Which of the following statements is NOT? accurate?
Forms of usurpation deny access to legitimate users.
A difficult aspect of understanding the cost of computer security threats is the fact that most data is based on? _________ methods that have a number of weaknesses.
survey
Which of the following is NOT one of the five most expensive forms of computer crime? attacks?
IP-spoofing attacks
Which of the below is not a type of? "Computer Crime" which affects IS? security?
Social Engineering and Surfing
Which is the lowest causing security threat to information? systems?
Stolen Devices
According to Ponemon? "Value lies in? ____________ and not in? _____________".
Data; Hardware
Your personal IS security goal should be to find an effective? trade-off between? ______ and? _________.
risk of? loss; cost of safeguards
Which is the single most important safeguard that an individual computer user can? implement?
Using strong passwords
Which of the following is NOT one of the personal security safeguards that users should? implement?
Fix any suspicious software problems by rewriting the bad source code.
Which of the following is not a measure which should be taken for? "Personal Security? Safeguards"?
Demonstrate security concerns to your competitors.
John? Pozadzides, a security? researcher, estimates that a brute force attack can crack a? six-character password of either upper or lowercase letters in about? _______________.
5 Minutes
Which of the following practices causes a risk to your? password?
You should also use similar passwords for different sites.
An? organization's policy statement about customer data should include all of the following elements? except:
what field is used as the primary key.
When it comes to risk of security threats and? losses, ___________.
risks cannot be eliminated
A? company-wide security policy should include all of the following EXCEPT? ________.
the? company-wide password(s)
Of the five components of information? systems, which are covered by data? safeguards?
Data
Which of the following is not covered under human? safeguards?
Application Design
Which of the following is covered under technical? safeguards?
Application design
In a security system the purpose of a password is to? ___________.
provide authentication
The process of converting text into unreadable formats so that it can be stored or transmitted securely is called? __________.
encryption
Which of the following is NOT one of the identification and authentication? techniques?
Malware safeguards
Which of the following statements about? "Smart Cards" is? false?
The smart cards have magnetic strips that enable more security.
Which of the following is not a feature of? "Biometric Authentication"?
The instruments required are not expensive.
A special version of asymmetric encryption called? _________________ is used on the Internet.
public key encryption
In an accounts payable? department, the department supervisor is allowed to both approve an expense and write a check to cover the expense. This situation illustrates ignoring which type of human? safeguard?
separation of duties
?_______ personnel have often inadvertently been the source of serious security risks.
Help-desk
Which components of information systems are involved in human? safeguards?
People and procedures
Which of the following is not a characteristic or function achieved by data? safeguard?
Data update
Which of the below is not true with respect to? "Enforcement"?
Encryption is an independent factor in Enforcement.
Many companies create? ______________ which are false targets for computer criminals to attack.
honeypots
?________ will enable an organization to determine whether it is under systematic attack or whether an incident is isolated.
Centralized reporting
An often overlooked aspect of an? organization's incident response plan is? ________.
practicing the incident response
Which of the following is NOT one of the factors involved with security incident? response?
Any employee involved in any type of security incident should be immediately terminated.
Which of the below is not an action taken by employees as part of an? incident-response plan?
The plan includes decentralized reporting
The last component of a security plan that we will consider is? ______________________.
Incident response
When an incident does? occur, speed is of the essence. The? _____________ the incident goes? on, the? ___________ the cost.
longer; greater
By? 2026, security threats will continue to? exist, but? ________
organizations can be better prepared for them
The next major security challenges will likely be those affecting? ________.
mobile devices
Which of the following is NOT? correct?
By? 2026, we will have gained enough knowledge to be able to eliminate security problems.
Which of the statements is not correct about cloud vendors and major? organizations?
The security will be at risk in the future.
Strong local? ______________ sheriffs will take control of their electronic borders and enforce existing laws.
electronic
Currently at the federal? level, ___________ and? ______________ take precedence over electronic security.
?finances; politics
All of the following are reasons why organizations utilize outsourcing arrangements except? _________.
lose economies of scale
A serious risk associated with outsourcing is? _________.
loss of control
Which of the following statements about outsourcing is NOT? accurate?
Outsourcing might be done to create jobs in a foreign country thereby promoting international goodwill.
Which of the below is a management advantage for choosing Outsourcing IS? Services?
Obtain expertise
Which of the below stands at the end of? IS/IT Outsourcing? Alternatives?
Hardware
Which of the below is NOT a factor involved in loss of control outsourcing? risk?
Potential loss of human resource
Among the rights you have as a user of computing resources is the right to? _______.
a secure computing environment
Which of the following is NOT a? user's responsibility?
Obtaining reliable network and Internet connections
Which of the following is NOT one of your rights as an information system? user?
An annual bonus payment for making it through the year without requiring hardware or software assistance from the IT department
Which of the below is your responsibility as an information systems? user?
Avoid reporting trivial problems
Which is NOT true about the effective training as part of information systems user? rights?
The user should be able to modify the training plan whenever required.
Which is NOT true about the? "no unauthorized hardware? modifications" responsibility with respect to information systems? users?
The user has to fix the problem caused by unauthorized software installation.
The term? ________ refers to a combination of? hardware, software, and data components that accomplishes a set of requirements.
application
The relationship of business processes is? _______.
N:M
The term? ________ means a combination of? hardware, software, and data components that accomplishes a set of requirements.
application
Which of the following is not an activity in the ordering business? process?
Planning
Which of the following business activities does not involve information? systems?
Approve Special Terms
Every IS supports at least how many business? processes?
One
Processes need to be managed for all of the following reasons? except______.
to reduce process quality
Which of the following correctly depicts the business process management? (BPM) cycle?
model? processes; create? components; implement? processes; assess results
A? ________ is a network of? activities, repositories,? roles, resources, and flows that interact to accomplish a business function.
business process
Which of the following is not a stage of? BPM?
COBIT
The Information Systems? __________ and? _________ Association has created a set of standard practices called COBIT.
?Audit; Control
When the assessment process indicates that a significant need for change has? arisen, which of the following does not? happen?
Components are updated and? non-functional components are removed.
The first phase of the SDLC in which we begin to understand? management's statement of the need for the new system is? ________.
system definition
The four dimensions of feasibility that are used to evaluate projects include all of the following except? ________.
user involvement
Which of the following is NOT one of the five phases in the SDLC process? model?
Obtain approvals and budget
__________ is the traditional process used to develop information systems and applications.
The systems development life cycle? (SDLC)
?___________ concerns whether the new system fits within the? organization's customs,? culture, charter, or legal requirements.
Organizational feasibility
Which of the following does not happen in requirement analysis? phase?
Update existing systems
A key to successfully bringing a systems development project to conclusion that involves creating a hierarchy of the tasks required to complete the project is? _______.
the work breakdown structure
Adjustments to a systems development project plan come about by making? trade-offs between? time, cost, and? __________.
scope
Which of the following is NOT one of the keys to success for SDLC? projects?
Providing funding for end user training
?___________ is the sequence of activities that determine the earliest date by which the project can be completed.
The critical path
The term? _______________ refers to a set of management? policies, practices, and tools that developers use to maintain control over the? project's resources.
configuration control
?__________________ is the process by which project managers compress the schedule by moving? resources, typically? people, from noncritical path tasks onto critical path tasks.
Critical path analysis
In? today's environment, organizations frequently seek to develop systems using an alternative to the SDLC known as the? _________ methodologies.
agile
Scrum differs from the SDLC in that? __________.
scrum is better suited to changing requirements during the development process
Which of the following statements is true regarding? SDLC?
SDLC assumes that requirements? don't change.
Which of the following is not correct according to the waterfall? method?
Implementation is done and then you update design.
Which of the following does not constitute the agile development? principle?
Implement as you go
Which of the below is not a part of the scrum? process?
Choose Design to Deliver