Test Bank

Question 1

We have identified three general approaches to the acquisition of information processing
functionalities and the introduction of IT-based information systems. Which of the
following is not one of them?
A. Custom design and development
B. System selection and acquisition
C. End-user development
D. Open source development
E. None of the above

Answer 1

D. Open source development

Question 2

What are the three steps that occur during the implementation phase of the SDLC?
A. Programming, Testing, Installation
B. Investigation, Installation, Operations
C. Programming, Installation, Maintenance
D. Installation, Operations, Maintenance
E. Investigation, Testing, Installation

Answer 2

D. Installation, Operations, Maintenance

Question 3

In which of the following phases should you expect to be most involved as a general or
functional manager?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C

Answer 3

E. A and C

Question 4

In which phase(s) do the system development life cycle (SDLC) and the system selection
process differ most substantially?
A. Definition
B. Build
C. Implementation
D. A and B
E. A and C

Answer 4

D. A and B

Question 5

The three generic phases of a system life-cycle process are:
A. Definition, Design, and Testing
B. Definition, Build, and Implementation
C. Planning, Testing, and Implementation
D. Build, Testing, and Deployment
E. None of the above

Answer 5

B. Definition, Build, and Implementation

Question 6

Why is the Systems development Life Cycle methodology typically referred to as “the
waterfall model”?
A. Because it was first popularized in a town with many waterfalls
B. To stress the fact that phases are sequential and iteration (or going back) should be
avoided as much as possible.
C. Because the SDLC, like prototyping, is not iterative.
D. To convey the notion that getting good user requirements is important and there
should be multiple opportunities to elicit user requirements.
E. B and D

Answer 6

B. To stress the fact that phases are sequential and iteration (or going back) should be
avoided as much as possible.

Question 7

Your book describes the systems selection process in-depth. Which of the following is
not a step in the system selection process?
A. Compile an RFP
B. Develop a vendor short list.
C. Solicit proposals.
D. Visit vendor sites.
E. Have vendors provide demonstrations.

Answer 7

D. Visit vendor sites.

Question 8

Which of the following are not approaches to acquisition of information processing
functionalities?
A. Custom Design
B. Custom Development

C. System Selection and Acquisition
D. End-user Development
E. Open Source Development

Answer 8

E. Open Source Development

Question 9

Which of the following is not one of the advantages related to making your own systems?
A. Unique Tailoring
B. Flexibility
C. Control
D. Faster Roll-Out
E. All of these are advantages

Answer 9

D. Faster Roll-Out

Question 10

Which of the following is not one of the advantages related to purchasing an off-the-shelf
system?
A. Unique Tailoring
B. Faster Roll-Out
C. Knowledge Infusion
D. Economical Attractiveness
E. High Quality

Answer 10

A. Unique Tailoring

Question 11

The Systems Development Life Cycle has three main phases. These are:
A. Definition, System Design, and Implementation
B. Feasibility Analysis, Programming, and Implementation
C. Definition, Build, and Implementation
D. Investigation, Feasibility Analysis, and System Analysis
E. Installation, Operations, and Maintenance

Answer 11

C. Definition, Build, and Implementation

Question 12

The IS department workers that experts in both technology and the business processes are
called what?
A. Programmers
B. Analysts
C. Functional Managers
D. Help Desk Personnel
E. Technicians.

Answer 12

B. Analysts

Question 13

Which stage of the SDLS typically results in a “go” or “no-go” decision?
A. Feasibility Analysis
B. Systems Analysis
C. System Design
D. Programming
E. Testing

Answer 13

A. Feasibility Analysis

Question 14

A bank upgrades a computer system at one of its branches. If this works correctly, then
the upgraded system will be installed at the other branches. Which migration approach is
this most likely related to?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional

Answer 14

D. Pilot

Question 15

A bank upgrades the computer systems of its branches, one branch at a time. This is
most likely which of the following migration strategies?
A. Parallel
B. Direct
C. Phased
D. Pilot
E. Traditional

Answer 15

C. Phased

Question 16

T/F - The Build phase of the SDLC is used to ensure that the software is properly integrated
with the other components of the information system.

Answer 16

False

Question 17

T/F - The SDLC and prototyping methodologies are one and the same.

Answer 17

False

Question 18

T/F - Both the SDLC and prototyping methodologies are use d to create custom systems.

Answer 18

True

Question 19

T/F - Off-the-shelf systems enable infusion of knowledge in the organization

Answer 19

True

Question 20

T/F - End-user development: The process by which an organization’s non–IT specialists create
software applications.

Answer 20

True

Question 21

T/F - Custom software development is a systems development approach predicated on the
notion that it impossible to clearly estimate and plan in detail such complex endeavors as
information systems design and development projects.

Answer 21

False

Question 22

T/F - A system analyst is a highly skilled IT professional who takes the system requirements
document (i.e., what the applications should do) and designs the structure of the system
(i.e., how the application will perform its tasks).

Answer 22

False

Question 23

Risk Audit provides the basis for:
A. Risk Reduction
B. Risk Transference
C. Risk Analysis
D. Reward Mechanism
E. Risk increase

Answer 23

C. Risk Analysis

Question 24

Security should be on managers’ radar screens because of peculiar characteristics that run
the risk of leaving it what?
A. Underfunded
B. Overfunded
C. Overstaffed
D. Irrelevant
E. Neutralized

Answer 24

A. Underfunded

Question 25

Why is security considered a negative deliverable?
A. It costs money
B. It produces only tangible benefits
C. It does not affect profits whether it is done well or poorly
D. It is largely ignored
E. It produces no revenue or efficiency

Answer 25

E. It produces no revenue or efficiency

Question 26

Risk mitigation allows the organization to do what?
A. Devise optimal strategies
B. Prevent security issues from every happening in the first place
C. Keep both costs and risks at minimum levels
D. Maximize failure costs
E. Reward IT workers when no issues arise

Answer 26

A. Devise optimal strategies

Question 27

When a company is faced with a security threat, they have which three strategies available
to them?
A. Acceptance, avoidance, and transference
B. Acceptance, reduction, and transference
C. Avoidance, reduction, and transference
D. Acceptance, avoidance, and reduction
E. All of the above

Answer 27

B. Acceptance, reduction, and transference

Question 28

Which of the following strategies is associated with increased potential for failure?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

Answer 28

A. Acceptance

Question 29

Insurance costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

Answer 29

D. Transference

Question 30

Increased anticipation costs are most directly associated with which risk strategy?
A. Acceptance
B. Avoidance
C. Reduction
D. Transference
E. Analysis

Answer 30

C. Reduction

Question 31

Which of the following is an example of an internal threat?
A. Viruses
B. Intrusions
C. Social Engineering
D. Backdoors
E. Angry Employees

Answer 31

E. Angry Employees

Question 32

Which of the following refers to code built into a program to allow the programmer a way
to bypass password protection?
A. Password Spoofing
B. Bugs
C. Viruses
D. Phishing
E. Backdoors

Answer 32

E. Backdoors

Question 33

Which of the following is an automated method of seeking passwords?
A. Phishing
B. Social Engineering
C. Software bugs
D. Backdoors
E. Careless behavior

Answer 33

A. Phishing

Question 34

Which of the following is not a form of malware?
A. Viruses
B. Spyware
C. Sniffers
D. Keyloggers
E. Worms

Answer 34

C. Sniffers

Question 35

Why is a Trojan horse not a virus?
A. It does not have a payload
B. It does not have a trigger event
C. It does not replicate
D. It is a legitimate form of security protection
E. It does not do anything harmful

Answer 35

C. It does not replicate

Question 36

Why is spyware usually not considered a virus?
A. It does not replicate
B. It does not have a payload
C. It does not do anything other than watch what the user does
D. It only shows advertisements
E. None of the above. They are always viruses

Answer 36

A. It does not replicate

Question 37

Which of the following is a viable method of dealing with internal security threats?
A. Antivirus software
B. Policies regarding what computing resources are accessible to whom
C. Firewalls
D. Policies that mandate frequent updates to programs and such
E. Not immediately deleting terminated employees

Answer 37

B. Policies regarding what computing resources are accessible to whom

Question 38

T/F - True or False: Creating security policies that spell out the behaviors that should be follow
in order to minimize security risks and auditing the policies to ensure compliance will
mitigate security risks.

Answer 38

True

Question 39

True or False: IT Risk Management is the process of identifying and measuring
information systems security risks to devise the optimal mitigation strategy.

Answer 39

True

Question 40

True or False: Function Creep, when used in terms of privacy risks, refers to new
technological advances and devices that generate more data than ever.

Answer 40

False

Question 41

Malicious cyberactivity is decreasing due to improvements in software protection systems.

Answer 41

False

Question 42

Biometrics refers to the use of a measurement of some biological parameter to uniquely
identify users.

Answer 42

True