Shared and Solved by Adnan Awan
Define Object Oriented Analysis and Design (OOAD)? (2 marks)
Answer
The concept of object oriented analysis and design focuses on problems in terms of classes and objects. This concept combines aspects of both entity relationship diagram and data flow diagrams. The object oriented analysis and design tool has been devised to support the object oriented languages, for example
C++ and Java. The roots of the concept of object orientation evolved in late 60’s with the emergence of first language “SIMULA 67” as the first object oriented language. Object oriented methodologies do not
replace traditional approaches (such as data flow, process flow, and state transition diagrams); they are important new additions to the toolkit.
Answer
The concept of object oriented analysis and design focuses on problems in terms of classes and objects. This concept combines aspects of both entity relationship diagram and data flow diagrams. The object oriented analysis and design tool has been devised to support the object oriented languages, for example
C++ and Java. The roots of the concept of object orientation evolved in late 60’s with the emergence of first language “SIMULA 67” as the first object oriented language. Object oriented methodologies do not
replace traditional approaches (such as data flow, process flow, and state transition diagrams); they are important new additions to the toolkit.
Inputs for threat identification Mark 2
Answer
“A threat is some action or event that can lead to a loss.”
Various types of threats may exist that could, if they occur result in information assets being exposed, removed either temporarily or permanently, lost, damaged, destroyed, or used for un-authorized purposes are identified. Susceptibility to threats, whether logical or physical are a major risk factor for the data base
and information system of an organization. These risks are to be identified and steps that include physical and logical controls need to be instituted and monitored on a regular basis.
Define Computer Aided Manufacturing (CAM)? (2 marks)
Answer
Computer-aided manufacturing (CAM) is a form of automation where computers communicate work instructions directly to the manufacturing machinery. The technology evolved from the numerically controlled machines of the 1950s, which were directed by a set of coded instructions contained in a punched paper tape. Today a single computer can control banks of robotic milling machines, lathes, welding machines, and other tools, moving the product from machine to machine as each step in the
manufacturing process is completed. Such systems allow easy, fast reprogramming from the computer, permitting quick implementation of design changes. The most advanced systems, which are often
integrated with computer-aided design systems, can also manage such tasks as parts ordering, scheduling, and tool replacement. It is a system that uses computer aided techniques to control production facility. Some of these techniques are Computer-aided process planning – Use of computer to control activities and functions to prepare a detailed set of plans and instructions to produce a machine or part. -- Machines Computerised Numerical control (CNC) – refers specifically to the computer control of machine tools for the purpose of (repeatedly) manufacturing complex parts in metal as well as other materials. e.g. drills, wood routers use this technology. Robotics programming – The science or study of the technology associated with the design, fabrication, theory, and application of robots. – Automobile industry.
Computer-aided manufacturing (CAM) is a form of automation where computers communicate work instructions directly to the manufacturing machinery. The technology evolved from the numerically controlled machines of the 1950s, which were directed by a set of coded instructions contained in a punched paper tape. Today a single computer can control banks of robotic milling machines, lathes, welding machines, and other tools, moving the product from machine to machine as each step in the
manufacturing process is completed. Such systems allow easy, fast reprogramming from the computer, permitting quick implementation of design changes. The most advanced systems, which are often
integrated with computer-aided design systems, can also manage such tasks as parts ordering, scheduling, and tool replacement. It is a system that uses computer aided techniques to control production facility. Some of these techniques are Computer-aided process planning – Use of computer to control activities and functions to prepare a detailed set of plans and instructions to produce a machine or part. -- Machines Computerised Numerical control (CNC) – refers specifically to the computer control of machine tools for the purpose of (repeatedly) manufacturing complex parts in metal as well as other materials. e.g. drills, wood routers use this technology. Robotics programming – The science or study of the technology associated with the design, fabrication, theory, and application of robots. – Automobile industry.
Define Dropper and Trojan horse? (2 marks)
Answer
A Trojan horse is a malicious program that is disguised as or embedded within legitimate software. They may look useful or interesting (or at the very least harmless) to an unsuspecting user,but are actually harmful when executed. Examples are
Logic bomb – Trojan horses are triggered on certain event, e.g. when disc clean up reaches a
certain level of percentage
Time bomb – Trojan horse is triggered on a certain date.
What are the objectives of ERP? (2 marks)
Answer
Enterprise Resource Planning or ERP uses multimodal application software for improving the performance of the internal business processes. ERP software systems may include application modules for supporting marketing, finance, accounting and human resources
Enterprise Resource Planning or ERP uses multimodal application software for improving the performance of the internal business processes. ERP software systems may include application modules for supporting marketing, finance, accounting and human resources
Define ERP? (2 marks)
Answer
“ERP (enterprise resource planning) is an industry term for the broad set of activities supported by multi-module application software that helps a manufacturer or other business manage the
important parts of its business, including product planning, parts purchasing, maintaining inventories, interacting with suppliers, providing customer service, and tracking orders.
“ERP (enterprise resource planning) is an industry term for the broad set of activities supported by multi-module application software that helps a manufacturer or other business manage the
important parts of its business, including product planning, parts purchasing, maintaining inventories, interacting with suppliers, providing customer service, and tracking orders.
Briefly define hackers? (3 marks)
Answer
Hackers
A hacker is a person who attempts to invade the privacy of the system. In fact he attempts to gain un authorized entry to a computer system by circumventing the system’s access controls.
Hackers are normally skilled programmers, and have been known to crack system passwords, with quite an ease. Initially hackers used to aim at simply copying the desired information from the system. But now the trend has been to corrupt the desired information.
Discuss Technical Limitations of Ecommerce in business? (M a r k s: 3)
Answer
Why E-Commerce business
Due to rapid expansion in business, and time pressures from customers, Efficiency in delivering products and information there to and addressing complaints is of paramount importance. Use of
internet or web services can be a very effective tool in achieving this goal. It helps to achieve various business goals in the fastest possible way, e.g. sharing production schedules with
suppliers, knowing customer demands for future in advance. These days almost all businesses have Ecommerce, from fast food chains to automobile manufacturers. Online orders can be
placed along with online payment made. All this is possible with the use of E-commerce. According to Lou Gerstner, IBM’s former CEO,
“E-business is all about time, cycle, speed, globalization, enhanced productivity, reaching new customers, and sharing knowledge across institutions for competitive advantage.”
Why E-Commerce business
Due to rapid expansion in business, and time pressures from customers, Efficiency in delivering products and information there to and addressing complaints is of paramount importance. Use of
internet or web services can be a very effective tool in achieving this goal. It helps to achieve various business goals in the fastest possible way, e.g. sharing production schedules with
suppliers, knowing customer demands for future in advance. These days almost all businesses have Ecommerce, from fast food chains to automobile manufacturers. Online orders can be
placed along with online payment made. All this is possible with the use of E-commerce. According to Lou Gerstner, IBM’s former CEO,
“E-business is all about time, cycle, speed, globalization, enhanced productivity, reaching new customers, and sharing knowledge across institutions for competitive advantage.”
What are three challenges faced by security association of USA?(3 marks)
Answer
Ethical Challenges
Information system security association of USA has listed down following ethical challenges
1. Misrepresentation of certifications, skills
2. Abuse of privileges
3. Inappropriate monitoring
4. Withholding information
5. Divulging information inappropriately
6. Overstating issues
7. Conflicts of interest
8. Management / employee / client issues
Briefly describe SDLC? (3 marks)
Answer
Systems Development Life Cycle System Development Life Cycle (SDLC) is the overall process of developing information systems
through a multi-step process from investigation of initial requirements through analysis, design, implementation and maintenance. SDLC is also known as information systems development or application development. SDLC is a systems approach to problem solving and is made up of several
phases, each comprised of multiple steps. It describes the stages a system passes through from inception until it is discarded or replaced. SDLC provides
• Structure
• Methods
• Controls
• Checklist
Systems Development Life Cycle System Development Life Cycle (SDLC) is the overall process of developing information systems
through a multi-step process from investigation of initial requirements through analysis, design, implementation and maintenance. SDLC is also known as information systems development or application development. SDLC is a systems approach to problem solving and is made up of several
phases, each comprised of multiple steps. It describes the stages a system passes through from inception until it is discarded or replaced. SDLC provides
• Structure
• Methods
• Controls
• Checklist
what should be kept in mind while identifying the risk? (3 marks)
Answer
Risk identification is often confused with risk mitigation. Risk mitigation is a process that takes place after the process of risk assessment has been completed. Let’s take a look at various risk mitigation options.
• Risk assumption: To accept the potential risk and continue operating the IT system or to
implement controls to lower the risk to an acceptable level.
• Risk Avoidance: To avoid the risk by eliminating the risk cause and e.g. forgo certain functions of
the system or shut down the system when risks are identified.
• Risk Limitation: To limit the risk by implementing controls that minimize the adverse impact of a
threat’s exercising a vulnerability e.g. use of supporting preventive and detective controls.
• Risk Planning: To manage risk by developing a risk mitigation plant that predicts implements and
maintains controls.
• Research and acknowledgement: To lower the risk of loss by acknowledging vulnerability or flaw
and researching controls to correct the vulnerability.
• Risk Transference: To transfer the risk by using other options to compensate loss such as
purchasing insurance.
Droppers and Trojan horses, 2 marks
Answer
A Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Examples are
Logic bomb – Trojan horses are triggered on certain event, e.g. when disc clean up reaches a
certain level of percentage
Time bomb – Trojan horse is triggered on a certain date.
They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Examples are
Logic bomb – Trojan horses are triggered on certain event, e.g. when disc clean up reaches a
certain level of percentage
Time bomb – Trojan horse is triggered on a certain date.
Why is the production subsystem said to be the most critical part of the entire manufacturing subsystem? (Marks 2)
Answer
Production Sub System
It can be seen as the most critical part of the entire manufacturing sub system. Basically it tracks the flow of the job through the entire production process. It also records change in form of goods or transfer of goods from one place to the other.
Example Consider a manufacturing entity working with three processing departments and one assembly
department. As raw materials pass through the processes, the sub system records the relevant information at specific points or locations until the finished goods are transferred to stock room
Model of DSS 2 marks
Answer
Model driven DSS uses following techniques
What-If analysis
Attempt to check the impact of a change in the assumptions (input data) on the proposed solution
e.g. What will happen to the market share if the advertising budget increases by 5 % or
10%?
Goal Seek Analysis
Attempt to find the value of the inputs necessary to achieve a desired level of output. It uses “backward” solution approach e.g. a DSS solution yielded a profit of $2M. What will be the necessary sales volume to generate a profit of $2.2M?
Define object mark 2
Answer
An object is defined as
“an abstraction of something in a problem domain, reflecting the capabilities of the system to keep information about it, interact with it, or both.”
How virus and worn can be transmitted into computer? Identify any three sources? (3)
Answer
An object is defined as
“an abstraction of something in a problem domain, reflecting the capabilities of the system to keep information about it, interact with it, or both.”
How virus and worn can be transmitted into computer? Identify any three sources? (3)
Answer:
Virus or worms are transmitted easily from the internet by downloading files to computers web browsers. Other methods of infection occur from files received though online services, computer
bulletin board systems, local area networks. Viruses can be placed in various programs, for instance
1. Free Software – software downloaded from the net
2. Pirated software – cheaper than original versions
3. Games software – wide appeal and high chances
4. Email attachments – quick to spread
5. Portable hard and flash drives – employees take disks home and may work on their own personal PC, which have not been cleaned or have suitable anti-viruses installed on them.
Why TQM effective for the organization
Answer
Total Quality Management (TQM)
TQM is a set of management and control activities which focus on quality assurance. The quality of the products and services is enhanced and then offered to consumers. An organizational undertaking to improve the quality of manufacturing and service, it focuses on obtaining continuous feedback for making improvements and refining existing processes over the long term. There are certain Graphical tools used to implement and promote TQM. For instance
Histogram
Pareto Analysis
Cause & Effect Diagram
List down the component of an IDS? Marks 3
Answer
Components of IDS An IDS comprises on the following:
• Sensors that is responsible for collecting data. The data can be in the form of network packets, log
files, system call traces, etc.
• Analyzers that receive input from sensors and determines intrusive activity.• An administration
console
• A user interface
Classify E-Commerce into different classes. identify any five classes? Mark 5
Answer
The most prevalent of E-Commerce models can be classified as under:
1. Business to Consumer (B2C)
2. Business to Business (B2B),
3. Business to Employee (B2E),
4. Consumer to Consumer (C2C) and
5. E-Government
• Government to Citizens/Customers (G2C)
• Government to Business (G2B)
• Government to Government (G2G
Truth table of and operator in fuzzy system
Answer
Fuzzy Logic
The word Fuzzy literally means vague, blurred, hazy, not clear. Real life problems may not be solved by an optimized solution. Hence allowance needs to be made for any imperfections which may be faced while finding a solution to a problem. Fuzzy logic is a form of algebra employing a range of values from
“true” to “false” that is used in decision-making with imprecise data, as in artificial intelligence systems. It is a rule based technology that tolerates imprecision by using non specific terms/ imprecise concepts
like "slightly", "quite" and "very". to solve problems. It is based on the Possibility theory.
Answer
Components of IDS An IDS comprises on the following:
• Sensors that is responsible for collecting data. The data can be in the form of network packets, log
files, system call traces, etc.
• Analyzers that receive input from sensors and determines intrusive activity.• An administration
console
• A user interface
Classify E-Commerce into different classes. identify any five classes? Mark 5
Answer
The most prevalent of E-Commerce models can be classified as under:
1. Business to Consumer (B2C)
2. Business to Business (B2B),
3. Business to Employee (B2E),
4. Consumer to Consumer (C2C) and
5. E-Government
• Government to Citizens/Customers (G2C)
• Government to Business (G2B)
• Government to Government (G2G
Truth table of and operator in fuzzy system
Answer
Fuzzy Logic
The word Fuzzy literally means vague, blurred, hazy, not clear. Real life problems may not be solved by an optimized solution. Hence allowance needs to be made for any imperfections which may be faced while finding a solution to a problem. Fuzzy logic is a form of algebra employing a range of values from
“true” to “false” that is used in decision-making with imprecise data, as in artificial intelligence systems. It is a rule based technology that tolerates imprecision by using non specific terms/ imprecise concepts
like "slightly", "quite" and "very". to solve problems. It is based on the Possibility theory.
which is a mathematical theory for dealing with certain types of uncertainty and is an alternative to probability
theory Parameters of audit trail? Mark 2
Answer
Audit trail analysis can often distinguish between operator-induced errors (during which the system may have performed exactly as instructed) or system-created errors (e.g., arising from a
poorly tested piece of replacement code). For Example a system fails or the integrity of a file (either program or data) is questioned, an analysis of the audit trail can reconstruct the series of
steps taken by the system, the users, and the application.
theory Parameters of audit trail? Mark 2
Answer
Audit trail analysis can often distinguish between operator-induced errors (during which the system may have performed exactly as instructed) or system-created errors (e.g., arising from a
poorly tested piece of replacement code). For Example a system fails or the integrity of a file (either program or data) is questioned, an analysis of the audit trail can reconstruct the series of
steps taken by the system, the users, and the application.
Describe security goals Mark 5
Answer
The three security goals.
• Loss of integrity: System and data integrity refers to the requirement that information should be
protected from improper modification. Integrity is lost if unauthorized changes are made to the data or IT system by either intentional or accidental loss of system or data. Violation of integrity may be the first step in a successful attack against availability or confidentiality. For all these reasons, loss of integrity reduces assurance of an IT system.
• Loss of availability: If a mission-critical IT system is unavailable to its end user, the organization’s missions may be affected. Loss of system functionality and operational effectiveness.
• Loss of confidentiality: System and data confidentiality refers to the protection of information from unauthorized disclosure. The impact of unauthorized disclosure of confidential information can
range from the jeopardizing of national security. Unauthorized, unanticipated, or unintentional disclosure could result in loss of public confidence embarrassment or legal action against the
organization
Consequences of thread occurrence? Mark 5
Answer When a threat occurs, there can be following consequences.
1. Controls against the threat exists
• Controls can help stop the occurrence of the threat.
• Threat occurs but damage is avoided by the controls
• Threat circumvents controls and causes damage
2. Controls against threat do not exist.
• Threat has not yet been identified
• Threat has been identified but the consequent loss is considered as minor
• Threat occurs, whether identified or Threat can cause damage whether controls exist or not.
What do you know about change agents? Mark 5
Change agents Successful changes and their management are backed by presence of a change agent. A person or a team who leads a change project or business-wide initiative by defining, researching, planning, building business support and carefully selecting volunteers to be part of a change team. Change Agents must have the conviction to state the facts based on data, even if the consequences are
associated with unpleasantness. Change Agent consciously challenges the status quo, is comfortable with leading change initiatives with uncertain outcomes and systematically
considers new and better ways of doing things. ERP is such a large scale project that sponsorship from the senior management is an immediate must. Unless the project itself and the consequential change is sponsored from the senior level, the chances of success are quite bleak.
What is TQM? Tools used promote (TQM) mark 5
Total Quality Management (TQM)
TQM is a set of management and control activities which focus on quality assurance. The quality of the products and services is enhanced and then offered to consumers. An organizational undertaking to improve the quality of manufacturing and service, it focuses on obtaining continuous feedback for making
improvements and refining existing processes over the long term. There are certain Graphical tools used to implement and promote TQM. For instance
Histogram
Pareto Analysis
Cause & Effect Diagram
Pareto Analysis
Cause & Effect Diagram
Compare ERP and integrated system Mark 5
Answer
ERP Compared to integrated Software
The concept of ERP is that of an integrated software. An integrated software can be defined as a software package that combines many applications in one program. Previously, the user
needed various utilities to operate the program and provide suitable interfaces. Today these utilities are an integral part of the software. Thus the receipt of a confirmed customer order
should provide the start of a number of activities that are essential to complete and deliver the order. There is no need to separately enter data for each of the other related activities.
Integrated packages can move data among several programs utilizing common commands and file structures. In effect, there are multiple applications using the same data simultaneously. An
integrated package is recommended when identical source information is to be used for varying purposes and activities
What is the concept of IS Audit? (5 marks)
IS audit Information systems include accounting and finance function as a critical part of the entire system. Hence, these days audit of information systems as whole incisively focuses on finance and accounting aspect as well. For example, all banks and financial institutions have soft wares supporting interest computations. During the audit of IS, the integrity of the source code/program
instructions have to be checked and assurance obtained that these have not been tampered with or altered in any manner.
An information technology (IT) audit or information systems (IS) audit is an examination of the controls within an entity's Information technology infrastructure. When transactions are executed and recorded through computers, the lack of physical audit trail requires implementation of controls with the Information systems so as to give the same result as controls are implemented in a manual information system IS audit focuses more on examining
the integrity of controls and ensuring whether they are properly working. Obtained evidence evaluation can ensure whether the organization's information systems safeguard assets,
maintains data integrity, and is operating effectively and efficiently to achieve the organization's goals or objectives.