IS265 FINAL2

10. What tools and techniques, rather than technologies, are available to protect you online? a. Cookie managers b. Privacy policy and seals c. Cookies d. Spyware e. Surveillance

b

15. A faculty member receives a phone call from the parent of a student. The parent inquires about the grade of the student on the last exam. If the instructor discloses any information, that instructor would violate what privacy act? a. CIPA b. FERPA c. COPPA d. HIPAA e. GLBA

b

2. What are cookies? a. Review IP address to track online browsing b. Small text files that store information c. Hidden application to record keystrokes d. Malware designed to slow down your PC e. Program offered by an organization which post rules

b

34. Which dimension of software development is related to user requirements? a. Time b. Quality c. Development d. Cost e. Methodologies

b

39. What documents the scope of the project, identifies major tasks and resources and describes any interrelationships with other projects? a. Feasibility analysis b. Project management c. Project initiation d. User documentation e. State of Work

b

43. If the integration plan is to implement a new system while the existing system is still running, what type of integration plan would you be following? a. Direct Changeover b. Parallel Operation c. Phased implementation d. Pilot Operation e. Use Case

b

46. What is the focus of Rapid Application Development (RAD)? a. Creating technically perfect systems b. Filling organizational needs c. Bypassing stakeholder input d. Creating bug free software e. Using a direct changeover integration

b

47. _______________ software is built from scratch using few commercially-obtained components. a. COTS b. Custom-built c. Developed d. Open source e. Hybrid

b

5. You are asked to provide your location and email address when downloading iTunes from the Apple site. You are also prompted to check a box if you would like any Apple News updates. This checkbox allows you to do what? a. Create account b. Opt-in c. Opt-out d. Enable cookie manager e. Identify data collection threat

b

52. Which type of outsourcing is less likely to bring about public backlash? a. Offshore outsourcing b. Onshore outsourcing c. Nearshore outsourcing d. Alien outsourcing e. International outsourcing

b

A system that has been accessed illegally is a victim of ___________. a. theft and fraud b. unauthorized access c. careless behavior d. denial of service e. automation tools

b

In order for you to enter the server room at your office you must have a key to the room, and then you must have a proper user name and password to access the server. All of the student files on the server are encrypted. What is this called? a. Layered security b. Defense in depth c. Overkill d. Organizational policy e. Information security

b

Information security is not just about technology, but also about management and _________ . a. hardware b. people c. software d. networks e. policies

b

Most antivirus programs are __________, which means that they detect viruses after an infection. a. proactive b. reactive c. reactionary d. demonstrative e. descriptive

b

What is software that monitors transmissions, capturing unauthorized data of interest called? a. Spyware b. Sniffer c. Spoofing software d. Smurfing software e. Backdoors

b

What is the term for a computer or a router that controls access in and out of the organization's networks, applications, and computers? a. Switch b. Firewall c. Bridge d. Gateway e. Hub

b

When someone logs into a website, such as Google, and it requires them to enter both password and a code sent to their smartphone, this is referred to as what? a. Common Sense b. Two-Factor Authentication c. Defense in Depth d. Phishing Protection e. Malware Protection

b

Who usually perpetrates unauthorized access? a. A hacker b. Organization insiders c. Students d. Government agencies e. Customers

b

25. When installing the latest version of Internet Explorer, a dialogue box pops up with a box checked telling you that Bing will be your automatic search provider. You have the opportunity to change this selection before continuing. This checkbox allows you to do what? a. Opt-in b. Create account c. Opt-out d. Enable cookie manager e. Identify data collection threat

c

27. With regards to PAPA, what reflects the ownership of the data about you? a. Privacy b. Accuracy c. Property d. Accessibility e. Reliability

c

28. With regards to PAPA, what reflects the access to the information systems and the data they hold about you? a. Privacy b. Accuracy c. Accessibility d. Property e. Reliability

c

30. Which of the following represents the "P" in the PLUS ethical decision-making process? a. Privacy b. Public c. Policies d. Personal e. Probable

c

38. Which phase of SDLC begins the process? a. Requirements b. Development c. Planning d. Implementation e. Maintenance

c

4. _______________ refers to data being used for other functions beyond those purposes for which they were collected. a. Scope creep b. Opt-out c. Function creep d. Privacy e. Cookies

c

40. The sales department has a requirement that the e-commerce site remains up 99% of the time. What type of requirement is this? a. Functional b. Required c. Non-functional d. Initiation e. Analysis

c

45. Which phase of SDLC involves fixing any problems that are uncovered and may involve modifying the program to meet new needs? a. Planning b. Requirements c. Maintenance d. Development e. Implementation

c

48. What type of outsourcing allows organizations to meet staffing needs without the longterm costs? a. Selective outsourcing b. Project-based outsourcing c. Personnel outsourcing d. Application outsourcing e. Complete outsourcing4-0E

c

49. Which of the following is not an advantage of outsourcing? a. Potential cost savings b. Focus on core activities c. Loss of internal competencies d. Potential for 24 hour productivity e. Shifting fixed costs to variable costs

c

51. Using a vendor that provides services from a location outside a client's region is known as: a. Onshore outsourcing b. Nearshore outsourcing c. Offshore outsourcing d. Alien outsourcing e. International outsourcing

c

55. What type of requirements describe the constraints on the system? a. Functional b. Documented c. Non-functional d. Use Case e. Input

c

59. ___________ software is a complete or nearly complete solution obtained from a third party. a. Custom-built b. Developed c. COTS d. Open source e. Hybrid

c

62. A local business decided it was worthwhile to outsource their payroll and human resources to ADP. This is an example of what type of outsourcing? a. Application b. Personnel c. Process-based d. Project-based e. Consultant

c

7. What is identity theft? a. One uses another person's account to communicate. b. Attempt by industry leaders to self-police themselves. c. One uses another person's personal information for fraudulent activities. d. Inaccuracy in personal data. e. Restricted access to personal information

c

9. A privacy policy on a website is more about the __________ than the technology. a. policy b. content c. protection d. law e. ethics

c

Biometrics are primarily used for one of two things. What are they? a. Non-repudiation, authentication b. Fingerprint recognition, iris recognition c. Authentication, identification d. Account access, recognition e. User rights, printing services

c

If a virus is embedded in a legitimate file, they are often called a(n)__________. a. worm b. hack c. Trojan horse d. theft e. active content

c

Military and Department of Defense employees are required to use a Common Access Card to gain access to military and DoD computers. What level of user access has the DoD implemented? a. Knowledge b. Trait c. Possession d. Physical e. Logical

c

What kind of threat renders a system inoperative or limits its capability to operate? a. Unauthorized access b. Theft and fraud c. Denial of service d. Forceful e. Passive

c

You recently noticed that your personal information has been altered on your university web account. You know that you did not make any changes and the registrar's office has no record of their office making changes. What type of unauthorized access are you a victim of? a. Passive b. Recording c. Active d. Smurfing e. Spoofing

c

*56. The university has a requirement that students must be allowed to view course offerings and register for classes that have empty seats. What type of requirement is this? a. Non-functional b. Required c. Functional d. Initiation e. Analysis

c *

12. What does an industry generally create in an attempt to avoid government regulations? a. Laws b. Guidelines c. Ethical d. Self-regulation e. Protection

d

14. What government privacy act protects your medical records from others? a. CIPA b. COPPA c. FERPA d. HIPAA e. GLBA

d

20. What government privacy act prevents websites from collecting personally identifiable information from children without parental consent? a. CIPA b. FERPA c. HIPAA d. COPPA e. GLBA

d

23. Which of the following is not a cost of privacy breaches upon an organization? a. Loss of customers b. Cost of repairing the breach c. Compensate customers for ID theft d. Loss of goodwill e. Loss of intellectual property

d

24. Who is responsible for ensuring that privacy policies are respected? a. The customer b. The company c. The FEC d. The FTC e. The FIP

d

26. With regards to PAPA, what reflects that the data about you is what it is supposed to be? a. Privacy b. Property c. Accessibility d. Accuracy e. Reliability

d

32. Which of the following is NOT a step in the ethical decision-making process described in the text? a. Identify alternatives b. Define the problem c. Evaluate the decision d. Minimize the impact of the decision e. Make the decision

d

33. What search engine allows you to anonymously search the Internet? a. Google b. Bing c. Yahoo! d. DuckDuckGo e. PrivateSearch

d

50. Which of the following is an advantage of outsourcing? a. Becoming dependent on service provider b. Lower morale of remaining workers c. Confidentiality compromised d. Effective way to manage capacity e. Loss of internal competencies

d

54. When planning a project, it is determined that the proposed project does not line up with existing strategies and practices. Which feasibility issue is this related to? a. Technical b. Economic c. Legal d. Organizational e. Ethical

d

57. During which phase of the SDLC are the outputs of the design phase converted into the actual information system? a. Requirements b. Design c. Implementation d. Development e. Maintenance

d

58. During which phase of the SDLC is the system made operational in a production environment? a. Requirements b. Design c. Development d. Implementation e. Maintenance

d

6. A study published in 2009 shows that ____________ methods for stealing personal information are more popular than _______________ methods. a. technology driven, low-tech b. high-tech, social c. advanced, remedial d. low-tech, technology-driven e. natural, fake

d

64. What concept is a key characteristic of processes? a. Production b. Customer relationships c. Enterprise resource d. "All or nothing" e. Process mode

d

66. Sara just began working for a new company and her boss has given her a flow chart to study so that she can better understand the processes of the organization. What function has the organization completed to have such a chart? a. SDLC b. Registration c. Gantt chart d. Process modeling e. Contracting

d

8. The best way for someone to protect themselves from identity theft is to follow basic security guidelines and __________________. a. laws b. ethics c. rules d. common sense e. definitions

d

Using a unique username and a complicated password is one possible method to verify that a user is who they say they are. What type of goal is this? a. Non-repudiation b. CIA c. Availability d. Authenticity e. Privileges

d

What is software that allows hackers to have unfettered access to everything on the system, including adding, deleting, and copying files called? a. Spyware b. Sniffers c. Keystroke capture programs d. Rootkits e. Backdoors

d

What is the term for when software is installed on a computer without authorization and encrypts files and demands payments in bitcoin before the password to encrypt the files will be provided? a. Hacking b. Malicious act c. Worm d. Ransomware e. Trojan

d

What term is used to refer to someone (or something) pretending to be someone else (or another computer)? a. Phishing b. Smurfing c. Porting d. Spoofing e. Break-in

d

What type of unauthorized access consists of simply accessing records or listening to transmissions on a network? a. Hacking b. Active c. Modifying d. Passive e. Illegal

d

When you shop online, what is an indication that the transaction is secure? a. http:// b. ftp:// c. smtp d. https:// e. POP3

d

1. Everyone has to be concerned not only about their own information privacy, but also about the information privacy of which of the following? a. Customers b. Employees c. Business partners d. Students e. All of the above

e

11. What type of information can be stored in cookies? a. IP address b. Domain c. Length of time spent on a webpage d. Password e. All of the above

e

19. Often times there are questions about using online services when conducting research or proprietary business. Those involved are often concerned about who owns the actual data that resides in the cloud. What aspect of PAPA would be called upon to ease these concerns? a. Privacy b. Accuracy c. Accessibility d. Reliability e. Property

e

3. What type of hidden collection approach tracks online browsing behavior? a. Cookies b. Key logger c. Spyware d. Trojan Horse e. Clickstream data

e

31. Which of the following represents the "L" in the PLUS ethical decision-making process? a. Losses b. Looseness c. Latency d. Literal e. Laws

e

36. The outputs of one step in the traditional SDLC flow as inputs into the next step. Because of this it is said to follow what type of method? a. Step b. Flow c. Design d. Absolute e. Waterfall

e

42. What is the main focus of the design phase of the SDLC? a. Desired level of performance b. Construction of the system c. Placing the system in production d. Integration e. How the system will satisfy requirements

e

44. The systems development committee has chosen to implement the new system in a limited number of sites based on location. What type of integration plan is being implemented here? a. Direct Changeover b. Parallel Operation c. Pilot Operation d. Use Case e. Phased implementation

e

53. When planning a project, it is determined that the investment in the proposed project will not result in any profit. Which feasibility issue is this related to? a. Technical b. Organizational c. Legal d. Ethical e. Economic

e

61. A local university contracted with IBM to implement a new database system, which the university would then administer and run. This is an example of what type of outsourcing? a. Application b. Personnel c. Process-based d. Consultant e. Project-based

e

63. What is a series of steps or tasks required to achieve a specific goal? a. Rules b. Guidelines c. Law d. Ethics e. Process

e

What are the two types of cryptography systems used in encryption today? a. Accurate, accessible b. Threat, solution c. Analog, digital d. Private, public e. Asymmetric, symmetric

e

What is a more recent and more powerful encryption algorithm widely available in most routers? a. WEP b. https c. Symmetric encryption d. Stealth e. WPA

e

What is the main solution used to prevent unauthorized access to systems, data, and applications? a. Passwords b. Biometrics c. Firewalls d. Anti-virus software e. User profiles

e

Which of the following refers to security solutions that protect access to systems, applications, or data by ensuring users or systems are authenticated and allowed to have such access? a. Physical access controls b. System access controls c. User profiles d. Account management e. Logical access controls

e

Your IT department is adding a firewall to the network. What type of protection is the department adding? a. Data access b. Application access c. Physical access d. User control e. Network access

e

___________ involves making sure that data are consistent and complete. a. Integrity b. Availability c. Confidentiality d. Authenticity e. Non-repudiation

a

What types of viruses propagate through the Internet with no user intervention? a. Worms b. Virus hoaxes c. Zero-day viruses d. Stealth viruses e. Trojan horses

a

__________ refers to hackers that try to find information that, if revealed, will advance human causes. a. Hactivism b. Anonymous c. Black-hat hacker d. Political hacking e. Government-sponsored hacking

a

When considering security threats it is very important to consider __________ and __________ of the threat on the organization. a. prevalence, impact b. impact, theft c. repudiation, availability d. authenticity, availability e. theft, prevalence

a

13. Privacy policies and privacy seals are considered ________________ mechanisms for information privacy. a. self-regulation b. legal c. guideline d. protection e. security

a

16. With regards to PAPA, what reflects the confidentiality of the data collected? a. Privacy b. Accuracy c. Property d. Accessibility e. Reliability

a

17. An online email account that you have prompts you to verify that your personal information is correct. This organization is practicing which aspect of PAPA? a. Accuracy b. Privacy c. Property d. Accessibility e. Reliability

a

18. Often times when signing up for a new account, there is a statement that includes who has access to the information you are sharing. What aspect of PAPA is being implemented? a. Accessibility b. Privacy c. Accuracy d. Property e. Reliability

a

21. What government privacy act regulates the use of private information by financial institutions? a. GLBA b. CIPA c. COPPA d. FERPA e. HIPAA

a

22. Which of the following is not part of the Fair Information Practices principles? a. Use/Repudiation b. Notice/Awareness c. Choice/Consent d. Access/Participation e. Integrity/Security

a

29. Websites often request information about you. You have a choice as to whether or not you provide this to them. What aspect of PAPA is being implemented? a. Privacy b. Accuracy c. Property d. Accessibility e. Reliability

a

35. What is the term for the framework for planning, structuring, and controlling software projects? a. Software development methodologies b. Requirements c. Documentation d. Development e. Research and design

a

37. Which of the following best describes the systems development life cycle (SDLC)? a. A disciplined approach to systems development b. A process to test new applications c. The documentation an end user follows to operate a system d. An approach to risk management of developing new software e. An analysis of industry systems

a

41. What describes a series of actions that result in an outcome for an actor? a. Use case b. Outsourcing c. Requirements d. Planning e. Development

a

60. What is the human-readable form of a software program? a. Source code b. Executable code c. Custom-built software d. Open source software e. Compiled code

a

65. Processes often extend across many ______________ boundaries. a. organizational b. integrated c. virtual d. partnered e. practice

a

A Web merchant wants to ensure that people cannot deny that they entered into a transaction, so they starting using digital signatures and encryption as part of their transaction processing. This is an example of what? a. Non-repudiation b. Integrity c. Availability d. Confidentiality e. Authenticity

a

A connection that uses encryption and other channels to provide a secured channel over an open wire connection is called a(n): a. Virtual private network b. smpt network c. Symmetric network d. Bridged network e. Switched network

a

Encryption is not only used to protect data transmissions, but it can also be used to: a. protect data on servers b. lock out users c. identify viruses d. update email e. take photographs

a

Recognizable bit patterns of a virus are known as what? a. Virus signature b. Zero-day viruses c. Stealth viruses d. Trojan horses e. Virus fingerprints

a

What is a common tactic hackers use to allow themselves re-access to a system? a. Backdoor b. Trap door c. Keystroke capture d. Rootkit e. Access file

a

What is the process of identifying, assessing and prioritizing the security risks an organization may face? a. Risk management b. Virus Risk c. Wi-Fi Protected Access d. Security e. Preventative Controls

a