Unit 3 Study Guide Info Systems
A manufacturing company would like to allow its employees to access data from a single database using various devices. For example, salespeople will be using smartphones, whereas the warehouse personnel will be using other handheld devices for their purposes. Which of the following accurately describes the type of system this company will need? A. CRM systems B. SCM system C. Distributed system D. ARES E. Functional information system
C
A university professor accidently leaves a sheet of paper in a classroom containing the scores on the recent exam for the class, listed by student ID number. This represents what type of loss? A. Loss of infrastructure B. Denial of service C. Unauthorized data disclosure D. Incorrect data modification E. Faulty service
C
A(n) __________ connects computers at different geographic locations. A. Internet B. Local Area Network (LAN) C. Wide Area Network (WAN) D. Protocol E. Intranet
C
A(n) __________ is a network of activities that generates value by transforming inputs into outputs. A. network B. function C. business process D. activity E. capability
C
According to Ponemon, "Value lies in __________ and not in __________." A. data; code B. software; hardware C. data; hardware D. information system; data E. software; data
C
All the following statements are good practices to protect against security threats, EXCEPT __________. A. using long and complex passwords B. buying only from online vendors that use https in their transactions C. backing up your browsing history, temporary files, and cookies D. not using the same password for all your accounts E. never sending valuable data such as credit card numbers in email or IM
C
An ERP database needs to contain a program that is used to enforce a rule that certain products are never sold at a discounted price. This is accomplished using a(n) __________. A. event monitor B. trigger C. stored procedure D. stored alert E. event handler
C
An employee who believes he is about to be terminated intentionally destroys data. This is an example of which type of threat? A. Hacking B. Sniffing C. Computer crime D. Natural disaster E. Human error
C
An information __________ is the condition that exists when data are isolated in separated information systems. A. moat B. island C. silo D. bridge E. barn
C
An organization that is implementing the manufacturing module of an ERP system has created a contest between several workgroups. The workgroup that adopts the ERP module most successfully (based on speed and number of errors) will be awarded a bonus. The intent of such a contest is to deal with __________. A. transition problems B. collaborative management C. employee resistance D. upgrade stress E. requirements gaps
C
Enterprise information systems can solve all the following problems EXCEPT __________. A. disjointed business processes B. extra process costs from repetition of activities C. data quality problems D. duplicated enterprise information E. inefficiencies of isolated systems
C
IaaS provides basic __________ in the cloud. A. software B. firmware C. hardware D. malware E. DBMS
C
In the future, ERP customers will store most of their data on cloud servers managed by cloud vendors and store sensitive data on servers that they manage themselves. This arrangement is known as the __________ model. A. joint B. logical C. hybrid D. relational E. mixed
C
The concept that prohibits the ability of ISPs to manage the flow of network traffic over their networks is termed __________. A. hop restrictions B. wide area networks C. net neutrality D. maximum transmission speeds E. bandwidth limits
C
The following are all disadvantages of in-house hosting compared to use of the cloud, EXCEPT __________. A. capital investment B. development effort C. visibility of security measures D. flexibility and adaptability to fluctuating demand E. obsolescence risk
C
The implementation of ERP systems is a difficult and risky process due to all the following factors EXCEPT __________. A. transition problems B. requirements gaps C. employee acceptance D. new technology E. collaborative management
C
The next major security challenges will likely be those affecting __________. A. people B. personal computers C. mobile devices D. software applications E. DBMS
C
The process of reengineering business processes is made difficult for all the following reasons EXCEPT that __________. A. it takes highly skilled people to redesign business processes B. it is difficult to envision the new improved processes C. it is quite easy to find people who can design the new improved processes D. it takes much time to redesign business processes E. redesigning processes for the entire organization is extremely complex
C
To send a message over the Internet, the location of the destination, known as the __________, must be added to the message. A. protocol B. network location C. IP address D. packet E. destination node
C
When it comes to risk of security threats and losses, __________. A. risk is declining every year B. sources of risk are diminishing C. risks cannot be eliminated D. only the IS department employees need be involved in this issue E. risk is unimportant to senior management
C
When transitioning the current system to an enterprise system, which of the following statements is FALSE? A. Careful planning is required. B. The organization should communicate the changes to its employees. C. The transition typically happens quickly and without any issues. D. Problems may develop. E. Substantial training is required
C
Which of the below is NOT a factor that causes expense and risks to the organization using enterprise systems? A. Collaborative management B. Requirements gaps C. Installation planning D. Employee resistance E. Transition problems
C
Which of the below is NOT an action taken by employees as part of an incident-response plan? A. The plan includes how employees are to respond to security problems. B. The plan includes steps they can take to reduce further loss. C. The plan includes decentralized reporting. D. The plan includes the reports they should make. E. The plan includes whom they should contact.
C
Which of the following correctly defines the CRM system? A. It is an enterprise suite of applications called modules, a database, and a set of inherent processes. B. It links multiple systems to create improvements in information availability and data integrity. C. It supports all functions necessary for developing and maintaining fruitful relationships with customers. D. It is used for structuring and distributing data between systems. E. It is the other name for an inter-enterprise system but with limited functionality.
C
Which of the following is NOT one of the factors involved with security incident response? A. The company should have a plan in place to respond to incidents. B. The company should implement specific responses, which are speedy and do not make the problem worse. C. Any employee involved in any type of security incident should be immediately terminated. D. The company should practice incident response. E. The company should use a centralized reporting procedure.
C
Which of the following is NOT the term related to information system security? A. Target B. Safeguard C. Profit D. Threat E. Loss
C
__________ information systems, also known as functional information systems, exist to support one or more processes within the workgroup. A. Process B. Personal C. Workgroup D. Enterprise E. Inter-enterprise
C
__________ uses the Internet to create the appearance of private, secure connections. A. SOAP B. Infrastructure as a Service (IaaS) C. A virtual private network (VPN) D. A private cloud E. Software as a Service (SaaS)
C
A business process that includes formally defined, standardized processes that involve day-to-day operations is said to be a __________ business process. A. dynamic B. stable C. predictable D. structured E. uniform
D
A content delivery network (CDN) is __________. A. a system of hardware and software that stores user data in many different geographical locations and does not let anyone access it B. a system of only hardware that stores user data in many different geographical locations and makes those data available on demand C. a highly unreliable storage of data on many networks or servers D. a system of hardware and software that stores user data in many different geographical locations and makes those data available on demand E. a network of servers that are not capable of delivering small data
D
A network that relies primarily on wireless connection of devices located near to a single person is a __________. A. local area network B. limited area network C. wide area network D. personal area network E. private area network
D
A special version of asymmetric encryption called __________ is used on the Internet. A. 3DES B. private key encryption C. AES D. public key encryption E. DES
D
A(n) __________ connects computers that reside in a single geographic location on the premises of the company that operates the network. A. Wide Area Network (WAN) B. Intranet C. Local Area Network (LAN) D. Internet E. Protocol
D
All communication standards associated with local area networks are governed by __________. A. Amazon and Google B. WAN standards C. packet standards D. the IEEE 802 protocol E. ISP standards
D
An important cloud design philosophy that defines all interactions among computing devices as services in a formal standardized way is termed the __________. A. simple-option access B. standard-operational access C. seamless-operations architecture D. service-oriented architecture E. service-options available
D
An information silo is the condition that exists when data are __________ in separated information systems. A. isolated B. merged C. archived D. deleted E. updated
D
Communication __________ enable a mixture of wired and wireless devices to connect over a network. A. languages B. filters C. connections D. protocols E. forms
D
Data in an inter-enterprise system is contributed from many sources, integrated into a database, and transformed into information for users with a __________ application. A. summarizing B. data distribution C. forecasting D. reporting E. finalizing
D
If eHermes wished to install some of its own custom developed application software in the cloud, it would need to obtain __________ cloud resources. A. DaaS (data as a service) B. IaaS (infrastructure as a service) C. WaaS (web as a service) D. PaaS (platform as a service) E. SaaS (software as a service)
D
In a security system the purpose of a username is to __________. A. provide interpretation B. enable screening C. provide authentication D. provide identification E. add complexity
D
Long-term attacks focused on stealing confidential data and intellectual property that are perpetrated by large, well-funded organizations are called __________. A. criminal hack threats B. repetitive threat syndrome C. hack floods D. Advanced Persistent Threats E. denial of service attacks
D
Many companies create __________, which are false targets for computer criminals to attack. A. firewalls B. encryption C. DBMS D. honeypots E. antivirus
D
Organizational security policies should address all the following issues EXCEPT __________. A. how employees and others can request changes to inaccurate data B. whether data will be shared with other organizations C. how sensitive data will be processed D. whether data marting will be tolerated E. what sensitive data the organization will store
D
Sources of security threats include all the following EXCEPT __________. A. human errors and mistakes B. natural events C. computer crime D. systems performance E. disasters
D
Studies of computer crime reveal that __________ is the single most expensive consequence of computer crime. A. business disruption B. employee confusion C. infrastructure damage D. information loss E. equipment loss
D
The __________ nature of cloud computing resources means that hardware is shared by many users through virtualization. A. resilient B. stretchy C. responsive D. pooled E. elastic
D
The method of obtaining cloud-based services that includes only basic hardware is termed __________. A. PaaS (platform as a service) B. DaaS (data as a service) C. SaaS (software as a service) D. IaaS (infrastructure as a service) E. WaaS (web as a service)
D
The rules providing the foundation of the Internet are known as the __________. A. SNMP framework B. SMTP standard C. XML language D. TCP/IP protocol architecture E. HTTPS concept
D
The typical functions of the __________ server is to run a DBMS that processes requests to retrieve and store data. A. commerce B. WSDL C. Web D. database E. SOA
D
When a person transmits personal data over the Internet during a transaction, the transmitted data is __________ threats unless appropriate __________ are taken. A. exposed to; loss leaders B. immune to; countermeasures C. invulnerable to; threats D. vulnerable to; safeguards E. protected from; measures
D
Which is the computer crime with the lowest average cost? A. Phishing and social engineering B. Malicious insiders C. Web-based attacks D. Stolen devices E. Ransomware
D
Which of the below statements exactly describes distributed systems? A. It refers to linking multiple systems to create improvements in information availability and data integrity. B. It is a computer program stored within the database that runs to keep the database consistent when certain conditions arise. C. This refers to the standards used for structuring and distributing data between systems. D. It is a system that occurs when applications processing is handled across multiple computing devices. E. It supports all functions necessary for developing and maintaining fruitful relationships with customers.
D
Which of the following cloud services can eHermes use to distribute its content worldwide as it grows and expands into new markets? A. PaaS (platform as a service) B. IaaS (infrastructure as a service) C. SaaS (software as a service) D. CDN (content delivery network) E. IWS (internal Web services)
D
Which of the following is NOT a characteristic of future cloud-based information systems? A. Easier to use B. Faster C. More secure D. Free E. Cheaper
D
Which of the following is NOT caused by information silos? A. Disjointed processes B. Increased expense C. Limited information and lack of integrated information D. Integration of data E. Data duplication and data inconsistency
D
Which of the following is a characteristic of CRM applications? A. Fixed asset accounting B. Capacity planning C. Supplier management D. Sales prospecting E. Sales order processing
D
Which of the following is considered a computer crime? A. Data corruption through inaccurate updates B. Poorly written programs resulting in data losses C. Loss of data because of flooding D. Hacking of information systems E. Internal software bug deleting customer records
D
Which of the following is covered under technical safeguards? A. Physical security B. Procedure design C. Backup and recovery D. Application design E. Encryption
D
Which of the following is the distinguishing feature of a WAN as compared to a LAN? A. Communication capacity B. Network hardware C. Bandwidth D. Multiple distant locations E. Limits on number of users
D
Which of the following is the most accurate and complete definition of the cloud? A. A bubble on a network diagram B. Computing resources available to anyone C. Easily accessible data storage D. Elastic leasing of pooled computer resources over the Internet E. Computers somewhere out there
D
Which of the following is true about a VPN? A. It does not provide users with remote access. B. It uses private networks instead of the public network. C. The actual internal LAN addresses are sent in the VPN messages on the Internet. D. It encrypts messages to ensure secure transmissions. E. It appears as a secure connection, though it is not.
D
__________ agreements ensure that communications carriers exchange traffic on their networks freely. A. Hopping B. Free use C. Exchange D. Peering E. Neutral
D
__________ personnel have been, often inadvertently, the source of serious security risks. A. IS operations B. Data administration C. Database administration D. Help desk E. Senior management
D
__________ systems encompass all an organization's touchpoints with its customers. A. SQL B. DBMS C. ACID D. CRM E. PQM
D
__________ will enable an organization to determine whether it is under systematic attack or whether an incident is isolated. A. Encryption B. Practicing response to an attack C. Training personnel D. Centralized reporting E. Quickly responding to an attack
D
A difficult aspect of understanding the cost of computer security threats is the fact that most data are based on __________ methods that have several weaknesses. A. verification B. forecasting C. projection D. estimation E. survey
E
A private Internet that is used exclusively within an organization is sometimes called __________. A. the Internet B. SOHO C. PaaS D. IaaS E. Intranet
E
A(n) __________ is a set of rules and data structures that governs communication on the Internet and supports cloud processing. A. public IP address B. commerce server C. Internet exchange point D. Web server E. protocol
E
Advantages of content delivery networks (CDNs) include all the following EXCEPT __________. A. pay-as-you-go B. protection from DOS attacks C. increased reliability D. faster load times E. higher costs to mobile users
E
An important component of an ERP solution is a set of __________ that implement standard business processes. A. triggering events B. prediction tasks C. regulations D. exceptions E. process blueprints
E
As businesses grow and their goals change, they may need to adopt new processes. Which term is used to describe the task of modifying processes? A. Enterprise resource planning B. Self-efficacy C. Process efficiency D. Application integration E. Business process reengineering
E
Because users often neglect to create strong passwords, some organizations choose to also employ __________ authentication using fingerprint scans or retina scans. A. human B. biological C. feature D. smart E. biometric
E
CRM software products enable organizations to become more __________. A. systematic B. customized C. self-organizing D. diverse E. customer-centric
E
In an accounts payable department, the department supervisor can both approve an expense and write a check to cover the expense. This situation illustrates ignoring which type of human safeguard? A. Least possible privilege B. Insufficient screening C. Incomplete termination procedures D. Inadequate hiring procedures E. Separation of duties
E
Information systems that support processes spanning an organization and supporting activities in multiple departments, are termed __________ information systems. A. personal B. inter-enterprise C. functional D. workgroup E. enterprise
E
Inter-enterprise systems can resolve problems resulting from __________. A. a service-oriented architecture B. distributed systems C. application integration D. ERP systems E. enterprise silos
E
Process __________ measures the ratio of process outputs to inputs. A. utility B. effectiveness C. capability D. flexibility E. efficiency
E
Since companies do not know precisely how much demand will be placed on their computing resources in the future, an attractive element of using the cloud is the fact that it is __________. A. variable B. flexible C. dynamic D. unpredictable E. elastic
E
The most likely reason that an organization should not consider using the cloud is __________. A. the organization feels the clouds benefits are unclear B. the organization is not technically sophisticated C. the organization wants to wait for the cloud to mature D. the organization faces too much competition in its industry segment E. the organization is legally prohibited from losing physical control over its data
E
The most secure and hard-to-break passwords have all the following characteristics, EXCEPT __________. A. being a mix of letters and numbers B. containing special characters C. having uppercase and lowercase characters D. containing no word in any language E. having six or fewer characters
E
The most significant contributing factor to problems with data integrity is __________. A. slow processes B. disjointed processes C. incomplete backups D. limited information E. data duplication
E
The world-wide unique name affiliated with a public IP address is called a __________. A. protocol B. cookie C. private IP address D. packet E. domain name
E
Use of strong passwords helps protect against __________ in which computing power is used to try every possible combination of characters to guess the password. A. insider attacks B. spoofing attacks C. light touch attacks D. spamming attacks E. brute force attacks
E
What is the benefit of having in-house hosting over cloud? A. Speedy development B. No obsolescence C. Known cost structure D. Small capital requirements E. Control over and knowledge of data location
E
When the features of an ERP product differ from the organization's requirements, the organization must determine how to deal with these __________. A. resistance issues B. new technologies C. transition problems D. incorrect blueprints E. requirements gaps
E
When user accounts are defined so that the user has access only to the minimum data and actions required to complete his/her job responsibilities, the principle of __________ is in use. A. compliance B. accountability C. separation of duties D. separation of authority E. least possible privilege
E
Which components of information systems are involved in human safeguards? A. People, hardware, and software B. Data and people C. Software and people D. Only people E. People and procedures
E
Which is the single most important safeguard that an individual computer user can implement? A. Clearing cookies and browser history B. Removing high-value data assets from the computer C. Using http at trusted vendor sites D. Updating anti-virus software E. Using strong passwords
E
Which of the following correctly describes a service-oriented architecture (SOA)? A. The protocol used between browsers and Web servers B. An application program that runs on a server-tier computer C. Programs that run on a server-tier computer and manage traffic by sending and receiving Web pages to and from clients D. Identifies a particular device on the public Internet E. All interactions among computing devices are defined as services in a formal, standardized way
E
Which of the following is NOT a way to improve process quality? A. Change the process structure. B. Change both process structure and resources. C. Reorganize the process. D. Change the process resources. E. Change the process names.
E
Which of the following is NOT covered under human safeguards? A. Hiring and education B. Assessment C. Training and procedure design D. Accountability E. Application design
E
Which of the following statements is NOT correct for private clouds? A. Private clouds can possibly provide secure access from outside that infrastructure. B. They are built on top of public cloud infrastructure using VPN tunneling. C. They create a farm of servers managed with elastic load balancing. D. Private clouds provide security within the organizational infrastructure. E. They enable the business to maintain physical control over its stored data.
E
__________ is a remote access system that enables physicians to provide service to patients located in hard to reach areas of the world. A. Telelaw B. Virtual Doc C. Doc in a Box D. TeleExpert E. Telemedicine
E
A __________ is a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge. A. threat B. vulnerability C. safeguard D. target E. loss
A
A __________ is a type of malware that self-propagates using the Internet or other computer network. A. worm B. fireplug C. Trojan horse D. spoofer E. caterpillar
A
A __________ is an opportunity for threats to gain access to individual or organizational assets. A. vulnerability B. safeguard C. threat D. target E. security flaw
A
A component of an organization's database program code is a __________, which runs to keep the database consistent when certain conditions occur. A. trigger B. flag C. switching code D. stored procedure E. dynamic procedure
A
A connection that is a virtual, private pathway over a public or shared network from the VPN client to the VPN server is called a(n) __________. A. tunnel B. Hop C. SOA D. CDN (content delivery network) E. IWS (Internal Web service)
A
A negative consequence of the expanding use of the cloud will be __________. A. fewer local jobs that focus on the installation and support of email and other servers B. reduced availability of cloud services C. large increases in cloud vendor data center job openings D. higher costs of cloud services E. slower performance of cloud-based services
A
A safety procedure that enables a trusted party to have a copy of the encryption key is called key __________. A. exchange B. escrow C. encryption D. CRM E. data safeguard
A
A(n) __________ will stipulate what an employee should do when he notices something like a virus. A. incident-response plan B. firewall C. malicious code D. cookie E. safeguard
A
All the following are ways that an information system can be used to improve process quality EXCEPT __________. A. enabling the process to follow a random process B. ensuring the correct process flow is followed C. assisting the human who is performing an activity in the process D. performing an activity in the process E. ensuring the quality of the data associated with the process
A
An important new trend revealed by research on security threats is that __________. A. ransomware and Web-based attacks are increasingly serious B. security safeguards seem ineffective C. costs of after-the-fact responses are extremely high D. stolen device losses are the largest category E. organizations are no longer bothered by security threats
A
An often-neglected portion of an organization's incident readiness is __________. A. practice B. decentralized response C. specific response D. centralized reporting E. decentralized reporting
A
Assume the process of obtaining a driver's license is considered too long because of too few people who can administer the final driving test. One way to resolve this problem is to hire more people who can give the driving test. This is an example of a change in process __________. A. resources B. structure C. efficiency D. redistribution E. resources and structure
A
Collaboration is an important component of a __________. A. dynamic process B. standardized process C. functional application D. structured process E. process that supports operational decision making
A
Despite the power and low cost of cloud services through the Internet, organizations must beware of __________. A. security threats B. net neutrality C. routing lags D. delivery errors E. competition
A
For better security, which of the following is NOT a measure an organization should follow? A. The storage facilities can be left unlocked B. The systems should be access-controlled C. Should keep a detail about when someone entered the facility D. Should keep a detail about the purpose if someone entered the facility E. Should keep a log about who entered the facility
A
If an organization has information that is difficult to integrate because it is scattered among several different workgroup information systems, it is suffering from a problem with __________. A. information silos B. Windows C. information time lags D. operating system incompatibility E. information disparity
A
If an organization takes a strong position and mandates that its employees create strong passwords, it is engaging in a trade-off between __________. A. security and freedom B. cost and safety C. convenience and compliance D. flexibility and vulnerability E. compliance and safety
A
In a security system the purpose of a username is to __________. A. provide identification B. add complexity C. enable screening D. provide interpretation E. provide authentication
A
Organizations (and you personally) can use one or more __________ to filter the data transmissions allowed into your computer network. A. screens B. data moats C. firewalls D. security fences E. brick walls
A
Organizations need to know how well their processes are achieving organizational goals. This is known as __________. A. process effectiveness B. process quality C. inherent processes D. process efficiency E. business process reengineering
A
Password management best practices include all the following recommendations EXCEPT __________. A. users may retain the same password indefinitely to make it easier to remember B. users must create a new unique password immediately when first granted account access C. users may not use a password that has been used previously D. users must create a new password every three months E. users must comply with the organization's minimum password length
A
Preventing unauthorized network access using hardware or a hardware/software combination is accomplished with a(n) __________. A. firewall B. malware definition C. authentication D. encryption key E. key escrow
A
The activity of altering existing and designing new business processes to take advantage of new information systems is called __________. A. business process reengineering B. business process remediation C. business process revisioning D. business process restructuring E. business process alignment
A
The computers in two separated company sites must be connected using a(n) __________. A. wide area network (WAN) B. intranet C. local area network (LAN) D. protocol E. Internet
A
The computers that run the DBMS and all devices that store database data should be __________. A. locked and controlled accessed B. locked and publicly accessed C. unlocked D. locked for some time E. controlled accessed and unlocked
A
The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is an example of __________. A. physical security B. encryption C. a technical safeguard D. a key escrow E. firewall
A
The measure of the ratio of how well a process achieves organizational strategy is known as __________. A. process effectiveness B. input/output topology C. process efficiency D. input/output technology E. input/output totals
A
The primary goal of ERP systems is __________. A. integration B. backups C. prediction D. use of the cloud E. redundancy
A
The problems of cloud-based ERP are likely to be sorted out in the future through the development of a(n) __________ in which most data are stored on cloud-based servers and sensitive data is stored on in-house managed servers. A. hybrid model B. merged model C. magic solution D. linked system E. augmented approach
A
The sharing of physical hardware by many organizations in the cloud, termed pooling, is accomplished with __________. A. virtualization B. separation C. visualization D. segmentation E. provisioning
A
When an organization encrypts sensitive data, it is important that it follow a procedure called a __________ to safeguard the loss or damage to the encryption key. A. key escrow B. key locker C. duplicate key D. key template E. random key
A
Which of the below is a disadvantage of the cloud? A. Little visibility into true security and disaster preparedness capabilities B. Significant capital required C. Staff and train personnel D. Industry-wide economies of scale, hence cheaper E. No obsolescence
A
Which of the following is NOT a phase of the customer life cycle? A. Customer billing B. Marketing C. Relationship management D. Loss/churn E. Customer acquisition
A
Which of the following is NOT one of the personal security safeguards that users should implement? A. Fix any suspicious software problems by rewriting the bad source code. B. Do not send valuable data via email or IM. C. Take security seriously. D. Create strong passwords. E. Use multiple passwords.
A
Which of the following is NOT one of the ways that organizations use the cloud? A. SCaaS (security control as a service) B. SaaS (software as a service) C. CDN (content delivery network) D. PaaS (platform as a service) E. IaaS (infrastructure as a service)
A
Which of the following is likely to occur in the next 10 years? A. Major incidents of cyberwarfare are likely. B. Threats from cyber-gangs will cease to exist. C. Security experts will eventually win the battle against computer criminals. D. Improvements in technology will mean cloud vendors will no longer need to invest in safeguards. E. Public officials will stay ahead of the technology curve.
A
Which of the following statements is NOT accurate? A. Forms of usurpation deny access to legitimate users. B. We do not know the full extent of the financial and data losses due to computer security threats. C. When conducting studies on the cost of computer crimes, some organizations do not report all their losses. D. Threats that involve hacking are attempts to obtain private data. E. There are no standards for tallying computer crime costs.
A
According to recent research, the type of computer crime with the highest average cost involves __________. A. phishers B. malicious insiders C. spoofers D. crime syndicates E. hackers
B
An organization's policy statement about customer data should include all the following elements EXCEPT __________. A. what sensitive data will be stored B. what field is used as the primary key C. whether sensitive data will be shared D. how sensitive data will be processed E. who can see sensitive data
B
Formatted messages are passed through networks in the form of __________. A. domain names B. packets C. cookies D. protocols E. public IP addresses
B
Google has projects underway that will increase the Internet's __________. A. duplication and replication B. speed and spread C. connections and quality D. redundancy and routing time E. limits and rules
B
Process efficiency is the measure of the ratio of __________ . A. process inputs to outputs B. process outputs to inputs C. process outputs to process activity D. process structure to process resources E. process activity to process input
B
Since public users of Web sites are difficult to hold accountable for security violations, organizations take steps to __________ the Web site. A. scour B. harden C. obscure D. hide E. cement
B
The method of obtaining cloud-based services that include hardware infrastructure, operating system, and application programs is termed __________. A. PaaS (Platform as a Service) B. SaaS (Software as a Service) C. IaaS (Infrastructure as a Service) D. DaaS (Data as a Service) E. WaaS (Web as a Service)
B
The prevailing architecture for Web applications is the __________ architecture. A. production-tier B. three-tier C. single-tier D. two-tier E. combination-tier
B
The use of usernames and passwords is an important __________ safeguard to identify and authenticate legitimate users of the system. A. data B. technical C. malware D. human E. firewall
B
When an incident does occur, speed is of the essence. The __________ the incident goes on, the __________ the cost. A. longer; cheaper B. longer; greater C. longer; average D. shorter; greater E. shorter; cheaper
B
Which of the below is NOT a type of "Computer Crime" which affects IS security? A. Malicious insiders B. Social engineering and surfing C. Phishing and social engineering D. Stolen devices E. Web-based attacks
B
Which of the following is NOT a threat related to "Unauthorized data disclosure" under computer crime? A. Sniffing B. Surfing C. Phishing D. Pretexting E. Spoofing
B
Which of the following organizations will be interested in using the "cloud"? A. An organization who wants to create and maintain their own hosting infrastructure B. An organization who wants to increase or decrease their computing resources dynamically C. An organization who wants in-depth visibility of security D. An organization who wants physical control over their data E. An organization who wants legal control over their data
B
Which of the following practices causes a risk to your password? A. You should use different passwords for different sites. B. You should use similar passwords for different sites. C. You should use a long password. D. You should change your password frequently. E. You should not reuse your password.
B
Which of the following results in a need for inter-enterprise systems? A. Service-oriented architecture B. Enterprise silos C. Dynamic processes D. Self-efficacy E. Structured processes
B
Which of the following statements about virtual private networks (VPNs) is NOT accurate? A. A secure connection gets established between a VPN client and a VPN server. B. VPNs provide secure communications over the Internet, but they are so complex and expensive that only the military and government organizations can use them. C. Once an Internet connection is made, VPN software on the remote user's computer establishes a connection with a VPN server. D. VPNs use the Internet to create the appearance of private, secure connections. E. VPNs use encryption to secure communications over the public Internet.
B
Which of the following would take a brute force attack a couple of minutes to crack? A. A 6-character password with upper- and lowercase letters, numerals, and special characters B. A 6-character password with a mix of upper- and lowercase letters C. A 10-character password with upper- and lowercase letters, numerals, and special characters D. A 12-character password of all letters E. A 10-character password with a mix of upper- and lowercase letters
B
__________ is a technical safeguard that ensures that if stored or transmitted data is stolen it cannot be understood. A. Identification B. Encryption C. firewall D. Malware protection E. Authentication
B
__________ processes are flexible, informal, and adaptive processes that normally involve strategic and less structured managerial decisions and activities. A. Organized B. Dynamic C. Passive D. Structured E. Rule-driven
B
__________ provides not only hardware infrastructure, but an operating system and application programs as well. A. Wiring as a service (WaaS) B. Software as a service (SaaS) C. CDN D. Infrastructure as a service (IaaS) E. Platform as a service (PaaS)
B