CIS- Module 1&2 Exam 1

You've been hired by a large travel and tourism agency to upgrade their security systems. There are several specific areas of concern they'd like you to address and make recommendations. First, the agency is concerned about protecting their internal network where they host some servers, databases, and several workstations. Due to their global exposure with travel activities around the world, they've experienced some fairly sophisticated attacks on their network. You discover they're using an older firewall that simply isn't designed to protect against today's technologies. What would be a better alternative to protect their network resources?

NGFW

Dr. Michaels reviews a patient's historical test results before metting with her to discuss treatment options

People

Reginald relies on an online video library to research how to perform maintenance and troubleshooting tasks on networking equipment his company recently installed in their data center.

Personal information system

Gina transcribes notes from the doctor regarding a patient's physical examination and adds medical codes for tracking charges to insurance companies.

Processes

A __________ policy permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications.

BYOD (bring your own device) policy.

You're helping to on-board a new employee who will be spending some time working from home as well as traveling twice a month for meetings with clients. Employee: Actually, I just bought a new tablet recently that I really like. Will I be able to use that tablet for work? You: Yes, we have a _____________ so you can use your tablet to access company computing resources and applications.

BYOD policy

Your company's customer service line is slammed with phone calls from angry costumers wanting to know if their data is included in the breach.

Business disruptions

______improve existing systems within the organization while controlling costs.

Business partners

_______ convert a program design developed by a systems analyst into a working program written in one of many computer languages. To do this, they must write, debug, and test the program to ensure it will operate in a way that will meet users' needs.

Programmers

__________ control or reduce costs while better supporting existing business processes.

Cost centers and service providers

Next, they're concerned about ways their network has been exposed to viruses due to employees using company computers to visit international Web sites with questionable security. What can you add to the network to offer the company better control over which Web sites are approved for business interactions?

Proxy server

________ frequently consult with management and users to define the scope of and requirements for new information systems. They convey system requirements to people in more technical roles for implementation.

Systems analysts

Dr. Baggett checks the emergency department's tracking board to determine which patient to see next, according to the critically of patient's criticality of patient's conditions and current wait time.

Technology

Shanna helps to manage updates for her company's mobile time tracking app that employees use to report their hours worked.

Enterprise information system

______ have an essential role to play in the successful implementation and use of information systems— that role changes depending on which type of information system is being implemented.

Managers

After deploying several of the recommended security improvements, you suggest that the final and most important step in protecting the organization's security perimeter is _______.

end-user education

The importance of __________ cannot be overly emphasized. Creating and enhancing user awareness of security policies is an ongoing security priority for companies. Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow security policies.

end-user education

An___________________ is used to meet organization-wide business needs, such as the mobile time tracking app that Shanna works with.

enterprise information system

The growth of the Internet of Things is helping to curb the number of cyberattacks. True or False?

false

Five actions an organization must take in the event of a successful cyberattack include incident notification, protection of evidence and activity logs, incident containment, eradication, and incident. _____.

follow up.

__________ , like Naomi's research, drive business innovation to achieve competitive advantage.

game changers

Gregory can use ____ to provide the most relevant and complete information regarding the target markets current level of familiarity with his company's brand

google

__________ is used for searching the Internet for information and could be used to find reviews on specific products. Gregory can also search for chatter about his company's brand and products and compare this information in similar searches on his competitors' products.

google

Which of the following is not a benefit associated with creating a strategic plan?

guarantees that only the most current technology solutions will be employed.

The________ worker functions at the intersection of business and technology and designs, builds, and implements solutions that allow organizations to effectively leverage information technology systems.

information system

An ________________ enables the sharing of information across organizational boundaries, such as the financial databases and analyst reports Cam's company uses.

interorganizational information system

Computer forensics is a discipline that combines elements of ____ and computer science.

law

One of the consequences of a successful cyberattack that can lead to monetary penalties for organizations that fail to comply with data protection regulations is _______________.

legal consequences

the company offers one year of consumer credit monitoring for customers whose credit information was compromised

legal consequences

Derek uses his old account credentials to sign into his former employer's network to get information on some of his old clients

malicious employee

An organization that monitors, manages, and maintains computer and network security for other organizations is called__________ service provider.

managed security

Two potential benefits of obtaining a certification in an IS subject area are:

new career possibilities and a potential increase in salary

Naomi is a market researcher for her company, which designs and manufactures carpets and rugs. She travels globally to conferences and trade shows to track current trends in her industry. During one trip, Naomi learns about a new dye technique that results in more resilient color at a lower cost. She brings the relevant information back to her team and other experts in her company to discuss the feasibility of implementing this technique in their products.

operations

The four levels at which the CIA security triad must be implemented include _______________.

organizational, network, application, and end user

Once a vulnerability is discovered, users should install a ______ to eliminate the problem.

patch

Employee: That's good to hear. Will you have to make any changes to it before I can use it for work?You: We'll scan it for any security vulnerabilities and apply the necessary _________________ to close those pages.

patches

________ are the most important element of information systems and often use information systems, such as a doctor consulting a database of patient test results, to achieve worthwhile results.

people

A ____________ improves the productivity of individual users in performing stand-alone tasks, such as Reginald using an online video library.

personal inforamtion system

A __________ is a structured set of related activities that take input, add value, and create an output, such as when doctors' notes are transcribed and medical codes are added to patient charts.

process

CEO: Okay, that's good. I don't think she knows coding, though. We need a ______________. Got anyone in mind? You:Yes, let's ask Miguel. He knows several coding languages and writes gaming software in his spare time as a hobby.

programmer

form of cyberattack that is estimated to occur every 10 seconds against an individual in the U.S. is _______________.

ransomware

CEO:So this would tell us where our security weaknesses are. Any idea how much it will cost to eliminate those vulnerabilities? You:Unfortunately, we can never eliminate all vulnerabilities unless we just stop doing business. Once we get the report, we can determine how much investment is needed to reach a level of________ that balances security costs with a level of risk we're comfortable with.

reasonable assurance

_________ is the recognition that managers must use their judgment to ensure that the cost of control does not exceed the system's benefits, or the risks involved.

reasonable assurance

Your company's IT operations team works around the clock to identify how the breach occurred and implement needed patches to prevent further damage.

recovery cost

sales activity for the quarter drops by 22%, a tough hit in the middle of a holiday shopping season

reputation damage

A ______ enables an organization to identify its vulnerabilities and potential threats, establish a benchmark of where it is, determine where it needs to be, and develop a plan to meet those needs.

security audit

Your CEO arrives at work on Monday morning and is acting more stressed and irritable than usual. You're a little nervous when you're called in for a meeting with him, but you soon find out the cause of his distress. Over the weekend, he met up with a friend of his from college, who is also a CEO. The friend's company was recently hacked, resulting in a severe data breach. Their company is potentially facing a class action lawsuit and possible bankruptcy. CEO: I need to know where we stand with our IT security. What are the chances we could face similar problems? You: We've been prioritizing security upgrades and improved processes over the past year. However, a _________ would give us a more detailed and thorough assessment of existing vulnerabilities and threats.

security audit

Many organizations employ a _____ to help track the key performance indicators of their security strategy.

security dashboard

The _________ for the IS organization and the factors that influence it depend on how the organization is perceived by the rest of the organization.

strategic planning process

An organization's _____________ defines roles, responsibilities, and lines of authority, such as when information from the medical billing system is used to complete needed activities in another system.

structure

Raul pulls information from the medical billing system to generate reports that will be forwarded to insurance companies

structure

Gregory's company is planning to release a new series of athletic shoes specifically targeted to hobbyist athletes who train for personal reasons such as self-improvement and socializing. Members of the target market are not generally competitive in their athletic pursuits and are more interested in characteristics such as comfort, durability, and affordability. Gregory's company has developed shoes to target these characteristics along with unusual designs, colors, and features. His team is now responsible for positioning the shoes in the market and spreading the word through social media. What information does Gregory's team need to have on hand as they're setting prices for each item in their company's new line of shoes? Choose all that apply.

-Current level of the market's familiarity and preference for his company's brand -Perceived value of differentiating factors for his company's shoes -Competitors' prices on similar items

There are _______________ steps that must be taken to perform a thorough security risk assessment.

8

The new dye technique is implemented before competitors discover and implement similar techniques. At this point, Naomi's job role is likely to be seen as a ___________.

Game changer

Jeffery steals emails from one of his state's political candidates and posts the emails anonymously online.

Hackivist

Cam's financial management company subscribes to a carefully researched combination of databases and analyst reports.

Interorganizational Information System

Managers of the business functions most affected by a new information system have a key responsibility to ensure that _______________.

Leavitt's Diamond

A federal law that focuses on unlawful access to stored communications to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage.

Stored Wire and Electronic Communications and Transactional Records Access Statute

The contemporary view of information systems is that they are often so intimately involved in an organization's value chain that they are part of the process itself. True or False?

True

CEO: I don't think they know each other yet, but I think it'll work. What about the user interface? We'll host the app on our intranet. I want to make sure it's got a clean layout with easy navigation through the site. You: Right—we can develop a web-hosted front-end for users to interact with. Zahira is our ________________________ I'll ask her to jump in as well.

Web developer

______ design and maintain Web sites, including site layout and function, to meet the organization's requirements. The creative side of the job includes creating a user-friendly design, ensuring easy navigation, organizing content, and integrating graphics and audio.

Web developers

Which of the following are non-technical skills not commonly associated with an effective Information system worker?

ability to work in a static, boring environment where there is little change.

A blended threat, phishing, and virus are all examples of a(n)____

attack vector

a ____is the technique used to gain unauthorized access to a device or a network.

attack vector

Malisa uses her laptop to sign onto her company's database server from an open wifi connection at a local coffeeshop

careless insider

The perpetrator most likely to be the cause of a cyberattack is the _______________.

careless insider

Three ways IS organization can be perceived by the rest of the organization that influence IS strategy are _______________.

cost center, business partner, and game changer

Ashliegh hacks into a local store's payment processing system and transfers money to her paypal account

cybercriminal

erica is late to work because a computer virus shut down the city's bus system.

cyberterrorist

CEO:This report might give us a good picture of where we are right now, but what about in the future? How can we track ongoing concerns to make sure gaps in our security coverage don't open up later? You:It's good to do a risk assessment every year. In the meantime, we can use a security _________ to help track key performance indicators tied to our security strategies.

dashboard

shareholders experienced a 19% drop in share value in the 24 hours after the breach was publicized.

direct impact

You're an HR director meeting with your CEO to discuss plans for a new application that will allow employees to track their own hours and earned vacation time. There are several pieces and parts that need to be coordinated, and the two of you are trying to decide which employees to bring on board for the project. CEO: I like the idea of developing this app in-house. Let's talk about who we want to assign to the team for this project. You've got the HR expertise. But who should take charge of converting your ideas into a workable design?You:I'm thinking Natalie can take point on this. She's got a _____________ background and helped with this kind of thing at her prior company where she developed the initial design for some bookkeeping software.

system's analyst

__________ includes all of an organization's hardware, software, databases, networks, facilities, and services from third parties, such as the tracking board hardware and software used in an Emergency Department to determine patient priority.

technology

Each user should conduct a security self-assessment test. True or False?

true

Four drivers that set the information strategy and determine information system investments include corporate strategy, technology innovations, innovative thinking, and

workgroup

Four information system types based on their sphere of influence include interorganizational, personal, enterprise, and _________

workgroup

A ______________ supports teamwork and enables people to work together more effectively, such as Latoya's marketing team using a web conferencing tool.

workgroup information system

Latoya's marketing team uses a web conferencing tool to host online training sessions for her company's new hires around the country.

workgroup information system

A _________ is an attack that takes place before the security community becomes aware of and fixes a security vulnerability.

zero-day attack

Employee: Does that mean my tablet will be safe going forward?You:Not necessarily. For example, a(n) ________ could take advantage of a newly discovered vulnerability before it's patched.

zero-day attack