MIS Final Chapter 10 & 12

A(n) ________ is a sophisticated, possibly long-running, computer hack that is perpetrated by large, well-funded organizations like governments.

Advanced Persistent Threat (APT)

Adware and spyware are similar to each other in that they both ________.

Are installed without a user's permission

A password ________ a user.

Authenticates

Which of the following is an example of a data safeguard against security threats?

Backup and recovery

_________ testing is the process of allowing future system users to try out the new system on their own

Beta

Which of the following uses an individual's personal physical characteristics such as fingerprints, facial features, and retinal scans for verification purposes?

Biometric authentication

During which of the following computer crimes does a password cracker try every possible combination of characters?

Brute force attack

________ are small files that browsers store on users' computers when they visit Web sites.

Cookies

Which of the following occurs when millions of bogus service requests flood a Web server and prevent it from servicing legitimate requests?

DOS attack

Backup and physical security are ________ against computer security threats

Data safeguards

Which of the following statements is true about position sensitivity?

Documenting position sensitivity enables security personnel to prioritize their activities.

________ take computers with wireless connections through an area and search for unprotected wireless networks.

Drive-by sniffers

The following statements is true of the composition of a development team over the different phases of the systems development life cycle

During integrated testing and conversion, the team will be augmented with business users

Which of the following is a synonym for phishing?

Email spoofing

Organizations should protect sensitive data by storing it in ________ form.

Encrypted

________ is the process of transforming clear text into coded, unintelligible text for secure storage or communication.

Encryption

Actual systems development generally works in accordance with the waterfall nature of the systems development life cycle

False

Brooks' Law holds true because a larger staff requires decreased coordination

False

Business analysts integrate the work of the programmers, testers and users

False

Estimates of labor hours and completion dates are accurate for large, multiyear projects

False

In a pilot installation, a new system is installed in phases across the organization

False

In terms of software design for custom-developed programs, the development team identifies off-the-shelf products and then determines the alterations required

False

Information systems can be acquired off-the-shelf with adaptation

False

Mock-ups of forms and reports can generate similar benefits as a working prototype

False

Organizational feasibility refers to estimating the time it will take to complete a project

False

Systems development is easy and risk free

False

The goals and scope of a new information system are determined during the requirements analysis phase of the systems development life cycle

False

The security needs of an information system are determined during the component design phase of the systems development life cycle

False

The most secure communications over the Internet use a protocol called ________.

HTTPS

Breaking into computers, servers, or networks to steal proprietary and confidential data is referred to as ________.

Hacking

Which of the following is a technical safeguard against security threats?

Identification and authorization

A user name ________ a user.

Identifies

In terms of password management, when an account is created, users should ________.

Immediately change the password they are given to a password of their own

A(n) ________ includes how employees should react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.

Incident-response plan

A(n) ________ is a computer program that senses when another computer is attempting to scan a disk or access a computer.

Intrusion detection system

Typically, a help-desk information system has answers to questions that only a true user would know. Which of the following statements is true of this information?

It helps authenticate a user

The following is true of systems development

It requires business knowledge and an understanding of group dynamics

The procedure of entrusting a party with a copy of an encryption key that can be used in case the actual key is lost or destroyed is called ________.

Key escrow

________ includes viruses, worms, Trojan horses, spyware, and adware

Malware

________ determine whether to pass each part of a message by examining its source address, destination addresses, and other such data.

Packet-filtering firewalls

A(n) ________ sits outside an organizational network and is the first device that Internet traffic encounters.

Perimeter firewall

Users of smart cards are required to enter a ________ to be authenticated.

Personal identification number

A ________ pretends to be a legitimate company and sends emails requesting confidential data.

Phisher

Mark receives an email from his bank asking him to update and verify his credit card details. He replies to the mail with all the requested details. Mark later learns that the mail was not actually sent by his bank and that the information he had shared has been misused. Mark is a victim of ________.

Phishing

Which of the following is a data safeguard against security threats?

Physical security

A person calls the Stark residence and pretends to represent a credit card company. He asks Mrs. Stark to confirm her credit card number. This is an example of ________.

Pretexting

Which of the following is a human safeguard against security threats?

Procedure design

The enforcement of security procedures and policies consists of three interdependent factors: ________.

Responsibility, accountability, and compliance

A(n) ________ is a measure that individuals or organizations take to block a threat from obtaining an asset.

Safeguard

With HTTPS, data are encrypted using a protocol called the ________.

Secure Socket Layer (SSL)

Activity log analyses constitute an important ________ function

Security monitoring

Which of the following is considered a personal security safeguard?

Send no valuable data via email or IM

A ________ has a microchip that is loaded with identifying data

Smart card

________ is a technique for intercepting computer communications

Sniffing

According to Brooks' Law, the following is a likely consequence of adding more people to late projects

The costs of training new people can overwhelm the benefits of their contribution

Which of the following statements is true of the financial losses due to computer security threats?

The financial losses faced by companies due to human error are enormous.

The following is true of information systems

They can be adapted to fit business needs

With HTTPS, data are encrypted using the Secure Socket Layer (SSL) protocol, which is also known as ________.

Transport Layer Security (TLS)

Which of the following refers to viruses that masquerade as useful programs?

Trojan horses

A development team's composition changes over time

True

As development teams become larger, the average contribution per worker decreases

True

Beta testing is the last phase of the testing process

True

Information systems involve people and procedures, so they can never be off-the-shelf

True

Interviews are conducted with system users in the requirements analysis phase of the systems development life cycle

True

It is essential to estimate a system's cost to calculate its rate of return

True

One of the major challenges in systems development is changing technology

True

Plunge installation is sometimes called direct installation

True

Testing is often called product quality assurance (PQA)

True

The cost feasibility of a systems development project depends on the scope of the project

True

The maintenance phase can start another cycle of the systems development life cycle

True

The systems development life cycle process is supposed to operate in a sequence of non repetitive phases

True

The third phase of the systems development life cycle is the component design phase

True

the description of fixes and new requirements is the input to a system maintenance phase of a systems development life cycle

True

Which of the following types of security loss is WikiLeaks an example of?

Unauthorized data disclosure

________ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.

Usurpation

Which of the following statements is true of symmetric encryption?

With symmetric encryption, the same key is used for both encoding and decoding.

The following statement is true with regard to system maintenance

all commercial software products are shipped with known failures

The following steps in the systems definition process aims to eliminate obviously nonsensical projects

assessing the project feasibility

When compared to program development, systems development is

broader in scope

A comprehensive test plan should ______

cause every line of program code to be executed

System _______ refers to the process of changing the business activity from an old information system to a new system

conversion

While designing __________, a development team must produce design documentation for writing computer code

custom-developed programs

During the requirements analysis phase of the systems development life cycle,. the development team will create a(n) ______ if the new system involves a new database or substantial changes to an existing database

data model

The first step in defining a new information system is to __________

define the goals and scope of the project

The primary purpose of the requirements analysis phase is to ________

determine and document the specific features and functions of the new system

The most important phase in the systems development process is

determining the system's requirements

The following is a typical concern for developers while using prototypes

developing a uniform funding solution for the system

Projects that spend much time ____ are sometimes said to be in analysis paralysis

documenting requirements

Normal processing procedures for operations personnel involve procedures _______

for starting, stopping and operating the system

During the _______ phase of the systems development life cycle process, developers construct, install, and test the components of the information systems

implementation

According to Brooks' Law, adding more people to a late project _____

makes the project later

______ feasibility concerns whether the new information system fits within a company's customs, culture, charter, or legal requirements

organizational

In a _________ installation, the new system runs alongside the old one until it has been tested and is fully operational

parallel

Olive, Inc., a chain of retail outlets, is converting its existing billing systems to a more robust online tool. In this process, the organization runs both the old and the new systems to compare their performances. In this case, the company is implementing the new system using __________ installation

parallel

The following is the most expensive style of system conversion

parallel installation

Software developers group fixes for high priority failures into a _______ that can be applied to all copies of a given product

patch

The following is a major concern for developers in a systems development life cycle process

performing repetitive tasks of a completed phase

In a ________ installation, an organization implements an entire system on a limited portion of the business

pilot

The following styles of system conversion shuts off the old system and starts the new system

plunge installation

In the following phases of the systems development life cycle do developers identify the particular features and functions of a new system

requirement analysis

The easiest and cheapest time to alter the information system is in the ______ phase of the systems development life cycle

requirements analysis

Software vendors usually bundle fixes of low-priori problems into _______

service packs

Developers in the ______ phase of the systems development life cycle use management's statement of the system needs in order to begin developing a new information system

system definition

The following is the first phase of the systems development life cycle process

system definition

During requirements definition, a development team's composition would be typically heavy with _________

systems analysts

The following personnel design the procedures for a business information system

systems analysts

The ____ approach is the classical process used to develop information systems

systems development life cycle (SDLC)

The process of creating and maintaining information systems is called

systems develpment

The following is true with regards to bigger and longer projects

the changes in requirements increases

The following personnel on a development team have the final say on whether a system is ready for use

users