1 Per figure 1.2, which area of Information systems covers Security challenges

A. Foundation Concepts
B. Development Processes
C. Business Applications
D. Management Challenges
E. None of the above

2 Computer systems that focus on collecting and analyzing the data

A. Expect Systems (ES)
B. Enterprise resource Planning (ERP) Systems
C. Business Intelligence (BI) systems
D. All of the above
E. None of the above

3 What system(s) support(s) Business operations

A. Transaction Processing
B. Process Control
C. Enterprise Collaboration
D. All of the above
E. None of the above

4 At what stage of Developing an Information System will you know that technical feasibility of a proposed application

A. Investigate
B. Analyze
C. Design
D. Implement
E. Maintain

5 Which of the following is a correct statement

A. Data and Information are synonyms, they mean same
B. Data is processed into Information by adding context to it
C. Both data and Information depend on the context and perspective of the user
D. All these are correct
E. None of the above are correct

6 A cross-functional enterprise system that helps a business integrate and automate many of its internal business processes and information systems

A. ERP
B. CRM
C. SCM
D. Intranet Portals

7 A cross-functional inter-enterprise system that helps a business manage its network of relationships and processes with its business partners

A. ERP
B. CRM
C. SCM
D. Intranet Portals

8 Helps with Intra-enterprise communications, collaboration, sharing, and centralizing of information resources.

A. ERP
B. CRM
C. SCM
D. Intranet Portals

9 The automatic exchange of electronic business documents between the networked computers of business partners

A. E-mail communications
B. EDI
C. Extranet Portals
D. SCM

10 Better functioning of Customer facing systems (fill in the blanks): _____________________

11 Following is not one of the principle of Technology Ethics

A. Technology must achieve more good than the harm
B. Benefits and burdens of Technologies must be distributed fairly
C. Maintain secrecy of new Technologies
D. Those affected by the technology must be informed
E. Risks associated with technology must be avoided as much as you can

12 What is the closest percentage of IT budget is used on Security in developed countries?

A. 2%
B. 7%
C. 15%
D. 25%

13 A piece of malicious code that must attach itself to another file to replicate itself is known as:

A. A virus
B. A worm
C. A logic bomb
D. A Trojan

14 Privacy Law that aims keep your health data private

A. U.S. Computer Matching and Privacy Act
B. Computer Fraud and Abuse Act
A. Electronic Communications Privacy Act
B. HIPAA

15 The presence of documentation that allows a transaction to be traced through all stages of information processing.

A. Data Trace
B. TPM - Transaction Processing Systems
C. System security monitor
D. Audit Trail

16 Determining that you are who you say you are, is called

A. Authorization
B. Authentication
C. Non-repudiation
D. Identification
E. All of the above

17 Process to ensure that the message was sent by the Sender and was received by the receive , is called

A. Authorization
B. Authentication
C. Non-repudiation
D. Identification
E. All of the above

18 A software program that looks like a useful utility program, but actually does malicious things such as tracking your password key strokes and sending to someone

A. Virus
B. Worm
C. Bot
D. Trojan Horse

19 A software program that does not need a host software to attach itself and propagate by itself

A. Virus
B. Worm
C. Bot
D. Trojan Horse

20 How are the actual Practices connected to Policies?

A. Practices are set of procedures written based on policy
B. No they are not connected
C. Practices are detailed steps of instructions developed to meet the standards and those standards were built based on the policies
D. Policies are influenced by the Practices.

21 Following kind of security policy provides guidance to all the members of the organization

A. EISP - Enterprise Information Security Policy
B. ISSP - Issue Specific Security Policy
C. SSP - System specific Security Policy
D. All of the above

22 Following kind of security policy set a strategic direction to all security efforts in the organization and is guided by the vision statement of the organization.

A. EISP - Enterprise Information Security Policy
B. ISSP - Issue Specific Security Policy
C. SSP - System specific Security Policy
D. All of the above

23 This security policy tries to explain why a particular technology can or cannot be used in an organization.

A. EISP - Enterprise Information Security Policy
B. ISSP - Issue Specific Security Policy
C. SSP - System specific Security Policy
D. All of the above

24 Risk management consists of following steps

A. Identification
B. Assessment
C. Risk Control
D. Organizational Business processes restructuring
E. All of the above

25 Following is not one of the risk controls that you can apply.

A. Policies
B. Ensure Laws relevant to the organizational business are implemented
C. Programs
D. Technical controls

26 Types of Access Controls

A. Discretionary
B. NonDiscretionary
C. Mandatory
D. All of the above
E. None of the above

27 Disaster Recovery (DR) plan comes under what kind of risk strategy

A. Avoidance
B. Transference
C. Mitigation
D. Acceptance

28 Which risk control is understanding the risk you are facing and do nothing about it

A. Avoidance
B. Acceptance
C. Mitigation
D. Transference

29 Which risk control aims to preempt the damage caused by the risk you identify

A. Avoidance
B. Acceptance
C. Mitigation
D. Transference

30 The amount and kinds of risks that organizations accept after evaluating the balance between Security and accessibility and applying the controls, is called

A. Residual Risk
B. Risk Mitigation
C. Risk Appetite
D. Any of the above

31 In practice it is almost impossible to safeguard any asset 100 percent, however valuable that may be. Hence, no asset has zero risk. The amount of risk not covered by any known safeguards is known as

A. Residual Risk
B. Risk Tolerance
C. Acceptable risk
D. All of the above
E. None of the above

32 Match the Following

A. Intranet
B. Extranet
C. Internet
D. Company Network

enterprise and its trading partners
inside the enterprise
Enterprise Servers
Open to all enterprises and individuals