CS507 Final term Solved Paper 2010-6

FINALTERM EXAMINATION
Spring 2010
CS507- Information Systems
Time: 90 min
                                                                                                                   M a r k s: 60

Question No: 1      ( M a r k s: 1 ) http://vuzs.net
Medium Sized organizations are normally a family ownership run by

         ► Father & Sons
         ► Brothers
         ► Father, Sons and Brothers
         ► None of the given
Medium Sized organizations are normally a family ownership run by brothers, father-son.

Question No: 2      ( M a r k s: 1 ) http://vuzs.net
High level of foreign trade has resulted in imports and exports which require inter linkage for smooth coordination.

       ► True
       ► False
High level of foreign trade has resulted in imports and exports which require inter linkage for smooth coordination.

Question No: 3      ( M a r k s: 1 ) http://vuzs.net
ERP or enterprise systems control all major business processes with a single software architecture in real time.

       ► False
       True
Explanation: ERP stands for “Enterprise Resource Planning”. A collection of software programs that tie together an enterprise's various functions, such as human resources, finance, marketing and sales.

Question No: 4      ( M a r k s: 1 ) http://vuzs.net
The bullwhip effect refers to erratic shifts in orders up and down the supply chain because of poor demand forecasting,  price fluctuation, order batching, and rationing within the chain.

        True
       ► False
The bullwhip effect refers to erratic shifts in orders up and down the supply chain because of poor demand forecasting, price fluctuation, order batching.
Question No: 5      ( M a r k s: 1 ) http://vuzs.net
Which of the following works in conjunction with routers and firewalls by monitoring network usage anomalies to protect a company’s information systems resources from external as well as internal misuse?

       ► Encryption
        Intrusion Detection Systems
       ► Firewall
       ► All of above
Intrusion Detection Systems (IDS): An IDS works in conjunction with routers and firewalls by monitoring network usage anomalies. It protects a company’s information systems resources from external as well as internal misuse.

Question No: 6      ( M a r k s: 1 ) http://vuzs.net
The major purpose of enhancing web security is to protect web server from attacks through the use of internet.

        True
       ► False
The major purpose of enhancing web security is to protect web server from attacks through the use of internet.

Question No: 7  vuzs    ( M a r k s: 1 ) http://vuzs.net
The Internet Protocol is designed solely for the addressing and routing of data packets across a network

        True
       ► False
The Internet Protocol is designed solely for the addressing and routing of data packets across a network.

Question No: 8      ( M a r k s: 1 ) http://vuzs.net
Passive Attack is one of the types of Web Security Threats

        True
       ► False 
There is two major classes of security threats
• Passive Attacks
• Active Attacks

Question No: 9      ( M a r k s: 1 ) http://vuzs.net
Audit Trials can be used together with controls trials to identify and provide information about users suspected of improper modification of data.

       ► True
       ► False
Audit trails can be used together with access controls to identify and provide information about users suspected of improper modification of data.

Question No: 10      ( M a r k s: 1 ) http://vuzs.net
MKIS helps organizations in efficient channel management

       ► True
       ► False
MKIS (Marketing Information Systems) helps organizations in efficient channel management.

Question No: 11      ( M a r k s: 1 ) http://vuzs.net
Crypto Analysis is the science and art of transforming messages to make them secure and immune to attacks.

       ► True
       ► False
Cryptography is the science and the art of transforming messages to make them secure and immune to attacks.

Question No: 12      ( M a r k s: 1 ) http://vuzs.net
Active Monitor software serves the concurrent monitoring as the system is being used.

        True
       ► False
Active Monitor: This software serves the concurrent monitoring as the system is being used.

Question No: 13      ( M a r k s: 1 ) http://vuzs.net
The protection of the interests of those relying on information, and the information systems and communications that delivers the information, from harm resulting from failures of availability, confidentiality, and integrity.

       ► False
        True
“The protection of the interests of those relying on information, and the information systems and communications that delivers the information, from harm resulting from failures of availability, confidentiality, and integrity.”

Question No: 14      ( M a r k s: 1 ) http://vuzs.net
The purpose of a class is to specify a classification of objects and to specify the features that characterize the structure and behavior of those objects.

        True
       ► False
“The purpose of a class is to specify a classification of objects and to specify the features that characterize the structure and behavior of those objects.”

Question No: 15      ( M a r k s: 1 ) http://vuzs.net
In drawing a proper flowchart, all necessary steps that are a part of process should be listed out in ---------------------- order.

        Logical
       ► Physical
       ► Random
       ► Top to Bottom
In drawing a proper flowchart, all necessary steps that are a part of process should be listed out in logical order.

Question No: 16      ( M a r k s: 1 ) http://vuzs.net
The departmental structures are different in banking and financial sector

       ► False
        True
The departmental structures are different in banking and financial sector.

Question No: 17 vuzs     ( M a r k s: 1 ) http://vuzs.net
Production subsystem needs to be linked with the marketing system to produce right amount of product.

        True
       ► False
Production subsystem needs to be linked with the marketing system so as to produce right amount of product.

Question No: 18      ( M a r k s: 1 ) http://vuzs.net
DSS can be used to simulate the consequences of each alternative generated.

        TRUE
       ► FALSE
A DSS system can be used to simulate the consequences of each alternative generated.

Question No: 19      ( M a r k s: 1 ) http://vuzs.net
Which of the following select chief executive?

       ► Employees
       ► Customers
        Board of Directors

Question No: 20      ( M a r k s: 1 ) http://vuzs.net
A schematic representation of a sequence of operations as in a manufacturing process or computer program is called __________

       ► Algorithm
       ► Entity Relationship Diagram
        Flowchart
Flow Chart: "A schematic representation of a sequence of operations as in a manufacturing process or computer program."

Question No: 21      ( M a r k s: 1 ) http://vuzs.net
Rounded shaped symbol in the flow chart is called ____________

        Connector
       ► Arrow
       ► Process

Question No: 22      ( M a r k s: 1 ) http://vuzs.net
________ Focus on detecting potentially abnormal behavior in function of operating system or request made by application software

        Behavior blockers
       ► Active monitors
       ► Scanners
Behavior blockers: Focus on detecting potentially abnormal behavior in function of operating system or request made by application software.

Question No: 23      ( M a r k s: 1 ) http://vuzs.net
Testing is easy for the software that is developed using OOAD due to use of ___________

       ► Modular approach
       ► Real time modeling
       ► Usability feature
Object Oriented Analysis and Design (OOAD): Software can be developed on modular basis.

Question No: 24      ( M a r k s: 1 ) http://vuzs.net
Threat source motivation is an output for Likelihood determination

       ► True
        False
Likelihood Determination:
The input to this phase is
• Threat source motivation

Question No: 25      ( M a r k s: 1 ) http://vuzs.net
Administrative Consol is one of the components of Intrusion Detection System (IDS).

        True
       ► False

Question No: 26      ( M a r k s: 1 ) http://vuzs.net
Preparing a situation for change by disconfirming existing attitudes and behaviors is called Unfreezing.

        True
       ► False
Unfreezing: Preparing a situation for change by disconfirming existing attitudes and behaviors.

Question No: 27  vuzs    ( M a r k s: 1 )
The purpose of data flow diagrams is to provide a --------- between users and systems developers

        Linking bridge
       ► Empty space
       ► Data Flows
       ► Options a and b
The purpose of data flow diagrams is to provide a linking bridge between users and systems developers.

Question No: 28      ( M a r k s: 1 )
Availability of which of the following to various users also depends on how the information is processed?

        Information
       ► Data
       ► Log File
       ► None of the above
Availability of information to various users also depends on how the information is processed.

Question No: 29      ( M a r k s: 1 )
Which of the following is the characteristic of being able to assign a different meaning or usage to something in different contexts - specifically?

       ► OOP
       ► Polymorphism
       ► Encapsulation
       ► Inheritance
Polymorphism is the characteristic of being able to assign a different meaning or usage to something in different contexts - specifically, to allow an entity such as a variable, a method, or an object to have more than one form.

Question No: 30      ( M a r k s: 1 )
_______ is the science of coded writing.

       ► Decryption
        Cryptography
       ► Encryption
In literal terms, cryptography means science of coded writing.


Question No: 31      ( M a r k s: 2 )
What is the basic purpose of setting up systems and procedures. Give your own opinion.

Answer: The basic purpose of setting up system and procedures is to make available information when it is required.

Question No: 32      ( M a r k s: 2 )
Define threat and identify its types.

Answer: Threat is an act or event which can cause loss. Threats are of two types logical threats and physical threats.

Question No: 33      ( M a r k s: 2 )
List any two types of information that can be used as input for vulnerability?

Answer:
 1- Any audit comments
 2- Security requirements

Question No: 34  vuzs    ( M a r k s: 2 )
Identify leading ERP software vendors ?

Answer:
1-SAP
2-Oracale
3-QAD
4-PeopleSoft
5-Sag

Question No: 35      ( M a r k s: 3 )
Define Risk Determination. Identify its inputs and outputs.

Answer: Risk determination phase assesses the risk and level of risk to IT system.
The inputs of to this phase are
1. Likelihood of threat exploitation
2. Magnitude of impact
3. Adequacy of planned and current controls
The output is the determination of risk and associated risk levels.

Question No: 36      ( M a r k s: 3 )
What are the types of threats?

Answer: There are two types of threats.
1-Physical threats: It refers to damage caused to the physical infrastructure of information system. For example:
1-Fire
2-Water
3-Intrusion
4-Energy variation
5-Pollution
6-Structural damage

2-Logical Threat: It refers to damage caused to the information system without any physical presence.
1-Worms and viruses
2-Logical intrusion

Question No: 37      ( M a r k s: 3 )
Differentiate between Incremental and iterative models with the help of one example each.

Answer:  Incremental vs. Iterative
These sound similar, and sometimes are equated but there is a subtle difference:
• Incremental: add to the product at each phase
• Iterative: re-do the product at each phase
Example:(vuzs)
Building a House
• Incremental: Starts with a modest house, keep adding rooms and upgrades to it.
• Iterative: The design/construction map.

Question No: 38      ( M a r k s: 3 )
Identify any six factors that should be considered in order for change to be successful?

Answer:
Following factors should be considered in order for change to be successful:
• What are the implications and barriers to successful implementation?
• What processes will we need to change/introduce?
• Who will feel threatened by the change?
• How do we change people's behavior?
• How will success be measured and what value will success    
   Have for the business and individual?
•Is the proposed change aligned with the strategic plan?

Question No: 39 vuzs     ( M a r k s: 5 )
Define the following:
Answer:

a) EC (E commerce)
Electronic Commerce (e-commerce or EC) describes the buying, selling, and exchanging of products, services, and information via computer network, primarily the internet. Some people view the term commerce as describing transactions conducted between business partners.
b) EB (E business)
E-business means using the internet and online technologies to create operating efficiencies, and therefore increase value to the customer. It is internally focused. All e-commerce is part of e-business. Not all e-business is e-commerce.

Question No: 40      ( M a r k s: 5 )
Identify and define the types of active attacks ?

Answer: 
Active attacks:

After getting proper information about system in passive attacks intruder will obtain unauthorized access to modify data or programs, causing a denial of service, escalating privileges, accessing other systems. They affect the integrity, availability and authentication attributes of network security.
Types of Active attacks
Common form of active attacks may include the following:
• Masquerading – involves carrying out unauthorized activity by impersonating a legitimate user of the system.
• Piggybacking – involves intercepting communications between the operating system and the user and modifying them or substituting new messages.
• Spoofing – A penetrator fools users into thinking they are interacting with the operating system. He duplicates logon procedure and captures pass word.
• Backdoors/trapdoors – it allows user to employ the facilities of the operating system without being subject to the normal controls.
• Trojan Horse – Users execute the program written by the penetrator. The program undertakes unauthorized activities e.g. a copy of the sensitive data.

Leave a Reply

Related Posts Plugin for WordPress, Blogger...