FINALTERM EXAMINATION
Spring 2008
CS507- Information Systems
Time: 90 min M a r k s: 60
Question No: 1 ( M a r k s: 1 ) http://vuzs.net
In which of the following category information is presented in its original form,
neither interpreted nor condensed nor evaluated by other writers?
Primary Information
Tertiay Information
Secondary Information
All of above
Primary sources: They present information in its original form, neither interpreted nor condensed nor evaluated by other writers.
Question No: 2 ( M a r k s: 1 ) http://vuzs.net
Ethical issues may be categorized into which of the following types?
Privacy
Accuracy
Property
All of above
There are certain aspects which when put together formulate a set of ethical issues. These are:
1. Privacy issues
2. Accuracy issues
3. Property issues
4. Accessibility issues
Question No: 3 ( M a r k s: 1 ) http://vuzs.net
After her third data processing clerk showed up at work with wrist braces, Ms. Jackson called a specialty firm to assess the design of their work environment. This firm specializes in _____:
Video display terminals
Ergonomics
Lighting
Furniture layout
Ergonomists study human capabilities in relationship to work demands.
Question No: 4 ( M a r k s: 1 ) http://vuzs.net
A person or a team who leads a change project or business-wide initiative by defining, researching, planning, building business support and carefully selecting volunteers to be part of a change team.
True
False
Change agents: A person or a team who leads a change project or business-wide initiative by defining, researching, planning, building business support and carefully selecting volunteers to be part of a change team.
Question No: 5 ( M a r k s: 1 ) http://vuzs.net
Leading ERP software vendors include SAP (SAP R/3), Oracle and PeopleSoft.
True
False
ERP software vendors, SAP R/3 and Oracle, have developed university alliance programs to help universities incorporate ERP software.
Question No: 6 ( M a r k s: 1 ) http://vuzs.net
What are the steps and their order in EC order fulfillment?
Ensuring payment, checking availability, arranging shipment, insurance,
production, purchasing & warehousing, contacts with customers and returns
Ensuring payment, checking availability, arranging shipment, insurance, production, purchasing & warehousing, and contacts with customers
Ensuring payment, checking availability, arranging shipment, insurance, production, plant services, purchasing & warehousing, and contacts with customers
Ensuring payment, checking availability, arranging shipment, insurance, production, plant services, purchasing & warehousing, contacts with customers and returns
The order for fulfillment process has nine steps: The steps include: making sure the customer will pay, checking for in-stock availability, arranging shipments, insurance, production, plant services, purchasing and warehousing, contacts with customers, and returns.
Question No: 7 ( M a r k s: 1 ) http://vuzs.net
With a ----------------decision environment, there is the possibility of having very quick and very accurate feedback on the decision process.
Closed-loop
Open-loop
Closed System
With a closed-loop decision environment, there is the possibility of having very quick and very accurate feedback on the decision process.
Question No: 8 ( M a r k s: 1 ) http://vuzs.net
The major purpose of enhancing web security is to protect web server from attacks through the use of internet.
True
False
The major purpose of enhancing web security is to protect web server from attacks through the use of internet.(Page No.180)
Question No: 9 ( M a r k s: 1 ) http://vuzs.net
Which of the following usually contain records describing system events, application events, or user events?
An event-oriented log
A record of every keystroke
Option a and b
None of these
An event-oriented log ---- this usually contain records describing system events, application events, or user events.
Question No: 10 ( M a r k s: 1 ) http://vuzs.net
Which of the following is the science and art of transforming messages to make them secure and immune to attacks?
Cryptography
Crypto analysis
Decryption
All of these
Cryptography is the science and the art of transforming messages to make them secure and immune to attacks.
Question No: 11 ( M a r k s: 1 ) http://vuzs.net
Crypto Analysis is the science and art of transforming messages to make them secure and immune to attacks.
False
True
Cryptography is the science and the art of transforming messages to make them secure and immune to attacks.
Question No: 12 ( M a r k s: 1 ) http://vuzs.net
Which of the following focus on detecting potentially abnormal behavior in function of operating system or request made by application software?
Scanners
Anti virus
Behavior blockers
Active Monitors
Behavior blockers: Focus on detecting potentially abnormal behavior in function of operating system or request made by application software.
Question No: 13 ( M a r k s: 1 ) http://vuzs.net
Which of the following is the primary method for keeping a computer secure
from intruders?
Anti virus
Scanners
Firewall
Password
Firewall is the primary method for keeping a computer secure from intruders.
Question No: 14 ( M a r k s: 1 ) http://vuzs.net
In case of logical intrusion, the intruder might be trying to have an unauthorized access to the system.
True
False
In case of logical intrusion, the intruder might be trying to have an unauthorized access to the system. The purpose could be damaging or stealing data, installation of bug or wire tapping -- Spying on communication within the organization.
Question No: 15 ( M a r k s: 1 ) http://vuzs.net
A denial-of-service attack floods a Web site with so many requests for services that it slows down or crashes.
True
False
Denial of Service, in the context of an attack on a website, means flooding the server with so much (fake) crap that it cannot process the legitimate requests of real visitors.
Question No: 16 ( M a r k s: 1 ) http://vuzs.net
The main source of bugs in computer programs is the complexity of decision-making code.
True
False
The main source of bugs is the complexity of decision-making code. Even a relatively small program of several hundred lines will contain tens of decisions leading to hundreds or even thousands of different paths.
Question No: 17 ( M a r k s: 1 ) http://vuzs.net
Which of the following is some action or event that can lead to a loss?
Threat
Damage
Accident
None of above
“A threat is some action or event that can lead to a loss.”
Question No: 18 ( M a r k s: 1 ) http://vuzs.net
The damage caused by the intrusion is referred as the:
Threats
Damages
Physical Threats
Logical Threats
Damage caused by intrusion by some undetected threat.
Question No: 19 ( M a r k s: 1 ) http://vuzs.net
Which of the following is an object that exists and is distinguishable from other objects?
Entity
Attribute
Object
Instance
An entity is an object that exists and is distinguishable from other objects.
Question No: 20 ( M a r k s: 1 ) http://vuzs.net
The emerging class of applications focuses on personalized decision support
TRUE
FALSE
Emerging class of applications focuses on personalized decision support, modeling,
information retrieval, data warehousing, what-if scenarios, and reporting.
Question No: 21 ( M a r k s: 1 ) http://vuzs.net
Decision making is the cognitive process of selecting a course of action from among ----------- alternatives.
Multiple
Double
Triple
Decision making is the cognitive process of selecting a course of action from among multiple alternatives.
Question No: 22 ( M a r k s: 1 ) http://vuzs.net
MIS is the primary source for the managers to be aware of red-alerts.
TRUE
FALSE
Intelligence: Identifying the problems occurring in an organization. MIS is the primary source for the managers to be aware of red-alerts.
Question No: 23 ( M a r k s: 1 ) http://vuzs.net
In __________ final product is intangible
Service sector
Manufacturing Sector
Trading sector
Service Sector: Final product is intangible, so information is critical at various steps, e.g. preparation, delivery and customer.
Question No: 24 ( M a r k s: 1 ) http://vuzs.net
Which of the following model combines the elements of the waterfall model with the philosophy of prototyping?
Iterative
Incremental
Raid
Incremental Model: This model combines the elements of the waterfall model with the philosophy of prototyping.
Question No: 25 ( M a r k s: 1 ) http://vuzs.net
Operations are usually called via _______
Functions
Signatures
Methods
Operation called only via valid operation signature.
Question No: 26 ( M a r k s: 1 ) http://vuzs.net
Control Trial can be used together with access controls to identify and provide information about users suspected of improper modification of data.
True
False
Audit trails can be used together with access controls to identify and provide information about users suspected of improper modification of data.
Question No: 27 ( M a r k s: 1 ) http://vuzs.net
Risk Management includes assessment of controls already been implemented or planned, probability that they can be broken, assessment of potential loss despite such controls existing.
True
False
Control Analysis: This phase includes assessment of controls already been implemented or planned, probability that they can be broken, assessment of potential loss despite such controls existing.
Question No: 28 ( M a r k s: 1 ) http://vuzs.net
A _______________ is the possibility of a problem, whereas a problem is a risk that has already occured.
Risk
Threat
Intrusion
A risk is the possibility of a problem, whereas a problem is a risk that has already occurred.
Question No: 29 ( M a r k s: 1 ) http://vuzs.net
A Protocol is an agreed-upon set of conventions that defines the rules of communication.
True
False
Control Protocol (TCP) and the Internet Protocol (IP): They are referred to frequently as TCP/IP. A protocol is an agreed-upon set of conventions that defines the rules of communication.
Question No: 30 ( M a r k s: 1 ) http://vuzs.net
Benefits to ERP systems are that they can be extremely complex, expensive and time-consuming to implement.
True
False
These all are limitations of ERP system.
Question No: 31 ( M a r k s: 1 )
Define Risk Mitigation.
Answer:
Risk mitigation is a process that takes place after the process of risk assessment has been completed.
Question No: 32 ( M a r k s: 1 )
Identify types of change management.
Answer:
Types of change management:
1- Organizational Development
2- Re-engineering
Question No: 33 ( M a r k s: 2 )
Identify what information is needed before conducting an Impact analysis?
Answer:
Impact analysis:
Before beginning the impact analysis, it is necessary to obtain the following necessary information:
• System mission
• System and data criticality
• System and data sensitivity
Question No: 34 ( M a r k s: 2 )
Why process symbol is used in the Flow charts?
Answer:
Process symbol is used to indicate an activity undertaken or action done.
Question No: 35 ( M a r k s: 3 )
What are the objective/purposes of the DFDs?
Answer:
The purpose of data flow diagrams is to provide a linking bridge between users and systems developers. Data flow diagrams facilitate users to understand how the system operate. DFD’s also help developers to better understand the system which helps in avoiding delays in proper designing, development, etc. of projects.
Question No: 36 ( M a r k s: 3 )
What are hackers?
Answer:
A hacker is a person who attempts to invade the privacy of the system. In fact he attempts to gain un authorized entry to a computer system by circumventing the system’s access controls. Hackers are normally skilled programmers, and have been known to crack system passwords, with quite an ease.
Question No: 37 ( M a r k s: 3 )
Identify draw backs to ERP systems.
Answer:
Draw backs to ERP systems: ERP systems have evolved and have become very complex, offering a lot of useful features for all areas of a business operation, but there are also drawbacks.
1. Cost: · Usually, ERP solutions are very expensive and only large companies can afford them. Introducing an ERP system may also require additional acquisitions or modifications in the internal infrastructure of the company, so the implementation costs can rise considerably. Also, training of the employees will also be mandatory, which means further expenditure in order to have an effective working ERP system.
2. Time: The implementation of an ERP system is not a particularly time-consuming task, but training employees to correctly and effectively use the ERP system can be. They need to be well informed about the features and procedures, otherwise the whole ERP system will prove to be inefficient and the investment of money and time will be in vain.
3. Efficiency: Even though an ERP system should improve efficiency if implemented and used correctly, the training and adaptation period immediately following implementation could be rocky as the organization adjusts to the new ways.
4. Customization: ERP systems are either not very customizable, or customization involves a lot of time and money. Few systems are ready to use out-of-the-box. Some systems may also require other software programs, a fact that might make the processes more complicated or even impossible in some cases.
5. Data Integrity: Integrating an ERP system with other software might need the software to be modified. As a result of integration, security breaches and data leaks might appear. The effects of such data leaks can be disastrous.
Question No: 38 ( M a r k s: 5 )
How will you differentiate CSF from KPI? Discuss briefly.
Answer:
CSF vs. Key Performance Indicator
A critical success factor is not a key performance indicator or KPI. Critical Success Factors are elements that are vital for a strategy to be successful. A KPI measures the achievements.
The following example will clarify the difference. A CSF for improved sales may be adopting a new sales strategy through better and regularly arranged display of products in the shop windows. However, the KPI identified would be the increased/decreased Average Revenue Per Customer as a result of the strategy.
Key Performance Indicators directly or indirectly measure the results of implementation of Critical Success Factors. KPI’s are measures that quantify objectives and enable the measurement of strategic performance.
Question No: 39 ( M a r k s: 5 )
Identify and define the types of active attacks.
Answer:
Types of Active attacks:
Common form of active attacks may include the following:
• Masquerading – involves carrying out unauthorized activity by impersonating a legitimate user of the system.
• Piggybacking – involves intercepting communications between the operating system and the user and modifying them or substituting new messages.
• Spoofing – A penetrator fools users into thinking they are interacting with the operating system. He duplicates logon procedure and captures pass word.
• Backdoors/trapdoors – it allows user to employ the facilities of the operating system without being subject to the normal controls.
• Trojan Horse – Users execute the program written by the penetrator. The program undertakes unauthorized activities e.g. a copy of the sensitive data.
Question No: 40 ( M a r k s: 10 )
The concept of security applies to all information. Discuss what is the objective and scope of Security? What may be the security issues regarding information and what will be the management responsibility to resolve these issues?
Answer:
Security Objective:
Organization for Economic Cooperation & Development, (OECD) in 1992 issued “Guidelines for the Security of Information Systems”. These guidelines stated the security objective as “The protection of the interests of those relying on information, and the information systems and communications that delivers the information, from harm resulting from failures of availability, confidentiality, and integrity.”
The security objective uses three terms:
• Availability – information systems are available and usable when required;
• Confidentiality – data and information are disclosed only to those who have a right to know it.
• Integrity – data and information are protected against unauthorized modification (integrity).
The relative priority and significance of availability, confidentiality, and integrity vary according to the data within the information system and the business context in which it is used.
Scope of Security
The concept of security applies to all information. Security relates to the protection of valuable assets against loss, disclosure, or damage. Valuable assets are the data or information recorded, processed, stored, shared, transmitted, or retrieved from an electronic medium. The data or information must be protected against harm from threats that will lead to its loss, inaccessibility, alteration or wrongful disclosure.
Question No: 41 ( M a r k s: 10 )
What is polymorphism? Define with example.
Answer:
Polymorphism is a derived from Greek language meaning "having multiple forms". Polymorphism is the characteristic of being able to assign a different meaning or usage to something in different contexts - specifically, to allow an entity such as a variable, a method, or an object to have more than one form.
In computer science, polymorphism is a programming language feature that allows values of different data types to be handled using a uniform interface. The concept of parametric polymorphism applies to both data types and functions.
Examples:
- Method Overloading: Method with same name but with different arguments is called method overloading.
- Method Overriding: Method overriding occurs when child class declares a method that has the same type arguments as a method declared by one of its super class.