IS Final
Which of the below statements exactly describes distributed systems? A.It refers to linking multiple systems to create improvements in information availability and data integrity. B.It is a system that occurs when applications processing is handled across multiple computing devices. C.It supports all functions necessary for developing and maintaining fruitful relationships with customers. D.This refers to the standards used for structuring and distributing data between systems. E.It is a computer program stored within the database that runs to keep the database consistent when certain conditions arise.
B. It is a system that occurs when applications processing is handled across multiple computing devices.
When transitioning the current system to an enterprise system, which of the following statements is FALSE? A.Careful planning is required. B.The transition typically happens quickly and without any issues. C.The organization should communicate the changes to its employees. D.Problems may develop. E.Substantial training is required.
B. The transition typically happens quickly and without any issues.
Which of the below is NOT a factor that causes expense and risks to the organization using enterprise systems? A.Requirements gaps B.Collaborative management C.Installation planning D.Employee resistance E.Transition problems
C. Installation planning
The implementation of ERP systems is a difficult and risky process due to all the following factors EXCEPT __________. A.requirements gaps B.new technology C.collaborative management D.employee acceptance E.transition problems
D. employee acceptance
When the features of an ERP product differ from the organization's requirements, the organization must determine how to deal with these __________. A.incorrect blueprints B.transition problems C.new technologies D.resistance issues E.requirements gaps
E. requirements gaps
The activity of altering existing and designing new business processes to take advantage of new information systems is called __________. A.business process reengineering B.business process restructuring C.business process revisioning D.business process alignment E.business process remediation
Respuesta: A. business process reengineering
CRM software products enable organizations to become more __________. A. customer-centric B.customized C.systematic D. self-organizing E.diverse
Respuesta: A. customer-centric
If an organization has information that is difficult to integrate because it is scattered among several different workgroup information systems, it is suffering from a problem with __________. A.operating system incompatibility B.information silos C.information time lags D.Windows E.information disparity
Respuesta: B. information silos
A component of an organization's database program code is a __________, which runs to keep the database consistent when certain conditions occur. A.dynamic procedure B.trigger C.switching code D.stored procedure E.flag
Respuesta: B. trigger
As businesses grow and their goals change, they may need to adopt new processes. Which term is used to describe the task of modifying processes? A. Self-efficacy B.Process efficiency C.Business process reengineering D.Enterprise resource planning E.Application integration
Respuesta: C. Business process reengineering
Which of the following is NOT caused by information silos? A.Limited information and lack of integrated information B.Disjointed processes C.Integration of data D.Data duplication and data inconsistency E.Increased expense
Respuesta: C. Integration of data
Which of the following is a characteristic of CRM applications? A.Sales order processing B.Capacity planning C.Sales prospecting D.Supplier management E.Fixed asset accounting
Respuesta: C. Sales prospecting
An important component of an ERP solution is a set of __________ that implement standard business processes. A.regulations B.prediction tasks C.process blueprints D.triggering events E.exceptions
Respuesta: C. process blueprints
An ERP database needs to contain a program that is used to enforce a rule that certain products are never sold at a discounted price. This is accomplished using a(n) __________. A.event handler B.event monitor C.stored procedure D.trigger E.stored alert
Respuesta: C. stored procedure
Which of the following correctly defines the CRM system? A.It is the other name for an inter-enterprise system but with limited functionality. B.It links multiple systems to create improvements in information availability and data integrity. C.It is used for structuring and distributing data between systems. D.It supports all functions necessary for developing and maintaining fruitful relationships with customers. E.It is an enterprise suite of applications called modules, a database, and a set of inherent processes.
Respuesta: D. It supports all functions necessary for developing and maintaining fruitful relationships with customers.
Inter-enterprise systems can resolve problems resulting from __________. A.distributed systems B.a service-oriented architecture C.application integration D.enterprise silos E.ERP systems
Respuesta: D. enterprise silos
The primary goal of ERP systems is __________. A.redundancy B.use of the cloud C.prediction D.integration E.backups
Respuesta: D. integration
An information silo is the condition that exists when data are __________ in separated information systems. A.deleted B.merged C.archived D.isolated E.updated
Respuesta: D. isolated
The process of reengineering business processes is made difficult for all the following reasons EXCEPT that __________. A.it takes much time to redesign business processes B.it takes highly skilled people to redesign business processes C.it is difficult to envision the new improved processes D.it is quite easy to find people who can design the new improved processes E.redesigning processes for the entire organization is extremely complex
Respuesta: D. it is quite easy to find people who can design the new improved processes
__________ systems encompass all an organization's touchpoints with its customers. A.PQM B.ACID C.SQLD. DBMS E.CRM
Respuesta: E. CRM
Which of the following is NOT a phase of the customer life cycle? A.Customer acquisition B.Marketing C.Relationship management D. Loss/churn E.Customer billing
Respuesta: E. Customer billing
An organization that is implementing the manufacturing module of an ERP system has created a contest between several workgroups. The workgroup that adopts the ERP module most successfully (based on speed and number of errors) will be awarded a bonus. The intent of such a contest is to deal with __________. A.employee resistance B.collaborative management C.requirements gaps D.upgrade stress E.transition problems
: A. employee resistance
Which of the following would take a brute force attack a couple of minutes to crack? A.A 6-character password with a mix of upper- and lowercase letters B.A 10-character password with a mix of upper- and lowercase letters C.A 10-character password with upper- and lowercase letters, numerals, and special characters D.A 12-character password of all letters E.A 6-character password with upper- and lowercase letters, numerals, and special characters
Answer: A. A 6-character password with a mix of upper- and lowercase letters
An employee who believes he is about to be terminated intentionally destroys data. This is an example of which type of threat? A.Computer crime B.Human error C.Hacking D.Natural disaster E.Sniffing
Answer: A. Computer crime
Which of the following is NOT a characteristic of future cloud-based information systems? A.Free B.Cheaper C.Faster D.Easier to use E.More secure
Answer: A. Free
o send a message over the Internet, the location of the destination, known as the __________, must be added to the message. A.IP address B.protocol C.network location D.destination node E.packet
Answer: A. IP address
The method of obtaining cloud-based services that includes only basic hardware is termed __________. A.IaaS (infrastructure as a service) B.DaaS (data as a service) C.PaaS (platform as a service) D.SaaS (software as a service) E.WaaS (web as a service)
Answer: A. IaaS (infrastructure as a service)
A private Internet that is used exclusively within an organization is sometimes called __________. A.Intranet B.PaaS C.the Internet D.IaaS E.SOHO
Answer: A. Intranet
Which of the below is a disadvantage of the cloud? A.Little visibility into true security and disaster preparedness capabilities B.Significant capital required C. Industry-wide economies of scale, hence cheaper D.Staff and train personnel E.No obsolescence
Answer: A. Little visibility into true security and disaster preparedness capabilities
A(n) __________ connects computers that reside in a single geographic location on the premises of the company that operates the network. A.Local Area Network (LAN) B.Protocol C.Internet D.Intranet E.Wide Area Network (WAN)
Answer: A. Local Area Network (LAN)
Which of the following is NOT the term related to information system security? A.Profit B.Threat C.Loss D.Safeguard E.Target
Answer: A. Profit
Which is the computer crime with the lowest average cost? A.Stolen devices B.Malicious insiders C.Phishing and social engineering D.Ransomware E. Web-based attacks
Answer: A. Stolen devices
The typical functions of the __________ server is to run a DBMS that processes requests to retrieve and store data. A.database B.WSDL C.SOA D.Web E.commerce
Answer: A. database
The world-wide unique name affiliated with a public IP address is called a __________. A.domain name B.private IP address C.cookie D.protocol E.packet
Answer: A. domain name
Information systems that support processes spanning an organization and supporting activities in multiple departments, are termed __________ information systems. A.enterprise B. inter-enterprise C.functional D.workgroup E.personal
Answer: A. enterprise
A safety procedure that enables a trusted party to have a copy of the encryption key is called key __________. A.escrow B.data safeguard C.encryption D.CRM E.exchange
Answer: A. escrow
IaaS provides basic __________ in the cloud. A.hardware B.software C.firmware D.malware E.DBMS
Answer: A. hardware
Many companies create __________, which are false targets for computer criminals to attack. A.honeypots B.antivirus C.firewalls D.DBMS E.encryption
Answer: A. honeypots
The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is an example of __________. A.physical security B.encryption C.a technical safeguard D.firewall E.a key escrow
Answer: A. physical security
Organizations need to know how well their processes are achieving organizational goals. This is known as __________. A.process effectiveness B.inherent processes C.process quality D.process efficiency E.business process reengineering
Answer: A. process effectiveness
Google has projects underway that will increase the Internet's __________. A.speed and spread B.connections and quality C.redundancy and routing time D.limits and rules E.duplication and replication
Answer: A. speed and spread
Sources of security threats include all the following EXCEPT __________. A.systems performance B.computer crime C.disasters D.human errors and mistakes E.natural events
Answer: A. systems performance
All communication standards associated with local area networks are governed by __________. A.the IEEE 802 protocol B.WAN standards C.Amazon and Google D.ISP standards E.packet standards
Answer: A. the IEEE 802 protocol
Organizational security policies should address all the following issues EXCEPT __________. A.whether data marting will be tolerated B.what sensitive data the organization will store C.how employees and others can request changes to inaccurate data D.whether data will be shared with other organizations E.how sensitive data will be processed
Answer: A. whether data marting will be tolerated
The computers in two separated company sites must be connected using a(n) __________. A.wide area network (WAN) B.intranet C.protocol D.local area network (LAN) E.Internet
Answer: A. wide area network (WAN)
Which of the following organizations will be interested in using the "cloud"? A.An organization who wants in-depth visibility of security B.An organization who wants to increase or decrease their computing resources dynamically C.An organization who wants to create and maintain their own hosting infrastructure D.An organization who wants physical control over their data E.An organization who wants legal control over their data
Answer: B. An organization who wants to increase or decrease their computing resources dynamically
The method of obtaining cloud-based services that include hardware infrastructure, operating system, and application programs is termed __________. A.IaaS (Infrastructure as a Service) B.SaaS (Software as a Service) C.PaaS (Platform as a Service) D.WaaS (Web as a Service) E.DaaS (Data as a Service)
Answer: B. SaaS (Software as a Service)
For better security, which of the following is NOT a measure an organization should follow? A.Should keep a detail about when someone entered the facility B.The storage facilities can be left unlocked C.The systems should be access-controlled D.Should keep a log about who entered the facility E.Should keep a detail about the purpose if someone entered the facility
Answer: B. The storage facilities can be left unlocked
A university professor accidently leaves a sheet of paper in a classroom containing the scores on the recent exam for the class, listed by student ID number. This represents what type of loss? A.Denial of service B.Unauthorized data disclosure C.Faulty service D.Loss of infrastructure E.Incorrect data modification
Answer: B. Unauthorized data disclosure
Which is the single most important safeguard that an individual computer user can implement? A.Updating anti-virus software B.Using strong passwords C.Using http at trusted vendor sites D.Clearing cookies and browser history E.Removing high-value data assets from the computer
Answer: B. Using strong passwords
Use of strong passwords helps protect against __________ in which computing power is used to try every possible combination of characters to guess the password. A.insider attacks B.brute force attacks C.spoofing attacks D.spamming attacks E.light touch attacks
Answer: B. brute force attacks
Process __________ measures the ratio of process outputs to inputs. A.utility B.efficiency C.flexibility D.capability E.effectiveness
Answer: B. efficiency
A(n) __________ will stipulate what an employee should do when he notices something like a virus. A.cookie B. incident-response plan C.firewall D.malicious code E.safeguard
Answer: B. incident-response plan
Studies of computer crime reveal that __________ is the single most expensive consequence of computer crime. A.employee confusion B.information loss C.infrastructure damage D.business disruption E.equipment loss
Answer: B. information loss
The concept that prohibits the ability of ISPs to manage the flow of network traffic over their networks is termed __________. A.wide area networks B.net neutrality C.hop restrictions D.bandwidth limits E.maximum transmission speeds
Answer: B. net neutrality
A network that relies primarily on wireless connection of devices located near to a single person is a __________. A.private area network B.personal area network C.local area network D.wide area network E.limited area network
Answer: B. personal area network
The measure of the ratio of how well a process achieves organizational strategy is known as __________. A.process efficiency B.process effectiveness C. input/output totals D. input/output topology E. input/output technology
Answer: B. process effectiveness
Process efficiency is the measure of the ratio of __________ . A.process outputs to process activity B.process outputs to inputs C.process inputs to outputs D.process activity to process input E.process structure to process resources
Answer: B. process outputs to inputs
Data in an inter-enterprise system is contributed from many sources, integrated into a database, and transformed into information for users with a __________ application. A.summarizing B.reporting C.data distribution D.finalizing E.forecasting
Answer: B. reporting
If an organization takes a strong position and mandates that its employees create strong passwords, it is engaging in a trade-off between __________. A.flexibility and vulnerability B.security and freedom C.compliance and safety D.convenience and compliance E.cost and safety
Answer: B. security and freedom
The use of usernames and passwords is an important __________ safeguard to identify and authenticate legitimate users of the system. A.human B.technical C.firewall D.malware E.data
Answer: B. technical
A connection that is a virtual, private pathway over a public or shared network from the VPN client to the VPN server is called a(n) __________. A.CDN (content delivery network) B.tunnel C.Hop D.SOA E.IWS (Internal Web service)
Answer: B. tunnel
The sharing of physical hardware by many organizations in the cloud, termed pooling, is accomplished with __________. A.provisioning B.virtualization C.visualization D.segmentation E.separation
Answer: B. virtualization
A content delivery network (CDN) is __________. A.a system of hardware and software that stores user data in many different geographical locations and does not let anyone access it B.a system of hardware and software that stores user data in many different geographical locations and makes those data available on demand C.a network of servers that are not capable of delivering small data D.a system of only hardware that stores user data in many different geographical locations and makes those data available on demand E.a highly unreliable storage of data on many networks or servers
Answer: B.a system of hardware and software that stores user data in many different geographical locations and makes those data available on demand
__________ uses the Internet to create the appearance of private, secure connections A.Infrastructure as a Service (IaaS) B.SOAP C.A virtual private network (VPN) D.A private cloud E.Software as a Service (SaaS)
Answer: C. A virtual private network (VPN)
Long-term attacks focused on stealing confidential data and intellectual property that are perpetrated by large, well-funded organizations are called __________. A.hack floods B.criminal hack threats C.Advanced Persistent Threats D.repetitive threat syndrome E.denial of service attacks
Answer: C. Advanced Persistent Threats
Which of the following is NOT covered under human safeguards? A.Accountability B.Training and procedure design C.Application design D.Assessment E.Hiring and education
Answer: C. Application design
Which of the following is covered under technical safeguards? A.Encryption B.Backup and recovery C.Application design D.Physical security E.Procedure design
Answer: C. Application design
Which of the following cloud services can eHermes use to distribute its content worldwide as it grows and expands into new markets? A.IWS (internal Web services) B.IaaS (infrastructure as a service) C.CDN (content delivery network) D.SaaS (software as a service) E.PaaS (platform as a service)
Answer: C. CDN (content delivery network)
__________ will enable an organization to determine whether it is under systematic attack or whether an incident is isolated. A.Practicing response to an attack B.Encryption C.Centralized reporting D.Quickly responding to an attack E.Training personnel
Answer: C. Centralized reporting
Which of the following is NOT a way to improve process quality? A.Change the process resources. B.Change both process structure and resources. C.Change the process names. D.Change the process structure. E.Reorganize the process.
Answer: C. Change the process names.
A manufacturing company would like to allow its employees to access data from a single database using various devices. For example, salespeople will be using smartphones, whereas the warehouse personnel will be using other handheld devices for their purposes. Which of the following accurately describes the type of system this company will need? A.CRM systems B.SCM system C.Distributed system D.Functional information system E.ARES
Answer: C. Distributed system
__________ is a technical safeguard that ensures that if stored or transmitted data is stolen it cannot be understood. A.Identification B.firewall C.Encryption D.Malware protection E.Authentication
Answer: C. Encryption
Which of the following results in a need for inter-enterprise systems? A.Dynamic processes B. Service-oriented architecture C.Enterprise silos D.Structured processes E. Self-efficacy
Answer: C. Enterprise silos
Which of the following is likely to occur in the next 10 years? A.Improvements in technology will mean cloud vendors will no longer need to invest in safeguards. B.Security experts will eventually win the battle against computer criminals. C.Major incidents of cyberwarfare are likely. D.Threats from cyber-gangs will cease to exist. E.Public officials will stay ahead of the technology curve.
Answer: C. Major incidents of cyberwarfare are likely.
Which of the following is NOT one of the ways that organizations use the cloud? A.SaaS (software as a service) B.PaaS (platform as a service) C.SCaaS (security control as a service) D.CDN (content delivery network) E.IaaS (infrastructure as a service)
Answer: C. SCaaS (security control as a service)
Which of the below is NOT a type of "Computer Crime" which affects IS security? A.Stolen devices B.Malicious insiders C.Social engineering and surfing D.Phishing and social engineering E. Web-based attacks
Answer: C. Social engineering and surfing
Which of the following is NOT a threat related to "Unauthorized data disclosure" under computer crime? A.Sniffing B.Spoofing C.Surfing D.Pretexting E.Phishing
Answer: C. Surfing
The rules providing the foundation of the Internet are known as the __________. A.SMTP standard B.XML language C. TCP/IP protocol architecture D.SNMP framework E.HTTPS concept
Answer: C. TCP/IP protocol architecture
__________ information systems, also known as functional information systems, exist to support one or more processes within the workgroup. A. Inter-enterprise B.Enterprise C.Workgroup D.Process E.Personal
Answer: C. Workgroup
All the following statements are good practices to protect against security threats, EXCEPT __________. A.never sending valuable data such as credit card numbers in email or IM B.using long and complex passwords C.backing up your browsing history, temporary files, and cookies D.not using the same password for all your accounts E.buying only from online vendors that use https in their transactions
Answer: C. backing up your browsing history, temporary files, and cookies
Because users often neglect to create strong passwords, some organizations choose to also employ __________ authentication using fingerprint scans or retina scans. A.smart B.biological C.biometric D.feature E.human
Answer: C. biometric
A(n) __________ is a network of activities that generates value by transforming inputs into outputs. A.network B.activity C.business process D.function E.capability
Answer: C. business process
Collaboration is an important component of a __________. A.structured process B.process that supports operational decision making C.dynamic process D.functional application E.standardized process
Answer: C. dynamic process
A negative consequence of the expanding use of the cloud will be __________. A.reduced availability of cloud services B.large increases in cloud vendor data center job openings C.fewer local jobs that focus on the installation and support of email and other servers D.higher costs of cloud services E.slower performance of cloud-based services
Answer: C. fewer local jobs that focus on the installation and support of email and other servers
Organizations (and you personally) can use one or more __________ to filter the data transmissions allowed into your computer network. A.brick walls B.data moats C.firewalls D.security fences E.screens
Answer: C. firewalls
Since public users of Web sites are difficult to hold accountable for security violations, organizations take steps to __________ the Web site. A.hide B.obscure C.harden D.scour E.cement
Answer: C. harden
In the future, ERP customers will store most of their data on cloud servers managed by cloud vendors and store sensitive data on servers that they manage themselves. This arrangement is known as the __________ model. A.relational B.mixed C.hybrid D.joint E.logical
Answer: C. hybrid
The problems of cloud-based ERP are likely to be sorted out in the future through the development of a(n) __________ in which most data are stored on cloud-based servers and sensitive data is stored on in-house managed servers. A.merged model B.linked system C.hybrid model D.magic solution E.augmented approach
Answer: C. hybrid model
The next major security challenges will likely be those affecting __________. A.software applications B.personal computers C.mobile devices D.DBMS E.people
Answer: C. mobile devices
The __________ nature of cloud computing resources means that hardware is shared by many users through virtualization. A.stretchy B.responsive C.pooled D.elastic E.resilient
Answer: C. pooled
A(n) __________ is a set of rules and data structures that governs communication on the Internet and supports cloud processing. A.Internet exchange point B.commerce server C.protocol D.public IP address E.Web server
Answer: C. protocol
An important new trend revealed by research on security threats is that __________. A.costs of after-the-fact responses are extremely high B.stolen device losses are the largest category C.ransomware and Web-based attacks are increasingly serious D.organizations are no longer bothered by security threats E.security safeguards seem ineffective
Answer: C. ransomware and Web-based attacks are increasingly serious
A difficult aspect of understanding the cost of computer security threats is the fact that most data are based on __________ methods that have several weaknesses. A.estimation B.forecasting C.survey D.verification E.projection
Answer: C. survey
The most likely reason that an organization should not consider using the cloud is __________. A.the organization faces too much competition in its industry segment B.the organization feels the clouds benefits are unclear C.the organization is legally prohibited from losing physical control over its data D.the organization is not technically sophisticated E.the organization wants to wait for the cloud to mature
Answer: C. the organization is legally prohibited from losing physical control over its data
Password management best practices include all the following recommendations EXCEPT __________. A.users must comply with the organization's minimum password length B.users may not use a password that has been used previously C.users may retain the same password indefinitely to make it easier to remember D.users must create a new unique password immediately when first granted account access E.users must create a new password every three months
Answer: C. users may retain the same password indefinitely to make it easier to remember
The following are all disadvantages of in-house hosting compared to use of the cloud, EXCEPT __________. A.capital investment B.development effort C.visibility of security measures D.flexibility and adaptability to fluctuating demand E.obsolescence risk
Answer: C. visibility of security measures
A __________ is a type of malware that self-propagates using the Internet or other computer network. A.caterpillar B.Trojan horse C.worm D.fireplug E.spoofer
Answer: C. worm
Which of the following statements about virtual private networks (VPNs) is NOT accurate? A.VPNs use the Internet to create the appearance of private, secure connections. B.A secure connection gets established between a VPN client and a VPN server. C.VPNs provide secure communications over the Internet, but they are so complex and expensive that only the military and government organizations can use them. D.Once an Internet connection is made, VPN software on the remote user's computer establishes a connection with a VPN server. E.VPNs use encryption to secure communications over the public Internet.
Answer: C.VPNs provide secure communications over the Internet, but they are so complex and expensive that only the military and government organizations can use them.
Which of the following is NOT one of the factors involved with security incident response? A.The company should practice incident response. B.The company should implement specific responses, which are speedy and do not make the problem worse. C.The company should have a plan in place to respond to incidents. D.Any employee involved in any type of security incident should be immediately terminated. E.The company should use a centralized reporting procedure.
Answer: D. Any employee involved in any type of security incident should be immediately terminated.
What is the benefit of having in-house hosting over cloud? A.No obsolescence B.Speedy development C.Known cost structure D.Control over and knowledge of data location E.Small capital requirements
Answer: D. Control over and knowledge of data location
__________ processes are flexible, informal, and adaptive processes that normally involve strategic and less structured managerial decisions and activities. A.Structured B.Organized C.Passive D.Dynamic E. Rule-driven
Answer: D. Dynamic
Which of the following statements is NOT accurate? A.There are no standards for tallying computer crime costs. B.When conducting studies on the cost of computer crimes, some organizations do not report all their losses. C.We do not know the full extent of the financial and data losses due to computer security threats. D.Forms of usurpation deny access to legitimate users. E.Threats that involve hacking are attempts to obtain private data.
Answer: D. Forms of usurpation deny access to legitimate users.
__________ personnel have been, often inadvertently, the source of serious security risks. A.Database administration B.Senior management C.Data administration D.Help desk E.IS operations
Answer: D. Help desk
__________ agreements ensure that communications carriers exchange traffic on their networks freely. A.Neutral B.Hopping C.Exchange D.Peering E.Free use
Answer: D. Peering
Which components of information systems are involved in human safeguards? A.Only people B.Data and people C.Software and people D.People and procedures E. People, hardware, and software
Answer: D. People and procedures
In an accounts payable department, the department supervisor can both approve an expense and write a check to cover the expense. This situation illustrates ignoring which type of human safeguard? A.Insufficient screening B.Incomplete termination procedures C.Least possible privilege D.Separation of duties E.Inadequate hiring procedures
Answer: D. Separation of duties
__________ provides not only hardware infrastructure, but an operating system and application programs as well. A.Wiring as a service (WaaS) B.Platform as a service (PaaS) C.Infrastructure as a service (IaaS) D.Software as a service (SaaS) E.CDN
Answer: D. Software as a service (SaaS)
Which of the following statements is NOT correct for private clouds? A.Private clouds provide security within the organizational infrastructure. B.Private clouds can possibly provide secure access from outside that infrastructure. C.They are built on top of public cloud infrastructure using VPN tunneling. D.They enable the business to maintain physical control over its stored data. E.They create a farm of servers managed with elastic load balancing.
Answer: D. They enable the business to maintain physical control over its stored data.
A(n) __________ connects computers at different geographic locations. A.Internet B.Intranet C.Protocol D.Wide Area Network (WAN) E.Local Area Network (LAN)
Answer: D. Wide Area Network (WAN)
Which of the following practices causes a risk to your password? A.You should change your password frequently. B.You should not reuse your password. C.You should use a long password. D.You should use similar passwords for different sites. E.You should use different passwords for different sites.
Answer: D. You should use similar passwords for different sites.
The most significant contributing factor to problems with data integrity is __________. A.slow processes B.limited information C.disjointed processes D.data duplication E.incomplete backups
Answer: D. data duplication
According to Ponemon, "Value lies in __________ and not in __________." A. software; hardware B. data; code C. software; data D. data; hardware E.information system; data
Answer: D. data; hardware
All the following are ways that an information system can be used to improve process quality EXCEPT __________. A.ensuring the correct process flow is followed B.performing an activity in the process C.ensuring the quality of the data associated with the process D.enabling the process to follow a random process E.assisting the human who is performing an activity in the process
Answer: D. enabling the process to follow a random process
Preventing unauthorized network access using hardware or a hardware/software combination is accomplished with a(n) __________. A.malware definition B.encryption key C.authentication D.firewall E.key escrow
Answer: D. firewall
When user accounts are defined so that the user has access only to the minimum data and actions required to complete his/her job responsibilities, the principle of __________ is in use. A.accountability B.separation of duties C.compliance D.least possible privilege E.separation of authority
Answer: D. least possible privilege
According to recent research, the type of computer crime with the highest average cost involves __________. A.spoofers B.hackers C.phishers D.malicious insiders E.crime syndicates
Answer: D. malicious insiders
An often-neglected portion of an organization's incident readiness is __________. A.specific response B.centralized reporting C.decentralized response D.practice E.decentralized reporting
Answer: D. practice
Communication __________ enable a mixture of wired and wireless devices to connect over a network. A.languages B.connections C.filters D.protocols E.forms
Answer: D. protocols
In a security system the purpose of a username is to __________. A.add complexity B.provide authentication C.enable screening D.provide identification E.provide interpretation
Answer: D. provide identification
A special version of asymmetric encryption called __________ is used on the Internet. A.AES B.DES C.private key encryption D.public key encryption E.3DES
Answer: D. public key encryption
An important cloud design philosophy that defines all interactions among computing devices as services in a formal standardized way is termed the __________. A. standard-operational access B. service-options available C. simple-option access D. service-oriented architecture E. seamless-operations architecture
Answer: D. service-oriented architecture
A business process that includes formally defined, standardized processes that involve day-to-day operations is said to be a __________ business process. A.predictable B.uniform C.dynamic D.structured E.stable
Answer: D. structured
A __________ is a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge. A.target B.safeguard C.loss D.threat E.vulnerability
Answer: D. threat
The prevailing architecture for Web applications is the __________ architecture. A. single-tier B. two-tier C. combination-tier D. three-tier E. production-tier
Answer: D. three-tier
When a person transmits personal data over the Internet during a transaction, the transmitted data is __________ threats unless appropriate __________ are taken. A.invulnerable to; threats B.protected from; measures C.exposed to; loss leaders D.vulnerable to; safeguards E.immune to; countermeasures
Answer: D. vulnerable to; safeguards
An organization's policy statement about customer data should include all the following elements EXCEPT __________. A.who can see sensitive data B.what sensitive data will be stored C.whether sensitive data will be shared D.what field is used as the primary key E.how sensitive data will be processed
Answer: D. what field is used as the primary key
Which of the following correctly describes a service-oriented architecture (SOA)? A.Programs that run on a server-tier computer and manage traffic by sending and receiving Web pages to and from clients B.Identifies a particular device on the public Internet C.The protocol used between browsers and Web servers D.An application program that runs on a server-tier computer E.All interactions among computing devices are defined as services in a formal, standardized way
Answer: E. All interactions among computing devices are defined as services in a formal, standardized way
Which of the following is the most accurate and complete definition of the cloud? A.Computers somewhere out there B.Easily accessible data storage C.Computing resources available to anyone D.A bubble on a network diagram E.Elastic leasing of pooled computer resources over the Internet
Answer: E. Elastic leasing of pooled computer resources over the Internet
Which of the following is NOT one of the personal security safeguards that users should implement? A.Do not send valuable data via email or IM. B.Take security seriously. C.Use multiple passwords. D.Create strong passwords. E.Fix any suspicious software problems by rewriting the bad source code.
Answer: E. Fix any suspicious software problems by rewriting the bad source code.
Which of the following is considered a computer crime? A.Internal software bug deleting customer records B.Poorly written programs resulting in data losses C.Data corruption through inaccurate updates D.Loss of data because of flooding E.Hacking of information systems
Answer: E. Hacking of information systems
Which of the following is true about a VPN? A.It appears as a secure connection, though it is not. B.It uses private networks instead of the public network. C.The actual internal LAN addresses are sent in the VPN messages on the Internet. D.It does not provide users with remote access. E.It encrypts messages to ensure secure transmissions.
Answer: E. It encrypts messages to ensure secure transmissions.
Which of the following is the distinguishing feature of a WAN as compared to a LAN? A.Bandwidth B.Communication capacity C.Network hardware D.Limits on number of users E.Multiple distant locations
Answer: E. Multiple distant locations
If eHermes wished to install some of its own custom developed application software in the cloud, it would need to obtain __________ cloud resources. A.WaaS (web as a service) B.DaaS (data as a service) C.SaaS (software as a service) D.IaaS (infrastructure as a service) E.PaaS (platform as a service)
Answer: E. PaaS (platform as a service)
__________ is a remote access system that enables physicians to provide service to patients located in hard to reach areas of the world. A.Telelaw B.TeleExpert C.Virtual Doc D.Doc in a Box E.Telemedicine
Answer: E. Telemedicine
Which of the below is NOT an action taken by employees as part of an incident-response plan? A.The plan includes steps they can take to reduce further loss. B.The plan includes whom they should contact. C.The plan includes the reports they should make. D.The plan includes how employees are to respond to security problems. E.The plan includes decentralized reporting.
Answer: E. The plan includes decentralized reporting.
Enterprise information systems can solve all the following problems EXCEPT __________. A.duplicated enterprise information B.disjointed business processes C.inefficiencies of isolated systems D.extra process costs from repetition of activities E.data quality problems
Answer: E. data quality problems
Since companies do not know precisely how much demand will be placed on their computing resources in the future, an attractive element of using the cloud is the fact that it is __________. A.flexible B.dynamic C.unpredictable D.variable E.elastic
Answer: E. elastic
The most secure and hard-to-break passwords have all the following characteristics, EXCEPT __________. A.containing special characters B.containing no word in any language C.having uppercase and lowercase characters D.being a mix of letters and numbers E.having six or fewer characters
Answer: E. having six or fewer characters
Advantages of content delivery networks (CDNs) include all the following EXCEPT __________. A. pay-as-you-go B.increased reliability C.faster load times D.protection from DOS attacks E.higher costs to mobile users
Answer: E. higher costs to mobile users
When an organization encrypts sensitive data, it is important that it follow a procedure called a __________ to safeguard the loss or damage to the encryption key. A.random key B.key locker C.duplicate key D.key template E.key escrow
Answer: E. key escrow
The computers that run the DBMS and all devices that store database data should be __________. A.locked and publicly accessed B.controlled accessed and unlocked C.locked for some time D.unlocked E.locked and controlled accessed
Answer: E. locked and controlled accessed
When an incident does occur, speed is of the essence. The __________ the incident goes on, the __________ the cost. A. shorter; cheaper B. shorter; greater C. longer; cheaper D. longer; average E. longer; greater
Answer: E. longer; greater
Formatted messages are passed through networks in the form of __________. A.public IP addresses B.domain names C.protocols D.cookies E.packets
Answer: E. packets
In a security system the purpose of a username is to __________. A.enable screening B.add complexity C.provide authentication D.provide interpretation E.provide identification
Answer: E. provide identification
Assume the process of obtaining a driver's license is considered too long because of too few people who can administer the final driving test. One way to resolve this problem is to hire more people who can give the driving test. This is an example of a change in process __________. A.resources and structure B.efficiency C.structure D.redistribution E.resources
Answer: E. resources
When it comes to risk of security threats and losses, __________. A.sources of risk are diminishing B.risk is unimportant to senior management C.risk is declining every year D.only the IS department employees need be involved in this issue E.risks cannot be eliminated
Answer: E. risks cannot be eliminated
Despite the power and low cost of cloud services through the Internet, organizations must beware of __________. A.competition B.routing lags C.delivery errors D.net neutrality E.security threats
Answer: E. security threats
An information __________ is the condition that exists when data are isolated in separated information systems. A.island B.barn C.bridge D.moat E.silo
Answer: E. silo
A __________ is an opportunity for threats to gain access to individual or organizational assets. A.security flaw B.threat C.safeguard D.target E.vulnerability
Answer: E. vulnerability