FINALTERM EXAMINATION
Spring 2010-07
CS507- Information Systems
Time: 90 min
M a r k s: 60
Question No: 1 ( M a r k s: 1 ) http://vuzs.net
Small organizations usually have complex management structure.
Small organizations usually have complex management structure.
► True
► False
Small organizations usually have simple management structure.
Question No: 2 ( M a r k s: 1 ) http://vuzs.net
A hierarchical organization is structured in a way such that every entity in the organization, except one, is subordinate to a single other entity.
A hierarchical organization is structured in a way such that every entity in the organization, except one, is subordinate to a single other entity.
► True
► False
► False
A hierarchical organization is organization structured in a way such that every entity in the organization, except one, is subordinate to a single other entity.
Question No: 3 ( M a r k s: 1 ) http://vuzs.net
Past court decisions have stated that privacy must be balanced against the needs of society.
Past court decisions have stated that privacy must be balanced against the needs of society.
► True
► False
Employers have been successful in making these arguments when aggrieved workers have filed lawsuits for privacy violations. The few court cases have largely been decided in the employers' favor.
► False
Employers have been successful in making these arguments when aggrieved workers have filed lawsuits for privacy violations. The few court cases have largely been decided in the employers' favor.
Question No: 4 ( M a r k s: 1 ) http://vuzs.net
Business is a system where management decisions are influenced by or have an influence on suppliers, customers, society as a whole.
Business is a system where management decisions are influenced by or have an influence on suppliers, customers, society as a whole.
► True
► False
Business is a system where management decisions are influenced by or have an influence on suppliers, customers, society as a whole.
Question No: 5 ( M a r k s: 1 ) http://vuzs.net
Customer touch point is a method of interaction with a customer, such as telephone, e-mail, a customer service or help desk, conventional mail, Web site and store.
► False
Business is a system where management decisions are influenced by or have an influence on suppliers, customers, society as a whole.
Question No: 5 ( M a r k s: 1 ) http://vuzs.net
Customer touch point is a method of interaction with a customer, such as telephone, e-mail, a customer service or help desk, conventional mail, Web site and store.
► True
► False
A customer touch point is a method of interaction with a customer, such as telephone, e-mail, a customer service or help desk, conventional mail, Web site and store.
► False
A customer touch point is a method of interaction with a customer, such as telephone, e-mail, a customer service or help desk, conventional mail, Web site and store.
Question No: 6 ( M a r k s: 1 ) http://vuzs.net
Which of the following functions provide such data as sales prospect and contact information, product information, product configurations and sales quotes?
Which of the following functions provide such data as sales prospect and contact information, product information, product configurations and sales quotes?
► Sales force automation (SFA)
► CRM
► ERP
► MIS
► CRM
► ERP
► MIS
Sales force automation (SFA) functions provide such data as sales prospect and contact information, product information, product configurations and sales quotes.
Question No: 7 ( M a r k s: 1 ) http://vuzs.net
A ________ is an agreed-upon set of conventions that defines the rules of communication.
► Protocol
► Interconnection Medium
► Data Packet
► Message
Control Protocol (TCP) and the Internet Protocol (IP). They are referred to frequently as TCP/IP. A protocol is an agreed-upon set of conventions that defines the rules of communication.
► Interconnection Medium
► Data Packet
► Message
Control Protocol (TCP) and the Internet Protocol (IP). They are referred to frequently as TCP/IP. A protocol is an agreed-upon set of conventions that defines the rules of communication.
Question No: 8 ( M a r k s: 1 ) http://vuzs.net
----------is a type of computer software that facilitates group decision-making within an organization
----------is a type of computer software that facilitates group decision-making within an organization
► EMS
► DSS
► MIS
An electronic meeting system (EMS) is a type of computer software that facilitates group decision-making.
► DSS
► MIS
An electronic meeting system (EMS) is a type of computer software that facilitates group decision-making.
Question No: 9 ( M a r k s: 1 ) http://vuzs.net
The identification of risks should start with:
► Description of the internal and external risks
► A brainstorming session with risk management experts and a program profile
► A good understanding of the program and a brainstorming session with key stakeholders
► Definitions of likelihood and impact
Identification of project risks is usually accomplished via a brainstorming session that includes the development team and the stakeholders. Including stakeholders in this process is essential for fostering good communication and gaining a true understanding of the business risks associated with the project
Question No: 10 ( M a r k s: 1 ) http://vuzs.net
Automated data are less susceptible to destruction and misuse than paper data.
Automated data are less susceptible to destruction and misuse than paper data.
► True
► False
Electronic data are more susceptible to destruction fraud error and misuse because information systems concentrate data in computer files that
have the potential to be accessed by large numbers of people and by groups outside of the organizations.
► False
Electronic data are more susceptible to destruction fraud error and misuse because information systems concentrate data in computer files that
have the potential to be accessed by large numbers of people and by groups outside of the organizations.
Question No: 11 ( M a r k s: 1 ) http://vuzs.net
Wireless computing devices are not subject to viruses.
► False
► True
Hackers and Viruses
► True
Hackers and Viruses
Sources of computer viruses:
Through the Internet
Through wireless computing devices
Question No: 12 ( M a r k s: 1 ) http://vuzs.net
The purpose of a class is to specify a classification of objects and to specify the features that characterize the structure and behavior of those objects.
The purpose of a class is to specify a classification of objects and to specify the features that characterize the structure and behavior of those objects.
► True
► False
“The purpose of a class is to specify a classification of objects and to specify the features that characterize
the structure and behavior of those objects.” Page 119
► False
“The purpose of a class is to specify a classification of objects and to specify the features that characterize
the structure and behavior of those objects.” Page 119
Question No: 13 ( M a r k s: 1 ) http://vuzs.net
Null value may or may not be called zero value.
Null value may or may not be called zero value.
► True
► False
Null is a blank read as zero value.
► False
Null is a blank read as zero value.
Question No: 14 ( M a r k s: 1 ) http://vuzs.net
Existence of functional departments in each organization may vary with the nature of industry and the nature of products/services being offered.
Existence of functional departments in each organization may vary with the nature of industry and the nature of products/services being offered.
► True
► False
Existence of Functional departments in every organization vary with the nature of industry and the nature of products/services being offered.
► False
Existence of Functional departments in every organization vary with the nature of industry and the nature of products/services being offered.
Question No: 15 ( M a r k s: 1 ) http://vuzs.net
RAID model combines the elements of the waterfall model with the philosophy of prototyping.
RAID model combines the elements of the waterfall model with the philosophy of prototyping.
► True
► False
Incremental Model: This model combines the elements of the waterfall model with the philosophy of prototyping.
► False
Incremental Model: This model combines the elements of the waterfall model with the philosophy of prototyping.
Question No: 16 ( M a r k s: 1 ) http://vuzs.net
_________ means information hiding.
_________ means information hiding.
► Inheritance
► Encapsulation
► Class
Encapsulation means information hiding.
► Encapsulation
► Class
Encapsulation means information hiding.
Question No: 17 ( M a r k s: 1 ) http://vuzs.net
Testing is easy for the software that is developed using OOAD due to use of ___________
Testing is easy for the software that is developed using OOAD due to use of ___________
► Modular approach
► Real time modeling
► Usability feature
Object-oriented programming, a modular approach to computer program (software) design.
► Real time modeling
► Usability feature
Object-oriented programming, a modular approach to computer program (software) design.
Question No: 18 ( M a r k s: 1 ) http://vuzs.net
Characteristics of object are called ________
Characteristics of object are called ________
► Methods
► Attributes
► Status
Attributes are the characteristics of object / class and methods are the operations related to the object / class.
► Attributes
► Status
Attributes are the characteristics of object / class and methods are the operations related to the object / class.
Question No: 19 ( M a r k s: 1 ) http://vuzs.net
An event-oriented log usually contain records describing system events, application events, or user events.
An event-oriented log usually contain records describing system events, application events, or user events.
► True
► False
An event-oriented log ---- this usually contain records describing system events, application events, or user events.
► False
An event-oriented log ---- this usually contain records describing system events, application events, or user events.
Question No: 20 ( M a r k s: 1 ) http://vuzs.net
An information technology (IT) audit is an Examination of the controls within an entity’s Information technology infrastructure .
An information technology (IT) audit is an Examination of the controls within an entity’s Information technology infrastructure .
► True
► False
An information technology (IT) audit or information systems (IS) audit is an examination of the controls within an entity's Information technology infrastructure.
► False
An information technology (IT) audit or information systems (IS) audit is an examination of the controls within an entity's Information technology infrastructure.
Question No: 21 ( M a r k s: 1 ) http://vuzs.net
In assessing risks for an IT system, _______________ is the first step.
In assessing risks for an IT system, _______________ is the first step.
► To define the scope of the effort.
► Vulnerability Assesment
► threat identification
In assessing risks for an IT system, the first step is to define the scope of the effort.
► Vulnerability Assesment
► threat identification
In assessing risks for an IT system, the first step is to define the scope of the effort.
Question No: 22 ( M a r k s: 1 ) http://vuzs.net
Risk Management includes assessment of controls already been implemented or planned, probability that they can be broken, assessment of potential loss despite such controls existing.
Risk Management includes assessment of controls already been implemented or planned, probability that they can be broken, assessment of potential loss despite such controls existing.
► True
► False
Control Analysis: This phase includes assessment of controls already been implemented or planned, probability that they can be broken, assessment of potential loss despite such controls existing.
► False
Control Analysis: This phase includes assessment of controls already been implemented or planned, probability that they can be broken, assessment of potential loss despite such controls existing.
Question No: 23 ( M a r k s: 1 ) http://vuzs.net
Access Control refers to the process of identifying attempts to penetrate a system and gain unauthorized access.
Access Control refers to the process of identifying attempts to penetrate a system and gain unauthorized access.
► True
► False
Access Controls: Controlling who can access the system.
► False
Access Controls: Controlling who can access the system.
Question No: 24 ( M a r k s: 1 ) http://vuzs.net
“M-Commerce” stands for Mobile Commerce.
“M-Commerce” stands for Mobile Commerce.
► True
► False
M-Commerce (mobile commerce) refers to the conduct of e-commerce via wireless devices.
► False
M-Commerce (mobile commerce) refers to the conduct of e-commerce via wireless devices.
Question No: 25 ( M a r k s: 1 ) http://vuzs.net
Past court decisions have stated that privacy must be balanced against the needs of ethics.
Past court decisions have stated that privacy must be balanced against the needs of ethics.
► True
► False
Employers have been successful in making these arguments when aggrieved workers have filed lawsuits for privacy violations. The few court cases have largely been decided in the employers' favor.
► False
Employers have been successful in making these arguments when aggrieved workers have filed lawsuits for privacy violations. The few court cases have largely been decided in the employers' favor.
Question No: 26 ( M a r k s: 1 ) http://vuzs.net
Which of the following is the primary method for keeping a computer secure from intruders?
Which of the following is the primary method for keeping a computer secure from intruders?
► Password
► Antivirus
► Scanners
► Firewall
Firewall is the primary method for keeping a computer secure from intruders.
► Antivirus
► Scanners
► Firewall
Firewall is the primary method for keeping a computer secure from intruders.
Question No: 27 ( M a r k s: 1 ) http://vuzs.net
__________ is an association among entities. There has to be a relationship between two entities
__________ is an association among entities. There has to be a relationship between two entities
► Value Sets
► Cardinality
► Relationships
A relationship is an association among entities. There has to be a relationship between two entities.
► Cardinality
► Relationships
A relationship is an association among entities. There has to be a relationship between two entities.
Question No: 28 ( M a r k s: 1 ) http://vuzs.net
____________ are the symbols indicates the flow of the procedure being explained.
____________ are the symbols indicates the flow of the procedure being explained.
► Entity Relationship Diagram
► DFD
► Flowchart
► DFD
► Flowchart
Symbols used for flow charts:
Arrow: The symbol indicates the flow of the procedure being explained.
Arrow: The symbol indicates the flow of the procedure being explained.
Question No: 29 ( M a r k s: 1 ) http://vuzs.net
To accept the potential risk and continue operating the IT system or to implement controls to lower the risk to an acceptable level is called as ---------------.
To accept the potential risk and continue operating the IT system or to implement controls to lower the risk to an acceptable level is called as ---------------.
► Risk Planning
► Risk Assumption
► Risk Limitation
► None of the above
Risk assumption: To accept the potential risk and continue operating the IT system or to implement controls to lower the risk to an acceptable level.
► Risk Assumption
► Risk Limitation
► None of the above
Risk assumption: To accept the potential risk and continue operating the IT system or to implement controls to lower the risk to an acceptable level.
Question No: 30 ( M a r k s: 1 ) http://vuzs.net
RAID models based on producing deliverables frequently/repetitively
RAID models based on producing deliverables frequently/repetitively
► True
► False
Iterative models are an approach for developing systems based on producing deliverables frequently/repetitively.
► False
Iterative models are an approach for developing systems based on producing deliverables frequently/repetitively.
Question No: 31 ( M a r k s: 2
What should be the basic objective of an organization in your opinion?
What should be the basic objective of an organization in your opinion?
Answer:
The basic objective of an organization is to make a profit and get a sustainable
Competency.
Question No: 32 ( M a r k s: 2
Why we need to secure information systems?
Competency.
Question No: 32 ( M a r k s: 2
Why we need to secure information systems?
Answer:
Importance of Security
Sound security is fundamental to achieving this assurance. Furthermore, there is a need for organizations to protect themselves against the risks inherent with the use of information systems while simultaneously recognizing the benefits that can accrue from having secure information systems. Thus, as dependence on information systems increases, security is universally recognized as a pervasive, critically needed, quality.
Question No: 33 ( M a r k s: 2
Define intrusion detection
Answer:
Intrusion detection
Intrusion detection refers to the process of identifying attempts to penetrate a system and gain unauthorized access.
Question No: 34 ( M a r k s: 2
Identify components of Intrusion detection system
Identify components of Intrusion detection system
Answer:
Components of an IDS
An IDS comprise of following components:
• Sensors
• Analyzers
• An administrative console
• A user interface.
Question No: 35 ( M a r k s: 3 )
How can we make our password secure
Answer:
Best Password practices
• Keep the password secret – do not reveal it to anyone
• Do not write it down – if it is complex, people prefer to save it in their cell phone memory, or write on a piece of paper, both of these are not preferred practices.
• Changing password regularly – Passwords should be associated with users not machines.
Password generation program can also be used for this purpose.
• Be discreet – it is easy for the onlookers to see which keys are being used, care should be taken while entering the password.
• Do not use obvious password – best approach is to use a combination of letters, numbers, upper case and lower case. Change passes word immediately if you suspect that anyone else knows it.
Question No: 36 ( M a r k s: 3 )
What are some of the things you should keep in mind when identifying risks?
Answer:
Risk Identification: Following points should be kept in mind when identifying risks:
- Project risk management plan
- Review the progress of your schedule
- See what’s driving the project finish date
- Review Projects costs
- Spot risks using visual report
- Create or update a baseline or interim plan
- Hide a column in a view
Question No: 37 (M a r k s: 3
Briefly describe Incremental Model.
Answer:
Incremental Models:
In incremental models, software is built not written. Software is constructed step by step in the same way a building is constructed. The products is designed, implemented, integrated and tested as a series of incremental builds, where a build consists of code pieces from various modules interacting together to provide a specific functional capability and testable as a whole.
Question No: 38 ( M a r k s: 3 )
Information system security association of USA has listed many ethical challenges, identify any three of them?
Information system security association of USA has listed many ethical challenges, identify any three of them?
Answer:
Ethical Challenges:
Information system security association of USA has listed down following ethical challenges:
1. Misrepresentation of certifications, skills
2. Abuse of privileges
3. Inappropriate monitoring
4. Withholding information
5. Divulging information inappropriately
6. Overstating issues
7. Conflicts of interest
8. Management / employee / client issues
Question No: 39 ( M a r k s: 5 )
What do you think what are the key benefits of Ecommerce to organizations?
Answer:
E Commerce is one of the most important facets of the Internet to have emerged in the recent times. Ecommerce or electronic commerce involves carrying out business over the Internet with the assistance of computers, which are linked to each other forming a network. To be specific ecommerce would be buying and selling of goods and services and transfer of funds through digital communications.
Following are the benefits of Ecommerce:
- Expanded Geographical Reach
- Expanded Customer Base
- Increase Visibility through Search Engine Marketing
- Provide Customers valuable information about your business
- Available 24/7/365 - Never Close
- Build Customer Loyalty
- Reduction of Marketing and Advertising Costs
- Collection of Customer Data.
Question No: 40 ( M a r k s: 5 )
What do you understand by Disaster Recovery Planning?
Answer:
The disaster recovery plan is used to recover a facility rendered inoperable, including relocating operation into a new location. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure.