Chapter 11 & 13 Test Bank PDF

lOMoARcPSD|18396699 c. Change Requirements: Over a long period of time, technological and business changes will have an effect on the organization. d. Hidden Coordination Costs: There are many necessary and costly coordination efforts between the firm and outsourced provider. e. Deceptive Role of Information Systems: Many firms underestimate the critical role that information systems play as enablers of business success. ESSAY QUESTIONS 1. Describe the relationship between the steering committee and the total cost of ownership of an IS project. Answers will vary 2. Describe the principal drivers and risks associated with IS outsourcing. Answers will vary 3. Describe the main IS systems funding methods and provide at least 2 examples of each. Make sure to list both the advantages and the disadvantages of each. Answers will vary Chapter Eleven: Creating Information Systems MULTIPLE CHOICE QUESTIONS 1. We have identified three general approaches to the acquisition of information processing functionalities and the introduction of IT-based information systems. Which of the following is not one of them? A. Custom design and development B. System selection and acquisition C. End-user development D. Open source development E. None of the above Correct answer: D 2. What are the three steps that occur during the implementation phase of the SDLC? A. Programming, Testing, Installation B. Investigation, Installation, Operations C. Programming, Installation, Maintenance D. Installation, Operations, Maintenance E. Investigation, Testing, Installation Correct answer: D Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 3. In which of the following phases should you expect to be most involved as a general or functional manager? A. Definition B. Build C. Implementation D. A and B E. A and C Correct answer: E 4. In which phase(s) do the system development life cycle (SDLC) and the system selection process differ most substantially? A. Definition B. Build C. Implementation D. A and B E. A and C Correct answer: D 5. The three generic phases of a system life-cycle process are: A. Definition, Design, and Testing B. Definition, Build, and Implementation C. Planning, Testing, and Implementation D. Build, Testing, and Deployment E. None of the above Correct answer: B 6. Why is the Systems development Life Cycle methodology typically referred to as “the waterfall model”? A. Because it was first popularized in a town with many waterfalls B. To stress the fact that phases are sequential and iteration (or going back) should be avoided as much as possible. C. Because the SDLC, like prototyping, is not iterative. D. To convey the notion that getting good user requirements is important and there should be multiple opportunities to elicit user requirements. E. B and D Correct answer: B 7. Your book describes the systems selection process in-depth. Which of the following is not a step in the system selection process? A. Compile an RFP B. Develop a vendor short list. C. Solicit proposals. Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 D. Visit vendor sites. E. Have vendors provide demonstrations. Correct answer: D 8. Which of the following are not approaches to acquisition of information processing functionalities? A. Custom Design B. Custom Development C. System Selection and Acquisition D. End-user Development E. Open Source Development Correct answer: E 9. Which of the following is not one of the advantages related to making your own systems? A. Unique Tailoring B. Flexibility C. Control D. Faster Roll-Out E. All of these are advantages Correct answer: D 10. Which of the following is not one of the advantages related to purchasing an off- the-shelf system? A. Unique Tailoring B. Faster Roll-Out C. Knowledge Infusion D. Economical Attractiveness E. High Quality Correct answer: A 11. The Systems Development Life Cycle has three main phases. These are: A. Definition, System Design, and Implementation B. Feasibility Analysis, Programming, and Implementation C. Definition, Build, and Implementation D. Investigation, Feasibility Analysis, and System Analysis E. Installation, Operations, and Maintenance Correct answer: C 12. The IS department workers that experts in both technology and the business processes are called what? Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 A. Programmers B. Analysts C. Functional Managers D. Help Desk Personnel E. Technicians. Correct answer: B 13. Which stage of the SDLS typically results in a “go” or “no-go” decision? A. Feasibility Analysis B. Systems Analysis C. System Design D. Programming E. Testing Correct answer: A 14. A bank upgrades a computer system at one of its branches. If this works correctly, then the upgraded system will be installed at the other branches. Which migration approach is this most likely related to? A. Parallel B. Direct C. Phased D. Pilot E. Traditional Correct answer: D 15. A bank upgrades the computer systems of its branches, one branch at a time. This is most likely which of the following migration strategies? A. Parallel B. Direct C. Phased D. Pilot E. Traditional Correct answer: C TRUE/FALSE QUESTIONS 1. The Build phase of the SDLC is used to ensure that the software is properly integrated with the other components of the information system. Answer: False 2. The SDLC and prototyping methodologies are one and the same. Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 Answer: False 3. Both the SDLC and prototyping methodologies are use d to create custom systems. Answer: True 4. Off-the-shelf systems enable infusion of knowledge in the organization Answer: True 5. End-user development: The process by which an organization’s non–IT specialists create software applications. Answer: True 6. Custom software development is a systems development approach predicated on the notion that it impossible to clearly estimate and plan in detail such complex endeavors as information systems design and development projects. Answer: False 7. A system analyst is a highly skilled IT professional who takes the system requirements document (i.e., what the applications should do) and designs the structure of the system (i.e., how the application will perform its tasks). Answer: False SHORT ANSWER QUESTIONS 1. What are two advantages to custom developing and designing a software application? Answer: a. Unique Tailoring: the custom developed software applications are molded to fit the unique features of the firm that commissions them. b. Flexibility and Control: the software is developed from scratch and since the firm retains control over the code, the system can be evolved, at any time, in any direction the firm would like. 2. Name two advantage to purchasing off-the-shelf software Answer: a. Faster Roll-Out: purchased software dramatically reduces the time it takes to obtain the software and begin the implementation process. Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 b. Knowledge Infusion: software vendors proactively seek out best practices in order to code them into their applications. c. Economically Attractive: purchasing off-the-shelf applications typically allows the firm to capitalize on the economies of scale by the vendor. d. High Quality: large software houses with mature products will point to their significant testing budgets and large installed base of users for evidence that their applications have been put through the paces and thus all major problems have surfaced. 3. Name, in order, the principal phases of the SDLC Answer: Definition, Build, Implementation 4. Name and describe the four approaches to software installation Answer: a. Parallel: the old and new systems are run for a time together. It is the most costly as it requires significant redundancy of efforts. b. Direct: The most radical approach where the old system is suddenly discontinued and the firm cuts over to the new one. c. Phased: The new system progressively replaces the functionalities of the old one. This approach is best suited to componentized applications that can be rolled out in stages. d. Pilot: Allows the firm to run the new system in one business unit or one of the firm’s departments before rolling it out completely. 5. Occasionally, _________ will be used within the SDLC as a way to elicit user requirements and seek input in the design of the user interface. Answer: Prototyping 6. When purchasing off-the-shelf applications, a selection process similar to the SLDC is used—the only difference being one additional phase in the process. What is the name of this phase and where does it occur in the process? Answer: Compile short list of vendors, it comes after the definition phase and before the build phase. 7. List and describe two benefits of End-User development Answer: a. Increased Speed of Development: projects that end users can complete independently will be completed faster because they don’t get bogged down in the IS function. Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 b. End-User Satisfaction: they are more likely to be satisfied with the result because they have created the functionalities they wanted and decided what features to forgo. c. Reduced Pressure on the IS Function: end-user development can limit the number of requests the IS function receives, enabling them to be more focused on the projects that require their attention. 8. We have discussed the notion of “make and buy” as a new trend that challenges the traditional “make vs. buy” paradigm. Briefly explain what we have meant by “make and buy” and provide an example. Answer: Make or buy is the notion that modern off-the-shelf software is more and more often configured and/or customized prior to implementation. ESSAY QUESTIONS 1. List and describe two risks of End-user development. Make sure to include at least two examples of each. Answers will vary, but should be similar to the following: a. Unreliable Quality Standards: Quality software requires a number of stages that inexperienced end-users may not use, such as testing, documentation, security, etc. b. High Incidence of Errors: the focus on outcomes and rapid development typically conspire to increase the likelihood of errors in end-user developed applications c. Continuity Risks: Because of individual development styles, it may be difficult for anyone but the end-user that designed the software to use it, update it, repair it, etc. d. Increased Pressure on the IS function: end user development often creates needs for assistance during the development process and, over time, the need for assistance in managing the application after release. 2. Feasibility analysis is required to justify IT investments. Along with user requirements this is where user-managers have the greatest input. Briefly describe the purposes of the technical feasibility analysis, the economic feasibility analysis, and the behavioral feasibility analysis. Answers will vary, but should be similar to the following: a. Technical feasibility aims to ensure that the new system is viable from a technology standpoint and that it will work as advertised b. Economic feasibility aims to ensure that the proposed new system is justifiable based on a cost benefit analysis c. Behavioral feasibility aims to ensure that the new system will be accepted and adopted by the people involved and it will not be rejected. Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 Answer: CRM is a strategic Initiative and not a technology. It relies on transactional data and is designed to help the firm learn about customers. The overall objective of CRM is to help the firm use data to make inferences about customer behaviors, needs, and thereby add value to the firm. 11. List and describe two advantages of Open Source Applications Answer: a. Robustness: open source applications are typically more robust and more reliable than proprietary applications. b. Creativity: open source applications harnesses the creativity of thousands of developers during the design process. c. Limited Lock-in: the switching costs associated with open source software are much lower than those with proprietary software. d. Free License: open source software can generally be licensed for free CHAPTER 12 12. List and describe two disadvantages of Open Source Applications Answer: (IRRELEVANT) a. Unpredictable Costs: you get the application for free, but you may encounter many unforeseen costs along the way. b. Support Varies Widely c. Security: open source code gives an advantage to those who want to break its security. d. Compatibility: There is no guarantee about compatibility of open source software with other software programs ESSAY QUESTIONS 1. Describe Enterprise Systems, including major characteristics and what problems are typically associated with their use. Answers will vary 2. Define Open Source Applications, including their advantages and disadvantages. Answers will vary Chapter Thirteen: Security, Privacy, and Ethics MULTIPLE CHOICE QUESTIONS 1. Risk Audit provides the basis for: A. Risk Reduction B. Risk Transference C. Risk Analysis D. Reward Mechanism Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 E. Risk increase Correct Answer: C 2. Security should be on managers’ radar screens because of peculiar characteristics that run the risk of leaving it what? A. Underfunded B. Overfunded C. Overstaffed D. Irrelevant E. Neutralized Correct Answer: A 3. Why is security considered a negative deliverable? A. It costs money B. It produces only tangible benefits C. It does not affect profits whether it is done well or poorly D. It is largely ignored E. It produces no revenue or efficiency Correct Answer: E 4. Risk mitigation allows the organization to do what? A. Devise optimal strategies B. Prevent security issues from every happening in the first place C. Keep both costs and risks at minimum levels D. Maximize failure costs E. Reward IT workers when no issues arise Correct Answer: A 5. When a company is faced with a security threat, they have which three strategies available to them? A. Acceptance, avoidance, and transference B. Acceptance, reduction, and transference C. Avoidance, reduction, and transference D. Acceptance, avoidance, and reduction E. All of the above Correct Answer: B 6. Which of the following strategies is associated with increased potential for failure? A. Acceptance B. Avoidance C. Reduction Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 D. Transference E. Analysis Correct Answer: A 7. Insurance costs are most directly associated with which risk strategy? A. Acceptance B. Avoidance C. Reduction D. Transference E. Analysis Correct Answer: D 8. Increased anticipation costs are most directly associated with which risk strategy? A. Acceptance B. Avoidance C. Reduction D. Transference E. Analysis Correct Answer: C 9. Which of the following is an example of an internal threat? A. Viruses B. Intrusions C. Social Engineering D. Backdoors E. Angry Employees Correct Answer: E 10. Which of the following refers to code built into a program to allow the programmer a way to bypass password protection? A. Password Spoofing B. Bugs C. Viruses D. Phishing E. Backdoors Correct Answer: E 11. Which of the following is an automated method of seeking passwords? A. Phishing B. Social Engineering C. Software bugs Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 D. Backdoors E. Careless behavior Correct Answer: A 12. Which of the following is not a form of malware? A. Viruses B. Spyware C. Sniffers D. Keyloggers E. Worms Correct Answer: C 13. Why is a Trojan horse not a virus? A. It does not have a payload B. It does not have a trigger event C. It does not replicate D. It is a legitimate form of security protection E. It does not do anything harmful Correct Answer: C 14. Why is spyware usually not considered a virus? A. It does not replicate B. It does not have a payload C. It does not do anything other than watch what the user does D. It only shows advertisements E. None of the above. They are always viruses Correct Answer: A 15. Which of the following is a viable method of dealing with internal security threats? A. Antivirus software B. Policies regarding what computing resources are accessible to whom C. Firewalls D. Policies that mandate frequent updates to programs and such E. Not immediately deleting terminated employees Correct Answer: B TRUE/FALSE QUESTIONS 1. True or False: IT Risk Management is the process of identifying and measuring information systems security risks to devise the optimal mitigation strategy. Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 Answer: True 2. True or False: Creating security policies that spell out the behaviors that should be follow in order to minimize security risks and auditing the policies to ensure compliance will mitigate security risks. Answer: True 3. True or False: Function Creep, when used in terms of privacy risks, refers to new technological advances and devices that generate more data than ever. Answer: False 4. Malicious cyberactivity is decreasing due to improvements in software protection systems. Answer: False 5. Biometrics refers to the use of a measurement of some biological parameter to uniquely identify users. Answer: True SHORT ANSWER QUESTIONS 1. Security is generally considered to be a responsibility of the IT department, why should security not be considered an IT problem? Answer: First, security is a negative deliverable; all the money spent on managing IT risk and securing IT infrastructure produces no revenues or efficiencies for the IT department. Second, security is typically an endeavor that is difficult to gain funding for; because IT departments have limited budgets they should not be left to fund the entirety of security measures for firms. 2. Define and describe Risk Mitigation Answer: Risk Mitigation is the process of matching the appropriate response to the security threats your firm identified. It manages the trade-off between the degree of desired security and the investment necessary to achieve the security level. 3. List and describe the three Risk Mitigation Strategies available to an organization Answer: a. Risk Acceptance: Not investing in countermeasures and not reducing the security risk. b. Risk Reduction: Actively investing in the safeguards designed to mitigate Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 security threats. c. Risk Transference: Passing a potion (or all) of the risks associated with security to a third party 4. There are both external and internal threats that can compromise a firm’s security. What are two of the potential internal security threats? Answer: a. Intentional Malicious Behavior: This internal threat is associated with disgruntled or ill-willed employees that are intentionally trying to damage the company. For example, a marketing team member selling e-mail addresses to spammers. b. Careless Behavior: This internal threat is associated with ignorance of security problems and can have a disastrous effect on a company’s security. For example, if laptops are removed from the company and are stolen from an employee’s home, sensitive information can be compromised. 5. List and describe the characteristics of three potential external security threats. Answer: a. Intrusion Threats: An unauthorized attacker gains access to organizational IT resources. b. Social Engineering: Lying to and deceiving legitimate users to divulge restricted or private information. c. Phishing: Sending official sounding spam from known institutions and asking individuals to confirm private data. d. Security Weaknesses: Exploiting weaknesses in the software infrastructure of the organization under attack. e. Backdoors: Code built into the software program to allow access to the application by circumventing password protection. f. Malicious Code: Software programs that are designed to cause damage to IT assets. 6. There are many types of malicious code that intruders can use to compromise a firm’s IT assets. List and describe three of them. Answer: a. Viruses: Malicious code that spreads by attaching itself to other, legitimate, executable software programs. After infecting a machine, a harmful set of actions, know as the payload, are performed. b. Trojan Horses: A computer program that claims to, and sometimes does, deliver useful functionality that delivers a hidden, malicious payload, after installation. c. Worms: Malicious code that exploits security holes in network software to replicate itself. Worms do not deliver a payload, but instead they infect many computers and generate enough network traffic to bring a network down—with Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 substantial damage. d. Spyware: Software that, unbeknownst to the owner of the computer, monitors behavior, collects information, and either transfers this information to a third party or performs unwanted operations. Spyware typically diverts resources and often slows down a user’s legitimate work. e. Denial-of-Service Attack: A digital assault carried out over a computer network with the objective of overwhelming an online service so as to force it offline. It can be used to divert attention allowing the intruder to create a backdoor to be exploited later. 7. Describe the five principles of Fair Information Practices Answer: a. Notice: refers to the right of individuals to be informed when their personal data is being collected and to be informed about how it is or will be used. b. Choice: calls for the ability of individuals to be informed of, and object to, function creep whether within one firm or across firms who share information. c. Access: refers to the right of individuals to be able to access their information and correct any errors that may have occurred in their records. d. Security: calls for organizations that house individuals’ private information to ensure its safekeeping and to protect it from unauthorized access. e. Enforcement: calls for organizations that collect and use private information to develop enforceable procedure to ensure that the above principals are upheld. 8. What are some characteristics of an Information Systems Ethics Code of Conduct? Answer: Developing a culture of ethical decision-making is critical to the success of a firm. The Code of Conduct identifies the principles of ethical information system use pertinent to the firm. In the process of doing so, the Code will identify the firm’s formal stance on ethics. Typically an Ethics Code of Conduct will employ the principle of harm minimization. ESSAY QUESTIONS 1. What are firewalls and where are they typically utilized in an organization? Answers will vary, but generally speaking, firewalls are typically used on the external network links of an organization to control access to and from the company network(s). Additionally, software firewalls are typically present on most user computers. 2. What is encryption and where is it often used in an organization? Provide several differing examples. Answers will vary Downloaded by Ben Smylie ([email protected]) lOMoARcPSD|18396699 3. What are the principal challenges associated with information system ethics? Provide examples of each. Answers will vary ADDITIONAL QUESTIONS: TEST 1 1) which of the following statements is/are TRUE? a) When second order change occurs only the manner in which the process is performed changes, making it relatively easy to envision, justify and manage b) The amount of money organizations have to spend on IT has increased c) IT/IS are exactly the same concepts d) The unintended effects of IT are always negative and should be minimized 2) Which of the following is a level of organizational change that can be generated by the introduction of new IT a) Automate b) Informate c) Transformate d) None of the above e) All of the above 3) Which of the following statements is correct? a) An “IS” is a technological infrastructure but an “IT” is a sociotechnical system b) An “IT” and “IT” are both a technological system c) An “IT” is a technological infrastructure but an “IS” is a sociotechnical system d) An “IT” and “IS” are both a sociotechnical term 4) According to Moore’s law, the cost of storage continues to increase by: a) 65% b) 25% c) 50% d) 75% e) None of the above 5) Apple introduced Face ID in 2017 (a facial recognition feature that generates a 3D depth digital map of the iPhone user’s face). The Face ID replaces Touch ID fingerprint and is used to unlock the iPhone. In this case, what kind of change is produced? --first degree change 6) Due to a focus on reducing costs, Air Montreal wishes to outsource its call center operations to a lower cost country. This decision will require the firing of 5,000 employees and if the decision is made, it will not be possible to set up another call entre in Montreal for 15 years. The start-up cost of the new call center will be $2M with direct Downloaded by Ben Smylie ([email protected])

Chapter 11 & 13 Test Bank PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue