FINALTERM EXAMINATION
Spring 2008
CS507- Information Systems
Time: 90 min
M a r k s: 60
Question No: 1 ( M a r k s: 1 ) http://vuzs.net
A newspaper article is a primary source if it reports events, but a secondary source if it analyses and comments on those events.
True
False
A newspaper article is a primary source if it reports events, but a secondary source if it analyses and comments on those events.
Question No: 2 ( M a r k s: 1 ) http://vuzs.net
Factors of which of the following are basic elements of reducing manufacturing cost?
Cost
Production
Quality
Brand
Factors of production are basic elements of reducing manufacturing cost.
Question No: 3 ( M a r k s: 1 ) http://vuzs.net
Past court decisions have stated that privacy must be balanced against the needs of society.
True
Employers have been successful in making these arguments when aggrieved workers have filed lawsuits for privacy violations. The few court cases have largely been decided in the employers' favor.
Question No: 4 ( M a r k s: 1 ) http://vuzs.net
ERP s major objective is to tightly integrate the functional areas of the organization and to enable seamless information flows across the functional areas.
True
False
The major objective of ERP systems is to tightly integrate the functional areas of the organization.
Question No: 5 ( M a r k s: 1 ) http://vuzs.net
The bullwhip effect refers to erratic shifts in orders up and down the supply chain because of poor demand forecasting, price fluctuation, order batching, and rationing within the chain.
False
The bullwhip effect refers to erratic shifts in orders up and down the supply chain because of poor demand forecasting, price fluctuation, order batching.
Question No: 6 ( M a r k s: 1 ) http://vuzs.net
Business-to-business EC (B2B) is one of the types of ECommerce.
True
False
Explanation: Business to Business (B2B) is a model to e-commerce where businesses conduct commerce amongst themselves over the Internet/Intranet.
Question No: 7 ( M a r k s: 1 ) http://vuzs.net
Which of the following is not considered Risk Management?
On a daily basis, a manager analyses a situation and decides what actions should be taken, if any, given the uncertainties being faced.
Risk Management addresses actions to resolve a program's problems.
A systematic approach to setting the best course of action by identifying and acting on risk issues
Question No: 8 ( M a r k s: 1 ) http://vuzs.net
Which of the following is a weakness that can be accidentally triggered or intentionally exploited?
Vulnerability
Threat Identification
Audit Trial
Likelihood Identification
Question No: 9 ( M a r k s: 1 ) http://vuzs.net
Which of the following is a logical record of computer activities, usage, processing pertaining to an operating or application system or user activities?
Audit trail
Control Log
Control trial
An audit trail is a logical record of computer activities/usage/processing pertaining to an operating or application system or user activities.
Question No: 10 ( M a r k s: 1 ) http://vuzs.net
Which of the following may include program code of application softwares, technical manuals, user manuals etc?
Documentation
Audit Trial
Control Trial
None of these
Documentation may include program code of application software’s, technical manuals, user manuals and any other system-related documentation.
Question No: 11 ( M a r k s: 1 ) http://vuzs.net
Documentation may include program code of application softwares, technical manuals, user manuals etc.
True
False
Documentation may include program code of application software’s, technical manuals, user manuals and any other system-related documentation.
Question No: 12 ( M a r k s: 1 ) http://vuzs.net
Accounts should have a control over various recording points in the entire process from procurement to finished good store room.
False
True
Accounts and Finance: Accounts should have a control over various recording points in the entire process from procurement to finished goods store room.
Question No: 13 ( M a r k s: 1 ) http://vuzs.net
Active Monitor software serves the concurrent monitoring as the system is being used.
True
False
Active Monitor: This software serves the concurrent monitoring as the system is being used.
Question No: 14 ( M a r k s: 1 ) http://vuzs.net
Which of the following is some action or event that can lead to a loss?
Threat
Damage
Accident
None of above
A threat is some action or event that can lead to a loss.”
Question No: 15 ( M a r k s: 1 ) http://vuzs.net
Which of the following is the characteristic of being able to assign a different meaning or usage to something in different contexts - specifically?
OOP
Encapsulation
Inheritance
Polymorphism is the characteristic of being able to assign a different meaning or usage to something in different contexts - specifically, to allow an entity such as a variable, a method, or an object to have more than one form.
Question No: 16 ( M a r k s: 1 ) http://vuzs.net
The purpose of data flow diagrams is to provide a --------- between users and systems developers.
Linking bridge
Empty Space
Data Flows
Options a and b
The purpose of data flow diagrams is to provide a linking bridge between users and systems developers.
Question No: 17 ( M a r k s: 1 ) http://vuzs.net
If a flow chart become complex it is better to use connector symbols to reduce to number of flow lines.
True
False
Connectors: If the flowchart becomes complex, it is better to use connector symbols to reduce the number of flow lines.
Question No: 18 ( M a r k s: 1 ) http://vuzs.net
Information products made more valuable by their attributes, characteristics, or qualities
TRUE
FALSE
Information products made more valuable by their attributes, characteristics, or qualities.
Question No: 19 ( M a r k s: 1 ) http://vuzs.net
Commentaries are the example of _________ sources.
Primary
Tertiary
Secondary
Some examples of secondary sources:
1. bibliographies (may also be tertiary)
2. biographical works
3. commentaries
Question No: 20 ( M a r k s: 1 ) http://vuzs.net
Feed back is the integral part of the _______
Open system
Close System
Closed Loop System
Closed Loop System: A part of the output is fed back to the system to initiate control to change.
Question No: 21 ( M a r k s: 1 ) http://vuzs.net
The Iterative model emphasizes the need to go back and reiterate earlier steps a number of times as the project progresses.
True
False
The spiral model emphasizes the need to go back and reiterate earlier steps a number of times as the project progresses.
Question No: 22 ( M a r k s: 1 ) http://vuzs.net
Arrow is also called __________
Dotted line
Process
Flow line
Question No: 23 ( M a r k s: 1 ) http://vuzs.net
Rectangle shape in the flow charts represents___________
Decision
Process
Terminator
Question No: 24 ( M a r k s: 1 ) http://vuzs.net
__________ is a person who attempts to invade the privacy of the system.
Hacktivsts
Hackers
Crackers
A hacker is a person who attempts to invade the privacy of the system.
Question No: 25 ( M a r k s: 1 ) http://vuzs.net
_______ usually identified by the phrase "is a kind of”.
Inheritance
Class
Object
Inheritance: Inheritance is usually identified by the phrase "is a kind of.”
Question No: 26 ( M a r k s: 1 ) http://vuzs.net
Which of the following is a logical record of computer activities, usage, processing pertaining to an operating or application system or user activities?
Control Log
Control trial
Audit trail
An audit trail is a logical record of computer activities/usage/processing pertaining to an operating or application system or user activities.
Question No: 27 ( M a r k s: 1 ) http://vuzs.net
An event-oriented log usually contain records describing system events, application events, or user events.
True
False
An event-oriented log ---- this usually contain records describing system events, application events, or user events.
Question No: 28 ( M a r k s: 1 ) http://vuzs.net
Threat source motivation is an output for Likelihood determination
True
False
Likelihood Determination:
The input to this phase is
• Threat source motivation
Question No: 29 ( M a r k s: 1 ) http://vuzs.net
BPR’s major objective is to tightly integrate the functional areas of the organization and to enable seamless information flows across the functional areas.
True
False
The major objective of ERP systems is to tightly integrate the functional areas of the organization.
.
Question No: 30 ( M a r k s: 1 ) http://vuzs.net
Organizational Development is one of the types of Change.
True
False
Types of Change
• Organizational Development
• Reengineering
Question No: 31 ( M a r k s: 1 )
Define Risk Mitigation.
Answer:
Risk mitigation is a process that takes place after the process of risk assessment has been completed.
Question No: 32 ( M a r k s: 1 )
What are the value sets?
Answer:
Value sets: Each attribute has a Value Set (domain) i.e. defined parameters or the range in which value of the attribute may fall.
Question No: 33 ( M a r k s: 2 )
What are the purposes of the Objects?
Answer:
Objects serve two purposes, they promote understanding of the real world and provide a practical basis for computer implementation.”
Question No: 34 ( M a r k s: 2 )
What do you understand by Intrusion Detection Systems?
Answer:
Another element to securing networks is an intrusion detection system (IDS). IDS is used in balance to firewalls. An IDS works in combination with routers and firewalls and it monitor network that how much it used and it protects a company’s information systems resources from external as well as internal mistreatment.
Question No: 35 ( M a r k s: 3 )
Differentiate CRM from ERP
Answer:
ERP & CRM
Customer has become of critical importance in the modern day business. Early on, organizations used to focus more on how much has been sold what has been produced. But now the focus is quite different. Focus has been placed on the requirements of the customer, providing quality service and quickness of response to customer queries. Analysis of the customer data from their personal habits to spending one’s have become a crucial element of doing a successful business. ERP has this unique potential to improve the quality of customer handling.
Question No: 36 ( M a r k s: 3 )
What is the purpose of decision symbol in the flow chart?
Answer:
- The symbol is used when a choice can be made between the options available.
- Such options are mutually exclusive.
- Only one flow line should enter a decision symbol, but two or three flow lines, one for each possible answer, should leave the decision symbol.
Question No: 37 ( M a r k s: 3 )
What are hackers?
Answer:
A hacker is a person who attempts to invade the privacy of the system. In fact he attempts to gain un authorized entry to a computer system by circumventing the system’s access controls. Hackers are normally skilled programmers, and have been known to crack system passwords, with quite an ease.
Question No: 38 ( M a r k s: 5 )
Identify the objective and scope of security.
Answer:
Security Objective:
Organization for Economic Cooperation & Development, (OECD) in 1992 issued “Guidelines for the Security of Information Systems”. These guidelines stated the security objective as “The protection of the interests of those relying on information, and the information systems and communications that delivers the information, from harm resulting from failures of availability, confidentiality, and integrity.”
The security objective uses three terms:
• Availability – information systems are available and usable when required;
• Confidentiality – data and information are disclosed only to those who have a right to know it.
• Integrity – data and information are protected against unauthorized modification (integrity).
The relative priority and significance of availability, confidentiality, and integrity vary according to the data within the information system and the business context in which it is used.
Scope of Security
The concept of security applies to all information. Security relates to the protection of valuable assets against loss, disclosure, or damage. Valuable assets are the data or information recorded, processed, stored, shared, transmitted, or retrieved from an electronic medium. The data or information must be protected against harm from threats that will lead to its loss, inaccessibility, alteration or wrongful disclosure.
Question No: 39 ( M a r k s: 5 )
Identify and define the types of active attacks.
Answer:
Active attacks:
After getting proper information about system in passive attacks intruder will obtain unauthorized access to modify data or programs, causing a denial of service, escalating privileges, accessing other systems. They affect the integrity, availability and authentication attributes of network security.
Types of Active attacks
Common form of active attacks may include the following:
• Masquerading – involves carrying out unauthorized activity by impersonating a legitimate user of the system.
• Piggybacking – involves intercepting communications between the operating system and the user and modifying them or substituting new messages.
• Spoofing – A penetrator fools users into thinking they are interacting with the operating system. He duplicates logon procedure and captures pass word.
• Backdoors/trapdoors – it allows user to employ the facilities of the operating system without being subject to the normal controls.(vuzs)
• Trojan Horse – Users execute the program written by the penetrator. The program undertakes unauthorized activities e.g. a copy of the sensitive data.
Question No: 40 ( M a r k s: 10 )
Differentiate the following :
Entity vs Entity Set
Encapsulation vs Inheritance
Answer:
Entity vs. Entity Set:
An entity is an object that exists and is distinguishable from other objects. An entity is described using a set of attributes. Whereas an entity set is a set of entities of the same type that share the same properties.
Encapsulation vs Inheritance:
Encapsulation means information hiding whereas Inheritance is usually identified by the phrase "is a kind of.”
Question No: 41 ( M a r k s: 10 )
There are many Internet Security Systems , one of them is Firewall System.
Explain in your own words what do you understand by Firewall and how it protects from Internet attacks?
Answer:
Firewall:
Firewall is the primary method for keeping a computer secure from intruders. A firewall allows or blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a company's public Web server from its internal network. Firewalls are also used to keep internal network segments secure.
In the home, a personal firewall typically comes with or is installed in the user's computer. Personal firewalls may also detect outbound traffic to guard against spy ware, which could be sending your surfing habits to a Web site. They alert you when software makes an outbound request for the first time. In the organization, a firewall can be a stand-alone machine or software in a server. It can be as simple as a single server or it may comprise a combination of servers each performing some type of firewall processing.