Multiple Choice
1. IT applications can be developed in which of the following ways?
a) build the system in-house
b) buy an application and install it
c) lease software from an application service provider
d) outsource it
e) all of the above
Ans: e
Response: See page 302
2. The information systems planning process proceeds in which order?
a) organization mission – organization strategic plan – IS strategic plan – new IT architecture
b) organization mission – IS strategic plan – organization strategic plan – IS operational plan
c) organization strategic plan – organization mission – IS strategic plan – new IT architecture
d) IT architecture – IS strategic plan – organization strategic plan – organization mission …show more content…
e) IS development projects – IS operational plan – new IT architecture – organization mission
Ans: a
Response: See page 306-307
3. A typical IS operational plan contains which of the following elements?
a) mission of the IS function
b) summary of the information needs of the functional areas and of the entire organization
c) IS function’s estimate of its goals
d) application portfolio
e) all of the above
Ans: e
Response: See page 306-307
4. Which of the following is not a part of the typical IS operational plan?
a) mission of the IS function
b) organizational mission
c) IT architecture
d) application portfolio
e) IS function’s estimate of its goals
Ans: b
Response: See page 307
5. Evaluating the benefits of IT projects is more complex than evaluating their costs for which of the following reasons?
a) benefits are harder to quantify
b) benefits are often intangible
c) IT can be used for several different purposes
d) probability of obtaining a return from an IT investment is based on the probability of implementation success
e) all of the above
Ans: e
Response: See page 308
6. Evaluating the benefits of IT projects is more complex than evaluating their costs for all of the following reasons except:
a) benefits are harder to quantify
b) benefits are often tangible
c) IT can be used for several different purposes
d) probability of obtaining a return from an IT investment is based on the probability of implementation success
Ans: b
Response: See page 308
7. The _____ method converts future values of benefits to today’s value by “discounting” them at the organization’s cost of funds.
a) net present value
b) cost-benefit analysis
c) return on investment
d) internal rate of return
e) business case approach
Ans: a
Response: See page 308
8. The _____ method measures the effectiveness of management in generating profits with its available assets.
a) net present value
b) cost-benefit analysis
c) return on investment
d) internal rate of return
e) business case approach
Ans: c
Response: See page 308
9. Which of the following are advantages of the buy option for acquiring IS applications?
a) many different types of off-the-shelf software are available
b) software can be tried out
c) saves time
d) company will know what it is getting
e) all of the above
Ans: e
Response: See page 309
10. Which of the following is not an advantage of the buy option for acquiring IS applications?
a) few types of off-the-shelf software are available, thus limiting confusion
b) software can be tried out
c) saves time
d) company will know what it is getting
e) all of the above
Ans: a
Response: See page 309
11. Which of the following are disadvantages of the buy option for acquiring IS applications?
a) software may not exactly meet the company’s needs
b) software may be impossible to modify
c) company will not have control over software improvements
d) software may not integrate with existing systems
e) all of the above
Ans: e
Response: See page 310
12. Which of the following systems acquisition methods results in software that can be tried out, has been used for similar problems in other organizations, and can save time?
a) systems development life cycle
b) prototyping
c) end-user development
d) buy option
e) object-oriented development
Ans: d
Response: See page 310
13. Which of the following systems acquisition methods results in software that is controlled by another company, may be difficult to enhance or modify, and may not support desired business processes?
a) systems development life cycle
b) prototyping
c) end-user development
d) buy option
e) component-based development
Ans: d
Response: See page 310
14. Which of the following systems acquisition methods forces staff to systematically go through every step in the development process and has a lower probability of missing important user requirements?
a) systems development life cycle
b) prototyping
c) end-user development
d) external acquisition
e) object-oriented development
Ans: a
Response: See page 311
15. Which of the following systems acquisition methods is time-consuming, costly, and may produce excessive documentation?
a) systems development life cycle
b) prototyping
c) end-user development
d) external acquisition
e) object-oriented development
Ans: a
Response: See page 311
16. Place the stages of the systems development life cycle in order:
a) investigation – analysis – design – programming – testing – implementation – operation – maintenance
b) investigation – design – analysis – programming – testing – implementation – maintenance – operation
c) analysis – design – investigation – operation – maintenance – programming – testing – implementation
d) investigation – analysis – design – programming – testing – maintenance – operation – implementation
Ans: a
Response: See page 312
17. The feasibility study addresses which of the following issues?
a) economic feasibility
b) technical feasibility
c) behavioral feasibility
d) all of the above
Ans: d
Response: See page 313
18. The _____ that changes are made in the systems development life cycle, the _____ expensive these changes become.
a) sooner, less
b) later, less
c) more frequently, more
d) more extensively, more
e) sooner, more
Ans: a
Response: See page 313
19. ____ feasibility determines if the hardware, software, and communications components can be developed and/or acquired to solve the business problem.
a) technical
b) economic
c) organizational
d) behavioral
Ans: a
Response: See page 313
20. _____ feasibility determines if the project is an acceptable financial risk and if the organization can afford the expense and time needed to complete the project.
a) technical
b) economic
c) organizational
d) behavioral
Ans: b
Response: See page 313
21. _____ feasibility addresses the human issues of an information systems project.
a) technical
b) economic
c) organizational
d) behavioral
Ans: d
Response: See page 313
22. _____ feasibility concerns a firm’s policies and politics, power structures, and business relationships.
a) technical
b) economic
c) organizational
d) behavioral
Ans: c
Response: See page 314
23. Which of the following is not a part of systems analysis?
a) definition of the business problem
b) identification of the causes of, and solution to, the business problem
c) identification of the information requirements that the solution must satisfy
d) identification of the technical specifications of the solution
Ans: d
Response: See page 314
24. Systems analysts use which of the following techniques to obtain the information requirements for the new system?
a) direct observation
b) structured interviews
c) unstructured interviews
d) document analysis
e) all of the above
Ans: e
Response: See page 314
25. Which of the following is not a technique used to obtain the information requirements for the new system?
a) direct observation
b) structured interviews
c) unstructured interviews
d) use the system themselves
e) document analysis
Ans: d
Response: See page 314
26. Which of the following are problems associated with eliciting information requirements?
a) business problem may be poorly defined
b) users may not know exactly what the business problem is
c) users may disagree with each other
d) the problem may not be related to information systems
e) all of the above
Ans: e
Response: See page 314
27. _____ is the systems development stage that determines how the information system will do what is needed to solve the business problem.
a) systems design
b) systems analysis
c) systems implementation
d) systems development
e) operation and maintenance
Ans: a
Response: See page 314
28. Logical systems design refers to _____, while physical systems design refers to _____.
a) the collection of user requirements, the development of software
b) what the system will do, how the tasks are accomplished
c) how the tasks are accomplished, what the system will do
d) the order of task accomplishment, how the tasks are accomplished
e) operation of the system, debugging the system
Ans: b
Response: See page 315
29. Systems design answers the question, _____:
a) How will the information system do what it must to obtain a solution to the business problem?
b) Why must the information system do what it must to obtain a solution to the business problem?
c) What is the problem the information system must address?
d) Who will benefit from use of the information system being developed?
e) What is the effective operational life of the system?
Ans: a
Response: See page 315
30. When users ask for added functionality during a systems development project, this is called:
a) user-defined software
b) scope creep
c) bloatware
d) out-of-control project
e) runaway project
Ans: b
Response: See page 315
31. Structured design advocates the use of software modules. Which of the following items are advantages of this approach?
a) modules can be reused
b) modules cost less to develop
c) modules are easier to modify
d) all of the above
Ans: d
Response: See page 316
32. Structured programming includes which of the following restrictions?
a) each module has one, and only one, function
b) each module has one entrance and one exit
c) no GOTO statements allowed
d) has only three techniques: sequence, decision, loop
e) all of the above
Ans: d
Response: See page 316
33. Which of the following is not a restriction of structured programming?
a) each module has multiple functions
b) each module has one entrance and one exit
c) no GOTO statements allowed
d) has only three techniques: sequence, decision, loop
e) none of the above
Ans: a
Response: See page 316
34. In structured programming’s _____ structure, the logic flow branches depending on certain conditions being met.
a) decision
b) sequence
c) decision
d) return
e) parallel
Ans: a
Response: See page 316
35. In structured programming’s _____ structure, the software executes the same program, or parts of it, until certain conditions are met.
a) decision
b) sequence
c) decision
d) return
e) parallel
Ans: c
Response: See page 316
36. _____conversion is the process where the old system and the new system operate simultaneously for a period of time.
a) parallel
b) direct
c) pilot
d) phased
Ans: a
Response: See page 317
37. _____ conversion is the process where the old system is cut off and the new system is turned on at a certain point in time.
a) parallel
b) direct
c) pilot
d) phased
Ans: b
Response: See page 317
38. _____ conversion is the process where the new system is introduced in one part of the organization.
a) parallel
b) direct
c) pilot
d) phased
Ans: c
Response: See page 318
39. _____ conversion is the process where components of the new system are introduced in stages.
a) parallel
b) direct
c) pilot
d) phased
Ans: d
Response: See page 318
40. The riskiest type of conversion process is:
a) parallel
b) direct
c) pilot
d) phased
Ans: b
Response: See page 317
41. If a firm shuts down its old COBOL legacy system and starts up the new PeopleSoft ERP system immediately, this is called _____:
a) phased conversion
b) direct conversion
c) parallel conversion
d) pilot conversion
Ans: b
Response: See page 317
42. As systems age, maintenance costs _____:
a) decrease
b) increase
c) stay the same
d) remain negligible
e) are not considered
Ans: b
Response: See page 318
43. Maintenance includes which of the following types of activities?
a) debugging
b) updating the system to accommodate changes in business conditions, but not adding functionality
c) adding new functionality to the system
d) all of the above
Ans: d
Response: See page 318
44. Which of the following systems acquisition methods helps clarify user requirements, promotes genuine user participation, and may produce part of the final system?
a) systems development life cycle
b) prototyping
c) end-user development
d) external acquisition
e) component-based development
Ans: b
Response: See page 318
45. Which of the following systems acquisition methods may encourage inadequate problem analysis, is not practical with large numbers of users, and may result in a system with lower quality.
a) systems development life cycle
b) prototyping
c) end-user development
d) external acquisition
e) component-based development
Ans: b
Response: See page 318
46. The _____ approach to systems development defines an initial list of user requirements, then develops the system in an iterative fashion.
a) integrated computer-assisted software engineering
b) joint application design
c) rapid application development
d) prototyping
e) systems development life cycle
Ans: d
Response: See page 318
47. The _____ approach to systems development is a group-based tool for collecting user requirements.
a) integrated computer-assisted software engineering
b) joint application design
c) rapid application development
d) prototyping
e) systems development life cycle
Ans: b
Response: See page 319
48. The _____ approach to systems development uses specialized tools to automate many of the tasks in the systems development life cycle.
a) integrated computer-assisted software engineering
b) joint application design
c) rapid application development
d) prototyping
Ans: a
Response: See page 319
49. Which of the following is not an advantage of the Joint Application Design approach to systems development?
a) involves fewer users in the development process
b) saves time
c) greater user acceptance of the new system
d) can produce a system of higher quality
Ans: a
Response: See page 319
50. Computer-aided software engineering tools provide which of the following advantages?
a) can produce systems with longer effective operational lives
b) can produce systems that more closely meet user requirements
c) can speed up the development process
d) can produce systems that are more adaptable to changing business conditions
e) all of the above
Ans: e
Response: See page 319
51. Which of the following is not an advantage of computer-aided software engineering tools?
a) can produce systems with longer effective operational lives
b) can produce systems that more closely meet user requirements
c) can require fewer developers
d) can speed up the development process
Ans: c
Response: See page 319
52. Computer-aided software engineering tools provide which of the following disadvantages?
a) produce initial systems that are more expensive to build and maintain
b) require more extensive and accurate definition of user requirements
c) difficult to customize
d) difficult to use with existing systems
e) all of the above
Ans: e
Response: See page 319
53. Which of the following is not a disadvantage of computer-aided software engineering tools?
a) produce initial systems that are more expensive to build and maintain
b) require more extensive and accurate definition of user requirements
c) require more developers
d) difficult to customize
Ans: c
Response: See page 319
54. Advantages of Rapid Application Development include which of the following?
a) active involvement of users in the development process
b) faster development process
c) system better meets user needs
d) reduction in training costs
e) all of the above
Ans: e
Response: See page 320
55. Which of the following systems acquisition methods bypasses the IT department, avoids delays, and results in increased user acceptance of the new system?
a) systems development life cycle
b) prototyping
c) end-user development
d) external acquisition
e) component-based development
Ans: c
Response: See page 320
56. Which of the following systems acquisition methods may eventually require maintenance assistance from the IT department, produce inadequate documentation, and result in a system with inadequate interfaces to existing systems?
a) systems development life cycle
b) prototyping
c) end-user development
d) external acquisition
e) component-based development
Ans: c
Response: See page 320
57. Which of the following is the most difficult and crucial task in evaluating a vendor and a software package?
a) identifying potential vendors
b) determining the evaluation criteria
c) evaluating vendors and packages
d) choosing the vendor and package
e) negotiating a contract
Ans: b
Response: See page 325-326
Chapter 3
1. Various organizations that promote fair and responsible use of information systems often develop _____:
a) a code of ethics
b) a strategic plan
c) a mission statement
d) responsibility charters
e) a goals outline
Ans: a
Response: See page 62
2. A_____ is intellectual work that is known only to a company and is not based on public information.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property
Ans: c
Response: See page 62
3. A_____ is a document that grants the holder exclusive rights on an invention for 17 years.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property notice
Ans: b
Response: See page 629
4. _____ is a statutory grant that provides the creators of intellectual property with ownership of it for 28 years.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property
Ans: a
Response: See page 62
5. Which of the following is not an ethical issue?
a) privacy
b) accuracy
c) transferability
d) property
e) accessibility
Ans: c
Response: See page 62
6. _____ issues involve collecting, storing and disseminating information about individuals.
a) privacy
b) accuracy
c) transferability
d) property
e) accessibility
Ans: a
Response: See page 62
7. _____ issues involve the authenticity and fidelity of information that is collected and processed.
a) privacy
b) accuracy
c) transferability
d) property
e) accessibility
Ans: b
Response: See page 62
8. _____ issues involve the ownership and value of information.
a) privacy
b) accuracy
c) transferability
d) property
e) accessibility
Ans: d
Response: See page 62
9. _____ issues involve who may obtain information and how much they should pay for this information.
a) privacy
b) accuracy
c) transferability
d) property
e) accessibility
Ans: e
Response: See page 62
10. Which of the following factors are increasing the threats to information security?
a) smaller computing devices
b) cheaper computing devices
c) the Internet
d) increased computer literacy
e) all of the above
Ans: e
Response: See page 68
11. Which of the following factors are not increasing the threats to information security?
a) smaller computing devices
b) cheaper computing devices
c) the Internet
d) decreased computer literacy
e) intranets
Ans: d
Response: See page 68
12. A _____ is any danger to which an information resource may be exposed.
a) vulnerability
b) risk
c) control
d) threat
e) compromise
Ans: d
Response: See page 68
13. A(n) _____ is the harm, loss, or damage that can result if an information resource is compromised.
a) vulnerability
b) risk
c) control
d) threat
e) exposure
Ans: e
Response: See page 68
14. An information system’s _____ is the possibility that the system will suffer harm by a threat.
a) vulnerability
b) risk
c) control
d) danger
e) compromise
Ans: a
Response: See page 68
15. Earthquakes, floods, power failures, and fires are examples of which type of threat?
a) intentional
b) environmental
c) social engineering
d) disasters
e) none of the above
Ans: b
Response: See page 70
16. Unintentional threats to information systems include all of the following except:
a) malicious software
b) fire and flood
c) computer system failures
d) lack of user experience
d) all of the above
Ans: a
Response: See pages 69-70
17. Which of the following is not an unintentional threat to information systems?
a) human errors
b) viruses
c) environmental hazards
d) computer system failures
e) none of the above
Ans: b
Response: See page 69-70
18.
Which of the following is not an intentional threat to information systems?
a) environmental hazards
b) theft of data
c) deliberate manipulation in processing data
d) destruction from viruses and denial of service attacks
e) none of the above
Ans: a
Response: See page 69-70
19. Rank the following in terms of dollar value of the crime, from highest to lowest.
a) robbery – white collar crime – cybercrime
b) white collar crime – extortion – robbery
c) cybercrime – white collar crime – robbery
d) cybercrime – robbery – white collar crime
e) white collar crime – burglary – robbery
Ans: c
Response: See page 70
20. An employee used his computer to steal 10,000 credit card numbers from a credit card company. He is a_____:
a) hacker
b) cracker
c) jacker
d) trespasser
e) none of the above
Ans: b
Response: See page 70
21. _____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges.
a) cracking
b) hacking
c) spoofing
d) social engineering
e) spamming
Ans: d
Response: See page 70
22. The fastest growing white collar crime is _____ :
a) extortion
b) identity
theft
c) insider trading
d) stock fraud
e) software piracy
Ans: b
Response: See page 71
23. _____ are segments of computer code that attach to existing computer programs and perform malicious acts.
a) viruses
b) worms
c) Trojan horses
d) back doors
e) alien software
Ans: a
Response: See page 72
24. _____ are destructive computer programs that replicate themselves without requiring a host program.
a) viruses
b) worms
c) Trojan horses
d) back doors
e) alien software
Ans: b
Response: See page 73
25. _____ are software programs that hide in other computer programs and reveal their designed behavior only when they are activated.
a) viruses
b) worms
c) Trojan horses
d) back doors
e) alien software
Ans: c
Response: See page 73
26. _____ are segments of computer code embedded within an organization’s existing computer programs, that activate and perform a destructive action at a certain time or date.
a) viruses
b) worms
c) Trojan horses
d) back doors
e) logic bomb
Ans: e
Response: See page 72
27. _____ is/are usually a password that allows an attacker to bypass any security procedures.
a) viruses
b) worms
c) Trojan horses
d) back doors
e) alien software
Ans: d
Response: See page 73
28. In a_____ attack, the attacker sends so many information requests to a target that the target cannot handle them all and may crash.
a) phishing
b) denial-of-service
c) worm
d) back door
e) Trojan horse
Ans: b
Response: See page 73
29. In a_____ attack, a coordinated stream of requests is launched against a target system from many compromised computers at the same time.
a) phishing
b) denial-of-service
c) worm
d) back door
e) distributed denial-of-service
Ans: e
Response: See page 73
30. _____ is clandestine software that is installed on your PC through duplicitous channels, but is not very malicious.
a) pestware
b) virus
c) worm
d) back door
e) logic bomb
Ans: a
Response: See page 74
31. The vast majority of pestware is _____ :
a) spyware
b) spamware
c) adware
d) virus
e) worm
Ans: c
Response: See page 74
32. A(n) _____ is an automated computer program that removes a particular software package entirely.
a) remover
b) uninstaller
c) cancellation program
d) eraser
e) worm
Ans: b
Response: See page 74
33. _____ is designed to help pop-up advertisements appear on your screen.
a) spyware
b) spamware
c) adware
d) virus
e) worm
Ans: c
Response: See page 74
34. Keylogger programs are examples of _____:
a) spyware
b) spamware
c) adware
d) virus
e) worm
Ans: a
Response: See page 74
35. Password capture programs are examples of _____:
a) spyware
b) spamware
c) adware
d) virus
e) worm
Ans: a
Response: See page 74
36. _____ is designed to use your computer as a launch pad for sending unsolicited e-mail to other computers.
a) spyware
b) spamware
c) adware
d) virus
e) worm
Ans: b
Response: See page 74
37. _____ uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail.
a) pharming
b) denial-of-service
c) distributed denial-of-service
d) phishing
e) brute force dictionary attack
Ans: d
Response: See page 75
38. In a _____ attack, the attacker fraudulently acquires the Domain Name for a company’s Web site, so that when victims type in that company’s URL, they are directed to the attacker’s site.
a) pharming
b) denial-of-service
c) distributed denial-of-service
d) phishing
e) brute force dictionary attack
Ans: a
Response: See page 75
39. A(n) _____ is an intellectual work that is a company secret and is not based on public information.
a) patent
b) trade secret
c) copyright
d) insider information
e) none of the above
Ans: b
Response: See page 76
40. A(n) _____ is a document that grants the holder exclusive rights on an invention or process for 20 years.
a) patent
b) trade secret
c) copyright
d) insider information
e) none of the above
Ans: a
Response: See page 76
41. A(n) _____ is a statutory grant that provides the creators of intellectual property with ownership of the property for the life of the creator plus 70 years.
a) patent
b) trade secret
c) copyright
d) insider information
e) none of the above
Ans: c
Response: See page 76
42. _____ is the process in which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Ans: b
Response: See page 78
43. In _____, the organization takes concrete actions against risks.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Ans: c
Response: See page 78
44. In _____, the organization continues operating without controls and plans to absorb any damages that occur.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Ans: d
Response: See page 78
45. In _____, the organization implements controls that minimize the impact of a threat.
a) risk limitation
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Ans: a
Response: See page 78
46. In _____, the organization purchases insurance as a means to compensate for any loss.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Ans: e
Response: See page 78
47. _____ prevent unauthorized individuals from gaining access to a company’s computer facilities.
a) access controls
b) physical controls
c) data security controls
d) administrative controls
e) input controls
Ans: b
Response: See page 79
48. _____ restrict unauthorized individuals from using information resources and are concerned with user identification.
a) access controls
b) physical controls
c) data security controls
d) administrative controls
e) input controls
Ans: a
Response: See page 79
49. Biometrics are an example of:
a) something the user is
b) something the user wants
c) something the user has
d) something the user knows
e) something the user does
Ans: a
Response: See page 79
50. Retina scans and fingerprints are examples of:
a) something the user is
b) something the user wants
c) something the user has
d) something the user knows
e) something the user does
Ans: a
Response: See page 79
51. ID cards, smart cards, and tokens are examples of:
a) something the user is
b) something the user wants
c) something the user has
d) something the user knows
e) something the user does
Ans: c
Response: See page 79
52. Voice and signature recognition are examples of:
a) something the user is
b) something the user wants
c) something the user has
d) something the user knows
e) something the user does
Ans: e
Response: See page 79
53. Passwords and passphrases are examples of:
a) something the user is
b) something the user wants
c) something the user has
d) something the user knows
e) something the user does
Ans: d
Response: See page 79
54. _____ passwords will always overcome _____ security.
a) strong, strong
b) weak, weak
c) weak, strong
d) strong, weak
e) none of the above
Ans: c
Response: See page 79
55. Which of the following is not a characteristic of strong passwords?
a) should be difficult to guess
b) should contain special characters
c) should not be a recognizable word
d) should not be a recognizable string of numbers
e) should be shorter rather than longer
Ans: e
Response: See page 81
56. Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted’s _____ key and Ted decrypts the message using his _____ key.
a) public, public
b) public, private
c) private, private,
d) private, public
Ans: b
Response: See page 83
57. Information systems auditing consists of which of the following?
a) auditing around the computer
b) auditing through the computer
c) auditing with the computer
d) all of the above
Ans: d
Response: See page 85
58. Which of the following is not a part of information systems auditing?
a) auditing around the computer
b) auditing through the computer
c) auditing with the computer
d) auditing without the computer
e) none of the above
Ans: d
Response: See page 85
59. _____ means verifying processing by checking for known outputs using specific inputs.
a) auditing around the computer
b) auditing through the computer
c) auditing with the computer
d) auditing without the computer
Ans: a
Response: See page 389
60. _____ means using a combination of client data, auditor software, and client and auditor hardware.
a) auditing around the computer
b) auditing through the computer
c) auditing with the computer
d) auditing without the computer
Ans: c
Response: See page 389-391