cs507 important question

8/8/2019 Cs507 Important Question

1/39

Question No: 1 ( Marks: 1 ) - Please choose one

Information technology can lead to a decrease in the time for decision making

True False


Customer touch point is a method of interaction with a customer, such as telephone, e-

mail, a customer service or help desk, conventional mail, Web site and store. True

False


---------infrastructure consists of the physical facilities services and management that

support all computing resources in an organization

Information

Decision Management


Which of the following refers to the process of identifying attempts to penetrate a systemand gain unauthorized access?

Intrusion detection

Audit Trial Control Trial

Documentation


The departmental structures are --------------- in banking and financial sector. Different

Same

Mixed



2/39

Input controls monitor the initial handshaking procedure of the user with the operating

system.

True False


Logical intrusion skills needed to exploit logical exposures are more technical andcomplex as compared to physical exposures.

True

False


MIS and DSS can be seen as having a systematic approach towards problem solution. True

False


The protection of the interests of those relying on information, and the information

systems and

communications that delivers the information, from harm resulting from failures ofavailability,

confidentiality, and integrity.

False True


Which of the following are knowledge workers who facilitate the development of

information systems and computer applications by bridging the communications gap thatexists between non-technical system users, and System designers and developers?

System Analysts

Software Engineers System Designers

Chief Executives


______ is defined as all elements that exist outside the boundary of the organization.


3/39

Size

Business Environment

Business Structure


______ is the set of interconnected structural elements that provide the framework.

Infrastructure System

Organization


Rectangle shape in the flow charts represents___________

Decision Process

Terminator


Rounded shaped symbol in the flow chart is called ____________

Connector

Arrow Process


__________ overwrites every program/software/file it infects with itself. Hence theinfected file no longer functions.

Dropper

Overwriting Viruses

Boot sector Virus


Object oriented analysis focuses on the _________

States of objects Collaboration of objects

Implementation of objects


4/39


An information technology (IT) audit is an Examination of the controls within an entitysInformation technology infrastructure .

True

False


Web Site monitoring is the process used to view or record both the keystrokes entered by

a computer user and the computer's response during an interactive session.

True False


A _______________ is the possibility of a problem, whereas a problem is a risk that hasalready occured.

Risk

Threat

Intrusion


The two major criteria that are used to analyze risks are Operational Effects and

Situational Impacts True

False


Access Control refers to the process of identifying attempts to penetrate a system andgain unauthorized access.

True

False


M-Commerce stands for Mobile Commerce.

True

False


5/39


Organizational Development is one of the types of Change.

True False


Preparing a situation for change by disconfirming existing attitudes and

behaviors is called Unfreezing. True

False


Which of the following activity consists of the discovery, modeling, specification and

evaluation of requirements?

Development

Design Requirement

Implementation


Which of the following scans the operating system and application software for any virus

based on the viruses they contain.

Antivirus Scanners

Active Monitors

Firewall


__________ is an association among entities. There has to be a relationship between two

entities

Value Sets Cardinality

Relationships


6/39


A dropper is a program not a virus. True

False


Every decision we take in daily life requires some sort of data about the alternatives

available.

True

False


________________helps organization in gaining competitive advantage in the use of

processes, effectiveness and efficiency. BPR

CSF

SPR

MIS

Question No: 31 ( Marks: 2 )

What is cryptography?


What do you understand by Intrusion Detection Systems?


List information Requirements for Medium sizes organizations.


Define Dropper and Trojan horse ?


Designing file or database is a major component of system designing. Identify its basic

purposes.


7/39


What is the responsibility of the management of the organization to ensure the security ofinformation systems?


Identify the information that is required before conducting an impact analysis?


Define Reengineering?


Briefly discuss Risk Determination ?


Discuss Technical Limitations of Ecommerce in comparison with Non-Technical

Limitations in organizations ?

CS507 Paper

Total Questions: 53

Multiple Choice Questions : 48

Subjective Questions : 05

Write two takeover defenses techniques (3 Marks)

Find Net Income from the following data (3 Marks)

(EBIT = 50,000, Fraction of Debt in Capital Structure = 20, Return on Debt = 10%,

Amount of Debt = 20,000 and Tax Rate = 35%

Write a note on Structure of Organization and Cost of Capital (05 Marks)

Difference b/w Declaration Date and Ex-Dividend Date (05 Marks)

Advantages of Financial Lease from point view of Lessee (05 Marks)


8/39


Medium Sized organizations are normally a family ownership run by

Father & Sons

Brothers

Father, Sons and Brothers

None of the given


Small organizations usually have complex management structure.

True

False


Which of the following functions provide such data as sales prospect and contact

information, product information, product configurations and sales quotes?

Sales force automation (SFA)

CRM

ERP

MIS


9/39


Closed system is dependent on the internal resources and data.

True

False


Which of the following works in conjunction with routers and firewalls by monitoring

network usage anomalies to protect a companys information systems resources from

external as well as internal misuse?

Encryption

Intrusion Detection Systems

Firewall

All of above


Passive Attack is one of the types of Web Security Threats

True


10/39

False


If an organization can tolerate some downtime, cold sites backup might be appropriate.

True

False


Which of the following includes assessment of controls already been implemented or

planned, probability that they can be broken, assessment of potential loss despite such

controls existing?

Control Analysis

Vulnerability Assessment

Risk Management

All of above


The out put of Threat Identification phase is a threat statement identifying and defining

threats.

True


11/39

False


Audit Trials can be used together with controls trials to identify and provide information

about users suspected of improper modification of data.

True

False


Input controls monitor the initial handshaking procedure of the user with the operating

system.

True

False


Automated data are less susceptible to destruction and misuse than paper data.

True

False


The purpose of a class is to specify a classification of objects and to specify the features

that characterize the structure and behavior of those objects.


12/39

True

False


In drawing a proper flowchart, all necessary steps that are a part of process should be

listed out in ---------------------- order.

Logical

Physical

Random

Top to Bottom


Targeting advertising to customers to increase the probability, that an offer is accepted.

True

False


___________ is related to defining the information needs and how these will be obtained.

Infrastructure


13/39

Architecture

System


The spiral lifecycle model is a combination of the classic water Fall model and aspects of

risk analysis.

True

False


Rectangle shape in the flow charts represents___________

Decision

Process

Terminator


__________ is an object that exists and is distinguishable from other objects.

Value Sets

Entity

Relationships



14/39

Object oriented analysis generates _________

Implementation constraints

System Interfaces

Conceptual model of Information


Which of the following is not considered during OO Design?

Concurrency factor

Usability factor

Distribution factor


Administrative Consol is one of the components of Intrusion Detection System (IDS).

True

False


Maintaining and eventually institutionalizing the change is called Unfreezing.

True

False


15/39


Which of the following is the characteristic of being able to assign a different meaning orusage to something in different contexts - specifically?

OOP

Polymorphism

Encapsulation

Inheritance


Which of the following is some action or event that can lead to a loss?

Threat

Damage

Accident

None of the above


Intrabusiness is same as intraorganizational Business.

True

False



16/39

Distributing common information to every one may result ---------- and ---------.

Waste of time, confusion

Increase productivity, awareness

Cut time, cost

None of them


__________ is an association among entities. There has to be a relationship between two

entities

Value Sets

Cardinality

Relationships


A denial-of-service attack floods a Web site with so many requests for services that itslows down or crashes.

True

False



17/39

An IDS can help even if incorrectness or scope limitation in the manner threats aredefined.

True

False


What is cryptography?

It is conversion of data in secret code so that it can be transmitted safely.Question No: 32 ( Marks: 2 )

What do you understand by Intrusion Detection Systems?

It is a system used to secure networks. It is used in conjunction with routers, firewalls bymonitoring network usage anomalies. It protects the companys data from external as

well as internal threats and misuse. It is used in complement with firewall.


List information Requirements for Medium sizes organizations.1. Day to day transaction

2. sales

3. Cash management4. receivables and payables

5. Customer profiles

6. Market information

7. Competitor information8. Research and development


Why we need to secure information systems?Information systems must be secured because of existence of external and internal

threats. These threats are present in every network and place. Moreover the information is

to be transmitted through network which should be secured.


18/39


What is access control? Give example

This control establish interface between the attempting user and the computer. It monitorsthe initial handshaking procedure with the operating system e.g. if a person enters a pin

code in ATM machine, access control which is run by the system helps in blocking

illegitimate access.Question No: 36 ( Marks: 3 )

Risk mitigation is a process that takes place after the process of risk assessment has beencompleted. Discuss briefly various risk mitigation options?

Risk Avoidance: this option means to avoid the risk by avoiding the cause of the risk e.g.

close a program which is causing the risk during its use.Risk planning: It means the risk should be managed and planned, if mitigation plan is

always there, then less chances of a threat.Risk limitation: risk can be minimized by limiting the factor which may cause the risk

e.g. defining access controls which limit the access to certain risky areas of the system.

Risk assumption: it means to accept the potential risk and keep using the system or

implement such controls which minimize the risk to a certain level.Research and acknowledgement: a risk can be minimized by continuous research and

acknowledgment through which methods can be find to control and minimize the risk.


Briefly describe Incremental Model.

As clear from the name it is a step by step process. In this model software are built not

written. It is just like constructing a building step by step. In this model system isdesigned, implemented and tested in series of incremental builds, where a build consists

of code pieces of various modules which work as a whole to form a testable system.


Differentiate CRM from ERP ?

Enterprise Resource Planning (ERP) is a software package used to perform a wide range

of functions for business planning, it includes product planning, parts planning,maintaining inventories, interacting with suppliers, providing customer service and

tracking orders.

While Customer Relationship Management is a method used to maintain relationships

with customers by keeping customers profiles, contacts and other related data to be used


19/39

in time.


Differentiate Impact analysis from Risk determination ?

Impact analysis: This is a step which measures the level of risk in case of a successful

attack. For this first we need information like; System mission

System and data criticality

Sensitivity

This information is available in company documents such as system mission report,assets critically analysis report etc. this analysis helps to define the potential risk by

comparing with the goals like loss of integrity, loss of availability and loss of

confidentiality.

Risk Determination:Whereas risk determination measures the how much assets are exposed to the potential

threat i.e. it quantifies the loss. It analyses both physical and logical threats by using foursteps

Whether or not physical or logical controls are in place?

If they are present, how reliable they are?

What is the probability of occurrence of threats against that controls How much loss can occur if threat is successful?

It shows the main difference between Impact analysis and risk determination is former,identifies the risk while other quantifies the loss.


Discuss Intrusion detection Systems and also explain its components ?

It is a system used to secure networks. It is used in conjunction with routers, firewalls by

monitoring network usage anomalies. It protects the companys data from external as

well as internal threats and misuse. It is used in complement with firewall.

There are three types of Intrusion Detection Systems1. Signature-based

2. Statistical based

3. Neutral network1. Signature based:

This type of IDS only detects the predefined and detected intrusion pattern. It may not

detect all the threat.2. Statistical Based:

It uses comprehensive details of detected and expected behaviors of systems which can

detect possible threats. May be some time it detects some events as a threat for one

system which are normal operations of that system


20/39

3. Neutral Network:

It monitors general patterns of the activity on the system and keeps a database of theseactivities.

An IDS is used as part of network. It can be used a combination of software andhardware, or sometime it can also be used as a software in the system only. It is

compliment to the firewall. It is located between the firewall and the system. it can also

be used before firewall. It detects unauthorized access on the local network as well asremote attempts of unauthorized access to the system by using special host base IDS

Biometrics. It maintains a log of the attempts successful or not. It does not block these

attempts for blocking Intrusion Prevention System is used.

Components of IDS:Sensors: sensors collect the data and keep the log of the data in the system

Analyzer: It analysis the data received from the sensors.

An Administrative Console: this console is used for maintaining the configuration of the

whole IDS and only be used by the system designer or administrator.User interface: this component is for the general users and provide them access to the

IDS.

FINALTERM EXAMINATION

Spring 2010CS507- Information Systems

Time: 90 min

Marks: 60Question No: 1 ( Marks: 1 ) - Please choose one

Which of the following integrate the planning, management and use of all resources of

the organization?

ERP

CRM

ESS

OIS



21/39

Leading ERP software vendors include SAP (SAP R/3), Oracle and PeopleSoft.

True

False


ERP or enterprise systems control all major business processes with a single softwarearchitecture in real time.

False

True


Every system comprises of basic components which in a co-ordination formulate asystem.

True

False


Knowledge-Discovery in Databases and Data mining are known as thing.

True

False


22/39


The identification of risks should start with:

Description of the internal and external risks

A brainstorming session with risk management experts and a program profile

A good understanding of the program and a brainstorming session with key

stakeholders

Definitions of likelihood and impact


Which of the following likelihood level is true for the following statement:

"The threat source is highly motivated and sufficiently capable and controls to preventthe vulnerability from being exercised are ineffective "

None of these

Medium

High

Low


Which of the following refers to the process of identifying attempts to penetrate a system


23/39

and gain unauthorized access?

Intrusion detection

Audit Trial

Control Trial

Documentation


Accounts should have a control over various recording points in the entire process from

procurement to finished good store room.

False

True


Which of the following refers to damage caused to the software and data without any

physical damage to the computers?

Logical Threat

Physical Threat

Both a and b


24/39

None of these


Object orientation helps in increasing abstraction and event-driven programming.

True

False


The purpose of a class is to specify a classification of objects and to specify the features

that characterize the structure and behavior of those objects.

True

False


The First increment in incremental model is usually the core product which addresses thebasic requirements of the system.

True

False



25/39

A schematic representation of a sequence of operations as in a manufacturing process orcomputer program is called __________

Algorithm.

Entity Relationship Diagram

Flowchart


_________ is a malicious program that is disguised as or embedded within legitimatesoftware.

Trojan horse

Dropper

Overwriting Viruses


There are typically two kinds of audit records.

True

False


In assessing risks for an IT system, _______________ is the first step.

To define the scope of the effort.


26/39

Vulnerability Assesment

threat identification


Likelihood Determination phase sometimes determines that a potential vulnerability

could not be exercised by a given threat-source.

True

False


M-Commerce stands for Mobile Commerce.

True

False


M-Commerce (mobile commerce) refers to the conduct of e-commerce via wirelessdevices.

True

False


27/39


Which of the following is not the type of CSF?

Industry CSFs

Environmental CSFs

Technical CSFs

Temporal CSFs


Customer feedback on any product is required for ________

Quality check

Money factors

Strategic relationship

Intellectual capital


Which of the following is the process or art of defining the hardware and softwarearchitecture, components, modules, interfaces, and data for a computer system to satisfy

specified requirements?

Systems Design

Systems Requirement

Coding


28/39

Requirement


Which of the following is the characteristic of being able to assign a different meaning orusage to something in different contexts - specifically?

OOP

Polymorphism

Encapsulation

Inheritance


Intrabusiness is same as intraorganizational Business.

True

False


Decision support systems are designed to be ad hoc and quick-response systems which

are initiated and controlled by decision makers.

TRUE

FALSE



29/39

__________ is an association among entities. There has to be a relationship between twoentities

Value Sets

Cardinality

Relationships


In _____ decisions, problem is recurring and repetitive

Unstructured

Structured

Semi-Structured


To accept the potential risk and continue operating the IT system or to implement

controls to lower the risk to an acceptable level is called as ---------------.

Risk Planning

Risk Assumption

Risk Limitation

None of the above



30/39

Which of the following are the examples of secondary sources?

Commentaries, review articles and literature reviews

Guidebooks, manuals, Chronologies

Interviews, surveys and fieldwork

None of them


Define threat and identify its types.


Identify the purpose of Feasibility study.


What do you understand by E-Business?


List down the inputs to Risk Determination phase ?



31/39

What is critical success factor? Give examples


Briefly describe SDLC?


Discuss various steps in threat identification ? Give any example of threat sources and

threat actions .


List down components of an Intrusion Detection System ?


Identify any five phase of SDLC ?


Discuss Technical Limitations of Ecommerce in comparison with Non-Technical

Limitations in organizations ?

List the information required for medium size organization (2)

What are the physical threats for Information System (2)

List any two types of information that can be used as input for vulnerability. (2)

List down different types of SUPPLY CHAIN. (2)

How the information is kept in purchase department. (3)


32/39

What do u know about Key stork Monitoring? (3)

Identify roles and responsibilities of any three professionals in an organization. (3)

Draw backs of ESP system. (3)

Give two examples to prove that audit trials helps to provide variants from normal

behavior which may lead to unauthorized usage of sources. (5)

Classify E-Commerce into different classes. (5)

Define Piggybacking? (2 marks)

Identify Physical threats to Information System? (2 marks)

Differentiate between CBIS from Manual Information System? (2 marks)

Differentiate Changing and Unfreezing? (2 marks)

How Viruses and Worms can be transmitted into computers? Identify any threesources. (3 marks)

List any three Dimensions in MKIS? (3 marks)

Define Trojan Horse? (3 marks)

Information system security association of USA has listed many ethical challenges,identify any three of them? (3 marks)

List down different methods used to gather information on the IT system within itsoperational boundary? (5 marks)

Discuss Intrusion system and its components? (5 marks)

Question No: 1 ( Marks: 1 ) - Please choose onePast court decisions have stated that privacy must be balanced against the needs

of society. Tru e

False



33/39

Which of the following Customer Relationship Management (CRM) is anenterprisewide effort to acquire and retain customers? ERP CRM

MIS ES S

Question No: 3 ( Marks: 1 ) - Please choose oneEvery system comprises of basic components which in a co-ordinationformulate a system.

True False


Closed system is dependent on the internal resources and data. True

False

Question No: 5 ( Marks: 1 ) - Please choose oneIn which of the following there is a direct interaction facilitated by auctions,

classifieds, and bartering? EGovernment

MCommerce Consumer-to-consumer EC

Intrabusiness EC

Question No: 6 ( Marks: 1 ) - Please choose oneThe turnaround time from the input of the transaction to the productionfor the output must be a few -------------------- Minutes or less Hours or less Seconds or less

Question No: 7 ( Marks: 1 ) - Please choose oneWhich of the following refers to the process of identifying attempts to

penetrate a system and gain unauthorized access? Threat Identification

Intrusion detectio nAccess Control

All of above


34/39

Question No: 8 ( Marks: 1 ) - Please choose oneThe Internet Protocol is designed solely for the addressing and routing of datapackets across a network

TrueFalse

Question No: 9 ( Marks: 1 ) - Please choose oneThreat capacity is an input source for Likelihood determination. False Tru e

Question No: 10 ( Marks: 1 ) - Please choose oneWhich of the following is a weakness that can be accidentally triggered or

intentionally exploited? Audit Trial

Likelihood Identification Threat Identification Vulnerabilit y

Question No: 11 ( Marks: 1 ) - Please choose oneThere are typically ________________ kinds of audit records

One Two Three

Four

Question No: 12 ( Marks: 1 ) - Please choose oneDocumentation may include program code of application softwares, technicalmanuals, user manuals etc.

Tru eFalse

Question No: 13 ( Marks: 1 ) - Please choose oneDecisions in which the decision maker must provide judgment,evaluation, and insights into the problem definition would becharacterized as: Structured


35/39

Semi Structured

Unstructured


Automated data are less susceptible to destruction and misuse than paper data. Tru e

False


According to Booch, object has following three components State, Behavior, Identity State, Behavior, Interface

State, Interface, methods State, Variables, Methods

Question No: 16 ( Marks: 1 ) - Please choose oneNull value may or may not be called zero value. Tru e

False

Question No: 17 ( Marks: 1 ) - Please choose oneOrganizations are distinguished on the basis of __________

AttributesPolicy Managemen t


__________ is known as father of warehouse. Stephen hawkingBill gates Bill Inmo n

Question No: 19 ( Marks: 1 ) - Please choose oneRounded shaped symbol in the flow chart is called ____________


36/39

Connecto rArrow

Process

Question No: 20 ( Marks: 1 ) - Please choose oneIndividuals using their skills to forward a political agenda, possibly breaking thelaw

in the process, but justifying their actions for political reasons are called________

Hacktivst sCrackers

Hackers


Object oriented analysis focuses on the _________ States of object s

Collaboration of objects

Implementation of objects

Question No: 22 ( Marks: 1 ) - Please choose oneWhich of the following carry characteristics of specialization? Sub classe s

Sub Interfaces Sub objects

Question No: 23 ( Marks: 1 ) - Please choose oneThe two major criteria that are used to analyze risks are Operational Effects andSituational Impacts True Fals e


Which of the following is not the type of CSF? Industry CSFs Environmental CSFs

Technical CSF sTemporal CSFs


37/39

Question No: 25 ( Marks: 1 ) - Please choose oneThe flowchart helps in locating and correcting errors also called debugging. True Fals e

Question No: 26 ( Marks: 1 ) - Please choose oneWhich of the following is the process or art of defining the hardware andsoftware architecture, components, modules, interfaces, and data for acomputer system to satisfy specified requirements? Systems Desig n

Systems Requirement

Coding Requirement

Question No: 27 ( Marks: 1 ) - Please choose oneWhich of the following focus on detecting potentially abnormal behaviorin function of operating system or request made by applicationsoftware? Active Monitors

Scanners Antivirus Behavior blocker s


Buying and selling of products, services and information via computernetworks, primarily through Internet is : E-Commerc e

E-Business Web Surfing BPR


_____________ is one of the component of Intrusion Detection System(IDS).

Log File Host Administrative Conso l None of above



38/39

The flow of information in organization can be _______ways. 1 2

3

4

Question No: 31 ( Marks: 2 )What are Active monitors? Define.Question No: 32 ( Marks: 2 )What is information Quality Checklist?Question No: 33 ( Marks: 2 )List any two types of information that can be used as input forvulnerability ?Question No: 34 ( Marks: 2 )Define CRM ?Question No: 35 ( Marks: 3 )What are the information requirements for Management level in

Accounting & financial Information Systems.Question No: 36 ( Marks: 3 )

What is access control? Give exampleQuestion No: 37 ( Marks: 3 )

Discuss Centralized and Distributed Processing in terms of theircomparison ?

Question No: 38 ( Marks: 3 )Identify draw backs of ERP systems ?Question No: 39 ( Marks: 5 )Differentiate the following1. Intrusion Detection vs Variance DetectionQuestion No: 40 ( Marks: 5 )Define the following:a) EC (ECommerce)b) EB (EBusiness)

ifferentiation Encrption and decryption? 2 Marks

Identify Components of intrusion detection system? 2 MarksWhat do we mean by cognitive process? 2 Marks

What is stand alone processing? 2 Marks


39/39

What do u mean by keystroke monitioring? 3 Marks

How virus and worms can be transmitted into computers? identify any three? 3 Marks

List down components of an intrusion detection system? 3 MarksDiscuss characteristics of flat organization? 3 Marks

Discuss various ERP attributes? 5 Marks

Incorporate Risk management SDLC? identify its phases? 5 Marks

1. How threats are identified? (2 Marks)

2. Differentiate encryption form decryption3. Define firewall?

4. Differentiae data form information in your own words

5. What is the responsibilities of the management of the organization to ensure the

security of information system6. what do you mean by keystroke monetary

7. Define Reengineering

8. What do you understand ESS

9. Identify any phase of SLDC10. How can change management phases

cs507 important question

Documents