CIS exam 1
The growth of the internet of things is helping to curb the number of cyberattacks.
False
The operating system plays no role in controlling access to system resources to provide a high level of security against unauthorized access to the users' data and programs as well as record who is using the system and for how long.
False
Jeffery steals emails from one of his state's political candidates and posts the emails anonymously online
Hacktivist
Cam's financial management company subscribes to a carefully researched combination of databases and analyst reports
Interorganizational information system
is a model used to introduce new systems into the workplace in a manner that lowers stress, encourages teamwork, and increases the probability of a successful implementation
Leavitt's Diamond
The company offers one year of consumer credit monitoring for customers whos credit information was compromised
Legal consequences
Derek uses his old account credentials to sign into his former employer's network to get information on some of his old clients
Malicious employee
You discover your company is using an older firewall that simply isn't designed to protect against today's technologies. What would be a better alternative to protect their network resources
NGFW
Dr. Michaels reviews a patient's historical test results before meeting with her to discuss treatment options
People
frequently consult with management and users to define the scope of and requirements for new information systems. They convey system requirements to people in more technical roles for implementation
Systems analysts
Dr. Baggett checks the Emergency Departments tracking board to determine which patient to see next, according to the criticality of patients' conditions and their current wait time.
Technology
The contemporary view of information systems is that they are often so intimately involved in an organization's value chain that they are part of the process itself.
True
Two potential benefits of obtaining a certification in an IS subject area are
a new career possibility and a potential increase in salary
The information system worker functions at the intersection of business and technology and designs, builds, and implements, solutions that allow organizations to effectively leverage information technology systems. An example of a non-technical skill not commonly associated with an effective information system worker.
ability to work in a statistic, boring environment where there is little change.
The two basic types of software are
application software and system software
Programming languages are commonly used to perform data analysis and build
application software, system software, embedded systems, Web sites, and games
A ______ is the technique used to gain unauthorized access to a device or a network
attack vector
A blended threat, phishing, and virus are all examples of a
attack vector
The primary hardware component of a computer responsible for routing data and instructions to and from the various components of a computer is the
bus
improves existing systems within the organization while controlling costs
business partners
Malisa uses her laptop to sign onto her company's database server from an open wi-fi connection at a local coffee shop
careless insider
The perpetrator most likely to be the cause of a cyberattack
careless insider
is not a specific goal of green computing
combating global climate change
Four drivers that set the information strategy and determine information system investments include
corporate strategy, technology innovations, innovative thinking and, business unit strategy
Three ways IS organization can be perceived by the rest of the organization that influence IS strategy are
cost center, business partner, and game changer
control or reduce costs while better supporting existing business processes
cost centers and service providers
Ashleigh hacks into a local store's payment processing system and transfers money into her paypal account
cybercriminal
Erica is late to work because a computer virus shut down the city's bus system
cyberterrorist
Shareholders experienced a 19% drop in share value in the 24 hours after the breach was publicized
direct impact
There are _____ steps that must be taken to preform a thorough security risk assessment
eight
After developing several of the recommended security improvements, you suggest that the final and most important step in protecting the organization's security perimeter is
end-user education
is a class of software used to meet organization-wide business needs and typically shares data with other enterprise applications used within the organization
enterprise
Shanna helps manage updates for her company's mobile time tracking app that employees use to report their hours worked
enterprise information system
A data center designed to have an expected annual downtime of less than 30 minutes and able to handle a power outage of up to four days is a tier _____ data center
four
drive business innovation to achieve competitive advantage
game changer
a key difference between grid computing, multiprocessing and parallel processing is that
grid computing relies on a community of computer acting together
The strategic planning process for the IS organization and factors that influence it depend on how the organization is perceived by the rest of the organization.
guarantees that only the most current technology solutions will be employed
Five actions an organization must take in the event of a successful cyberattack include
incident notification, protection of evidence and activity logs, incident containment, eradication, and incident follow-up
The three primary types of end user license agreements are
individual/multiuser, network/multiuser, and single-user
provides data and instructions to the computer and receives results from it
input/output devices
Four information system types based on their sphere of influence include
interorganizational, personal, enterprise, and workgroup
computer forensics is a discipline that combines elements of ______ and ______
law and computer science
One of the consequences of a successful cyberattack that can lead to monetary penalties for organizations that fail to comply with data protection regulations is
legal consequences
an organization that monitors, manages, and maintains computer and network security for other organizations is called a
managed security
The class of computer used to support workgroups from a small department of two or three workers to large organizations with tens of thousands of employees and millions of customers is the
multiple-user computer
is a form of software that is distributed typically for free with the source code studied changed and improved solely by the original developers
open-source software
organizations must take strong measures to ensure secure, private, and reliable computing experiences for their employees, customers, and business partners
organizational, network, application, and end user
once a vulnerability is discovered, users should install a ____ to eliminate the problem
patch
Reginald relies on an online video library to research how to perform maintenance and troubleshooting tasks on networking equipment his company recently installed in their data center
personal information system
Gina transcribes notes from the doctor regarding a patient's physical examination and adds medical codes for tracking charges to insurance companies
processes
Convert a program design developed by a systems analyst into a working program written in one of many computer languages. To do this, they must write debug and test the program to ensure it will operate in a way that will meet users' needs
programmers
What can you add to the network to offer the company better control over which Web sites are approved for business interactions
proxy server
A form of cyberattack that is estimated to occur every 10 seconds against an individual in the U.S. is
ransomware
the recognition that managers must use their judgment to ensure that the cost of control do not exceed the system's benefits or the risks involved
reasonable assurance
sales activity for the quarter drops 22% a tough hit in the middle of the holiday shopping season
reputation damage
enables an organization to identify its vulnerability and potential threats, establish a benchmark of where it is, determine where it needs to be, and develops a plan to meet those needs.
security audit
many organizations employ a __________ __________ to help track the key performance indicators of their security strategy
security dashboard
are three subclasses of computers associated with the multiple-user computer
server, mainframe, and supercomputer
is a software design approach based on the use of discrete pieces of software to provide specific functions as services to other applications
service-oriented architecture
spreadsheet, word processor, and graphics presentation software are used in the ____ sphere of influence
single-user
is a class of computer used by people on the move to run personal productivity software, access the internet, read and prepare email and instant messages, play games, listen to music, access corporate applications and database, and enter data at the point of contact.
single-user portable computer
A federal law that focuses on unlawful access to stored communications to obtain, alter, or prevent authorized access to wire a electronic communication while it is in electronic storage
stored wire and electronic communications and transactional records access statute
Raul pulls information from the medical billing system to generate reports that will be forwarded to insurance companies
structure
when comparing off-the-shelf software to proprietary software, which of the following statements is not true
the initial cost of the off-the-shelf software is likely greater
Managers of business functions most affected by new information system have a key responsibility to ensure that
the people, processes, and human structure components are fully addressed
each user should conduct a security self-assessment test
true
Latoya's marketing team uses a web conferencing tool to host online training sessions for her company's new hires around the country
workgroup information system
an attack that takes place before the security community becomes aware of and fixes a security vulnerability
zero-day attack
software services and model
- SaaS applications are available from any computer or any device- anytime, anywhere -there are no software patches for customers to download or install -the cost associated with upgrades and new releases are lower that the traditional model
associated with the implementation of server virtualization
- lower capital costs for hardware - decreased energy costs to power the servers and cool the data center - fewer personal required to operate and support the servers
specific goals of green computing
- reducing the use of hazardous material -lowering power-related costs -enabling the safe disposal and/or recycling of IT products
permits, and in some cases encourages, employees to use their own mobile devices to access company computing recourses and applications
Bring your own device policy (BYOD)
Your company's customer service line is slammed with phone calls from angry customers wanting to know if their data is included in the breach
Business disruption
Your company's IT operations team works around the clock to identify how the breach occurred and implement needed patches to prevent further damage
Recovery cost
design and maintain Web sites, including site layout and function, to meet the organization's requirements. The creative side of the job includes creating a user-friendly design, ensuring easy navigation, organization content, and integrating graphics and audio.
Web developers