

A

Feasibility Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A bank upgrades a computer system at one of its branches. If this works correctly, then
the upgraded system will be installed at the other branches. Which migration approach is
this most likely related to?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional

A

Pilot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A bank upgrades the computer systems of its branches, one branch at a time. This is
most likely which of the following migration strategies?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional

A

Phased

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The Build phase of the SDLC is used to ensure that the software is properly integrated
with the other components of the information system.

True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The SDLC and prototyping methodologies are one and the same.

True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Both the SDLC and prototyping methodologies are use d to create custom systems.

True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Off-the-shelf systems enable infusion of knowledge in the organization

True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

End-user development: The process by which an organization’s non–IT specialists create
software applications.

True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Custom software development is a systems development approach predicated on the notion that it impossible to clearly estimate and plan in detail such complex endeavors as information systems design and development projects.

True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A system analyst is a highly skilled IT professional who takes the system requirements document (i.e., what the applications should do) and designs the structure of the system
(i.e., how the application will perform its tasks).

True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Risk Audit provides the basis for:
A. Risk Reduction
B. Risk Transference
C. Risk Analysis
D. Reward Mechanism
E. Risk increase

A

Risk Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Security should be on managers’ radar screens because of peculiar characteristics that run
the risk of leaving it what?
A. Underfunded
B. Overfunded
C. Overstaffed
D. Irrelevant
E. Neutralized

A

Underfunded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Why is security considered a negative deliverable?
A. It costs money
B. It produces only tangible benefits
C. It does not affect profits whether it is done well or poorly
D. It is largely ignored
E. It produces no revenue or efficiency

A

It produces no revenue or efficiency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Risk mitigation allows the organization to do what?
A. Devise optimal strategies
B. Prevent security issues from every happening in the first place
C. Keep both costs and risks at minimum levels
D. Maximize failure costs
E. Reward IT workers when no issues arise

A

Devise optimal strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

When a company is faced with a security threat, they have which three strategies available
to them?
A. Acceptance, avoidance, and transference
B. Acceptance, reduction, and transference
C. Avoidance, reduction, and transference
D. Acceptance, avoidance, and reduction
E. All of the above

A

B. Acceptance, reduction, and transference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following strategies is associated with increased potential for failure?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

A

Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Insurance costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

A

Transference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Increased anticipation costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

A

Reduction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following is an example of an internal threat?
A. Viruses
B. Intrusions
C. Social Engineering
D. Backdoors
E. Angry Employees

A

Angry Employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following refers to code built into a program to allow the programmer a way
to bypass password protection?
A. Password Spoofing
B. Bugs
C. Viruses
D. Phishing
E. Backdoors

A

Backdoors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following is an automated method of seeking passwords?
A. Phishing
B. Social Engineering
C. Software bugs
D. Backdoors
E. Careless behavior

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is not a form of malware?
A. Viruses
B. Spyware
C. Sniffers
D. Keyloggers
E. Worms

A

Sniffers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Why is a Trojan horse not a virus?
A. It does not have a payload
B. It does not have a trigger event
C. It does not replicate
D. It is a legitimate form of security protection
E. It does not do anything harmful

A

It does not replicate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Why is spyware usually not considered a virus?
A. It does not replicate
B. It does not have a payload
C. It does not do anything other than watch what the user does
D. It only shows advertisements
E. None of the above. They are always viruses

A

It does not replicate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following is a viable method of dealing with internal security threats?
A. Antivirus software
B. Policies regarding what computing resources are accessible to whom
C. Firewalls
D. Policies that mandate frequent updates to programs and such
E. Not immediately deleting terminated employees

A

Policies regarding what computing resources are accessible to whom

38
Q

Generally, a company should buy instead of make if 80% of the required functionality is present in a COTS solution. This rule holds unless the remaining 20% functionality is of strategic importance to the company.

True or false?

A

True

39
Q

A business school has developed a new leave portal for all its employees and decides to immediately switch from the old platform to the new one. This migration is considered a low risk endeavor for the school and its employees. This type of migration approach is considered as:
direct
parallel
phased
pilot

A

Direct

40
Q

An organization takes the decision in favor of “make: versus “buy” if no commercially available implementation of a design idea exists in the market.

True or false?

A

True

41
Q

Apple, Inc. provides its users the opportunity to develop applications which can later be downloaded and used via the Apple App Store. This approach of design and development where a software application is created or improved by its users is called:
a. custom design and development
b. end-user development
c. system selection and acquisition
d. none of the above

A

end-user development

42
Q

Company A is implementing a new HR system. The new system will roll out using a direct
installation approach. Which of the following is critical to the successful installation of the
new HR system?
A. agile development
B. change management
C. system analysis
D. testing

A

change management

43
Q

Company A is thinking about using blockchain technology in managing its supply chain. The
company is thinking of using the Ethereum blockchain, an existing blockchain solution, rather
than developing its unique solution. Which of the following is advantage of using the existing
blockchain solution?
A. faster-roll out
B. flexibility and control
C. no advantage
D. unique tailoring

A

faster-roll out

44
Q

COTS is an acronym for “customized off-the-shelf” software.
A. false
B. true

A

false

45
Q

Creating the IT core is sufficient to fulfill the information processing needs of the firm.
A. false
B. true

A

false

46
Q

Go or no-go recommendations for a project are provided at what phase of the systems
development life cycle (SDLC)?
A. build phase (just after system design and before programming)
B. definition phase (just after feasibility analysis and before system analysis)
C. definition phase (just after investigation and before feasibility analysis)
D. definition phase (just after system analysis and before investigation)

A

definition phase (just after feasibility analysis and before system analysis)

47
Q

Mr. Smith, an owner of a media-services provider, decided to stop depending on applications
that are available on the market, and instead, to start developing unique applications
internally. Which of the following describes Mr. Smith’s decision?
A. moving from custom design and development to end user development
B. moving from custom design and development to system selection and acquisition
C. moving from system selection and acquisition to custom design and development
D. moving from system selection and acquisition to end user development

A

moving from system selection and acquisition to custom design and development

48
Q

Scope creep is the reason why system requirements are frozen once stakeholders signoff the
systems requirement document. Scope creep can lead to:
A. improved efficiency in project deployment
B. significant decrease in cost and faster development of the project
C. significant increase in cost and delay in development of the project
D. none of the above

A

significant increase in cost and delay in development of the project

49
Q

Software-as-a-service (SaaS) solutions can be classified as COTS applications.
A. false
B. true

A

true

50
Q

Technical feasibility is concerned with taking the system requirements document and
producing a robust, secure, and efficient application.
A. false
B. true

A

false

51
Q

Technology development must take into account which three key considerations?
A. people, processes and structure
B. people, project funding and structure
C. people, shareholders and structure
D. none of the above

A

people, processes and structure

52
Q

The build phase of the systems development life cycle (SDLC) consists of which of the
following sub-processes:
A. installation, operations, maintenance
B. investigation, feasibility analysis, system analysis
C. system design, programming, testing
D. none of the above

A

investigation, feasibility analysis, system analysis

53
Q

The SNCF rail network in France recently introduced a new app to book train tickets by the
name of “oui SNCF”. The app was expressly made for serving the needs of the many SNCF
customers who travel between cities in France over the rail network. What can you infer
about the design and development approach of the application?
A. custom design and development
B. end-user development
C. system selection and acquisition
D. none of the above

A

custom design and development

54
Q

The technology development and the IS development processes are often sequential.
A. false
B. true

A

false

55
Q

The US subsidiary of a major food producer decided to implement SAP within their
organization. SAP is an openly available enterprise software to manage business operations
and customer relations. Which type of design and development approach does the
commercially available SAP software fall into?
A. custom design and development
B. end-user development
C. system selection and acquisition
D. none of the above

A

none of the above

56
Q

When fulfilling the IS processing needs, what does the firm has to do in the information
systems development process?

A. assess current IS within the firm
B. develop capabilities to develop the IS
C. generate the IT core
D. integrate the technology with other components of the organization (i.e. people, processes,
structure)

A

integrate the technology with other components of the organization (i.e. people, processes,
structure)

57
Q

When YouTube launched its video-sharing platform in 2005, it had to develop its own IS. This
is an example of system selection and development.
A. false
B. true

A

false

58
Q

Which of the following are the two main processes of fulfilling information processing needs?
A. capability development and IT development
B. custom IS development and technical skills development
C. IS research and IS development
D. technology development and IS development

A

custom IS development and technical skills development

59
Q

Which of the following are two critical processes that take place during the installation phase?
A. change management and prototyping
B. end-user training and change management
C. end-user training and prototyping
D. programming and testing

A

end-user training and change management

60
Q

Which of the following is an advantage of custom development?
A. economically attractive
B. faster roll-out
C. flexibility and control
D. knowledge infusion

A

flexibility and control

61
Q

Which of the following is not an advantage of custom development of software applications
within an organization?
A. cost savings
B. flexibility and control
C. unique tailoring
D. none of the above

A

cost savings

62
Q

Which of the following is not an advantage of open source software?
A. creativity
B. limited lock-in
C. robustness
D. security

A

security

63
Q

Which of the following is not an advantage of purchasing?
A. faster rollout
B. flexibility
C. high quality
D. knowledge infusion

A

flexibility

64
Q

Which of the following is not an approach to the acquisition of information processing
functionalities and the introduction of IT-based information systems?
A. customer design and development
B. end-user development
C. supervised development
D. system selection and acquisition

A

supervised development

65
Q

Which of the following statements is not a part of the “agile manifesto” for software
development:
A. customer collaboration over contract negotiation
B. processes and tools over individuals and interactions
C. responding to change over following a plan
D. working software over comprehensive documentation

A

processes and tools over individuals and interactions

66
Q

Cybersecurity is a negative deliverable because:
A. It limits the possibility that future positive gains can be made
B. It limits the possibility of both future negative fallout and positive gains would occur
C. It limits the possibility that future negative fallout will happen
D. None of the above

A

It limits the possibility that future negative fallout will happen

67
Q

Risk assessment consists of which of the following processes?
A. Risk audit (technical & human resources), risk analysis
B. Risk analysis, risk mitigation
C. Risk audit (technical & human resources), risk mitigation
D. None of the above

A

Risk audit (technical & human resources), risk analysis

68
Q

Risk analysis is the process by which a firm attempts to quantify the hazards identified in the
risk audit.
A. True
B. False

A

true

69
Q

Rational decision making suggests that the amount invested in cyber security safeguards
should be proportional to the extent of threats and its potential negative side effects.
A. True
B. False

A

true

70
Q

After completing a risk assessment of the Information Systems security within company X, the
directors have decided to purchase an insurance against cyber security threats. What type of
risk mitigation strategy is this?
A. Risk reduction
B. Risk acceptance
C. Risk transference
D. Risk reduction & risk acceptance

A

Risk transference

71
Q

Mr. K has been a long term corporate sales account manager at a telecommunication
company. He has been angling for a promotion for the past 10 years however almost always
someone younger is promoted because they are more qualified. Disgruntled by bis workplace
he has resigned from office. On the last day of his job he decides to teach them all a lesson by
selling confidential customer information to a competitor. What kind of behavior does this
situation represent?
A. Careless behavior
B. Carless and unintentional malicious behavior
C. Intentional malicious behavior
D. Unintentional malicious behavior

A

Intentional malicious behavior

72
Q

Mary received an email on her outlook inbox that claimed it was from the IT helpdesk at her
office. The email asked her to change the password on her official account using a link within
the email in the next 15 minutes or she would automatically loose access to her account on all devices. Reading this message prompts her to click on the link which redirects her to webpage
that looks just like the outlook security settings page. What kind of external intrusion threat is
this?
A. Phishing
B. Backdoors and exploits
C. Social engineering
D. None of the above

A

Phishing

73
Q

A trojan horse like a virus delivers malicious payload and self-replicates.
A. True
B. False

A

False

74
Q

Which of the following malicious codes do not self-replicate?
A. Viruses and worms
B. Just worms
C. Trojan horses and spyware
D. None of the above

A

Trojan horses and spyware

75
Q

The distributed denial of service (DDoS) attack uses a single compromised system while a
denial of service (DoS) attack uses a large network of compromised systems.
A. False
B. True

A

False

76
Q

The difference between cybersecurity and privacy is that whereas cybersecurity is about safe
keeping of collected data, privacy is about informed consent and permission to collect and use
identifying information.
A. False
B. True

A

True

77
Q

Function creep is the situation where data collected for a stated or implied purpose is later on
reused for the same purpose.
A. True
B. False

A

False

78
Q

An organization’s ethical code of conduct communicates to all parties the organization’s
principles of ethical information system use and its formal stance enabling detection of, and
distancing from, unethical choices made by any member of the organization.
A. True
B. False

A

True

79
Q

Which of the following best describes a firm’s set of defenses to mitigate threats to its
technology infrastructure?
A. Reducing threat of new entrants
B. Longevity risk mitigation
C. Cybersecurity
D. Answer is not listed

A

Cybersecurity

80
Q

Cyber security risk assessment is a process of auditing ONLY the current technological
resources, in an effort to map the current state of the art on IS security in the organization.
A. False
B. True

A

False

81
Q

Which of the following mitigation strategies has high failure costs but low anticipation costs?
A. Risk acceptance
B. Risk reduction
C. Risk transference
D. Risk transference and risk reduction

A

Risk acceptance

82
Q

Which of the following best explains why internal exploits are hard to detect?
A. Because internal exploits often use advanced techniques that are hard to detect
B. Because companies often limit the number of employees who can access sensible
information
C. Because users are authorized on the network and their actions can go undetected unless
they make a careless mistake or discuss their behaviors with others
D. Answer is not listed

A

Because users are authorized on the network and their actions can go undetected unless
they make a careless mistake or discuss their behaviors with others

83
Q

In 2010, an Apple software engineer left a prototype of the iPhone 4 in a bar. the person who
found the phone sold it to the gadget blog Gizmodo for $5,000, who disassembled it and
posted its characteristics online. Which of the following cyber security threats best describe
this example?
A. An internal threat due to intentional malicious behavior
B. An internal threat due to careless behavior
C. An external threat due to an intrusion
D. An external threat due to online fake news

A

An internal threat due to careless behavior

84
Q

An intrusion threat consists of any situation where an unauthorized attacker gains access to
organizational IT resources.
A. True
B. False

A

True

85
Q

Mr. Smith received a phone call from a person claiming to be from his bank. The unknown
person told Mr. Smith that he needed to update his account security details. the caller asked
for Mr. Smith’s account, card and personal details in order to confirm his identity. Mr. Smith
refused to provide any details to the unknown caller, and instead, called his bank which
confirmed that the phone call was a scam. Which of the following best describes the
mentioned scam?
A. Backdoor exploit
B. Malicious code
C. Whaling
D. Social engineering

A

Social engineering

86
Q

Someone posing as an IT tech requests information about your computer configuration. What
kind of attack is this?
A. Social engineering
B. Inside threats
C. Phishing
D. Whaling

A

Social engineering

87
Q

A multinational cooperation is rethinking how it is managing its information systems’ security.
The organization needs to prove to its customers, partners and other stakeholders that it
complies with international cyber security standards. Which of the following frameworks are
best suited for the cooperation?
A. NIST cyber security framework
B. Cyber kill chain framework
C. NERC CIP
D. ISO 27001

A

ISO 27001

88
Q

Many organizations limit their employees’ access to certain websites and prevent the
individual installation of new software. Which of the following best describes this practice?
A. Mitigating internal threats through monitoring
B. Detecting internal threats through monitoring
C. Detecting external threats through monitoring
D. Answer is not listed

A

Mitigating internal threats through monitoring

89
Q

Firewalls cans be used to decrease internal cyber security threats.
A. True
B. False

A

True

90
Q

Which of the following is an example of function creep?
A. Data on number of soda cans sold by a vending machine used only to compute revenues
B. An online website that does not save or share user data without their permission
C. A research institute that uses data for its implied purpose only
D. A social network selling users’ data to third parties

A

A social network selling users’ data to third parties

91
Q

Protection of intellectual property in the internet is not an ethical issue.
A. False
B. True

A

False

92
Q

Ethical conduct is often ensured through computer software.
A. True
B. False

A

False