Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
175 Cards in this Set
- Front
- Back
|
Which of the following is a type of control that is used to ensure the development of a high quality, reliable information system? |
D) all of the above |
|
|
Why is it important for a system analyst to document formal as well as informal systems within an organization?
|
B) the usage of an informal system by users means that the formal system is deficient in some way and users have designed ways to work around it. |
|
|
Which of the following elements usually includes subcomponents to filter, translate, store, and correct data that flows through it? |
D) interface |
|
|
|
B) inputs |
|
|
Using a payroll system as an example, paychecks and W-2 forms are examples of which of the following system elements? |
A) outputs |
|
|
In basic systems terminology, the process of breaking down a system into successive levels of subsystems is called: |
D) hierarchical decomposition. |
|
|
A numerical digit based on the other digits within a numerical identifier is referred to as a: |
B) check digit. |
|
|
Which of the following is an example of a goal of hierarchical decomposition? |
B) to analyze or change only part of the system |
|
|
Which of the following is not an example of a principal method for system decoupling? |
D) benchmarking |
|
|
A physical system description depicts ________ the system operaters, while a logical system description depicts ________ the system does. |
A) how; what |
|
|
Which of the following system descriptions depicts the function and purpose (the what) of the system without reference to, or implications for, the actual way in which the system will be implemented? |
B) logical system description |
|
|
Which is a basic principle of business process reengineering (BPR) suggested by Hammer ? |
A) integrating information processing into the work that produces the information |
|
|
As defined in the textbook, the generic systems development life cycle consists of the following three phases: |
B) definition, construction, and implementation. |
|
|
Which of the following best describes the definition phase of the systems life cycle?
|
C) Business and systems professionals document systems needs and feasibility. |
|
|
Which of the following best describes the construction phase of the systems life cycle? |
A) The system is functionally designed, and then its physical design is specified. |
|
|
Which of the following describes an early step in the implementation phase of the systems life cycle? |
Data and procedures from the old system are converted |
|
|
Procedural-oriented approaches to systems design first involve the: |
As-Is model. |
|
|
When a physical model of a system is depicted with a diagram, cylinders are used to represent: |
databases |
|
|
Which of the following technique is most closely associated with the Logical To-Be model? |
data flow diagram |
|
|
Which of the following is not graphically represented in a data flow diagram (DFD)? |
sender |
|
|
When developing a logical data flow diagram, a circle indicates: |
a process component. |
|
|
When developing a logical data flow diagram, a rectangle (or open rectangle) indicates: |
data at rest. |
|
|
The most common approach to defining data elements in a DFD is to create a(n): |
data dictionary/directory. |
|
|
All of the following are tools for representing the Logical To-Be model of an information system except a(n): |
program chart. |
|
|
In the object-oriented (O-O) approach to software engineering, the term "encapsulation" refers to: |
storing data and related operations together within objects. |
|
|
26) Which of the following diagrams is not part of the Unified Modeling Language for O-O modeling? |
context diagram |
|
|
27) Which of the following statements is not true about system testing controls in the construction phase of the systems life cycle? |
Users are not involved in system testing. |
|
|
What set of international guidelines includes an extensive set for implementation management practices against which firms can benchmark their own practices? |
ITIL |
|
|
Controls for the validity of data entered into an application program (such as ensuring that only numbers are entered into a numeric field) are referred to as: |
edit rules. |
|
|
Security measures that are concerned with whether or not users can run an application, read a file, or change data in a database, or can change who can access to data that others have created are referred to as: |
logical access controls. |
|
|
One of the fundamental principles of systems analysis and design (SA&D) is that the logical system should be described before the physical system. |
TRUE |
|
|
System testing only occurs when systems are initially developed. |
FALSE |
|
|
In general, the term "system" is defined as a set of interrelated components that must work together to achieve some common purpose. |
TRUE |
|
|
The SDLC phase that typically requires the greatest percentage of the total cost for a custom development project is the ________ phase. |
construction |
|
|
During the feasibility analysis phase of the SDLC, which of the following types of feasibility is not assessed? |
time-driven |
|
|
Who usually takes primary responsibility for establishing the custom development costs for an SDLC project? |
IS analyst |
|
|
The ________ approach to systems development has often been referred to as the "waterfall" model. |
SDLC |
|
|
Deciding what hardware and systems software will be used to operate the system and defining the processing modules that will comprise the system are part of which SDLC step? |
system design |
|
|
Testing a new custom system before implementation is the responsibility of: |
both users and IS analysts. |
|
|
Which of the following accurately describes the order in which a system is tested? |
module testing, subsystem testing, integration testing, acceptance testing |
|
|
A conversion strategy whereby an organization continues to operate the old system together with the new one for one or more cycles, until the new system is working properly and the old system can be discontinued, is called a: |
parallel strategy. |
|
|
A conversion strategy whereby the new system is first implemented in only part of the organization to solve any problems before implemented in the rest of the organization is called a: |
pilot strategy. |
|
|
The following diagram depicts which of the following conversion strategies? zig zag
|
phased strategy |
|
|
The following diagram depicts a cutover conversion strategy. Which of the following best characterizes this type of conversion strategies? Straight line |
risky |
|
|
The percentage of resources devoted to the maintenance of a system: |
generally increases over time. |
|
|
Which of the following is not typically the responsibility of an IT project manager? |
approve funds for the project |
|
|
Which of the following best describes a responsibility of a systems analyst? |
develop detailed system requirements |
|
|
Which prototyping step is not the responsibility of the system builders? |
use prototype and note desired changes |
|
|
Which of the following is not an advantage of prototyping? |
End-prototype typically has more security and control features than a system developed with an SDLC process. |
|
|
Which of the following is typical for a pure prototyping approach? |
all of the above |
|
|
When prototyping is incorporated into a traditional SDLC approach, it is most commonly included as part of which of the following steps? |
requirements definition |
|
|
Which of the following best describes a common prototyping goal when it is used as part of a prototyping/piloting approach? |
both A and B |
|
|
Which of the following is a technique where a team of users and IS specialists engage in an intensive session to minimize the total time required for gathering information from multiple participants? |
JAD |
|
|
A software tool used to automate one or more steps of a software development methodology is referred to as: |
CASE. |
|
|
All of the following are considered advantages to using RAD methodology, except: |
system quality much higher than with SDLC. |
|
|
Which is a potential advantage of having an application developed by a business user, rather than an IS professional? |
all of the above |
|
|
Which is not a potential disadvantage of having an application developed by a business user, rather than an IS professional? |
Users typically pay more attention to system controls for ensuring data quality and security, and therefore development costs are higher. |
|
|
What three characteristics should be evaluated by organizations when choosing whether or not to have a non-IS professional develop a new application? |
application, development tool, and developer characteristics |
|
|
What is a specific characteristic of an application that can be important for determining the potential risks of developing a new business application by an employee with no professional IS training? |
both A and B |
|
|
A common shortcoming of user-developed applications is: |
inadequate knowledge of the business problem. |
|
|
Which of the following is not a characteristic of eXtreme Programming (XP)? |
it works best when developing large-scale, complex transaction processing systems |
|
|
The agile method that emphasizes independent project teams, coordination and communication between and within teams with lots of team meetings, iterative and continuous monitoring of work, team ownership of the final product is called: |
Scrum. |
|
|
Which of the following is not a key guideline for managing day-to-day interactions with outsourced staff? |
closely monitor and manage the work of the outsourcer's staff |
|
|
The parallel strategy of installing a new system is the riskiest method of installation because the old system is abandoned as soon as the new system is implemented. |
FALSE |
|
|
The Construction phase of the SDLC involves installation and operations of the new system. |
FALSE |
|
|
The SDLC methodology is the best methodology when an application needs to be quickly developed. |
FALSE |
|
|
Agile methodologies are especially useful for developing smaller systems rather than largescale transaction processing applications. |
TRUE |
|
|
A type of testing where the objective is to make sure that the system performs reliably and does what it is supposed to do in a user environment is referred to as user acceptance testing. |
TRUE |
|
|
When a change made to one part of a system results in unexpected changes to another part of the system, it is commonly referred to as a ripple effect. |
TRUE |
|
|
Some consultants have claimed that up to one-third of all spreadsheets contain errors, which can include mechanical errors (typos), errors in logic, as well as errors in omission. |
TRUE |
|
|
When considering the purchase of a major software application, managers need to also consider the following potential downside: |
The package seldom totally fits the company's needs. |
|
|
Which statement is not true about using an ASP purchasing option? |
A 3rd-party organization delivers the software functionality via the Internet. |
|
|
If an organization purchases a software package and does not modify or add to the package in-house, the construction phase then is often limited to which step? |
system testing |
|
|
When comparing a traditional SDLC and a purchasing life cycle methodology, which step is found in a modified SDLC approach but not in a traditional SDLC? |
establish evaluation criteria |
|
|
When purchasing a software package, a successful definition phase ends with a(n): |
vendor contract. |
|
|
Being an Alpha site usually means that the client company: |
plays a significant role in determining the functionality of the package. |
|
|
Being a Beta site usually means that the company: |
plays a significant role in user acceptance testing for the vendor. |
|
|
plays a significant role in user acceptance testing for the vendor. |
more, less |
|
|
Which criterion should a firm consider when evaluating candidate software packages? |
all of the above |
|
|
The acronym RFP stands for: |
request for proposal. |
|
|
In addition to evaluating the vendors' responses from the formal RFP process, what other type of data collection for a leading candidate package is recommended? |
both A and B |
|
|
When matching a company's needs with the capabilities of a software package, an alternative to address a mismatch is: |
both A and B |
|
|
Which of the following statements about choosing alternative packages is false? |
If modifications are made to a package, it will not impact what modifications may need to be made when the vendor releases an upgraded version of the package. |
|
|
A contract with a vendor usually does not include: |
feasibility analysis. |
|
|
With a cost-reimbursement type of contract, the greatest risk is assumed by: |
the purchasing company. |
|
|
With a fixed-price contract, the greatest risk is typically assumed by: |
the vendor. |
|
|
Options for modifying the code of a purchased package include: |
all of the above |
|
|
Which of the following is a factor that can affect the success of the installation plan for a purchased package? |
all of the above |
|
|
A change management program as part of an IT project is used to: |
avoid resistance by business users to a new system being implemented. |
|
|
Which of the following activities is not part of the installation step of the SDLC for a purchased package? |
acceptance testing |
|
|
Which of the following statements about having a vendor perform package maintenance is false? |
Vendors continue to support all prior versions of a package. |
|
|
What types of employees outside of an organization's IS department may be involved in a purchased software project? |
) all of the above |
|
|
If extensive changes in business processes and procedures are needed to effectively implement the purchased software, business managers are typically asked to take the role of: |
project manager. |
|
|
Successful implementation of a purchased software package typically depends upon:
|
how well the Definition phase was conducted. |
|
|
A primary advantage of purchasing an existing software package rather than developing a custom application is: |
IS people resources can be dedicated to projects for systems that can't be purchased. |
|
|
Which of the following is a long-term advantage of purchasing packaged systems? |
both A and C |
|
|
Which is not a potential disadvantage of purchasing packaged systems? |
costs more than if custom developed (in-house or contractor) |
|
|
Which of the following statements about purchasing enterprise system packages is false? |
ERP systems typically involve a lot of custom interfaces to legacy systems. |
|
|
Which of the following is not a critical success factor for ERP project success? |
The ERP system should be customized to match current business processes. |
|
|
Which is not an advantage of open source software? |
Complete documentation for the software is freely available. |
|
|
An RFP should be sent to as many vendors as possible. |
FALSE |
|
|
When there are discrepancies between a package's capabilities and a company's needs, the only way to deal with the discrepancies is by modifying the package. |
FALSE |
|
|
Employee training is part of the installation step of the SDLC. |
TRUE |
|
|
Choosing between building a custom application and purchasing a software package is called a make-or-buy decision. |
TRUE |
|
|
For large enterprise system packages, it is common for companies to contract with a consulting firm, called a third-party implementation partner, to provide installation and maintenance support. |
TRUE |
|
|
A company that elects to use a "hosted" application rather than to purchase the software application and host it on its own equipment, is making use of a(n) application service provider (or ASP). |
TRUE |
|
|
Open source software is well-suited for very specialized applications and business processes. |
FALSE |
|
|
What is the approximate total business loss (in U.S. dollars) resulting from the largest reported customer data security breach to date involving retailers or financial institutions as of 2010? |
1 billion |
|
|
When a web site mimics a legitimate site for the purpose of misleading or defrauding an Internet user, it is called: |
spoofing. |
|
|
Hackers can be differentiated from crackers by: |
their level of malicious intent. |
|
|
Which type of employee does not need to be aware of basic types of information security technologies? |
none of the above |
|
|
Research has shown that an organization's inability to return to normal business activities after a major disruption is a key predictor of: |
business survival. |
|
|
Which of the following is a typical statement included in an organization's acceptable use policy? |
all of the above. |
|
|
What is just beginning to be addressed in organizations' acceptable-use policies? |
usage of social media |
|
|
Which of the following must an organization's management do if HIPAA applies to its activities? |
assign a person or persons to be responsible for HIPAA compliance |
|
|
What is the best term to describe those who break into computers to steal information, wipe out hard drives, or do others harm? |
crackers |
|
|
Why is it difficult for companies to manage their e-mail on their own private subnets? |
all of the above |
|
|
Determining a Return Benefit for a specific security action is based on which of the following? |
annualized Expected Losses and Annualized Cost of Actions |
|
|
What are sources to use to calculate a single loss expectancy as part of a risk assessment? |
both A and B |
|
|
Which organizational position is directly responsible for the balancing of an organization's security risks with the costs to avoid them? |
the CSO |
|
|
Which of the following is one of the areas in which controls are assessed by auditors using the COSO framework? |
all of the above |
|
|
Which of the following is not one of the rules that the GLBA gives federal agencies and states the ability to enforce? |
Credit Information Rule |
|
|
What effect does The PATRIOT Act passed by Congress have on the U.S. government's ability to access an individual's personal information? |
significantly strengthens |
|
|
What are some of the benefits to organizations with written privacy policies? |
all of the above |
|
|
Which of the following is not one of the common policy areas generally included in an information security policy? |
Usage of Social Security Number Policies. (e.g., whether it is an identifier) |
|
|
Putting plans in place to ensure that employees and business processes can continue when faced with any major unanticipated disruption is called: |
Business Continuity Planning. |
|
|
What are some means to deal with key information security management issues? |
all of the above |
|
|
Which position is responsible for continually assessing an organization's information security risks and developing and implementing effective countermeasures? |
CSO or CISO |
|
|
Which statement about computer crimes is not true? |
Data and application encryption are not considered robust security approaches |
|
|
What should an ERM manager (or an ERM committee) be responsible for? |
classifying specific records based upon their importance, regulatory requirements, and duration. |
|
|
BCP shortcomings recently identified during crises include: |
all of the above |
|
|
The Sarbanes-Oxley act requires officers of publicly traded companies in the U.S. to certify that: |
they are responsible for establishing and maintaining internal financial controls |
|
|
Creating a BCP in the U.S. requires: |
identifying interdependencies between critical business processes and business units. |
|
|
Which of the following is the recommended means for disseminating an organization's information security policy? |
all of the above |
|
|
A denial of service attack is implemented by simultaneously sending a large number of messages to a target computer to create a computer or communications overload, so that legitimate users cannot obtain access. |
TRUE |
|
|
A worm is a virus that has the ability to copy itself from machine to machine, usually over a network. |
TRUE |
|
|
Due to several recent laws regarding information security, it is a good practice to provide existing civil and criminal laws rather than have a company-specific information security policy. |
FALSE |
|
|
Primary sources of thefts of intellectual property rights, trade secrets, and research and development knowledge are employees. |
TRUE |
|
|
The goal of the IS manager responsible for information security is to eliminate all information risk. |
FALSE |
|
|
Electronic Records management (ERM) practices became a more important information security management issue in the U.S. in 2006 when new legislation established new rules for timely information gathering in response to potential litigation.
|
TRUE |
|
|
Which is not a social problem that is perceived to have increased due to information technology? |
difficulties in connecting with people in other regions of the world |
|
|
Which of the following is not a reason that legal systems in developed countries have not kept up with available information technologies? |
The existing laws can easily be reinterpreted to apply to new technologies. |
|
|
Ethical problems associated with the use of IT may affect all of the following except: |
all of the above |
|
|
Approximately what percentage of the U.S. public is quite sensitive to the loss of privacy of their personal information? |
25% |
|
|
Which large Internet advertising company has caused concerns among privacy organizations due to its purchase or alliance with other companies? |
DoubleClick |
|
|
What is a reason for including ethics discussions in an IT management forum? |
both A and B |
|
|
According to the textbook, which of the following is also an ethical behavior that is recognized by most world religions? |
treat others as you would like them to treat you |
|
|
In the context of developing and using IT, what is the common flaw in ethical reasoning? |
ignoring some affected parties |
|
|
Sending an e-mail that falsely claims to be a legitimate enterprise in an attempt to scam the user into providing private information is called: |
phishing. |
|
|
Which is not true about the impacts of identity theft today? |
none of the above |
|
|
Which of the following is true about investigations of identity theft in the U.S. today? |
both A and C |
|
|
Which statement is true concerning privacy in the U.S.? |
a great deal of legislation that purports to offer some privacy protection |
|
|
Which of the following is not a characteristic of intellectual property (IP)? |
sharing IP has become more difficult over the years |
|
|
When a customer wants to "opt-out" from a U.S. company sharing his or her information with third parties: |
it often takes a lot of effort and time for customers to understand how to accomplish it. |
|
|
The U.S. position on privacy can be characterized as being favorable toward: |
consumer data are primarily viewed as a saleable, usable asset that belongs to the corporation that collected the data. |
|
|
According to the Federal Trade Commission, "someone appropriating your personal information without your knowledge to commit fraud or theft" is called: |
an identity theft. |
|
|
Advances in artificial intelligence can raise social and ethical issues because: |
all of the above |
|
|
A "cookie" is: |
a small record stored on the user's computer that identifies the user to a Web site. |
|
|
In the U.S., the only federal law that limits employer surveillance of its workers is related to: |
eavesdropping on spoken personal conversation. |
|
|
Which of the following regions has the lowest rate of software piracy? |
North America |
|
|
Which of the following prevents someone else from creating another computer program that does the same thing as a copyrighted program? |
patents. |
|
|
What type of impact on the software industry from awarding a large number of patents to IT industry giants such as Microsoft has been documented? |
the growth of small software firms is inhibited |
|
|
Software piracy: |
typically is not rigorously deterred by governments in less developed countries. |
|
|
Which of the following is true of patents? |
gives the creator the exclusive right to the manufacture and uses what has been patented for a limited period of time |
|
|
Recent piracy rates for music CDs were highest in: |
Indonesia and Paraguay. |
|
|
Swapping or sharing music on the Internet: |
first gained widespread popularity with the advent of Napster. |
|
|
In 2007, Microsoft asserted that 235 company patents were infringed upon by open source programs. What effect did this announcement have? |
it slowed down the growth of open source communities. |
|
|
Which of the following is true regarding personal financial credit reports? |
inaccuracies are not usually spotted because many individuals do not review their reports regularly |
|
|
In a recent survey, what percentage of students studying in a sample of U.S. colleges and universities said it is always wrong to pirate music and movies? |
more than 10% but less than 25% |
|
|
Amazon.com settled a lawsuit with Barnes and Noble in March 2002 that centered on the infringement of what patent? |
its "one-click-ordering" process |
|
|
The U.S. has much stronger privacy laws and practices than Europe. |
FALSE |
|
|
U.S. copyright laws make it illegal to copy software and use it without the software vendor's permission. |
TRUE |
|
|
A patent gives its creator the exclusive right to the manufacture and use of a new design or method for a limited period of time. |
TRUE |
|
|
Some ethical issues are viewed differently depending upon the culture in which they arise. |
TRUE |
|
|
According to the Federal Trade Commission (FTC), identify theft is "someone appropriating your personal information without your knowledge to commit fraud or theft." |
TRUE |
