FINALTERM EXAMINATION
Spring 2008
CS507- Information Systems
Time: 90 min
M a r k s: 60
Question No: 1 ( M a r k s: 1 ) http://vuzs.net
In which of the following category information is presented in its original form,
neither interpreted nor condensed nor evaluated by other writers?
Primary Information
Tertiay Information
Secondary Information
All of above
Primary
sources: They present information in its original form, neither
interpreted nor condensed nor evaluated by other writers.
Question No: 2 ( M a r k s: 1 ) http://vuzs.net
Ethical issues may be categorized into which of the following types?
Privacy
Accuracy
Property
All of above
There are certain aspects which when put together formulate a set of ethical issues. These are:
1. Privacy issues
2. Accuracy issues
3. Property issues
4. Accessibility issues
Question No: 3 ( M a r k s: 1 ) http://vuzs.net
After
her third data processing clerk showed up at work with wrist braces,
Ms. Jackson called a specialty firm to assess the design of their work
environment. This firm specializes in _____:
Video display terminals
Ergonomics
Lighting
Furniture layout
Ergonomists study human capabilities in relationship to work demands.
Question No: 4 ( M a r k s: 1 ) http://vuzs.net
A
person or a team who leads a change project or business-wide initiative
by defining, researching, planning, building business support and
carefully selecting volunteers to be part of a change team.
True
False
Change
agents: A person or a team who leads a change project or business-wide
initiative by defining, researching, planning, building business support
and carefully selecting volunteers to be part of a change team.
Question No: 5 ( M a r k s: 1 ) http://vuzs.net
Leading ERP software vendors include SAP (SAP R/3), Oracle and PeopleSoft.
True
False
ERP
software vendors, SAP R/3 and Oracle, have developed university
alliance programs to help universities incorporate ERP software.
Question No: 6 ( M a r k s: 1 ) http://vuzs.net
What are the steps and their order in EC order fulfillment?
Ensuring payment, checking availability, arranging shipment, insurance,
production, purchasing & warehousing, contacts with customers and returns
Ensuring
payment, checking availability, arranging shipment,
insurance, production, purchasing & warehousing, and contacts with
customers
Ensuring
payment, checking availability, arranging shipment,
insurance, production, plant services, purchasing & warehousing, and
contacts with customers
Ensuring
payment, checking availability, arranging shipment,
insurance, production, plant services, purchasing & warehousing,
contacts with customers and returns
The
order for fulfillment process has nine steps: The steps include: making
sure the customer will pay, checking for in-stock availability,
arranging shipments, insurance, production, plant services, purchasing
and warehousing, contacts with customers, and returns.
Question No: 7 ( M a r k s: 1 ) http://vuzs.net
With
a ----------------decision environment, there is the possibility of
having very quick and very accurate feedback on the decision process.
Closed-loop
Open-loop
Closed System
With
a closed-loop decision environment, there is the possibility of having
very quick and very accurate feedback on the decision process.
Question No: 8 ( M a r k s: 1 ) http://vuzs.net
The major purpose of enhancing web security is to protect web server from attacks through the use of internet.
True
False
The major purpose of enhancing web security is to protect web server from attacks through the use of internet.(Page No.180)
Question No: 9 ( M a r k s: 1 ) http://vuzs.net
Which of the following usually contain records describing system events, application events, or user events?
An event-oriented log
A record of every keystroke
Option a and b
None of these
An event-oriented log ---- this usually contain records describing system events, application events, or user events.
Question No: 10 ( M a r k s: 1 ) http://vuzs.net
Which of the following is the science and art of transforming messages to make them secure and immune to attacks?
Cryptography
Crypto analysis
Decryption
All of these
Cryptography is the science and the art of transforming messages to make them secure and immune to attacks.
Question No: 11 ( M a r k s: 1 ) http://vuzs.net
Crypto Analysis is the science and art of transforming messages to make them secure and immune to attacks.
False
True
Cryptography is the science and the art of transforming messages to make them secure and immune to attacks.
Question No: 12 ( M a r k s: 1 ) http://vuzs.net
Which
of the following focus on detecting potentially abnormal behavior
in function of operating system or request made by application software?
Scanners
Anti virus
Behavior blockers
Active Monitors
Behavior
blockers: Focus on detecting potentially abnormal behavior in function
of operating system or request made by application software.
Question No: 13 ( M a r k s: 1 ) http://vuzs.net
Which of the following is the primary method for keeping a computer secure
from intruders?
Anti virus
Scanners
Firewall
Password
Firewall is the primary method for keeping a computer secure from intruders.
Question No: 14 ( M a r k s: 1 ) http://vuzs.net
In case of logical intrusion, the intruder might be trying to have an unauthorized access to the system.
True
False
In
case of logical intrusion, the intruder might be trying to have an
unauthorized access to the system. The purpose could be damaging or
stealing data, installation of bug or wire tapping -- Spying on
communication within the organization.
Question No: 15 ( M a r k s: 1 ) http://vuzs.net
A denial-of-service attack floods a Web site with so many requests for services that it slows down or crashes.
True
False
Denial
of Service, in the context of an attack on a website, means flooding
the server with so much (fake) crap that it cannot process the
legitimate requests of real visitors.
Question No: 16 ( M a r k s: 1 ) http://vuzs.net
The main source of bugs in computer programs is the complexity of decision-making code.
True
False
The
main source of bugs is the complexity of decision-making code. Even a
relatively small program of several hundred lines will contain tens of
decisions leading to hundreds or even thousands of different paths.
Question No: 17 ( M a r k s: 1 ) http://vuzs.net
Which of the following is some action or event that can lead to a loss?
Threat
Damage
Accident
None of above
“A threat is some action or event that can lead to a loss.”
Question No: 18 ( M a r k s: 1 ) http://vuzs.net
The damage caused by the intrusion is referred as the:
Threats
Damages
Physical Threats
Logical Threats
Damage caused by intrusion by some undetected threat.
Question No: 19 ( M a r k s: 1 ) http://vuzs.net
Which of the following is an object that exists and is distinguishable from other objects?
Entity
Attribute
Object
Instance
An entity is an object that exists and is distinguishable from other objects.
Question No: 20 ( M a r k s: 1 ) http://vuzs.net
The emerging class of applications focuses on personalized decision support
TRUE
FALSE
Emerging class of applications focuses on personalized decision support, modeling,
information retrieval, data warehousing, what-if scenarios, and reporting.
Question No: 21 ( M a r k s: 1 ) http://vuzs.net
Decision making is the cognitive process of selecting a course of action from among ----------- alternatives.
Multiple
Double
Triple
Decision making is the cognitive process of selecting a course of action from among multiple alternatives.
Question No: 22 ( M a r k s: 1 ) http://vuzs.net
MIS is the primary source for the managers to be aware of red-alerts.
TRUE
FALSE
Intelligence:
Identifying the problems occurring in an organization. MIS is the
primary source for the managers to be aware of red-alerts.
Question No: 23 ( M a r k s: 1 ) http://vuzs.net
In __________ final product is intangible
Service sector
Manufacturing Sector
Trading sector
Service
Sector: Final product is intangible, so information is critical at
various steps, e.g. preparation, delivery and customer.
Question No: 24 ( M a r k s: 1 ) http://vuzs.net
Which of the following model combines the elements of the waterfall model with the philosophy of prototyping?
Iterative
Incremental
Raid
Incremental Model: This model combines the elements of the waterfall model with the philosophy of prototyping.
Question No: 25 ( M a r k s: 1 ) http://vuzs.net
Operations are usually called via _______
Functions
Signatures
Methods
Operation called only via valid operation signature.
Question No: 26 ( M a r k s: 1 ) http://vuzs.net
Control
Trial can be used together with access controls to identify and provide
information about users suspected of improper modification of data.
True
False
Audit
trails can be used together with access controls to identify and
provide information about users suspected of improper modification of
data.
Question No: 27 ( M a r k s: 1 ) http://vuzs.net
Risk
Management includes assessment of controls already been implemented or
planned, probability that they can be broken, assessment of potential
loss despite such controls existing.
True
False
Control
Analysis: This phase includes assessment of controls already been
implemented or planned, probability that they can be broken, assessment
of potential loss despite such controls existing.
Question No: 28 ( M a r k s: 1 ) http://vuzs.net
A _______________ is the possibility of a problem, whereas a problem is a risk that has already occured.
Risk
Threat
Intrusion
A risk is the possibility of a problem, whereas a problem is a risk that has already occurred.
Question No: 29 ( M a r k s: 1 ) http://vuzs.net
A Protocol is an agreed-upon set of conventions that defines the rules of communication.
True
False
Control Protocol (TCP) and the Internet Protocol (IP): They are referred to frequently as TCP/IP. A protocol is an agreed-upon set of conventions that defines the rules of communication.
Question No: 30 ( M a r k s: 1 ) http://vuzs.net
Benefits to ERP systems are that they can be extremely complex, expensive and time-consuming to implement.
True
False
These all are limitations of ERP system.
Question No: 31 ( M a r k s: 1 )
Define Risk Mitigation.
Answer:
Risk mitigation is a process that takes place after the process of risk assessment has been completed.
Question No: 32 ( M a r k s: 1 )
Identify types of change management.
Answer:
Types of change management:
1- Organizational Development
2- Re-engineering
Question No: 33 ( M a r k s: 2 )
Identify what information is needed before conducting an Impact analysis?
Answer:
Impact analysis:
Before beginning the impact analysis, it is necessary to obtain the following necessary information:
• System mission
• System and data criticality
• System and data sensitivity
Question No: 34 ( M a r k s: 2 )
Why process symbol is used in the Flow charts?
Answer:
Process symbol is used to indicate an activity undertaken or action done.
Question No: 35 ( M a r k s: 3 )
What are the objective/purposes of the DFDs?
Answer:
The purpose of data flow diagrams is to provide a linking bridge between users and systems developers. Data
flow diagrams facilitate users to understand how the system operate.
DFD’s also help developers to better understand the system which helps
in avoiding delays in proper designing, development, etc. of projects.
Question No: 36 ( M a r k s: 3 )
What are hackers?
Answer:
A
hacker is a person who attempts to invade the privacy of the system. In
fact he attempts to gain un authorized entry to a computer system by
circumventing the system’s access controls. Hackers are normally skilled
programmers, and have been known to crack system passwords, with quite
an ease.
Question No: 37 ( M a r k s: 3 )
Identify draw backs to ERP systems.
Answer:
Draw backs to ERP systems:
ERP systems have evolved and have become very complex, offering a lot
of useful features for all areas of a business operation, but there are
also drawbacks.
1. Cost: · Usually,
ERP solutions are very expensive and only large companies can afford
them. Introducing an ERP system may also require additional acquisitions
or modifications in the internal infrastructure of the company, so the
implementation costs can rise considerably. Also, training of the
employees will also be mandatory, which means further expenditure in
order to have an effective working ERP system.
2. Time:
The implementation of an ERP system is not a particularly
time-consuming task, but training employees to correctly and effectively
use the ERP system can be. They need to be well informed about the
features and procedures, otherwise the whole ERP system will prove to be
inefficient and the investment of money and time will be in vain.
3. Efficiency: Even
though an ERP system should improve efficiency if implemented and used
correctly, the training and adaptation period immediately following
implementation could be rocky as the organization adjusts to the new
ways.
4. Customization:
ERP systems are either not very customizable, or customization involves
a lot of time and money. Few systems are ready to use out-of-the-box.
Some systems may also require other software programs, a fact that might
make the processes more complicated or even impossible in some cases.
5. Data Integrity:
Integrating an ERP system with other software might need the software
to be modified. As a result of integration, security breaches and data
leaks might appear. The effects of such data leaks can be disastrous.
Question No: 38 ( M a r k s: 5 )
How will you differentiate CSF from KPI? Discuss briefly.
Answer:
CSF vs. Key Performance Indicator
A
critical success factor is not a key performance indicator or KPI.
Critical Success Factors are elements that are vital for a strategy to
be successful. A KPI measures the achievements.
The
following example will clarify the difference. A CSF for improved sales
may be adopting a new sales strategy through better and regularly
arranged display of products in the shop windows. However, the KPI
identified would be the increased/decreased Average Revenue Per Customer
as a result of the strategy.
Key
Performance Indicators directly or indirectly measure the results of
implementation of Critical Success Factors. KPI’s are measures that
quantify objectives and enable the measurement of strategic performance.
Question No: 39 ( M a r k s: 5 )
Identify and define the types of active attacks.
Answer:
Types of Active attacks:
Common form of active attacks may include the following:
• Masquerading – involves carrying out unauthorized activity by impersonating a legitimate user of the system.
• Piggybacking
– involves intercepting communications between the operating system and
the user and modifying them or substituting new messages.
• Spoofing
– A penetrator fools users into thinking they are interacting with the
operating system. He duplicates logon procedure and captures pass word.
• Backdoors/trapdoors
– it allows user to employ the facilities of the operating system
without being subject to the normal controls.
• Trojan
Horse – Users execute the program written by the penetrator. The
program undertakes unauthorized activities e.g. a copy of the sensitive
data.
Question No: 40 ( M a r k s: 10 )
The concept of security applies to all information.
Discuss what is the objective and scope of Security? What may be the
security issues regarding information and what will be the management
responsibility to resolve these issues?
Answer:
Security Objective:
Organization
for Economic Cooperation & Development, (OECD) in 1992 issued
“Guidelines for the Security of Information Systems”. These guidelines
stated the security objective as “The protection of the interests of
those relying on information, and the information systems and
communications that delivers the information, from harm resulting from
failures of availability, confidentiality, and integrity.”
The security objective uses three terms:
• Availability – information systems are available and usable when required;
• Confidentiality – data and information are disclosed only to those who have a right to know it.
• Integrity – data and information are protected against unauthorized modification (integrity).
The
relative priority and significance of availability, confidentiality,
and integrity vary according to the data within the information system
and the business context in which it is used.
Scope of Security
The
concept of security applies to all information. Security relates to the
protection of valuable assets against loss, disclosure, or damage.
Valuable assets are the data or information recorded, processed, stored,
shared, transmitted, or retrieved from an electronic medium. The data
or information must be protected against harm from threats that will
lead to its loss, inaccessibility, alteration or wrongful disclosure.
Question No: 41 ( M a r k s: 10 )
What is polymorphism? Define with example.
Answer:
Polymorphism
is a derived from Greek language meaning "having multiple forms".
Polymorphism is the characteristic of being able to assign a different
meaning or usage to something in different contexts - specifically, to
allow an entity such as a variable, a method, or an object to have more
than one form.
In computer
science, polymorphism is a programming language feature that allows
values of different data types to be handled using a uniform interface.
The concept of parametric polymorphism applies to both data types
and functions.
Examples:
- Method Overloading: Method with same name but with different arguments is called method overloading.
- Method Overriding: Method overriding occurs when child class declares a method that has the same type arguments as a method declared by one of its super class.