Chapter 10

Multiple Choice 1. IT applications can be developed in which of the following ways? a) build the system in-house b) buy an application and install it c) lease software from an application service provider d) outsource it e) all of the above Ans: e Response: See page 302

2. The information systems planning process proceeds in which order? a) organization mission organization strategic plan IS strategic plan new IT architecture b) organization mission IS strategic plan organization strategic plan IS operational plan c) organization strategic plan organization mission IS strategic plan new IT architecture d) IT architecture IS strategic plan organization strategic plan organization mission e) IS development projects IS operational plan new IT architecture organization mission Ans: a Response: See page 306-307

3. A typical IS operational plan contains which of the following elements? a) mission of the IS function b) summary of the information needs of the functional areas and of the entire organization c) IS functions estimate of its goals d) application portfolio e) all of the above Ans: e Response: See page 306-307

4. Which of the following is not a part of the typical IS operational plan? a) mission of the IS function b) organizational mission c) IT architecture d) application portfolio e) IS functions estimate of its goals Ans: b Response: See page 307

5. Evaluating the benefits of IT projects is more complex than evaluating their costs for which of the following reasons? a) benefits are harder to quantify b) benefits are often intangible c) IT can be used for several different purposes d) probability of obtaining a return from an IT investment is based on the probability of implementation success e) all of the above Ans: e Response: See page 308

6. Evaluating the benefits of IT projects is more complex than evaluating their costs for all of the following reasons except: a) benefits are harder to quantify b) benefits are often tangible c) IT can be used for several different purposes d) probability of obtaining a return from an IT investment is based on the probability of implementation success Ans: b Response: See page 308

7. The _____ method converts future values of benefits to todays value by discounting them at the organizations cost of funds. a) net present value b) cost-benefit analysis c) return on investment d) internal rate of return e) business case approach Ans: a Response: See page 308

8. The _____ method measures the effectiveness of management in generating profits with its available assets. a) net present value b) cost-benefit analysis c) return on investment d) internal rate of return e) business case approach Ans: c Response: See page 308

9. Which of the following are advantages of the buy option for acquiring IS applications? a) many different types of off-the-shelf software are available b) software can be tried out

c) saves time d) company will know what it is getting e) all of the above Ans: e Response: See page 309

10. Which of the following is not an advantage of the buy option for acquiring IS applications? a) few types of off-the-shelf software are available, thus limiting confusion b) software can be tried out c) saves time d) company will know what it is getting e) all of the above Ans: a Response: See page 309

11. Which of the following are disadvantages of the buy option for acquiring IS applications? a) software may not exactly meet the companys needs b) software may be impossible to modify c) company will not have control over software improvements d) software may not integrate with existing systems e) all of the above Ans: e Response: See page 310

12. Which of the following systems acquisition methods results in software that can be tried out, has been used for similar problems in other organizations, and can save time? a) systems development life cycle b) prototyping c) end-user development d) buy option e) object-oriented development Ans: d Response: See page 310

13. Which of the following systems acquisition methods results in software that is controlled by another company, may be difficult to enhance or modify, and may not support desired business processes? a) systems development life cycle b) prototyping c) end-user development d) buy option e) component-based development Ans: d Response: See page 310

14. Which of the following systems acquisition methods forces staff to systematically go through every step in the development process and has a lower probability of missing important user requirements? a) systems development life cycle b) prototyping c) end-user development d) external acquisition e) object-oriented development Ans: a Response: See page 311

15. Which of the following systems acquisition methods is time-consuming, costly, and may produce excessive documentation? a) systems development life cycle b) prototyping c) end-user development d) external acquisition e) object-oriented development Ans: a Response: See page 311

16. Place the stages of the systems development life cycle in order: a) investigation analysis design programming testing implementation operation maintenance b) investigation design analysis programming testing implementation maintenance operation c) analysis design investigation operation maintenance programming testing implementation d) investigation analysis design programming testing maintenance operation implementation Ans: a Response: See page 312

17. The feasibility study addresses which of the following issues? a) economic feasibility b) technical feasibility c) behavioral feasibility d) all of the above Ans: d Response: See page 313

18. The _____ that changes are made in the systems development life cycle, the _____ expensive these changes become. a) sooner, less b) later, less c) more frequently, more

d) more extensively, more e) sooner, more Ans: a Response: See page 313

19. ____ feasibility determines if the hardware, software, and communications components can be developed and/or acquired to solve the business problem. a) technical b) economic c) organizational d) behavioral Ans: a Response: See page 313

20. _____ feasibility determines if the project is an acceptable financial risk and if the organization can afford the expense and time needed to complete the project. a) technical b) economic c) organizational d) behavioral Ans: b Response: See page 313

21. _____ feasibility addresses the human issues of an information systems project. a) technical b) economic c) organizational d) behavioral Ans: d Response: See page 313

22. _____ feasibility concerns a firms policies and politics, power structures, and business relationships. a) technical b) economic c) organizational d) behavioral Ans: c Response: See page 314

23. Which of the following is not a part of systems analysis? a) definition of the business problem

b) identification of the causes of, and solution to, the business problem c) identification of the information requirements that the solution must satisfy d) identification of the technical specifications of the solution Ans: d Response: See page 314

24. Systems analysts use which of the following techniques to obtain the information requirements for the new system? a) direct observation b) structured interviews c) unstructured interviews d) document analysis e) all of the above Ans: e Response: See page 314

25. Which of the following is not a technique used to obtain the information requirements for the new system? a) direct observation b) structured interviews c) unstructured interviews d) use the system themselves e) document analysis Ans: d Response: See page 314

26. Which of the following are problems associated with eliciting information requirements? a) business problem may be poorly defined b) users may not know exactly what the business problem is c) users may disagree with each other d) the problem may not be related to information systems e) all of the above Ans: e Response: See page 314

27. _____ is the systems development stage that determines how the information system will do what is needed to solve the business problem. a) systems design b) systems analysis c) systems implementation d) systems development e) operation and maintenance Ans: a

Response: See page 314

28. Logical systems design refers to _____, while physical systems design refers to _____. a) the collection of user requirements, the development of software b) what the system will do, how the tasks are accomplished c) how the tasks are accomplished, what the system will do d) the order of task accomplishment, how the tasks are accomplished e) operation of the system, debugging the system Ans: b Response: See page 315

29. Systems design answers the question, _____: a) How will the information system do what it must to obtain a solution to the business problem? b) Why must the information system do what it must to obtain a solution to the business problem? c) What is the problem the information system must address? d) Who will benefit from use of the information system being developed? e) What is the effective operational life of the system? Ans: a Response: See page 315

30. When users ask for added functionality during a systems development project, this is called: a) user-defined software b) scope creep c) bloatware d) out-of-control project e) runaway project Ans: b Response: See page 315

31. Structured design advocates the use of software modules. Which of the following items are advantages of this approach? a) modules can be reused b) modules cost less to develop c) modules are easier to modify d) all of the above Ans: d Response: See page 316

32. Structured programming includes which of the following restrictions? a) each module has one, and only one, function b) each module has one entrance and one exit c) no GOTO statements allowed

d) has only three techniques: sequence, decision, loop e) all of the above Ans: d Response: See page 316

33. Which of the following is not a restriction of structured programming? a) each module has multiple functions b) each module has one entrance and one exit c) no GOTO statements allowed d) has only three techniques: sequence, decision, loop e) none of the above Ans: a Response: See page 316

34. In structured programmings _____ structure, the logic flow branches depending on certain conditions being met. a) decision b) sequence c) decision d) return e) parallel Ans: a Response: See page 316

35. In structured programmings _____ structure, the software executes the same program, or parts of it, until certain conditions are met. a) decision b) sequence c) decision d) return e) parallel Ans: c Response: See page 316

36. _____conversion is the process where the old system and the new system operate simultaneously for a period of time. a) parallel b) direct c) pilot d) phased Ans: a Response: See page 317

37. _____ conversion is the process where the old system is cut off and the new system is turned on at a certain point in time. a) parallel b) direct c) pilot d) phased Ans: b Response: See page 317

38. _____ conversion is the process where the new system is introduced in one part of the organization. a) parallel b) direct c) pilot d) phased Ans: c Response: See page 318

39. _____ conversion is the process where components of the new system are introduced in stages. a) parallel b) direct c) pilot d) phased Ans: d Response: See page 318

40. The riskiest type of conversion process is: a) parallel b) direct c) pilot d) phased Ans: b Response: See page 317

41. If a firm shuts down its old COBOL legacy system and starts up the new PeopleSoft ERP system immediately, this is called _____: a) phased conversion b) direct conversion c) parallel conversion d) pilot conversion Ans: b Response: See page 317

42. As systems age, maintenance costs _____: a) decrease b) increase c) stay the same d) remain negligible e) are not considered Ans: b Response: See page 318

43. Maintenance includes which of the following types of activities? a) debugging b) updating the system to accommodate changes in business conditions, but not adding functionality c) adding new functionality to the system d) all of the above Ans: d Response: See page 318

44. Which of the following systems acquisition methods helps clarify user requirements, promotes genuine user participation, and may produce part of the final system? a) systems development life cycle b) prototyping c) end-user development d) external acquisition e) component-based development Ans: b Response: See page 318

45. Which of the following systems acquisition methods may encourage inadequate problem analysis, is not practical with large numbers of users, and may result in a system with lower quality. a) systems development life cycle b) prototyping c) end-user development d) external acquisition e) component-based development Ans: b Response: See page 318

46. The _____ approach to systems development defines an initial list of user requirements, then develops the system in an iterative fashion. a) integrated computer-assisted software engineering b) joint application design

c) rapid application development d) prototyping e) systems development life cycle Ans: d Response: See page 318

47. The _____ approach to systems development is a group-based tool for collecting user requirements. a) integrated computer-assisted software engineering b) joint application design c) rapid application development d) prototyping e) systems development life cycle Ans: b Response: See page 319

48. The _____ approach to systems development uses specialized tools to automate many of the tasks in the systems development life cycle. a) integrated computer-assisted software engineering b) joint application design c) rapid application development d) prototyping Ans: a Response: See page 319

49. Which of the following is not an advantage of the Joint Application Design approach to systems development? a) involves fewer users in the development process b) saves time c) greater user acceptance of the new system d) can produce a system of higher quality Ans: a Response: See page 319

50. Computer-aided software engineering tools provide which of the following advantages? a) can produce systems with longer effective operational lives b) can produce systems that more closely meet user requirements c) can speed up the development process d) can produce systems that are more adaptable to changing business conditions e) all of the above Ans: e Response: See page 319

51. Which of the following is not an advantage of computer-aided software engineering tools? a) can produce systems with longer effective operational lives b) can produce systems that more closely meet user requirements c) can require fewer developers d) can speed up the development process Ans: c Response: See page 319

52. Computer-aided software engineering tools provide which of the following disadvantages? a) produce initial systems that are more expensive to build and maintain b) require more extensive and accurate definition of user requirements c) difficult to customize d) difficult to use with existing systems e) all of the above Ans: e Response: See page 319

53. Which of the following is not a disadvantage of computer-aided software engineering tools? a) produce initial systems that are more expensive to build and maintain b) require more extensive and accurate definition of user requirements c) require more developers d) difficult to customize Ans: c Response: See page 319

54. Advantages of Rapid Application Development include which of the following? a) active involvement of users in the development process b) faster development process c) system better meets user needs d) reduction in training costs e) all of the above Ans: e Response: See page 320

55. Which of the following systems acquisition methods bypasses the IT department, avoids delays, and results in increased user acceptance of the new system? a) systems development life cycle b) prototyping c) end-user development d) external acquisition e) component-based development Ans: c

Response: See page 320

56. Which of the following systems acquisition methods may eventually require maintenance assistance from the IT department, produce inadequate documentation, and result in a system with inadequate interfaces to existing systems? a) systems development life cycle b) prototyping c) end-user development d) external acquisition e) component-based development Ans: c Response: See page 320

57. Which of the following is the most difficult and crucial task in evaluating a vendor and a software package? a) identifying potential vendors b) determining the evaluation criteria c) evaluating vendors and packages d) choosing the vendor and package e) negotiating a contract Ans: b Response: See page 325-326

Chapter 3 1. Various organizations that promote fair and responsible use of information systems often develop _____: a) a code of ethics b) a strategic plan c) a mission statement d) responsibility charters e) a goals outline Ans: a Response: See page 62

2. A_____ is intellectual work that is known only to a company and is not based on public information. a) copyright b) patent c) trade secret

d) knowledge base e) private property Ans: c Response: See page 62

3. A_____ is a document that grants the holder exclusive rights on an invention for 17 years. a) copyright b) patent c) trade secret d) knowledge base e) private property notice Ans: b Response: See page 629

4. _____ is a statutory grant that provides the creators of intellectual property with ownership of it for 28 years. a) copyright b) patent c) trade secret d) knowledge base e) private property Ans: a Response: See page 62

5. Which of the following is not an ethical issue? a) privacy b) accuracy c) transferability d) property e) accessibility Ans: c Response: See page 62

6. _____ issues involve collecting, storing and disseminating information about individuals. a) privacy b) accuracy c) transferability d) property e) accessibility Ans: a Response: See page 62

7. _____ issues involve the authenticity and fidelity of information that is collected and processed. a) privacy b) accuracy c) transferability d) property e) accessibility Ans: b Response: See page 62

8. _____ issues involve the ownership and value of information. a) privacy b) accuracy c) transferability d) property e) accessibility Ans: d Response: See page 62

9. _____ issues involve who may obtain information and how much they should pay for this information. a) privacy b) accuracy c) transferability d) property e) accessibility

Ans: e Response: See page 62

10. Which of the following factors are increasing the threats to information security? a) smaller computing devices b) cheaper computing devices c) the Internet d) increased computer literacy e) all of the above Ans: e Response: See page 68

11. Which of the following factors are not increasing the threats to information security? a) smaller computing devices b) cheaper computing devices c) the Internet d) decreased computer literacy e) intranets Ans: d Response: See page 68

12. A _____ is any danger to which an information resource may be exposed. a) vulnerability b) risk c) control d) threat e) compromise Ans: d Response: See page 68

13. A(n) _____ is the harm, loss, or damage that can result if an information resource is compromised. a) vulnerability b) risk c) control

d) threat e) exposure Ans: e Response: See page 68

14. An information systems _____ is the possibility that the system will suffer harm by a threat. a) vulnerability b) risk c) control d) danger e) compromise Ans: a Response: See page 68

15. Earthquakes, floods, power failures, and fires are examples of which type of threat? a) intentional b) environmental c) social engineering d) disasters e) none of the above Ans: b Response: See page 70

16. Unintentional threats to information systems include all of the following except: a) malicious software b) fire and flood c) computer system failures d) lack of user experience d) all of the above Ans: a Response: See pages 69-70

17. Which of the following is not an unintentional threat to information systems?

a) human errors b) viruses c) environmental hazards d) computer system failures e) none of the above Ans: b Response: See page 69-70

18. Which of the following is not an intentional threat to information systems? a) environmental hazards b) theft of data c) deliberate manipulation in processing data d) destruction from viruses and denial of service attacks e) none of the above Ans: a Response: See page 69-70

19. Rank the following in terms of dollar value of the crime, from highest to lowest. a) robbery white collar crime cybercrime b) white collar crime extortion robbery c) cybercrime white collar crime robbery d) cybercrime robbery white collar crime e) white collar crime burglary robbery Ans: c Response: See page 70

20. An employee used his computer to steal 10,000 credit card numbers from a credit card company. He is a_____: a) hacker b) cracker c) jacker d) trespasser e) none of the above Ans: b Response: See page 70

21. _____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges. a) cracking b) hacking c) spoofing d) social engineering e) spamming Ans: d Response: See page 70

22. The fastest growing white collar crime is _____ : a) extortion b) identity theft c) insider trading d) stock fraud e) software piracy Ans: b Response: See page 71

23. _____ are segments of computer code that attach to existing computer programs and perform malicious acts. a) viruses b) worms c) Trojan horses d) back doors e) alien software Ans: a Response: See page 72

24. _____ are destructive computer programs that replicate themselves without requiring a host program. a) viruses b) worms c) Trojan horses d) back doors

e) alien software Ans: b Response: See page 73

25. _____ are software programs that hide in other computer programs and reveal their designed behavior only when they are activated. a) viruses b) worms c) Trojan horses d) back doors e) alien software Ans: c Response: See page 73

26. _____ are segments of computer code embedded within an organizations existing computer programs, that activate and perform a destructive action at a certain time or date. a) viruses b) worms c) Trojan horses d) back doors e) logic bomb Ans: e Response: See page 72

27. _____ is/are usually a password that allows an attacker to bypass any security procedures. a) viruses b) worms c) Trojan horses d) back doors e) alien software Ans: d Response: See page 73

28. In a_____ attack, the attacker sends so many information requests to a target that the target cannot handle them all and may crash. a) phishing b) denial-of-service c) worm d) back door e) Trojan horse Ans: b Response: See page 73

29. In a_____ attack, a coordinated stream of requests is launched against a target system from many compromised computers at the same time. a) phishing b) denial-of-service c) worm d) back door e) distributed denial-of-service Ans: e Response: See page 73

30. _____ is clandestine software that is installed on your PC through duplicitous channels, but is not very malicious. a) pestware b) virus c) worm d) back door e) logic bomb Ans: a Response: See page 74

31. The vast majority of pestware is _____ : a) spyware b) spamware c) adware d) virus e) worm

Ans: c Response: See page 74

32. A(n) _____ is an automated computer program that removes a particular software package entirely. a) remover b) uninstaller c) cancellation program d) eraser e) worm Ans: b Response: See page 74

33. _____ is designed to help pop-up advertisements appear on your screen. a) spyware b) spamware c) adware d) virus e) worm Ans: c Response: See page 74

34. Keylogger programs are examples of _____: a) spyware b) spamware c) adware d) virus e) worm Ans: a Response: See page 74

35. Password capture programs are examples of _____: a) spyware b) spamware

c) adware d) virus e) worm Ans: a Response: See page 74

36. _____ is designed to use your computer as a launch pad for sending unsolicited email to other computers. a) spyware b) spamware c) adware d) virus e) worm Ans: b Response: See page 74

37. _____ uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail. a) pharming b) denial-of-service c) distributed denial-of-service d) phishing e) brute force dictionary attack Ans: d Response: See page 75

38. In a _____ attack, the attacker fraudulently acquires the Domain Name for a companys Web site, so that when victims type in that companys URL, they are directed to the attackers site. a) pharming b) denial-of-service c) distributed denial-of-service d) phishing e) brute force dictionary attack Ans: a Response: See page 75

39. A(n) _____ is an intellectual work that is a company secret and is not based on public information. a) patent b) trade secret c) copyright d) insider information e) none of the above Ans: b Response: See page 76

40. A(n) _____ is a document that grants the holder exclusive rights on an invention or process for 20 years. a) patent b) trade secret c) copyright d) insider information e) none of the above Ans: a Response: See page 76

41. A(n) _____ is a statutory grant that provides the creators of intellectual property with ownership of the property for the life of the creator plus 70 years. a) patent b) trade secret c) copyright d) insider information e) none of the above Ans: c Response: See page 76

42. _____ is the process in which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it. a) risk management

b) risk analysis c) risk mitigation d) risk acceptance e) risk transference Ans: b Response: See page 78

43. In _____, the organization takes concrete actions against risks. a) risk management b) risk analysis c) risk mitigation d) risk acceptance e) risk transference Ans: c Response: See page 78

44. In _____, the organization continues operating without controls and plans to absorb any damages that occur. a) risk management b) risk analysis c) risk mitigation d) risk acceptance e) risk transference Ans: d Response: See page 78

45. In _____, the organization implements controls that minimize the impact of a threat. a) risk limitation b) risk analysis c) risk mitigation d) risk acceptance e) risk transference Ans: a Response: See page 78

46. In _____, the organization purchases insurance as a means to compensate for any loss. a) risk management b) risk analysis c) risk mitigation d) risk acceptance e) risk transference Ans: e Response: See page 78

47. _____ prevent unauthorized individuals from gaining access to a companys computer facilities. a) access controls b) physical controls c) data security controls d) administrative controls e) input controls Ans: b Response: See page 79

48. _____ restrict unauthorized individuals from using information resources and are concerned with user identification. a) access controls b) physical controls c) data security controls d) administrative controls e) input controls Ans: a Response: See page 79

49. Biometrics are an example of: a) something the user is b) something the user wants c) something the user has d) something the user knows e) something the user does

Ans: a Response: See page 79

50. Retina scans and fingerprints are examples of: a) something the user is b) something the user wants c) something the user has d) something the user knows e) something the user does Ans: a Response: See page 79

51. ID cards, smart cards, and tokens are examples of: a) something the user is b) something the user wants c) something the user has d) something the user knows e) something the user does Ans: c Response: See page 79

52. Voice and signature recognition are examples of: a) something the user is b) something the user wants c) something the user has d) something the user knows e) something the user does Ans: e Response: See page 79

53. Passwords and passphrases are examples of: a) something the user is b) something the user wants c) something the user has

d) something the user knows e) something the user does Ans: d Response: See page 79

54. _____ passwords will always overcome _____ security. a) strong, strong b) weak, weak c) weak, strong d) strong, weak e) none of the above Ans: c Response: See page 79

55. Which of the following is not a characteristic of strong passwords? a) should be difficult to guess b) should contain special characters c) should not be a recognizable word d) should not be a recognizable string of numbers e) should be shorter rather than longer Ans: e Response: See page 81

56. Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Teds _____ key and Ted decrypts the message using his _____ key. a) public, public b) public, private c) private, private, d) private, public Ans: b Response: See page 83

57. Information systems auditing consists of which of the following? a) auditing around the computer

b) auditing through the computer c) auditing with the computer d) all of the above Ans: d Response: See page 85

58. Which of the following is not a part of information systems auditing? a) auditing around the computer b) auditing through the computer c) auditing with the computer d) auditing without the computer e) none of the above Ans: d Response: See page 85

59. _____ means verifying processing by checking for known outputs using specific inputs. a) auditing around the computer b) auditing through the computer c) auditing with the computer d) auditing without the computer Ans: a Response: See page 389

60. _____ means using a combination of client data, auditor software, and client and auditor hardware. a) auditing around the computer b) auditing through the computer c) auditing with the computer d) auditing without the computer Ans: c Response: See page 389-391