MIDTERM, ISM3011 - Chapter 2 key terms, ISM 3011 - Chapter 1 key terms, Information Systems Chapter 13, IT Test 1, WEEK 5:: SYSTEM HARDENING, CSC Chpt 2 Exam Questions, CTS 115 Fall 2017 Information Systems Unit 1, IT

Using a bastion host allows for which of the following? Select all that apply.

- Applying more restrictive firewall rules - Having more detailed monitoring and logging - Enforcing stricter security measures Bastion hosts are special-purpose machines that permit restricted access to more sensitive networks or systems. By having one specific purpose, these systems can have strict authentication enforced, more firewall rules locked down, and closer monitoring and logging.

Disabling unnecessary components serves which purposes? Check all that apply.

- Increasing Performance (NO) By disabling unnecessary components, system performance might improve, since this frees up system resources. That's not the intention behind this practice, though. - Closing attack vectors. (YES) - Reducing the attack surface (YES) Every unnecessary component represents a potential attack vector. The attack surface is the sum of all attack vectors. So, disabling unnecessary components closes attack vectors, thereby reducing the attack surface.

What benefits does centralized logging provide? Check all that apply.

- It allows for easier logs analysis - It helps secure logs from tampering or destruction. Centralized logging is really beneficial, since you can harden the log server to resist attempts from attackers trying to delete logs to cover their tracks. Keeping logs in place also makes analysis on aggregated logs easier by providing one place to search, instead of separate disparate log systems

What are some of the shortcomings of antivirus software today? Check all that apply.

- It can't protect against the unknown threats. ? Antivirus software operates off a blacklist, blocking known bad entities. This means that brand new, never-before-seen malware won't be blocked.

What does full-disk encryption protect against? Check all that apply.

- Tampering with system files - Data theft With the contents of the disk encrypted, an attacker wouldn't be able to recover data from the drive in the event of physical theft. An attacker also wouldn't be able to tamper with or replace system files with malicious ones.

The Internet is migrating to Internet Protocol version 6 (IPv6), which uses _____ addresses to provide for many more devices than earlier versions.

128-bit

Why are advances in 5G technology expected to influence the IoT?

5G enables many devices to transmit data quickly to the cloud.

Failover

A backup technique that involves automatically switching applications and programs to a redundant or replicated server, network, or database to prevent interruption of service.

Bring Your Own Device (BYOD)

A business policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications.

Transport Layer Security (TLS)

A communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.

managed security service providers (MSSPs)

A company that monitors, manages, and maintains computer and network security for other organizations.

distributed denial-of-service (DDoS) attack

A cyberattack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.

structure

A definition of the relationships among the members of an organization including their roles, responsibilities, and lines of authority necessary to complete various activities.

computer forensics

A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

Business Continuity Plan

A document that includes an organization's disaster recovery plan, occupant emergency evacuation plan, continuity of operations plan, and an incident management plan.

disaster recovery plan

A documented process for recovering an organization's business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster such as a flood, fire, or electrical outage.

next generation firewall (NGFW)

A hardware- or software-based network security system that can detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

supply chain

A key value chain whose primary processes include inbound logistics, operations, outbound logistics, marketing and sales, and service.

Department of Homeland Security (DHS)

A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a "safer, more secure America, which is resilient against terrorism and other potential threats."

Botnet

A large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owners.

What is an attack vector?

A mechanism by which an attacker can interact with your network or systems. An attack vector can be thought of as any route through which an attacker can interact with your systems and potentially attack them.

Leavitt's Diamond

A model that states an organization's information systems operate within a context of people, technology infrastructure, processes, and structure.

U.S. Computer Emergency Readiness Team (US-CERT)

A partnership between the Department of Homeland Security and the public and private sectors; established to provide timely handling of security incidents as well as conducting improved analysis of such incidents.

Certification

A process for testing skills and knowledge.

security audit

A process that enables the organization to identify its potential threats, establish a benchmark of where it is, determine where it needs to be, and develop a plan to meet those needs.

strategic planning

A process that helps managers identify desired outcomes and formulate feasible plans to achieve their objectives by using available resources and capabilities.

mission-critical processes

A process that plays a pivotal role in an organization's continued operations and goal attainment.

_____ is typically used to temporarily hold small units of program instructions and data immediately before, during, and after execution by the central processing unit (CPU).

A register

Value Chain

A series (or chain) of activities that an organization performs to transform inputs into outputs in such a way that the value of the input is increased.

information system

A set of interrelated components that work together to support fundamental business operations, data reporting and visualization, data analysis, decision making, communications, and coordination within an organization

Proceudre

A set of steps that need to be followed to achieve a specific end result, such as entering a customer order, paying a supplier invoice, or requesting a current inventory report.

process

A structured set of related activities that takes input, adds value, and creates an output for the customer of that process.

False

A sustaining innovation is one that initially provides a lower level of performance than the marketplace has grown to accept.

Firewall

A system of software, hardware, or a combination of both that stands guard between an organization's internal network and the Internet, and limits network access based on the organization's access policy.

encryption key

A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.

__________ properties of SQL databases help ensure the integrity of data in the database.

ACID

recovery cost

After a successful cyberattack, the funds spent on repairing affected systems, restoring lost data, and performing a post-incident analysis are considered part of the _____.

​A company's risk assessment process can include numerous threats to the computers and networks. Which of the following can be considered an adverse event?

All of the above

technology infrastructure

All the hardware, software, databases, networks, facilities, and services used to develop, test, deliver, control, or support the information technology applications and services an organization requires to meet the needs of its customers, suppliers, key business partners, regulatory agencies, and employees.

the U.S. government is obligated to do all that it can to ensure citizens' security

Americans who are in favor of expanded government surveillance programs argue that _____.

explicit

An attack on an information system that takes advantage of a particular system vulnerability.

zero-day attack

An attack that takes place before the security community becomes aware of and fixes a security vulnerability.

True

An employee who is marked for a lay-off sent threatening emails to his boss, stating that he is going to delete sensitive data. This employee can be charged under the Computer Fraud and Abuse Act.

Enterprise information system

An information system that an organization uses to define structured interactions among its own employees and/or with external customers, suppliers, government agencies, and other business partners.

inter-organizational IS

An information system that enables sharing of information and conducting business electronically across organizational boundaries.

personal information system

An information system that improves the productivity of individual users in performing stand-alone tasks.

According to Lewin and Schein's 3-stage model of organizational change, which of the following tasks would be found in the 'unfreezing' stage?

Assign leaders and implementation team

You work for a company that is growing. Originally, all the users in all departments had access to all the data in the database. It is considered a security risk. What is an appropriate action to reduce the risk?

Assign roles and privileges to users so that only job-relevant data is accessible to the user.

A good defense in depth strategy would involve deploying which firewalls?

Both host based and network based firewalls. Defense in depth involves multiple layers of overlapping security. So, deploying both host- and network-based firewalls is recommended.

Four drivers that set the information strategy and determine information system investments include corporate strategy, technology innovations, innovative thinking, and

Business unit strategy

Which of the following is a markup language for defining the visual design of a Web page or group of pages?

Cascading Style Sheets (CSS)

Suppose, you need to advise someone about getting a certification. Which of the following will be appropriate advice?

Certifications are vendor-specific

_____ refers to a computing environment where software and storage are provided as an Internet service and accessed with a Web browser.

Cloud computing

virus signature

Code that indicates the presence of a specific virus.

CIA security triad

Confidentiality, integrity, and availability form the basis of the CIA security triad.

​Which of the following subject areas does the USA Patriot Act cover?

Cyberterrorism

How is data governance different from data management?

Data governance is the core component of data management.

The individual who is responsible for planning, designing, creating, operating, securing, monitoring, and maintaining databases is the

Database Administrator

security policy

Defines an organization's security requirements, as well as the controls and sanctions needed to meet those requirements.

strong password is 8- 10 characters and contains a capital letter, a number, and a symbol. They are stronger when your the only one that knows it

Discuss what makes a password strong.

is a class of software used to meet organization-wide business needs and typically shares data with other enterprise applications used within the organization.

Enterprise

often raise an organization's priority with suppliers and other business partners

Ethical business practices _____.

In the utilities industry, IoT sensors are used extensively to capture operational data and help the utility provider achieve 24/7 uptime.

False

The Transmission Control Protocol (TCP) is responsible for managing IP addresses and Internet domain names

False

Five actions an organization must take in the event of a successful cyberattack include incident notification, protection of evidence and activity logs, incident containment, eradication, and incident

Follow-Up

Which federal statute protects individuals against unreasonable searches and seizures by requiring warrants to be issued only upon probable cause?

Fourth Amendment

Which of the following systems can help identify your current geolocation?

GPS

choosing an alternative

Graydon noticed Jack, his friend and classmate, cheating on a physics exam and now he is trying to decide what to do about it. He knows he could keep quiet about it, but that would violate his moral values, plus the school's code of ethics requires students to report incidents of cheating. On the other hand, if he reports the incident, both his friend and probably all of their other friends will be mad at him. In which phase of the ethical decision-making process is Graydon?

_____ is a visa program that allows skilled employees from foreign lands into the United States.

H-1B

Unlike the EU, the U.S. has no single, overarching national data privacy policy.

How do fair information practices in the United States and the European Union differ?

A key ethical question related specifically to safety-critical software development is:

How much testing is enough when you are building a product whose failure could cause loss of human life?

all of these

Important functions of the chief information officer include

implement the decision

In which step of the ethical decision-making process is it essential to communicate well with all stakeholders and have someone they trust and respect explain why things are changing and how this will benefit them?

The second phase of an Advanced Persistent Threat attack is _____.

Incursion

________ provide data and instructions to the computer and receive results from it.

Input/output devices

If your home air conditioner has an IP address, it is part of the ____.

Internet of Things

Which of the following takes automation to a deep, broad level--one where interconnectivity between various devices exists in a way it never did before?

Internet of Things

How does software-defined networking reduce both the risk of human error and overall network support and operations costs?

It automates configuration, policy management, and other tasks.

How is binary whitelisting a better option than antivirus software?

It can block unknown or emerging threats. By blocking everything by default, binary whitelisting can protect you from the unknown threats that exist without you being aware of them.

Which of the following statements is true of a database?

It helps companies analyze information to identify new market opportunities.

Which of the following is the correct description of a firewall?

It is a software and hardware combination that limits the incoming and outgoing Internet traffic.

​Which of the following is the correct description of a firewall?

It is a software and hardware combination that limits the incoming and outgoing Internet traffic.

Which statement is true regarding the End User License Agreement for a software application?

It may explicitly accommodate multiple users of the software.

What happens to the data gathered by IoT sensors?

It passes over the network and is gathered and stored.

Sarah, as the head of a business division, wants to set up a network access account for a new employee. She should call the _____ to get this done.

LAN administrator

You have been hired as the new Information Security consultant at XYZ Inc. Which of these employee behaviors would be a top security concern?

Leaving laptop computers unattended in public space

lawsuits initiated by consumers who incurred damages

Legal consequences following a successful cyberattack on a well-known organization often include _____.

password based multi factor certificate based

List different authentication methods

This harmful malware is triggered by a specific event, such as Friday the 13th

Logic Bomb

Many organizations outsource their network security operations to a(n) _____. a. VPN b. HIPAA c. MSSP d. CSFA

MSSP

ransomeware

Malware that stops you from using your computer or accessing your data until you meet certain demands.

Monte's employer provides SaaS applications for its staff to use for their daily job functions. This means that ____.

Monte can sign in to use these applications from any computer or device

including hardware mechanisms to back up or verify software functions

One example of an ethical dilemma related to safety-critical systems is whether to risk making the product more expensive, and potentially less appealing to customers, by _____.

True

One of the primary roles of a senior IS manager is to communicate with other areas of the organization to determine changing business needs.​

What's the purpose of escrowing a disk encryption key?

Performing data recovery. While full-disk encryption provides data integrity, the key escrow process is just a backup or recovery mechanism. This way, the encrypted data can still be accessed if the password is lost or forgotten.

Which of the following is NOT a popular vendor of firewall software?

Red Hat

​Which of these organizations offers guidelines on developing security policies?

SANS

_______________ are three subclasses of computers associated with the multiple-user computer. a. Smartphone, laptop, notebook, and tablet b. Thin client, desktop, nettop, and workstation c. Server, mainframe, and supercomputer d. Notebook, server, and nettop

Server, mainframe, and supercomputer

antivirus software

Should be installed on each user's personal computer to scan a computer's memory and disk drives regularly for viruses.

Intrusion Detection System (IDS)

Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

_____ application software includes a wide range of built-in functions for statistical, financial, logical, database, graphics, and date and time calculations.

Spreadsheet

_____ encompasses all the activities required to get the right product into the right consumer's hands in the right quantity at the right time and at the right cost, from acquisition of raw materials through customer delivery.

Supply chain management

_____ are responsible for running and maintaining information system equipment and also for scheduling, hardware maintenance, and preparing input and output.

System operators

workgroup information system

Systems that support teamwork and enable people to work together effectively, whether team members are in the same location or dispersed around the world.

the First Amendment

The Supreme Court has ruled that the right to anonymous expression is protected by _____.

_____ consists of server and client software, the Hypertext Transfer Protocol (HTTP), standards, and markup languages that combine to deliver information and services over the Internet.

The Web

What's an attack surface?

The combined sum of all vectors in a system or network. The attack surface describes all possible ways that an attacker could interact and exploit potential vulnerabilities in the network and connected systems.

Cyperespionage

The deployment of malware that secretly steals data in the computer systems of organizations.

hardware, software, and information systems used to achieve business objectives and possible occurrences that would negatively impact them

The first two steps an organization must take to perform a security risk assessment are to identify _____, respectively.

shadow IT

The information systems and solutions built and deployed by departments other than the information systems department.

Cyberterrorism

The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals.

​Assume your organization is experiencing an intruder attack. You have an intrusion detection system (IDS) set up. Which of the following events occurs first?

The network router sends traffic to the firewall as well as to the IDS

risk assessment

The process of assessing security-related risks to an organization's computers and networks from both internal and external threats.

Encryption

The process of scrambling messages or data in such a way that only authorized parties can read it.

biometric authentication

The process of verifying your identity using your physiological measurements (fingerprint, shape of your face, shape of your hand, vein pattern, your iris, or retina) or behavioral measurements (voice recognition, gait, gesture, or other unique behaviors).

reasonable assurance

The recognition that managers must use their judgment to ensure that the cost of control does not exceed the system's benefits or the risks involved.

False

The role of a systems analyst is narrowly defined and seldom involves communications with others.

Attack Vector

The technique used to gain unauthorized access to a device or a network.

True

The term ethics refers to the set of principles about what is right and wrong that individuals use to make choices, whereas the term law refers to a system of rules that tells us what we can and cannot do.

data breach

The unintended release of sensitive data or the access of sensitive data by unauthorized individuals.

True

There are laws that require businesses to prove that their data is secure.

computer forensics investigation

To successfully fight computer crime in a court of law, prosecutors and victims depend on a properly handled _____.

False

Today, many organizations can function and compete effectively without computer-based information systems.​

A virtual private network (VPN) can support a secure connection between a company's employees and remote users, usually through a third-party service provider

True

If "color" is an attribute, then "green" is a data item.

True

How do fair information practices in the United States and the European Union differ?

Unlike the EU, the U.S. has no single, overarching national data privacy policy.

False

When you receive a text message that there is a problem with your bank account and you are required you to click on a link to submit some information, you are likely seeing a vishing attack.

setting your home wireless router's encryption method to WPA2

Which of the following choices will help you score better (that is, as more secure) on a security self-assessment?

It is a software and hardware combination that limits the incoming and outgoing Internet traffic.

Which of the following is the correct description of a firewall?

software defects

Which of the following will prevent a product from being rated as a high-quality software system?

True

While information systems were once primarily used to automate manual processes, they have transformed the nature of work and the shape of organizations themselves.

most people only think of the direct impact of the attack, not the many other, oft-hidden effects

Why is an iceberg, most of which is underwater, an appropriate analogy for the consequences of a cyberattack?

Certification

_____ is a process for testing skills and knowledge, which results in a statement by the certifying authority that confirms an individual is capable of performing particular tasks.

Your business has a web server that has suddenly become unresponsive. When you study the server's logs there are a huge number of requests from what appear to be legitimate computers. The problem is likely because of _____.

a denial-of-service attack

​Your business has a web server that has suddenly become unresponsive. When you study the server's logs there are a huge number of requests from what appear to be legitimate computers. The problem is likely because of _____.

a denial-of-service attack

Your business has a web server that has suddenly become unresponsive. When you study the server's logs there are a huge number of requests from what appear to be legitimate computers. The problem is likely because of _____. a. a CAPTCHA issue b. a distributed denial-of-service attack c. too many Spam emails d. a logic bomb

a distributed denial of service attack

In terms of information systems, Wikipedia would be an example of _________.

a group IS

After being passed over for a promotion, an accountant accesses his firm's database and deletes or alters key information in an effort to take revenge on his superiors. This is an example of a cyberattack initiated by _____. a. a malicious employee b. a careless insider c. a cybercriminal d. a lone wolf attacker

a malicious employee

What must a networked device possess to truly belong to the IoT?

a motion sensor

What is the Internet of Things?

a network of physical objects embedded with sensors, processors, software, and network connectivity capability

The primary difference between business intelligence and analytics is that _______________. a. BI is used to analyze historical data to tell what happened or is happening right now in your business while analytics employs algorithms to determine relationships among data to develop predictions of what will happen in the future. b. analytics employs techniques like optimization, predictive analysis, and simulation while BI employs descriptive analysis and text and visual analysis. c. a data scientist is required to properly employ analytics while an end user working with a database administrator can employ BI. d. organizations used to employ BI but now are moving to greater use of analytics.

a. BI is used to analyze historical data to tell what happened or is happening right now in your business while analytics employs algorithms to determine relationships among data to develop predictions of what will happen in the future.

A _______________ database enables hundreds or even thousands of servers to operate on the data, providing faster response times for queries and updates. a. NoSQL b. normalized c. SQL d. relational

a. NoSQL

An organization may require high-quality data to avoid fines and penalties for non-conformance to regulatory requirements. True or False? a. True b. False

a. True

Choosing what data to store and where and how to store the data are two key challenges associated with big data. True or False? a. True b. False

a. True

One means of ensuring that you are interacting with a secure Web site is to look for a Web address beginning with https. True or False? a. True b. False

a. True

One of the driving reasons behind the need for data management is to manage risk associated with the misstatement of financial data. True or False? a. True b. False

a. True

The NSA is required to obtain permission from the Foreign Intelligence Surveillance Court (FISC) to access the telephone metadata records of U.S. citizens, which are now held by telecommunication companies rather than by the government. True or False? a. True b. False

a. True

The contemporary view of information systems is that they are often so intimately involved in an organization's value chain that they are part of the process itself. True or False? a. True b. False

a. True

The primary intent of a code of ethics is to define desired behavior. True or False? a. True b. False

a. True

There is a concern by some people who belong to a particular ethnic, religious, or social group that surveillance data collected by the government could be used to identify and target them and their associates. True or False? a. True b. False

a. True

While there are three key components that must be in place for an organization to get real value from its BI and analytics efforts, the one that is first and foremost is the existence of a solid data management program. True or False? a. True b. False

a. True

_______________ provide data and instructions to the computer and receive results from it. a. True b. False

a. True

A key difference between the U.S. and EU fair information practices is that _______________. a. although numerous laws have been implemented over time, no single overarching national data privacy policy has been developed in the United States b. U.S. federal statutes impose substantial monetary fines for data abuses by corporations c. the GDPR does not place obligations on organizations to obtain the consent of people they collect information about and to better manage this data d. in the United States, organizations found to be in violation of fair data practices are subject to fines of up to 2 percent of their global revenue

a. although numerous laws have been implemented over time, no single overarching national data privacy policy has been developed in the United States

Which of the following is not a function of the database management system _______________? a. database data normalization and data cleansing b. database backup c. database recovery d. database security

a. database data normalization and data cleansing

A collection of instructions and commands to define and describe data and relationship in a specific database is a _______________. a. database schema b. data definition language c. data model d. data manipulation language

a. database schema

The _______________ step in the ethical decision-making process is considered the most critical. a. develop a problem statement b. identify alternatives c. choose alternative d. implement the decision

a. develop a problem statement

Two potential benefits of obtaining a certification in an IS subject area are: a. new career possibilities and a potential increase in salary b. automatic pay increase and promotion c. movement from a technical career ladder to a management career ladder and salary increase d. receipt of certificate of certification which never expires and more rapid career advancement

a. new career possibilities and a potential increase in salary

Genetic algorithm and linear programming belong in the _______________ general category of BI/analytics. a. optimization b. scenario analysis c. heuristics d. predictive analytics

a. optimization

Data mining and time series belong in the general category of _______________ of BI/analytics. a. predictive analytics b. heuristics c. scenario analysis d. optimization

a. predictive analytics

A collection of attributes about a specific entity is a _______________. a. record b. database c. domain d. file

a. record

A data breach at your business resulted in the loss of some customer data. Several angry customers have filed charges. What is a recommended course of action to prepare for future events? a. activate the forensics analysis team and prepare documentation b. meet with your lawyers to prepare to counter-sue the customers c. settle with the customers, however much it may cost d. none of these answers

activate the forensics analysis team and prepare documentation

​There has been a data breach at your business and the business has lost some customer data. It has led to angry customers who have filed charges. What is a recommended course of action to prepare for future events?

activate the forensics analysis team and prepare documentation

A company's risk assessment process can consider numerous threats to the computers and networks. Which of the following should an organization identify as loss events or threats to assess? a. distributed denial-of-service attack b. email attachment with harmful worm c. harmful virus d. all of the above

all of the above

Important functions of the chief information officer include

all of these

​One method an IS professional might use to find a new job would be ____________.

all of these

New cars come with onboard computer systems that control antilock brakes, air bag deployment, fuel injection, etc. They run operating system software known as ____.

an embedded operating system

Currently, though many different programming languages are used, most software is developed using _____.

an integrated development environment

Which of the following is NOT one of the functions of a computer-based information system?

apply data

A blended threat, phishing, and virus are all examples of a(n)_________

attack vector

A(n)_______is the technique used to gain unauthorized access to a device or a network.

attack vector

Tesla and Google have been pioneers in developing IoT devices that analyze data from the cloud and from on-board cameras and sensors to determine when to speed up, slow down, change lanes, or turn while moving. What are these devices called?

autonomous vehicles

A social networking service loses a lot of business from ad buyers and marketers after the media reveal that it has published misleading statistics about the average viewing time of video ads on its platform. Building a strong ethics program would have prevented this loss of sales by _____.

avoiding unfavorable publicity

A database and a database management system are the same thing. True or False? a. True b. False

b. False

Acting in an ethical manner and acting in a legal manner will always lead to the same actions. True or False? a. True b. False

b. False

Data governance is a subset of data management. True or False? a. True b. False

b. False

Each user should conduct a security self-assessment test. True or False? a. True b. False

b. False

Encouragement of self-service analytics almost assuredly will eliminate the risk of erroneous analysis and reporting and the problem of different analyses yielding inconsistent conclusions. True or False? a. True b. False

b. False

In the design of a database, it is not necessary to know how long the data must be stored. True or False? a. True b. False

b. False

Safety-critical systems are easy to learn and use because they perform quickly and efficiently, they meet their users' needs, and they operate safely and reliably. True or False? a. True b. False

b. False

The builders of safety-critical systems must determine when they have completed sufficient testing and sign off their approval to release the product. This is typically an easy and straight-forward decision. True or False? a. True b. False

b. False

The growth of the Internet of Things is helping to curb the number of cyberattacks. True or False? a. True b. False

b. False

The operating system plays no role in controlling access to system resources to provide a high level of security against unauthorized access to the users' data and programs as well as record who is using the system and for how long. True or False? a. True b. False

b. False

The use of primary keys and foreign keys make it impossible to define relationships between the data in two tables of a relational database. True or False? a. True b. False

b. False

The right to freedom of expression is one of the most important rights for free people in the United States. The _______________ was adopted to guarantee this right and others. a. Bill of Rights b. First Amendment c. Fourth Amendment d. Constitution

b. First Amendment

The _______________ component of the Hadoop environment is composed of a Procedure that performs filtering and sorting and a method that performs a summary operation. a. ETL b. Map/Reduce program c. JobTracker d. Hadoop Distributed File System

b. Map/Reduce program

When comparing off-the-shelf software to proprietary software, which of the following statements is not true: a. Off-the-shelf software might not match current work processes and data standards. b. The initial cost of the off-the-shelf software is likely greater. c. Off-the-shelf software may include features that the organization or user does not require and never uses. d. Off-the-shelf software may lack important features thus requiring future modification or customization.

b. The initial cost of the off-the-shelf software is likely greater.

_______________ is not a key challenge associated with big data. a. How to derive value from the relevant data b. Which format the data should be stored in c. How to identify which data needs to be protected from unauthorized access d. How to find those nuggets of data that are relevant to the decision making at hand

b. Which format the data should be stored in

Which of the following are non-technical skills not commonly associated with an effective Information system worker? a. ability to meet deadlines and solve unexpected challenges b. ability to work in a static, boring environment where there is little change c. good communication skills d. effective leadership skills

b. ability to work in a static, boring environment where there is little change

Which of the following is considered the most likely source of cyberattacks, based on a poll of global executives, information security managers, and IT leaders? a. lone wolf attackers b. careless insiders c. cyberterrorists d. MSSPs

b. careless insider

Three ways IS organization can be perceived by the rest of the organization that influence IS strategy are _______________. a. flexible, resourceful, and forward-looking b. cost center, business partner, and game changer c. cost-effective, innovative, and creative d. reliable, simple, and timely

b. cost center, business partner, and game changer

Which of the following is not a key responsibility of the data governance team? a. develop policy that specifies who is accountable for various aspects of the data b. decide which database technology should be used c. define processes for how the data is to be stored, archived, backed up, and protected from cyberattacks d. develop standards and procedures that define who is authorized to update, access, and use the data

b. decide which database technology should be used

The primary advantage associated with the use of an in-memory database to process big data is that _______________. a. it is much cheaper than secondary storage b. it provides access to data at rates much faster than storing data on some form of secondary storage c. it enables the storage of much larger amounts of data d. it enables the use of Hadoop procedures to process the data

b. it provides access to data at rates much faster than storing data on some form of secondary storage

The five broad categories of BI/analytics techniques include _______________. a. heuristics, predictive analytics, simulation, data mining, and linear programming b. optimization, descriptive analytics, and text and video analysis, simulation, and predictive analytics c. regression analysis, data mining, Monte Carlo simulation, optimization, and time series analysis d. predictive analysis, scenario analysis, image analysis, optimization, and regression analysis

b. optimization, descriptive analytics, and text and video analysis, simulation, and predictive analytics

A form of cyberattack that is estimated to occur every 10 seconds against an individual in the U.S. is _______________. a. distributed denial-of-service attack b. ransomware c. data breach d. social engineering

b. ransomware

Managers of the business functions most affected by a new information system have a key responsibility to ensure that a. only the most current and most advanced technology is employed b. the people, processes, and human structure components are fully addressed c. competitors cannot use a similar information system to gain a competitive advantage d. resources are deployed only against enterprise and interorganizational information systems

b. the people, processes, and human structure components are fully addressed

The high-speed communications links that span the globe over land and under sea make up the Internet _____.

backbone

A security self-assessment revealed that Penelope, who owns one laptop computer, is putting herself at risk for cyberattack by _____.

backing up critical files to a single folder on her laptop once every three months

Someone who violates computer or Internet security maliciously or for illegal personal gain is known as a(n) _______.

black hat hacker

Once a _____ is installed, the attacker can gain full access to the computer.

botnet

One of the first things developers of IoT applications should focus on is _____.

building in security from the start

The primary hardware component of a computer responsible for routing data and instructions to and from the various components of a computer is the

bus

After a successful cyberattack on its information systems, a toy manufacturer is unable to operate effectively for two weeks, and thus misses out on some significant customer orders during this time owing to _____.

business disruption

How does data normalization improve the performance of relational databases?

by reducing their required storage space

_______________ is not a specific goal of green computing. a. Reducing the use of hazardous material b. Lowering power-related costs c. Combating global climate change d. Enabling the safe disposal and/or recycling of IT products

c. Combating global climate change

Which of the following is not associated with the implementation of server virtualization? a. Lower capital costs for hardware b. Decreased energy costs to power the servers and cool the data center c. Increase in the number of software licenses that must be purchased d. Fewer personnel required to operate and support the servers.

c. Increase in the number of software licenses that must be purchased

_______________ is a model used to introduce new systems into the workplace in a manner that lowers stress, encourages teamwork, and increases the probability of a successful implementation. a. Strategic planning b. Porter's Five forces model c. Leavitt's Diamond d. Strategic competitive advantage

c. Leavitt's Diamond

A _______________ differs from a _______________ in that it provides a means to store and retrieve data that is modelled using some means other than the simple two-dimensional tabular relations. a. data mart and NoSQL database b. data mart and data warehouse c. NoSQL database and relational database d. data warehouse and data lake

c. NoSQL database and relational database

_______________ is not a benefit of promoting a work environment in which employees are encouraged to act ethically. a. The organization will find it easier to recruit and retain top job candidates. b. Employees will act in a consistent manner so that stakeholders can know what to expect of the organization. c. The employees' tendency to act in a manner that seems ethical to them will be suppressed and instead they will act in a manner that will protect them from punishment. d. The value of its stock and how consumers regard its products and services will be improved.

c. The employees' tendency to act in a manner that seems ethical to them will be suppressed and instead they will act in a manner that will protect them from punishment.

The fact that _______________ is not a benefit that can be expected from following a professional code of ethics. a. peers of a professional can use the code for recognition or censure b. adherence to a code of ethics enhances trust and respect for professionals and their profession c. a code can provide an answer to every ethical dilemma d. a code of ethics provides an evaluation benchmark that a professional can use as a means of self-assessment

c. a code can provide an answer to every ethical dilemma

Which of the following is the correct description of a firewall? a. software that deletes viruses from attachments b. hardware that prevents unauthorized data from entering a private network c. a software and hardware combination that limits incoming and outgoing Internet traffic d. a concept used in developing security policies

c. a software and hardware combination that limits incoming and outgoing Internet traffic

An individual who combines strong business acumen, a deep understanding of analytics, and a healthy appreciation of the limitations of their data, tools, and techniques to deliver real improvements in decision making is a(n) _______________. a. systems analyst b. database administrator c. data scientist d. data steward

c. data scientist

A _______________ is a large database that holds business information from many sources in the enterprise, covering all aspects of the company's processes, products, and customers. a. relational database b. data lake c. data warehouse d. NoSQL database

c. data warehouse

The purpose of data normalization is to _______________. a. remove any inaccurate or incomplete data from the database b. insert newer, more current data into the database c. eliminate data redundancies and ensure data dependencies make sense d. delete old, obsolete data from the database

c. eliminate data redundancies and ensure data dependencies make sense

The process of building software for safety-critical systems takes much longer and is much more expensive because _______________. a. they are usually being built for the government and there is much red tape and delays b. they usually involve either aircraft or automobiles and must meet additional imposed by the National Transportation and Safety Board c. extreme measures must be taken to identify and remove defects starting at the very earliest stages of software development d. the software must be written in machine or assembly programming languages which are extremely tedious and time consuming to use

c. extreme measures must be taken to identify and remove defects starting at the very earliest stages of software development

The four levels at which the CIA security triad must be implemented include _______________. a. interorganizational, enterprise, workgroup, and personal b. tier 1, tier 2, tier 3, and tier 4 c. organizational, network, application, and end user d. organization, business unit, department, individual

c. organizational, network, application, and end user

Two specific BI/analytics techniques that are in the general category of descriptive analytics are _______________. a. data mining and linear programming b. scenario analysis and time series analysis c. regression analysis and visual analytics d. Monte Carlo simulation and genetic algorithm

c. regression analysis and visual analytics

_____ is a process for testing skills and knowledge, which results in a statement by the certifying authority that confirms an individual is capable of performing particular tasks. ​

certification

Graydon noticed Jack, his friend and classmate, cheating on a physics exam and now he is trying to decide what to do about it. He knows he could keep quiet about it, but that would violate his moral values, plus the school's code of ethics requires students to report incidents of cheating. On the other hand, if he reports the incident, both his friend and probably all of their other friends will be mad at him. In which phase of the ethical decision-making process is Graydon?

choosing an alternative

The World Wide Web uses a networking approach wherein many end-user computing devices request and receive services from host computers on the network, which is known as _____.

client/server architecture

A professional _____ states the principles and core values that an organization wishes to develop in its leaders and members and therefore defines desired behavior in these individuals.

code of ethics

What discipline combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law? a. CIA implementation b. risk assessment c. computer forensics d. security policy

computer forensics

To successfully fight computer crime in a court of law, prosecutors and victims depend on a properly handled _____.

computer forensics investigation

A common reason an organization chooses a private rather than a public cloud environment is _____.

concerns about data security

Which type of IoT application relies on individual devices that each gather a small amount of data and enables manual monitoring using simple threshold-based exception alerting?

connect and monitor

The idea of _____ is a form of innovation that constantly seeks ways to improve business processes and add value to products and services.

continuous improvement

Which type of IoT application enables automatic monitoring combined with remote control, trend analysis, and reporting by using individual devices that each gather a small amount of data?

control and react

Suppose a new tech startup wants to use graphical symbols to define a data model that can be used to analyze and communicate data needs at the individual project level. What should they do?

create an entity-relationship diagram

Which of the following is NOT one of the common purposes of utility programs?

creating spreadsheets

Your ex-colleague was apprehended and charged with a crime based on the Fraud and Related Activity in Connection with Access Devices Statute. He was caught using unauthorized or stolen _________. a. computer passwords b. email addresses c. application code d. credit cards

credit cards

. Which of the following activities does the USA Patriot Act define? a. cyberterrorism b. identity theft c. credit card fraud d. transmitting virus programs

cyber terrorism

Debbie is a programmer who attacks corporate computer networks for financial gain. She is a _____. a. careless insider b. malicious insider c. cyberterrorist d. cybercriminal

cybercriminal

Someone who attempts to destroy the infrastructure components of governments is known as a ______________. a. cybercriminal b. lone wolf attacker c. cyberterrorist d. hacktivist

cyberterrorist

A data center designed to have an expected annual downtime of less than 30 minutes and able to handle a power outage of up to four days is a tier _______________ data center. a. 1 b. 2 c. 3 d. 4

d. 4

Which of the following statements about any website that caters to children is not true? a. It must offer comprehensive privacy policies. b. It must notify parents or guardians about its data collection practices. c. It must receive parental consent before collecting any personal information from children under 13 years of age. d. It must request birth date and a confirming social security number.

d. It must request birth date and a confirming social security number.

Which of the following is not a disadvantage of self-service analytics? a. It raises the potential for erroneous analysis. b. It can lead to analyses with inconsistent conclusions. c. It can cause over spending on unapproved data sources and analytics tools. d. It places valuable data in the hands of end users

d. It places valuable data in the hands of end users

_______________ is a form of software that is distributed, typically for free, with the source code studied, changed, and improved solely by the original developers. a. Software as a Service b. Licensed software c. A software suite d. Open-source software

d. Open-source software

_______________ is a software design approach based on the use of discrete pieces of software (modules) to provide specific functions (such as displaying a customer's bill statement) as services to other applications. a. Server virtualization b. Multiprocessing c. Grid computing d. Service-oriented architecture

d. Service-oriented architecture

A federal law that focuses on unlawful access to stored communications to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage. a. Computer Fraud and Abuse Act b. Fraud and Related Activity in Connection with Access Devices Statute c. Identity Theft and Assumption Deterrence Act d. Stored Wire and Electronic Communications and Transactional Records Access Statute

d. Stored Wire and Electronic Communications and Transactional Records Access Statute

A_______________ Act was written to protect children from pornography on the Internet but was ruled unconstitutional. a. The Telecommunications b. Section 230 of the Communications Decency c. Much of the Communications Decency d. The Children's Internet Protection

d. The Children's Internet Protection

Which of the following is not a true statement about the software as a service model. a. SaaS applications are available from any computer or any device—anytime, anywhere. b. There are no software patches for customers to download or install. c. The cost associated with upgrades and new releases are lower than the traditional model. d. The SaaS subscriber must manage service levels and availability, so there may be a need to add hardware, software, or communications capacity as the number of users increases.

d. The SaaS subscriber must manage service levels and availability, so there may be a need to add hardware, software, or communications capacity as the number of users increases.

Which of the following is not an advantage associated with database-as-a-service (DaaS)? a. It eliminates the installation, maintenance, and monitoring of in-house databases. b. It reduces hardware, software, and staffing related costs. c. The service provider can allocate more or less database storage capacity based on an individual customer's changing needs. d. The customer has complete responsibility for database security access and database backup.

d. The customer has complete responsibility for database security access and database backup.

The perpetrator most likely to be the cause of a cyberattack is the _______________. a. cybercriminal b. malicious insider c. hacktivist d. careless insider

d. careless insider

The process of detecting and then correcting or deleting incomplete, incorrect, inaccurate, or irrelevant records that reside in a database is called _______________. a. data normalization b. data concurrency control c. data management d. data cleansing

d. data cleansing

There are _______________ steps that must be taken to perform a thorough security risk assessment. a. three b. five c. seven d. eight

d. eight

A _______________ is a collection of similar entities while a(n) _______________ is a characteristic of an entity. a. domain and record b. database and key c. record and foreign key d. file and attribute

d. file and attribute

A key difference between grid computing, multiprocessing, and parallel processing is that _______________. a. parallel processing is only employed with supercomputers b. grid computing is only employed with supercomputers c. multiprocessing only applies to server computers d. grid computing relies on a community of computers acting together

d. grid computing relies on a community of computers acting together

Which of the following is not a benefit associated with creating a strategic plan? a. provides a framework to guide decision making b. ensures effective use is made of the organization's resources c. enables the organization to be proactive d. guarantees that only the most current technology solutions will be employed

d. guarantees that only the most current technology solutions will be employed

One of the consequences of a successful cyberattack that can lead to monetary penalties for organizations that fail to comply with data protection regulations is _______________. a. business disruption b. expulsion from industry sponsored organizations c. recovery cost d. legal consequences

d. legal consequences

Raw facts such as a social security number or catalog item number for a shirt are known as _____.

data

What process detects and then corrects or deletes "bad data"?

data cleansing

A ______ is a collection of instructions and commands used to define and describe data and relationships in a specific database.

data definition language

A key purpose of data normalization is to eliminate _____.

data redundancy

Harrison works at a nationally known grocery store chain. He is analyzing sales data from the past five years to determine which low-selling products should be discontinued. Harrison is most likely a(n) ________.

data scientist

A group of programs used to access and manage a database as well as provide an interface between the database and its users and other application programs is called a _____.

database management system

Which of the following theories explains how a new idea or product gains acceptance and spreads through a specific population or subset of an organization?

diffusion of innovation theory

The software on a client computer accessing the Web must be able to _____.

display the results returned by Web servers

The performance levels of radically new 'high-tech' products usually improve with newer versions. Such types of products are known as

disruptive innovations

Data normalization involves _____.

dividing a relational database into two or more tables and defining relationships between them

Each attribute in a relational database model can be constrained to a range of allowable values called a _____.

domain

Suppose you work at a business unit that has group of people who would rather wait to try a new technique. They listen to and follow the opinion leaders. They would be classified as the _________.

early majority

Data normalization _____.

eliminates redundancy and ensures data dependencies are sensible

Brown's Auto Repair Shop is the most popular business of its kind in the community thanks to good word of mouth from past customers. The employees there follow a professional code of ethics that requires them to tell customers the truth, including which less costly repair options are available, and warn them of any possible future issues associated with each option. The popularity of Brown's best demonstrates how following a professional code of ethics _____.

engenders trust and respect from the general public

You might be an information systems worker if you _________.

enjoy learning new techniques and enjoy working with people

A(n) _________is a person, place, or thing (object) for which data is collected, stored, and maintained.

entity

In computing, an attack on an information system that takes advantage of a particular system vulnerability is called a(n) _______. a. vector b. exploit c. DDoS attack d. data breach

exploit

The goal of the __________ step of the ETL process is to take the source data from all the various sources and convert it into a single format suitable for processing.

extract

If an activity is defined as legal then it is ethical.

false

Solid state storage devices (SSDs) store data in hard disk drives or optical media rather than memory chips.

false

Today, many organizations can function and compete effectively without computer-based information systems.​

false

​When you receive a text message that there is a problem with your bank account and you are required you to click on a link to submit some information, you are likely seeing a vishing attack.

false

Which of the following is NOT an organizational complement?

familiar processes

Anne and Jordan have two preteen sons and they're concerned about what their kids might see and share on the Internet. They should probably invest in _______.

filtering software

In a manufacturing organization, the supply chain is a key value chain whose primary activities include all of the following EXCEPT:

finance and accounting

A clothing store chain tracks the sale of each product at each location. Managers use this information to calculate the organization's profits, to track inventory needs, and to determine which styles and fabrics are the most popular among its customers. This is an example of quality information that is ___________.

flexible

Corporate social responsibility activities such as philanthropy benefit for-profit organizations because they _____.

gain the goodwill of the community

Programming languages are commonly used to perform data analysis and build application software, system software, embedded systems, Web sites, and

games

The value of information is directly linked to how it helps decision makers achieve their organization's _____.

goals

​A hacktivist is someone who _______.

hacks computers or Web sites in an attempt to promote a political ideology

A hacktivist is someone who _______. a. attempts to gain financially and/or disrupt a company's information systems and business operations b. hacks computers or Web sites in an attempt to promote a political ideology c. attempts to destroy the infrastructure components of governments d. violates computer or Internet security maliciously or for illegal personal gain

hacks computers or web sites in an attempt to promote a political ideology

The first two steps an organization must take to perform a security risk assessment are to identify _____, respectively.

hardware, software, and information systems used to achieve business objectives and possible occurrences that would negatively impact them

Three subject areas where federal statutes have been implemented to protect the personal data of U.S. citizens include financial data, children's personal data, and ____________information.

health

IoT technology can be used to control thermostats, home security systems, appliances, and motorized blinds via a smartphone app. This is known as _____.

home automation

The area covered by one or more interconnected wireless access points is commonly called a(n) _____.

hot spot

Which type of cloud computing environment is most suitable for an organization that wants to run applications with stringent compliance requirements on-premises while running applications with fluctuating capacity needs on a service provider's cloud?

hybrid

Operating virtual servers requires software to control the host processor and resources, allocate necessary resources to virtual machines, and prevent virtual machines from disrupting each other. What type of software performs these functions?

hypervisor

You had used an online service to apply for a credit card. As part of the process, you submitted your personal information such as SSN, date of birth, employer information, etc. Soon after you started receiving bills for items you did not purchase. You have become a victim of ________.

identity theft

Thanks to the Identity Theft and Assumption Deterrence Act, _____. a. identity theft is a federal crime for which perpetrators may be sentenced to up to 15 years in prison. b. the definition of and legal penalties for identity theft are determined at the state government level. c. the maximum term of imprisonment for convicted identity thieves is the same as for cyberterrorists. d. identity theft has become much less common and is no longer a major security threat.

identity theft is a federal crime for which perpetrators may be sentenced to up to 15 years in prison

In which step of the ethical decision-making process is it essential to communicate well with all stakeholders and have someone they trust and respect explain why things are changing and how this will benefit them?

implement the decision

Dodge works for a manufacturing firm where IoT and smart building systems monitor and control the usage of electrical systems. This benefits the firm primarily through _____.

improved safety

One example of an ethical dilemma related to safety-critical systems is whether to risk making the product more expensive, and potentially less appealing to customers, by _____.

including hardware mechanisms to back up or verify software functions

Which benefit of public cloud computing results when service providers operate multiple data centers distributed geographically and save multiple copies of data on different machines?

increased redundancy

Billing errors, even small ones, can make customers quite upset. Therefore, maintaining high-quality data with regards to product pricing, discounts, and sales taxes benefits businesses most directly by _____.

increasing customer satisfaction

When rules and relationships are set up to organize raw facts, creating value beyond that of those individual facts, this produces _____.

information

A(n) _____ device provides data and instructions to the computer and receives results from it.

input/output

In a denial-of-service (DDoS) attack, the perpetrator ____.

instructs the zombie computers to send simple access requests to target computers

An internal corporate network built using Internet and World Wide Web standards and products is known as a(n) _____

intranet

High-quality data can increase sales by facilitating cross-selling, which involves _____.

inviting customers to purchase an item related to what they are primarily interested in

Anonymous expression _____.

is an important right of a democratic society because it protects people from reprisals for their opinions

For the ____ operation, it is required that the the two tables have a common data attribute.

join

The process of defining relationships among data to create useful information requires ______.

knowledge

What is the term for the awareness and understanding that are required to define relationships among raw facts by organizing and processing them?

knowledge

Why do many small and mid-sized businesses hire MSSPs?

lack of adequate in-house network security expertise

Computer forensics is a discipline that combines elements of ___________ and computer science.

law

Legal consequences following a successful cyberattack on a well-known organization often include _____.

lawsuits initiated by consumers who incurred damages

Someone who violates computer or Internet security maliciously or for illegal personal gain is known as a(n) _______. a. lone wolf attacker b. industrial spy c. hacktivist d. cyberterrorist

lone wolf attacker

The component of a computer that provides the CPU with a working storage area for program instructions and data is called the __________.

main memory

One factor driving the need for data management is the need to meet external regulations designed to _____.

manage risk associated with the misstatement of financial data

An organization that monitors, manages, and maintains computer and network security for other organizations is called a _______________ service provider.

managed security

Early 5G users should be aware that their coverage may be limited compared with 4G coverage, at least initially. Why will 5G networks likely be less widespread at first?

more cell towers will need to be installed

Why is an iceberg, most of which is underwater, an appropriate analogy for the consequences of a cyberattack?

most people only think of the direct impact of the attack, not the many other, oft-hidden effects

Why is an iceberg, most of which is underwater, an appropriate analogy for the consequences of a cyberattack? a. most large businesses conceal the effects of cyberattacks from the public b. most people only think of the direct impact of the attack, not the many other, oft-hidden effects c. most of the consequences of a cyberattack cannot be assessed in terms of costs to a business d. An iceberg is not an appropriate analogy for the consequences of a cyberattack.

most people only think of the direct impact of the attack, not the many other, oft-hidden effects

The class of computer used to support workgroups from a small department of two or three workers to large organizations with tens of thousands of employees and millions of customers is the

multiple-user computer

Marley's computer has a math chip to perform mathematical calculations and a graphics chip to manipulate graphics while the CPU is busy with other activities. What processing approach is she using?

multiprocessing using coprocessors

Vincent holds an executive position within an organization that processes individual customers' information. If those customers live in the European Union, Vincent _____.

must ensure his team maintains data protection policies and employs a data protection officer

In a typical network, routing and switching of data and enabling access to applications are performed by hundreds or thousands of _____.

network devices

A botnet is a ____.

network of computers that send out access requests to servers repeatedly

A botnet is a ____. a. network of robots that control an assembly line at a factory b. network of servers that exchange traffic data c. network of devices that are used for managing security d. network of computers that send out access requests to servers repeatedly

network of computers that send out access requests to servers repeatedly

Which type of end user license requires that a single copy of the software reside on a file server?

network/multiuser

One method an IS professional might use to find a new job would be ____________.

networking through an IS professionals' organization ​searching and applying for open positions on Internet job sites seeking referrals from colleagues, friends, and family members

Ethical business practices _____.

often raise an organization's priority with suppliers and other business partners

In most large organizations, the IS department is divided into the following functions __________.

operations, development, and support

These days, the biggest threats to IT security are from ________.

organized groups that have ample resources, including money and sophisticated tools, to support their efforts

After entering data into a relational database, users can make all of the following basic data manipulations except:

organizing

All of the following are positive driving forces that influence chance according to Lewin's Theory of Force Field Analysis, EXCEPT:

past performance

The attack vector that relies on email messaging to deceive the victim into revealing personal data is known as _____ a. phishing b. a worm c. a rootkit d. smishing

phishing

​The purpose of _____ is to use email messages to make the recipients reveal personal data.

phishing

In a supply chain, _____ involve the transformation, movement, and storage of supplies and raw materials.

physical flows

Which type of IoT application performs predictive analysis and initiates preemptive action using sensor data augmented with external data?

predict and adapt

A(n) _____ is a characteristic or set of characteristics in a record that uniquely identifies the record.

primary key

A single-tenant cloud computing environment is also known as a(n) _____.

private cloud

Emily researches private clouds while working on a proposal to move her organization to the cloud. She learns that _____.

private clouds are less complicated for businesses to set up and manage than public clouds

Completing an instruction involves two phases—instruction and execution—which are each broken down into two steps for a total of four steps. Which of the following is NOT one of the four steps?

process data

CPU clock speed is the predetermined rate at which the processor _____.

produces a series of electronic pulses

While conducting a security self-assessment of his personal laptop use, Vann realizes that he is putting himself at risk by _____. a. upgrading his operating system too often b. installing both firewall and antivirus software at the same time c. purchasing new anti-malware software before it has been reviewed by other consumers d. putting off installing available software updates that he has been notified about

putting off installing available software updates that he has been notified about

Web servers must be programmed to _____.

receive and process user requests

A collection of characteristics that belong to a single person, place, or thing for which data is maintained is a(n) _____.

record

After a successful cyberattack, the funds spent on repairing affected systems, restoring lost data, and performing a post-incident analysis are considered part of the _____.

recovery cost

After a successful cyberattack, the funds spent on repairing affected systems, restoring lost data, and performing a post-incident analysis are considered part of the _____. a. direct impact b. business disruption c. recovery cost d. legal consequences

recovery cost

The percentage of adults in an area who are interested in opening an account with an investment company drops significantly after the media reports on a successful cyberattack on this organization. This is most likely the result of _____. a. the direct impact of the cyberattack b. recovery procedures followed after the cyberattack c. legal ramifications of the cyberattack d. reputation damage related to the cyberattack

reputation damage related to the cyberattack

Mavis asks her mobile carrier's representative how the upcoming rollout of 5G technology will affect smartphones that can use it. The representative explains that smartphones that operate on 5G networks will _____.

require more battery power because 5G is energy intensive

Once a _____ is installed, the attacker can gain full access to the computer. a. botnet b. zombie c. worm d. rootkit

rootkit

Which type of network device directs data packets to other networks until each packet reaches its destination, and thus forms the Internet backbone?

router

Annie, who works for a banking organization, recommends that her employers utilize the IoT in the form of video surveillance cameras and smart locks. Which business benefit of the IoT does Annie probably think they will gain from this change?

safety of the premises and their physical and digital assets

The class of computer systems used by multiple concurrent users offers businesses the potential to increase their processing capability to handle more users, more data, or more transactions in a given period, which is known as _____.

scalability

Which of the following DBMS elements can be represented in a visual diagram or defined using a DDL?

schema

A _____ is a valuable tool that enables a user to find information on the Web by specifying words or phrases known as keywords, which are related to a topic of interest

search engine

To keep information beyond reach of unauthorized users is to keep the information _____.

secure

Autonomous vehicles will rely on 5G for their _____.

sensors

A _____ is a computer employed by many users to perform a specific task, such as running network or Internet applications.

server

Which of the following is used to create a program that runs on a Web server and deals with generation of the content of a Web page to satisfy an end-user's request?

server-side programming

The use of middleware to connect disparate systems has evolved into an approach for developing software and systems called _____.

service-oriented architecture

Sean's boss tries to pressure him to cut corners to reduce development time and costs. Sean objects, stating that this would be unethical and citing the code of ethics for the professional organization of which they are both members. Sean's boss agrees with him and allows him to proceed as he was. Which benefit of following a professional code of ethics does this best demonstrate?

set high standards of practice and ethical behavior

Which of the following choices will help you score better (that is, as more secure) on a security self-assessment?

setting your home wireless router's encryption method to WPA2

Spreadsheet, word processor, and graphics presentation software are used in the sphere of influence.

single-user

The three primary types of end user license agreements are individual/multiuser, network/multiuser, and

single-user

A _______________ is a class of computer used by people on the move to run personal productivity software, access the Internet, read and prepare email and instant messages, play games, listen to music, access corporate applications and databases, and enter data at the point of contact. a. single-user nonportable computer b. single-user portable computer c. multiple-user computer d. notebook computer

single-user portable computer

Which of the following will prevent a product from being rated as a high-quality software system?

software defects

Providing value to a _____ is the primary goal of any organization.

stakeholder

A _____ network is one in which all network devices are connected to one another through a single central device called the hub node

star

​The purpose of Advanced Persistent Threat (APT) usually is to ____.

steal data

The two basic types of software are application software and___________ software.

system

The Assembly and C programming languages are used to build software that controls a computer's hardware, known as _____.

system software

Which of the following is NOT one of the four main components in Leavitt's Diamond?

systems

A(n) _____ is a professional in a developmental group of an information systems department who assists in choosing and configuring hardware and software, matching technology to users' needs, monitoring and testing the system in operation, and troubleshooting problems after implementation.

systems analyst

The Supreme Court has ruled that the right to anonymous expression is protected by _____.

the First Amendment

Americans who are in favor of expanded government surveillance programs argue that _____.the U.S. government is obligated to do all that it can to ensure citizens' security

the U.S. government is obligated to do all that it can to ensure citizens' security

A health insurance firm is hit by a successful cyberattack. The value of the assets stolen or damaged due to the cyberattack is considered _____.

the direct impact of the cyberattack

In a large IS organization, the professional who is responsible for maintaining the security and integrity of the organization's systems and data is__________.

the information systems security analyst

One of the advantages of off-the-shelf software is that ________________.

the initial cost is lower because the software firm can spread the development costs over many customers

J.T.'s new refrigerator is part of the IoT. In the user manual, he reads that his fridge collects data on temperatures and compressor operation. Assuming J.T. sets up his fridge's Internet connection, where does the data from J.T.'s refrigerator end up?

the manufacturer's operational historical database

One advantage of proprietary software versus off-the-shelf software is that _____.

the software provides a company with a competitive advantage by solving problems in a unique manner

Security is a serious issue with IoT applications because _____.

they can expose internal systems to hacking, viruses, and malware

One reason AT&T and Verizon have plans to expand their 5G networks is that _____.

they can support many more devices at one time than 4G networks

One drawback with relying on IoT applications to maintain the safety of critical systems is that _____.

they may analyze data immediately as it streams into the cloud

Which type of IoT application assists with the creation of new business models, products, and services through the combination of sensor data and external data to provide new insights?

transform and explore

For each data item, a data dictionary usually contains information such as the name of the data item, the range of values that can be used, and the amount of storage needed for the item.

true

Linux is an open-source operating system.

true

The information systems operations group is responsible for the day-to-day running of IS hardware to process the organization's information systems workload.

true

The primary function of application software is to apply the power of the computer to enable people, workgroups, and entire enterprises to solve problems and perform specific tasks.

true

The term ethics refers to the set of principles about what is right and wrong that individuals use to make choices, whereas the term law refers to a system of rules that tells us what we can and cannot do.

true

While information systems were once primarily used to automate manual processes, they have transformed the nature of work and the shape of organizations themselves.

true

​An employee who is marked for a lay-off sent threatening emails to his boss, stating that he is going to delete sensitive data. This employee can be charged under the Computer Fraud and Abuse Act.

true

​Default usernames and passwords should always be changed.

true

​There are laws that require businesses to prove that their data is secure.

true

Domain names must always have at least _____ parts, with each part separated by a dot (period)

two

As a result of the analysis of aggregated sensor data, an IoT device may receive _____.

updates, alerts, or even automatic adjustments

The fact that big data comes in many formats and may be structured or unstructured is an indicator of its

variety

________is a measure of the quality of big data.

veracity

IoT devices help organizations deepen their understanding of consumer preferences and behaviors using data from _____

video surveillance, social media, mobile, and Internet usage

Suppose you wish to run two different operating systems on one server. You can accomplish this by using _______.

virtualization software

A hacker writes some programming code that will cause a computer to behave in an unexpected and undesirable manner, but disguises it as something else to make it difficult to detect. Which attack vector has this attacker chosen to use? a. rootkit b. worm c. vishing d. virus

virus

Which of the following shortcoming may be revealed during an IT security au

whether only a limited number of people have access to critical data or not

An information system that operates in the _____ sphere of influence supports teamwork between two or more people who work together to achieve a common goal, regardless of where those team members live.

workgroup

Four information system types based on their sphere of influence include interorganizational, personal, enterprise, and

workgroup

Viruses and worms are both attack vectors, but they differ in that _____. a. worms combine the features of a virus, a Trojan horse, and other malicious code b. viruses are symptomless c. worms can propagate without human intervention d. viruses can send copies of themselves to other computers

worms can propagate without human intervention

​You wish to use your personal laptop computer at work. However, the IT department folks are unwilling to allow you. The likely reason is ______.

your non-work related use of the laptop could increase vulnerability

True

​Default usernames and passwords should always be changed.

Which of the following laws covers false claims regarding unauthorized use of credit cards?

​Fraud and Related Activity in Connection with Access Devices Statute

​the information systems security analyst

​In a large IS organization, the professional who is responsible for maintaining the security and integrity of the organization's systems and data is__________.

verify the card is legitimate and not a stolen card number

​On the back of a credit card the three-digit number above the signature panel is used to _____.

phishing

​The purpose of _____ is to use email messages to make the recipients reveal personal data.

your non-work related use of the laptop could increase vulnerability

​You wish to use your personal laptop computer at work. However, the IT department folks are unwilling to allow you. The likely reason is ______.

The US-CERT incident reporting system is used to ____.

​alert the Department of Homeland Security about information security incidents

Which of the following is NOT a task typically associated with the systems analyst role?

​collaborating with others to build a software product from scratch

​Which of the following is NOT a task typically associated with the systems analyst role?

​collaborating with others to build a software product from scratch

Positive outcomes of continuous improvement include ________.​

​increased customer loyalty ​increased customer satisfaction ​protection against competitors

According to the diffusion innovation theory, _____ are the risk takers, always the first to try new products and ideas.

​innovators

​In a large IS organization, the professional who is responsible for maintaining the security and integrity of the organization's systems and data is__________.

​the information systems security analyst

On the back of a credit card the three-digit number above the signature panel is used to _____.

​verify the card is legitimate and not a stolen card number

​You wish to use your personal laptop computer at work. However, the IT department folks are unwilling to allow you. The likely reason is ______.

​your non-work related use of the laptop could increase vulnerability