IS Final

Which of the below statements exactly describes distributed systems? A.It refers to linking multiple systems to create improvements in information availability and data integrity. B.It is a system that occurs when applications processing is handled across multiple computing devices. C.It supports all functions necessary for developing and maintaining fruitful relationships with customers. D.This refers to the standards used for structuring and distributing data between systems. E.It is a computer program stored within the database that runs to keep the database consistent when certain conditions arise.

B. It is a system that occurs when applications processing is handled across multiple computing devices.

When transitioning the current system to an enterprise system, which of the following statements is FALSE? A.Careful planning is required. B.The transition typically happens quickly and without any issues. C.The organization should communicate the changes to its employees. D.Problems may develop. E.Substantial training is required.

B. The transition typically happens quickly and without any issues.

Which of the below is NOT a factor that causes expense and risks to the organization using enterprise systems? A.Requirements gaps B.Collaborative management C.Installation planning D.Employee resistance E.Transition problems

C. Installation planning

The implementation of ERP systems is a difficult and risky process due to all the following factors EXCEPT __________. A.requirements gaps B.new technology C.collaborative management D.employee acceptance E.transition problems

D. employee acceptance

When the features of an ERP product differ from the organization's requirements, the organization must determine how to deal with these __________. A.incorrect blueprints B.transition problems C.new technologies D.resistance issues E.requirements gaps

E. requirements gaps

The activity of altering existing and designing new business processes to take advantage of new information systems is called __________. A.business process reengineering B.business process restructuring C.business process revisioning D.business process alignment E.business process remediation

Respuesta: A. business process reengineering

CRM software products enable organizations to become more __________. A. customer-centric B.customized C.systematic D. self-organizing E.diverse

Respuesta: A. customer-centric

If an organization has information that is difficult to integrate because it is scattered among several different workgroup information systems, it is suffering from a problem with __________. A.operating system incompatibility B.information silos C.information time lags D.Windows E.information disparity

Respuesta: B. information silos

A component of an organization's database program code is a __________, which runs to keep the database consistent when certain conditions occur. A.dynamic procedure B.trigger C.switching code D.stored procedure E.flag

Respuesta: B. trigger

As businesses grow and their goals change, they may need to adopt new processes. Which term is used to describe the task of modifying processes? A. Self-efficacy B.Process efficiency C.Business process reengineering D.Enterprise resource planning E.Application integration

Respuesta: C. Business process reengineering

Which of the following is NOT caused by information silos? A.Limited information and lack of integrated information B.Disjointed processes C.Integration of data D.Data duplication and data inconsistency E.Increased expense

Respuesta: C. Integration of data

Which of the following is a characteristic of CRM applications? A.Sales order processing B.Capacity planning C.Sales prospecting D.Supplier management E.Fixed asset accounting

Respuesta: C. Sales prospecting

An important component of an ERP solution is a set of __________ that implement standard business processes. A.regulations B.prediction tasks C.process blueprints D.triggering events E.exceptions

Respuesta: C. process blueprints

An ERP database needs to contain a program that is used to enforce a rule that certain products are never sold at a discounted price. This is accomplished using a(n) __________. A.event handler B.event monitor C.stored procedure D.trigger E.stored alert

Respuesta: C. stored procedure

Which of the following correctly defines the CRM system? A.It is the other name for an inter-enterprise system but with limited functionality. B.It links multiple systems to create improvements in information availability and data integrity. C.It is used for structuring and distributing data between systems. D.It supports all functions necessary for developing and maintaining fruitful relationships with customers. E.It is an enterprise suite of applications called modules, a database, and a set of inherent processes.

Respuesta: D. It supports all functions necessary for developing and maintaining fruitful relationships with customers.

Inter-enterprise systems can resolve problems resulting from __________. A.distributed systems B.a service-oriented architecture C.application integration D.enterprise silos E.ERP systems

Respuesta: D. enterprise silos

The primary goal of ERP systems is __________. A.redundancy B.use of the cloud C.prediction D.integration E.backups

Respuesta: D. integration

An information silo is the condition that exists when data are __________ in separated information systems. A.deleted B.merged C.archived D.isolated E.updated

Respuesta: D. isolated

The process of reengineering business processes is made difficult for all the following reasons EXCEPT that __________. A.it takes much time to redesign business processes B.it takes highly skilled people to redesign business processes C.it is difficult to envision the new improved processes D.it is quite easy to find people who can design the new improved processes E.redesigning processes for the entire organization is extremely complex

Respuesta: D. it is quite easy to find people who can design the new improved processes

__________ systems encompass all an organization's touchpoints with its customers. A.PQM B.ACID C.SQLD. DBMS E.CRM

Respuesta: E. CRM

Which of the following is NOT a phase of the customer life cycle? A.Customer acquisition B.Marketing C.Relationship management D. Loss/churn E.Customer billing

Respuesta: E. Customer billing

An organization that is implementing the manufacturing module of an ERP system has created a contest between several workgroups. The workgroup that adopts the ERP module most successfully (based on speed and number of errors) will be awarded a bonus. The intent of such a contest is to deal with __________. A.employee resistance B.collaborative management C.requirements gaps D.upgrade stress E.transition problems

: A. employee resistance

Which of the following would take a brute force attack a couple of minutes to crack? A.A 6-character password with a mix of upper- and lowercase letters B.A 10-character password with a mix of upper- and lowercase letters C.A 10-character password with upper- and lowercase letters, numerals, and special characters D.A 12-character password of all letters E.A 6-character password with upper- and lowercase letters, numerals, and special characters

Answer: A. A 6-character password with a mix of upper- and lowercase letters

An employee who believes he is about to be terminated intentionally destroys data. This is an example of which type of threat? A.Computer crime B.Human error C.Hacking D.Natural disaster E.Sniffing

Answer: A. Computer crime

Which of the following is NOT a characteristic of future cloud-based information systems? A.Free B.Cheaper C.Faster D.Easier to use E.More secure

Answer: A. Free

o send a message over the Internet, the location of the destination, known as the __________, must be added to the message. A.IP address B.protocol C.network location D.destination node E.packet

Answer: A. IP address

The method of obtaining cloud-based services that includes only basic hardware is termed __________. A.IaaS (infrastructure as a service) B.DaaS (data as a service) C.PaaS (platform as a service) D.SaaS (software as a service) E.WaaS (web as a service)

Answer: A. IaaS (infrastructure as a service)

A private Internet that is used exclusively within an organization is sometimes called __________. A.Intranet B.PaaS C.the Internet D.IaaS E.SOHO

Answer: A. Intranet

Which of the below is a disadvantage of the cloud? A.Little visibility into true security and disaster preparedness capabilities B.Significant capital required C. Industry-wide economies of scale, hence cheaper D.Staff and train personnel E.No obsolescence

Answer: A. Little visibility into true security and disaster preparedness capabilities

A(n) __________ connects computers that reside in a single geographic location on the premises of the company that operates the network. A.Local Area Network (LAN) B.Protocol C.Internet D.Intranet E.Wide Area Network (WAN)

Answer: A. Local Area Network (LAN)

Which of the following is NOT the term related to information system security? A.Profit B.Threat C.Loss D.Safeguard E.Target

Answer: A. Profit

Which is the computer crime with the lowest average cost? A.Stolen devices B.Malicious insiders C.Phishing and social engineering D.Ransomware E. Web-based attacks

Answer: A. Stolen devices

The typical functions of the __________ server is to run a DBMS that processes requests to retrieve and store data. A.database B.WSDL C.SOA D.Web E.commerce

Answer: A. database

The world-wide unique name affiliated with a public IP address is called a __________. A.domain name B.private IP address C.cookie D.protocol E.packet

Answer: A. domain name

Information systems that support processes spanning an organization and supporting activities in multiple departments, are termed __________ information systems. A.enterprise B. inter-enterprise C.functional D.workgroup E.personal

Answer: A. enterprise

A safety procedure that enables a trusted party to have a copy of the encryption key is called key __________. A.escrow B.data safeguard C.encryption D.CRM E.exchange

Answer: A. escrow

IaaS provides basic __________ in the cloud. A.hardware B.software C.firmware D.malware E.DBMS

Answer: A. hardware

Many companies create __________, which are false targets for computer criminals to attack. A.honeypots B.antivirus C.firewalls D.DBMS E.encryption

Answer: A. honeypots

The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is an example of __________. A.physical security B.encryption C.a technical safeguard D.firewall E.a key escrow

Answer: A. physical security

Organizations need to know how well their processes are achieving organizational goals. This is known as __________. A.process effectiveness B.inherent processes C.process quality D.process efficiency E.business process reengineering

Answer: A. process effectiveness

Google has projects underway that will increase the Internet's __________. A.speed and spread B.connections and quality C.redundancy and routing time D.limits and rules E.duplication and replication

Answer: A. speed and spread

Sources of security threats include all the following EXCEPT __________. A.systems performance B.computer crime C.disasters D.human errors and mistakes E.natural events

Answer: A. systems performance

All communication standards associated with local area networks are governed by __________. A.the IEEE 802 protocol B.WAN standards C.Amazon and Google D.ISP standards E.packet standards

Answer: A. the IEEE 802 protocol

Organizational security policies should address all the following issues EXCEPT __________. A.whether data marting will be tolerated B.what sensitive data the organization will store C.how employees and others can request changes to inaccurate data D.whether data will be shared with other organizations E.how sensitive data will be processed

Answer: A. whether data marting will be tolerated

The computers in two separated company sites must be connected using a(n) __________. A.wide area network (WAN) B.intranet C.protocol D.local area network (LAN) E.Internet

Answer: A. wide area network (WAN)

Which of the following organizations will be interested in using the "cloud"? A.An organization who wants in-depth visibility of security B.An organization who wants to increase or decrease their computing resources dynamically C.An organization who wants to create and maintain their own hosting infrastructure D.An organization who wants physical control over their data E.An organization who wants legal control over their data

Answer: B. An organization who wants to increase or decrease their computing resources dynamically

The method of obtaining cloud-based services that include hardware infrastructure, operating system, and application programs is termed __________. A.IaaS (Infrastructure as a Service) B.SaaS (Software as a Service) C.PaaS (Platform as a Service) D.WaaS (Web as a Service) E.DaaS (Data as a Service)

Answer: B. SaaS (Software as a Service)

For better security, which of the following is NOT a measure an organization should follow? A.Should keep a detail about when someone entered the facility B.The storage facilities can be left unlocked C.The systems should be access-controlled D.Should keep a log about who entered the facility E.Should keep a detail about the purpose if someone entered the facility

Answer: B. The storage facilities can be left unlocked

A university professor accidently leaves a sheet of paper in a classroom containing the scores on the recent exam for the class, listed by student ID number. This represents what type of loss? A.Denial of service B.Unauthorized data disclosure C.Faulty service D.Loss of infrastructure E.Incorrect data modification

Answer: B. Unauthorized data disclosure

Which is the single most important safeguard that an individual computer user can implement? A.Updating anti-virus software B.Using strong passwords C.Using http at trusted vendor sites D.Clearing cookies and browser history E.Removing high-value data assets from the computer

Answer: B. Using strong passwords

Use of strong passwords helps protect against __________ in which computing power is used to try every possible combination of characters to guess the password. A.insider attacks B.brute force attacks C.spoofing attacks D.spamming attacks E.light touch attacks

Answer: B. brute force attacks

Process __________ measures the ratio of process outputs to inputs. A.utility B.efficiency C.flexibility D.capability E.effectiveness

Answer: B. efficiency

A(n) __________ will stipulate what an employee should do when he notices something like a virus. A.cookie B. incident-response plan C.firewall D.malicious code E.safeguard

Answer: B. incident-response plan

Studies of computer crime reveal that __________ is the single most expensive consequence of computer crime. A.employee confusion B.information loss C.infrastructure damage D.business disruption E.equipment loss

Answer: B. information loss

The concept that prohibits the ability of ISPs to manage the flow of network traffic over their networks is termed __________. A.wide area networks B.net neutrality C.hop restrictions D.bandwidth limits E.maximum transmission speeds

Answer: B. net neutrality

A network that relies primarily on wireless connection of devices located near to a single person is a __________. A.private area network B.personal area network C.local area network D.wide area network E.limited area network

Answer: B. personal area network

The measure of the ratio of how well a process achieves organizational strategy is known as __________. A.process efficiency B.process effectiveness C. input/output totals D. input/output topology E. input/output technology

Answer: B. process effectiveness

Process efficiency is the measure of the ratio of __________ . A.process outputs to process activity B.process outputs to inputs C.process inputs to outputs D.process activity to process input E.process structure to process resources

Answer: B. process outputs to inputs

Data in an inter-enterprise system is contributed from many sources, integrated into a database, and transformed into information for users with a __________ application. A.summarizing B.reporting C.data distribution D.finalizing E.forecasting

Answer: B. reporting

If an organization takes a strong position and mandates that its employees create strong passwords, it is engaging in a trade-off between __________. A.flexibility and vulnerability B.security and freedom C.compliance and safety D.convenience and compliance E.cost and safety

Answer: B. security and freedom

The use of usernames and passwords is an important __________ safeguard to identify and authenticate legitimate users of the system. A.human B.technical C.firewall D.malware E.data

Answer: B. technical

A connection that is a virtual, private pathway over a public or shared network from the VPN client to the VPN server is called a(n) __________. A.CDN (content delivery network) B.tunnel C.Hop D.SOA E.IWS (Internal Web service)

Answer: B. tunnel

The sharing of physical hardware by many organizations in the cloud, termed pooling, is accomplished with __________. A.provisioning B.virtualization C.visualization D.segmentation E.separation

Answer: B. virtualization

A content delivery network (CDN) is __________. A.a system of hardware and software that stores user data in many different geographical locations and does not let anyone access it B.a system of hardware and software that stores user data in many different geographical locations and makes those data available on demand C.a network of servers that are not capable of delivering small data D.a system of only hardware that stores user data in many different geographical locations and makes those data available on demand E.a highly unreliable storage of data on many networks or servers

Answer: B.a system of hardware and software that stores user data in many different geographical locations and makes those data available on demand

__________ uses the Internet to create the appearance of private, secure connections A.Infrastructure as a Service (IaaS) B.SOAP C.A virtual private network (VPN) D.A private cloud E.Software as a Service (SaaS)

Answer: C. A virtual private network (VPN)

Long-term attacks focused on stealing confidential data and intellectual property that are perpetrated by large, well-funded organizations are called __________. A.hack floods B.criminal hack threats C.Advanced Persistent Threats D.repetitive threat syndrome E.denial of service attacks

Answer: C. Advanced Persistent Threats

Which of the following is NOT covered under human safeguards? A.Accountability B.Training and procedure design C.Application design D.Assessment E.Hiring and education

Answer: C. Application design

Which of the following is covered under technical safeguards? A.Encryption B.Backup and recovery C.Application design D.Physical security E.Procedure design

Answer: C. Application design

Which of the following cloud services can eHermes use to distribute its content worldwide as it grows and expands into new markets? A.IWS (internal Web services) B.IaaS (infrastructure as a service) C.CDN (content delivery network) D.SaaS (software as a service) E.PaaS (platform as a service)

Answer: C. CDN (content delivery network)

__________ will enable an organization to determine whether it is under systematic attack or whether an incident is isolated. A.Practicing response to an attack B.Encryption C.Centralized reporting D.Quickly responding to an attack E.Training personnel

Answer: C. Centralized reporting

Which of the following is NOT a way to improve process quality? A.Change the process resources. B.Change both process structure and resources. C.Change the process names. D.Change the process structure. E.Reorganize the process.

Answer: C. Change the process names.

A manufacturing company would like to allow its employees to access data from a single database using various devices. For example, salespeople will be using smartphones, whereas the warehouse personnel will be using other handheld devices for their purposes. Which of the following accurately describes the type of system this company will need? A.CRM systems B.SCM system C.Distributed system D.Functional information system E.ARES

Answer: C. Distributed system

__________ is a technical safeguard that ensures that if stored or transmitted data is stolen it cannot be understood. A.Identification B.firewall C.Encryption D.Malware protection E.Authentication

Answer: C. Encryption

Which of the following results in a need for inter-enterprise systems? A.Dynamic processes B. Service-oriented architecture C.Enterprise silos D.Structured processes E. Self-efficacy

Answer: C. Enterprise silos

Which of the following is likely to occur in the next 10 years? A.Improvements in technology will mean cloud vendors will no longer need to invest in safeguards. B.Security experts will eventually win the battle against computer criminals. C.Major incidents of cyberwarfare are likely. D.Threats from cyber-gangs will cease to exist. E.Public officials will stay ahead of the technology curve.

Answer: C. Major incidents of cyberwarfare are likely.

Which of the following is NOT one of the ways that organizations use the cloud? A.SaaS (software as a service) B.PaaS (platform as a service) C.SCaaS (security control as a service) D.CDN (content delivery network) E.IaaS (infrastructure as a service)

Answer: C. SCaaS (security control as a service)

Which of the below is NOT a type of "Computer Crime" which affects IS security? A.Stolen devices B.Malicious insiders C.Social engineering and surfing D.Phishing and social engineering E. Web-based attacks

Answer: C. Social engineering and surfing

Which of the following is NOT a threat related to "Unauthorized data disclosure" under computer crime? A.Sniffing B.Spoofing C.Surfing D.Pretexting E.Phishing

Answer: C. Surfing

The rules providing the foundation of the Internet are known as the __________. A.SMTP standard B.XML language C. TCP/IP protocol architecture D.SNMP framework E.HTTPS concept

Answer: C. TCP/IP protocol architecture

__________ information systems, also known as functional information systems, exist to support one or more processes within the workgroup. A. Inter-enterprise B.Enterprise C.Workgroup D.Process E.Personal

Answer: C. Workgroup

All the following statements are good practices to protect against security threats, EXCEPT __________. A.never sending valuable data such as credit card numbers in email or IM B.using long and complex passwords C.backing up your browsing history, temporary files, and cookies D.not using the same password for all your accounts E.buying only from online vendors that use https in their transactions

Answer: C. backing up your browsing history, temporary files, and cookies

Because users often neglect to create strong passwords, some organizations choose to also employ __________ authentication using fingerprint scans or retina scans. A.smart B.biological C.biometric D.feature E.human

Answer: C. biometric

A(n) __________ is a network of activities that generates value by transforming inputs into outputs. A.network B.activity C.business process D.function E.capability

Answer: C. business process

Collaboration is an important component of a __________. A.structured process B.process that supports operational decision making C.dynamic process D.functional application E.standardized process

Answer: C. dynamic process

A negative consequence of the expanding use of the cloud will be __________. A.reduced availability of cloud services B.large increases in cloud vendor data center job openings C.fewer local jobs that focus on the installation and support of email and other servers D.higher costs of cloud services E.slower performance of cloud-based services

Answer: C. fewer local jobs that focus on the installation and support of email and other servers

Organizations (and you personally) can use one or more __________ to filter the data transmissions allowed into your computer network. A.brick walls B.data moats C.firewalls D.security fences E.screens

Answer: C. firewalls

Since public users of Web sites are difficult to hold accountable for security violations, organizations take steps to __________ the Web site. A.hide B.obscure C.harden D.scour E.cement

Answer: C. harden

In the future, ERP customers will store most of their data on cloud servers managed by cloud vendors and store sensitive data on servers that they manage themselves. This arrangement is known as the __________ model. A.relational B.mixed C.hybrid D.joint E.logical

Answer: C. hybrid

The problems of cloud-based ERP are likely to be sorted out in the future through the development of a(n) __________ in which most data are stored on cloud-based servers and sensitive data is stored on in-house managed servers. A.merged model B.linked system C.hybrid model D.magic solution E.augmented approach

Answer: C. hybrid model

The next major security challenges will likely be those affecting __________. A.software applications B.personal computers C.mobile devices D.DBMS E.people

Answer: C. mobile devices

The __________ nature of cloud computing resources means that hardware is shared by many users through virtualization. A.stretchy B.responsive C.pooled D.elastic E.resilient

Answer: C. pooled

A(n) __________ is a set of rules and data structures that governs communication on the Internet and supports cloud processing. A.Internet exchange point B.commerce server C.protocol D.public IP address E.Web server

Answer: C. protocol

An important new trend revealed by research on security threats is that __________. A.costs of after-the-fact responses are extremely high B.stolen device losses are the largest category C.ransomware and Web-based attacks are increasingly serious D.organizations are no longer bothered by security threats E.security safeguards seem ineffective

Answer: C. ransomware and Web-based attacks are increasingly serious

A difficult aspect of understanding the cost of computer security threats is the fact that most data are based on __________ methods that have several weaknesses. A.estimation B.forecasting C.survey D.verification E.projection

Answer: C. survey

The most likely reason that an organization should not consider using the cloud is __________. A.the organization faces too much competition in its industry segment B.the organization feels the clouds benefits are unclear C.the organization is legally prohibited from losing physical control over its data D.the organization is not technically sophisticated E.the organization wants to wait for the cloud to mature

Answer: C. the organization is legally prohibited from losing physical control over its data

Password management best practices include all the following recommendations EXCEPT __________. A.users must comply with the organization's minimum password length B.users may not use a password that has been used previously C.users may retain the same password indefinitely to make it easier to remember D.users must create a new unique password immediately when first granted account access E.users must create a new password every three months

Answer: C. users may retain the same password indefinitely to make it easier to remember

The following are all disadvantages of in-house hosting compared to use of the cloud, EXCEPT __________. A.capital investment B.development effort C.visibility of security measures D.flexibility and adaptability to fluctuating demand E.obsolescence risk

Answer: C. visibility of security measures

A __________ is a type of malware that self-propagates using the Internet or other computer network. A.caterpillar B.Trojan horse C.worm D.fireplug E.spoofer

Answer: C. worm

Which of the following statements about virtual private networks (VPNs) is NOT accurate? A.VPNs use the Internet to create the appearance of private, secure connections. B.A secure connection gets established between a VPN client and a VPN server. C.VPNs provide secure communications over the Internet, but they are so complex and expensive that only the military and government organizations can use them. D.Once an Internet connection is made, VPN software on the remote user's computer establishes a connection with a VPN server. E.VPNs use encryption to secure communications over the public Internet.

Answer: C.VPNs provide secure communications over the Internet, but they are so complex and expensive that only the military and government organizations can use them.

Which of the following is NOT one of the factors involved with security incident response? A.The company should practice incident response. B.The company should implement specific responses, which are speedy and do not make the problem worse. C.The company should have a plan in place to respond to incidents. D.Any employee involved in any type of security incident should be immediately terminated. E.The company should use a centralized reporting procedure.

Answer: D. Any employee involved in any type of security incident should be immediately terminated.

What is the benefit of having in-house hosting over cloud? A.No obsolescence B.Speedy development C.Known cost structure D.Control over and knowledge of data location E.Small capital requirements

Answer: D. Control over and knowledge of data location

__________ processes are flexible, informal, and adaptive processes that normally involve strategic and less structured managerial decisions and activities. A.Structured B.Organized C.Passive D.Dynamic E. Rule-driven

Answer: D. Dynamic

Which of the following statements is NOT accurate? A.There are no standards for tallying computer crime costs. B.When conducting studies on the cost of computer crimes, some organizations do not report all their losses. C.We do not know the full extent of the financial and data losses due to computer security threats. D.Forms of usurpation deny access to legitimate users. E.Threats that involve hacking are attempts to obtain private data.

Answer: D. Forms of usurpation deny access to legitimate users.

__________ personnel have been, often inadvertently, the source of serious security risks. A.Database administration B.Senior management C.Data administration D.Help desk E.IS operations

Answer: D. Help desk

__________ agreements ensure that communications carriers exchange traffic on their networks freely. A.Neutral B.Hopping C.Exchange D.Peering E.Free use

Answer: D. Peering

Which components of information systems are involved in human safeguards? A.Only people B.Data and people C.Software and people D.People and procedures E. People, hardware, and software

Answer: D. People and procedures

In an accounts payable department, the department supervisor can both approve an expense and write a check to cover the expense. This situation illustrates ignoring which type of human safeguard? A.Insufficient screening B.Incomplete termination procedures C.Least possible privilege D.Separation of duties E.Inadequate hiring procedures

Answer: D. Separation of duties

__________ provides not only hardware infrastructure, but an operating system and application programs as well. A.Wiring as a service (WaaS) B.Platform as a service (PaaS) C.Infrastructure as a service (IaaS) D.Software as a service (SaaS) E.CDN

Answer: D. Software as a service (SaaS)

Which of the following statements is NOT correct for private clouds? A.Private clouds provide security within the organizational infrastructure. B.Private clouds can possibly provide secure access from outside that infrastructure. C.They are built on top of public cloud infrastructure using VPN tunneling. D.They enable the business to maintain physical control over its stored data. E.They create a farm of servers managed with elastic load balancing.

Answer: D. They enable the business to maintain physical control over its stored data.

A(n) __________ connects computers at different geographic locations. A.Internet B.Intranet C.Protocol D.Wide Area Network (WAN) E.Local Area Network (LAN)

Answer: D. Wide Area Network (WAN)

Which of the following practices causes a risk to your password? A.You should change your password frequently. B.You should not reuse your password. C.You should use a long password. D.You should use similar passwords for different sites. E.You should use different passwords for different sites.

Answer: D. You should use similar passwords for different sites.

The most significant contributing factor to problems with data integrity is __________. A.slow processes B.limited information C.disjointed processes D.data duplication E.incomplete backups

Answer: D. data duplication

According to Ponemon, "Value lies in __________ and not in __________." A. software; hardware B. data; code C. software; data D. data; hardware E.information system; data

Answer: D. data; hardware

All the following are ways that an information system can be used to improve process quality EXCEPT __________. A.ensuring the correct process flow is followed B.performing an activity in the process C.ensuring the quality of the data associated with the process D.enabling the process to follow a random process E.assisting the human who is performing an activity in the process

Answer: D. enabling the process to follow a random process

Preventing unauthorized network access using hardware or a hardware/software combination is accomplished with a(n) __________. A.malware definition B.encryption key C.authentication D.firewall E.key escrow

Answer: D. firewall

When user accounts are defined so that the user has access only to the minimum data and actions required to complete his/her job responsibilities, the principle of __________ is in use. A.accountability B.separation of duties C.compliance D.least possible privilege E.separation of authority

Answer: D. least possible privilege

According to recent research, the type of computer crime with the highest average cost involves __________. A.spoofers B.hackers C.phishers D.malicious insiders E.crime syndicates

Answer: D. malicious insiders

An often-neglected portion of an organization's incident readiness is __________. A.specific response B.centralized reporting C.decentralized response D.practice E.decentralized reporting

Answer: D. practice

Communication __________ enable a mixture of wired and wireless devices to connect over a network. A.languages B.connections C.filters D.protocols E.forms

Answer: D. protocols

In a security system the purpose of a username is to __________. A.add complexity B.provide authentication C.enable screening D.provide identification E.provide interpretation

Answer: D. provide identification

A special version of asymmetric encryption called __________ is used on the Internet. A.AES B.DES C.private key encryption D.public key encryption E.3DES

Answer: D. public key encryption

An important cloud design philosophy that defines all interactions among computing devices as services in a formal standardized way is termed the __________. A. standard-operational access B. service-options available C. simple-option access D. service-oriented architecture E. seamless-operations architecture

Answer: D. service-oriented architecture

A business process that includes formally defined, standardized processes that involve day-to-day operations is said to be a __________ business process. A.predictable B.uniform C.dynamic D.structured E.stable

Answer: D. structured

A __________ is a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge. A.target B.safeguard C.loss D.threat E.vulnerability

Answer: D. threat

The prevailing architecture for Web applications is the __________ architecture. A. single-tier B. two-tier C. combination-tier D. three-tier E. production-tier

Answer: D. three-tier

When a person transmits personal data over the Internet during a transaction, the transmitted data is __________ threats unless appropriate __________ are taken. A.invulnerable to; threats B.protected from; measures C.exposed to; loss leaders D.vulnerable to; safeguards E.immune to; countermeasures

Answer: D. vulnerable to; safeguards

An organization's policy statement about customer data should include all the following elements EXCEPT __________. A.who can see sensitive data B.what sensitive data will be stored C.whether sensitive data will be shared D.what field is used as the primary key E.how sensitive data will be processed

Answer: D. what field is used as the primary key

Which of the following correctly describes a service-oriented architecture (SOA)? A.Programs that run on a server-tier computer and manage traffic by sending and receiving Web pages to and from clients B.Identifies a particular device on the public Internet C.The protocol used between browsers and Web servers D.An application program that runs on a server-tier computer E.All interactions among computing devices are defined as services in a formal, standardized way

Answer: E. All interactions among computing devices are defined as services in a formal, standardized way

Which of the following is the most accurate and complete definition of the cloud? A.Computers somewhere out there B.Easily accessible data storage C.Computing resources available to anyone D.A bubble on a network diagram E.Elastic leasing of pooled computer resources over the Internet

Answer: E. Elastic leasing of pooled computer resources over the Internet

Which of the following is NOT one of the personal security safeguards that users should implement? A.Do not send valuable data via email or IM. B.Take security seriously. C.Use multiple passwords. D.Create strong passwords. E.Fix any suspicious software problems by rewriting the bad source code.

Answer: E. Fix any suspicious software problems by rewriting the bad source code.

Which of the following is considered a computer crime? A.Internal software bug deleting customer records B.Poorly written programs resulting in data losses C.Data corruption through inaccurate updates D.Loss of data because of flooding E.Hacking of information systems

Answer: E. Hacking of information systems

Which of the following is true about a VPN? A.It appears as a secure connection, though it is not. B.It uses private networks instead of the public network. C.The actual internal LAN addresses are sent in the VPN messages on the Internet. D.It does not provide users with remote access. E.It encrypts messages to ensure secure transmissions.

Answer: E. It encrypts messages to ensure secure transmissions.

Which of the following is the distinguishing feature of a WAN as compared to a LAN? A.Bandwidth B.Communication capacity C.Network hardware D.Limits on number of users E.Multiple distant locations

Answer: E. Multiple distant locations

If eHermes wished to install some of its own custom developed application software in the cloud, it would need to obtain __________ cloud resources. A.WaaS (web as a service) B.DaaS (data as a service) C.SaaS (software as a service) D.IaaS (infrastructure as a service) E.PaaS (platform as a service)

Answer: E. PaaS (platform as a service)

__________ is a remote access system that enables physicians to provide service to patients located in hard to reach areas of the world. A.Telelaw B.TeleExpert C.Virtual Doc D.Doc in a Box E.Telemedicine

Answer: E. Telemedicine

Which of the below is NOT an action taken by employees as part of an incident-response plan? A.The plan includes steps they can take to reduce further loss. B.The plan includes whom they should contact. C.The plan includes the reports they should make. D.The plan includes how employees are to respond to security problems. E.The plan includes decentralized reporting.

Answer: E. The plan includes decentralized reporting.

Enterprise information systems can solve all the following problems EXCEPT __________. A.duplicated enterprise information B.disjointed business processes C.inefficiencies of isolated systems D.extra process costs from repetition of activities E.data quality problems

Answer: E. data quality problems

Since companies do not know precisely how much demand will be placed on their computing resources in the future, an attractive element of using the cloud is the fact that it is __________. A.flexible B.dynamic C.unpredictable D.variable E.elastic

Answer: E. elastic

The most secure and hard-to-break passwords have all the following characteristics, EXCEPT __________. A.containing special characters B.containing no word in any language C.having uppercase and lowercase characters D.being a mix of letters and numbers E.having six or fewer characters

Answer: E. having six or fewer characters

Advantages of content delivery networks (CDNs) include all the following EXCEPT __________. A. pay-as-you-go B.increased reliability C.faster load times D.protection from DOS attacks E.higher costs to mobile users

Answer: E. higher costs to mobile users

When an organization encrypts sensitive data, it is important that it follow a procedure called a __________ to safeguard the loss or damage to the encryption key. A.random key B.key locker C.duplicate key D.key template E.key escrow

Answer: E. key escrow

The computers that run the DBMS and all devices that store database data should be __________. A.locked and publicly accessed B.controlled accessed and unlocked C.locked for some time D.unlocked E.locked and controlled accessed

Answer: E. locked and controlled accessed

When an incident does occur, speed is of the essence. The __________ the incident goes on, the __________ the cost. A. shorter; cheaper B. shorter; greater C. longer; cheaper D. longer; average E. longer; greater

Answer: E. longer; greater

Formatted messages are passed through networks in the form of __________. A.public IP addresses B.domain names C.protocols D.cookies E.packets

Answer: E. packets

In a security system the purpose of a username is to __________. A.enable screening B.add complexity C.provide authentication D.provide interpretation E.provide identification

Answer: E. provide identification

Assume the process of obtaining a driver's license is considered too long because of too few people who can administer the final driving test. One way to resolve this problem is to hire more people who can give the driving test. This is an example of a change in process __________. A.resources and structure B.efficiency C.structure D.redistribution E.resources

Answer: E. resources

When it comes to risk of security threats and losses, __________. A.sources of risk are diminishing B.risk is unimportant to senior management C.risk is declining every year D.only the IS department employees need be involved in this issue E.risks cannot be eliminated

Answer: E. risks cannot be eliminated

Despite the power and low cost of cloud services through the Internet, organizations must beware of __________. A.competition B.routing lags C.delivery errors D.net neutrality E.security threats

Answer: E. security threats

An information __________ is the condition that exists when data are isolated in separated information systems. A.island B.barn C.bridge D.moat E.silo

Answer: E. silo

A __________ is an opportunity for threats to gain access to individual or organizational assets. A.security flaw B.threat C.safeguard D.target E.vulnerability

Answer: E. vulnerability