FINALTERM EXAMINATION
Spring 2010
CS507- Information Systems
Time: 90 min
M a r k s: 60
Question No: 1 ( M a r k s: 1 ) http://vuzs.net
Medium Sized organizations are normally a family ownership run by
► Father & Sons
► Brothers
► None of the given
Medium Sized organizations are normally a family ownership run by brothers, father-son.
Question No: 2 ( M a r k s: 1 ) http://vuzs.net
Small organizations usually have complex management structure.
► True
► False
Small organizations usually have simple management structure.
Question No: 3 ( M a r k s: 1 ) http://vuzs.net
Which
of the following functions provide such data as sales prospect and
contact information, product information, product configurations and
sales quotes?
►Sales force automation (SFA)
► CRM
► ERP
► MIS
Sales
force automation (SFA) functions provide such data as sales
prospect and contact information, product information, product
configurations and sales quotes.
Question No: 4 ( M a r k s: 1 ) http://vuzs.net
Closed system is dependent on the internal resources and data.
► False
Closed system is dependant on internal resources and data for decision making rather than external environment.
Question No: 5 ( M a r k s: 1 ) http://vuzs.net
Which
of the following works in conjunction with routers and firewalls by
monitoring network usage anomalies to protect a company’s information
systems resources from external as well as internal misuse?
► Encryption
► Firewall
► All of above
Intrusion
Detection Systems (IDS): An IDS works in conjunction with routers and
firewalls by monitoring network usage anomalies. It protects a company’s
information systems resources from external as well as internal misuse.
Question No: 6 ( M a r k s: 1 ) http://vuzs.net
Passive Attack is one of the types of Web Security Threats
► True
► False
There is two major classes of security threats
• Passive Attacks
• Active Attacks
Question No: 7 ( M a r k s: 1 ) http://vuzs.net
If an organization can tolerate some downtime, cold sites backup might be appropriate.
► True
► False
Cold sites: If an organization can tolerate some downtime, cold sites backup might be appropriate.
Question No: 8 ( M a r k s: 1 ) http://vuzs.net
Which
of the following includes assessment of controls already been
implemented or planned, probability that they can be broken, assessment
of potential loss despite such controls existing?
► Control Analysis
► Vulnerability Assessment
► Risk Management
► All of above
Control
Analysis: This phase includes assessment of controls already been
implemented or planned, probability that they can be broken, assessment
of potential loss despite such controls existing.
Question No: 9 ( M a r k s: 1 ) http://vuzs.net
The out put of Threat Identification phase is a threat statement identifying and defining threats.
► True
► False
Steps in threat identification: The output of this phase is a threat statement identifying and defining threats.
Question No: 10 ( M a r k s: 1 ) http://vuzs.net
Audit
Trials can be used together with controls trials to identify and
provide information about users suspected of improper modification of
data.
► True
► False
Audit
trails can be used together with access controls to identify and
provide information about users suspected of improper modification of
data.
Question No: 11 ( M a r k s: 1 ) http://vuzs.net
Input controls monitor the initial handshaking procedure of the user with the operating system.
► True
► False
Access Controls: These controls monitor the initial handshaking procedure of the user with the operating system.
Question No: 12 ( M a r k s: 1 ) http://vuzs.net
Automated data are less susceptible to destruction and misuse than paper data.
► True
Electronic
data are more susceptible to destruction fraud error and misuse because
information systems concentrate data in computer files that
have the potential to be accessed by large numbers of people and by groups outside of the organizations.
have the potential to be accessed by large numbers of people and by groups outside of the organizations.
Question No: 13 ( M a r k s: 1 ) http://vuzs.net
The
purpose of a class is to specify a classification of objects and to
specify the features that characterize the structure and behavior of
those objects.
► True
► False
“The
purpose of a class is to specify a classification of objects and to
specify the features that characterize the structure and behavior of
those objects.”
Question No: 14 ( M a r k s: 1 ) http://vuzs.net
In
drawing a proper flowchart, all necessary steps that are a part of
process should be listed out in ---------------------- order.
► Logical
► Physical
► Random
► Top to Bottom
In drawing a proper flowchart, all necessary steps that are a part of process should be listed out in logical order.
Question No: 15 ( M a r k s: 1 ) http://vuzs.net
Targeting advertising to customers to increase the probability, that an offer is accepted.
► True
► False
Targeting advertising to customers to increase the probability that an offer is accepted.
Question No: 16 ( M a r k s: 1 ) http://vuzs.net
___________ is related to defining the information needs and how these will be obtained.
► Infrastructure
► System
Architecture
more specifically is related to defining the information needs and how
these will be obtained through the various application software modules.
Question No: 17 ( M a r k s: 1 ) http://vuzs.net
The spiral life cycle model is a combination of the classic water Fall model and aspects of risk analysis.
► False
The spiral lifecycle model is a combination of the classic waterfall model and aspects of risk analysis.
Question No: 18 ( M a r k s: 1 ) http://vuzs.net
Rectangle shape in the flow charts represents___________
► Decision
► Process
► Terminator
Question No: 19 ( M a r k s: 1 ) http://vuzs.net
__________ is an object that exists and is distinguishable from other objects.
► Value Sets
► Entity
► Relationships
An entity is an object that exists and is distinguishable from other objects.
Question No: 20 ( M a r k s: 1 ) http://vuzs.net
Object oriented analysis generates _________
► Implementation constraints
► System Interfaces
Object-oriented
analysis (OOA) looks at the problem domain, with the aim of producing a
conceptual model of the information that exists in the area being
analyzed.
Question No: 21 ( M a r k s: 1 ) http://vuzs.net
Which of the following is not considered during OO Design?
► Concurrency factor
► Usability factor
► Distribution factor
Object-oriented design (OOD) entails transforming the analysis model into a feasible design.
Object-oriented design (OOD) entails transforming the analysis model into a feasible design.
- For a concurrent system, the architecture includes the basic task or process structure.
- For a distributed system, it includes the organization of hardware in terms of processors and their interconnections.
Question No: 22 ( M a r k s: 1 ) http://vuzs.net
Administrative Consol is one of the components of Intrusion Detection System (IDS).
► True
► False
Question No: 23 ( M a r k s: 1 ) http://vuzs.net
Maintaining and eventually institutionalizing the change is called Unfreezing.
► True
► False
Refreezing: Maintaining and eventually institutionalizing the change.
Refreezing: Maintaining and eventually institutionalizing the change.
Question No: 24 ( M a r k s: 1 ) http://vuzs.net
Which
of the following is the characteristic of being able to assign a
different meaning or usage to something in different contexts -
specifically?
► OOP
► Polymorphism
► Encapsulation
► Inheritance
Polymorphism
is the characteristic of being able to assign a different meaning or
usage to something in different contexts - specifically, to allow an
entity such as a variable, a method, or an object to have more than one
form.
Question No: 25 ( M a r k s: 1 ) http://vuzs.net
Which of the following is some action or event that can lead to a loss?
► Threat
► Damage
► Accident
► None of the above
“A threat is some action or event that can lead to a loss.”
Question No: 26 ( M a r k s: 1 ) http://vuzs.net
Intrabusiness is same as intraorganizational Business.
► True
► False
Intra-business
(Business to Employee): This is a special type of business in which
organization deliver products and services to its employees.
Inter organizational Business: It is a type of system that connects companies located in two or more countries.
Question No: 27 ( M a r k s: 1 ) http://vuzs.net
Distributing common information to every one may result ---------- and ---------.
► Waste of time, confusion
► Increase productivity, awareness
► Cut time, cost
► None of them
Distributing common information to every one may result in waste of time and confusion.
Question No: 28 ( M a r k s: 1 ) http://vuzs.net
__________ is an association among entities. There has to be a relationship between two entities
► Value Sets
► Cardinality
► Relationships
A relationship is an association among entities. There has to be a relationship between two entities.
Question No: 29 ( M a r k s: 1 ) http://vuzs.net
A denial-of-service attack floods a Web site with so many requests for services that it slows down or crashes.
► True
► False
Denial
of Service, in the context of an attack on a website, means flooding
the server with so much (fake) crap that it cannot process the
legitimate requests of real visitors.
Question No: 30 ( M a r k s: 1 ) http://vuzs.net
An IDS can help even if incorrectness or scope limitation in the manner threats are defined.
► True
► False
An IDS can not help with the following weakness:
- Incorrectness or scope limitation in the manner threats are defined.
Question No: 31 ( M a r k s: 2 )
What is cryptography?
Answer:
In literal terms, cryptography means science of coded writing. It is a security safeguard to render information unintelligible if unauthorized individuals intercept the transmission. When the information is to be used, it can be decoded. “The conversion of data into a secret code for the secure transmission over a public network is called cryptography.”
Question No: 32 ( M a r k s: 2 )
What do you understand by Intrusion Detection Systems?
Answer:
Another
element to securing networks is an intrusion detection system (IDS).
IDS is used in balance to firewalls. An IDS works in combination with
routers and firewalls and it monitor network that how much it used
and it protects a company’s information systems resources from external
as well as internal mistreatment.
Question No: 33 ( M a r k s: 2 )
List information Requirements for Medium sizes organizations.
Answer:
Information
Requirements of Medium Sized Organizations: As size of the organization
increases, the importance of planning for information also increases.
The planning on long-term basis also helps in monitoring of information
against planning.
Question No: 34 ( M a r k s: 2 )
Why we need to secure information systems?
Answer:
Secure information systems:
Sound
security is fundamental to achieving this assurance. Furthermore, there
is a need for organizations to protect themselves against the risks
inherent with the use of information systems while simultaneously
recognizing the benefits that can accrue from having secure information
systems. Thus, as dependence on information systems increases, security
is universally recognized as a pervasive, critically needed, quality.
Question No: 35 ( M a r k s: 3 )
What is access control? Give example
Answer:
Access Controls:
These
controls establish the interface between the would-be user of the
computer system and the computer itself. These controls monitor the
initial handshaking procedure of the user with the operating system. For
example when a customer enters the card and the pin code in an
automatic teller machine (ATM), the access controls are exercised by the
system to block unwanted or illegitimate access.
Question No: 36 ( M a r k s: 3 )
Risk
mitigation is a process that takes place after the process of risk
assessment has been completed. Discuss briefly various risk mitigation
options?
Answer:
• Risk
assumption: To accept the potential risk and continue operating the IT
system or to implement controls to lower the risk to an acceptable
level.
• Risk
Avoidance: To avoid the risk by eliminating the risk cause and e.g.
forgo certain functions of the system or shut down the system when risks
are identified.
• Risk
Limitation: To limit the risk by implementing controls that minimize
the adverse impact of a threat’s exercising a vulnerability e.g. use of
supporting preventive and detective controls.
• Risk Planning: To manage risk by developing a risk mitigation plant that predicts implements and maintains controls.
• Research
and acknowledgement: To lower the risk of loss by acknowledging
vulnerability or flaw and researching controls to correct the
vulnerability.
• Risk Transference: To transfer the risk by using other options to compensate loss such as purchasing insurance.
Question No: 37 ( M a r k s: 3 )
Briefly describe Incremental Model.
Answer:
Incremental Model
The
incremental model is a method of software or Information System
development where the model is designed, implemented and tested
incrementally until the product is finished. It involves both
development and maintenance. This model combines the elements of the
waterfall model with the philosophy of prototyping.
Question No: 38 ( M a r k s: 3 )
Differentiate CRM from ERP ?
Answer:
ERP & CRM
Customer
has become of critical importance in the modern day business. Early on,
organizations used to focus more on how much has been sold what has
been produced. But now the focus is quite different. Focus has been
placed on the requirements of the customer, providing quality service
and quickness of response to customer queries. Analysis of the customer
data from their personal habits to spending one’s have become a crucial
element of doing a successful business. ERP has this unique potential to
improve the quality of customer handling.
Question No: 39 ( M a r k s: 5 )
Differentiate Impact analysis from Risk determination ?
Answer:
This
phase relates to analyzing how much the information assets are exposed
to various threats identified and thus quantifying the loss caused to
the asset through this threat.
This
phase relates to analysis of both physical and logical threats. It
measures level of risk is to determine the adverse impact resulting into
a successful exercise of vulnerability. The information can be obtained
from existing organizational documentation, such as the mission impact
analysis report or asset criticality assessment report. A business
impact analysis report or asset criticality assessment report. The
adverse impact of a security event can be described in terms of loss or
delay of any or all of the three security
goals. Confidentiality, integrity, availability.
Question No: 40 ( M a r k s: 5 )
Discuss Intrusion detection Systems and also explain its components ?
Answer:
Intrusion Detection Systems (IDS)
Another
element to securing networks is an intrusion detection system (IDS).
IDS is used in complement to firewalls. An IDS works in conjunction with
routers and firewalls by monitoring network usage anomalies. It
protects a company’s information systems resources from external as well
as internal misuse.
Components of an IDS
An IDS comprise of following components:
• Sensors that are responsible for collecting data. The data can be in the form of network
packets, log files, system call, traces, etc.
• Analyzers that receive input from sensors and determine intrusive activity
• An administrative console – it contains intrusion definitions applied by the analyzers.
• A user interface.
