1. Following is not one of the vital roles played by the Information systems in business.
A. support an organization's business processes and operations
B. support an organization's business decision making
C. support an organization's business risk management and philosophy
D. support an organization's strategic competitive advantage
2. Which of the following is a correct statement
A. Data and Information are synonyms, they mean same
B. Data is processed into Information by adding context to it
C. Both data and Information depend on the context and perspective of the user
D. All these are correct
E. None of the above are correct
3. Business Intelligence (BI) systems support what business function?
A. Business Decision Making
B. Marketing
C. Data Security
D. Smoother Business operations and Processes
4. What system(s) support(s) Business operations
A. Transaction Processing
B. Process Control
C. Enterprise Collaboration
D. All of the above
E. None of the above
5. Match the
A. Intranet
B. Extranet
C. Internet
D. Company Network
Following
1. enterprise and its trading partners
2. inside the enterprise
3. Enterprise Servers
4. Open to all enterprises and individuals
6. A cross-functional enterprise system that helps a business integrate and automate many of its internal business processes and information systems
A. ERP
B. CRM
C. SCM
D. Intranet Portals
7. A cross-functional inter-enterprise system that helps a business manage its network of relationships and processes with its business partners
A. ERP
B. CRM
C. SCM
D. Intranet Portals
8. Helps with enterprise-wide communications, collaboration, and centralizing information resources.
A. ERP
B. CRM
C. SCM
D. Intranet Portals
9. The automatic exchange of electronic business documents between the networked computers of business partners
A. E-mail communications
B. EDI
C. Extranet Portals
D. SCM
10. Better functioning of Customer facing systems (fill in the blanks): _____________________
11. Following is not one of the principle of Technology Ethics
A. Technology must achieve more good than the harm
B. Benefits and burdens of Technologies must be distributed fairly
C. Maintain secrecy of new Technologies
D. Those affected by the technology must be informed
E. Risks associated with technology must be avoided as much as you can
12. Following is the percentage of employers that have fired their workers for using the Internet violating the company policy
A. 25%
B. 33%
C. 50%
D. None of the above
13. A piece of malicious code that must attach itself to another file to replicate itself is known as:
A. A virus
B. A worm
C. A logic bomb
D. A Trojan
14. Zombie computers are used in what kind of attacks
A. DoS
B. DDoS
C. Bruteforce attack against encrypted systems
D. All of the above
15. The presence of documentation that allows a transaction to be traced through all stages of information processing.
A. Data Trace
B. TPM - Transaction Processing Systems
C. System security monitor
D. Audit Trail
16. How are the actual Practices connected to Policies?
A. Practices are set of procedures written based on policy
B. No they are not connected
C. Practices are detailed steps of instructions developed to meet the standards and those standards were built based on the policies
D. Policies are influenced by the Practices.
17. Following kind of security policy provides guidance to all the members of the organization
A. EISP - Enterprise Information Security Policy
B. ISSP - Issue Specific Security Policy
C. SSP - System specific Security Policy
D. All of the above
18. Following kind of security policy set a strategic direction to all security efforts in the organization and is guided by the vision statement of the organization.
A. EISP - Enterprise Information Security Policy
B. ISSP - Issue Specific Security Policy
C. SSP - System specific Security Policy
D. All of the above
19. This security policy tries to explain why a particular technology can or cannot be used in an organization.
A. EISP - Enterprise Information Security Policy
B. ISSP - Issue Specific Security Policy
C. SSP - System specific Security Policy
D. All of the above
20. Disaster Recovery (DR) plan comes under what kind of risk strategy
A. Avoidance
B. Transference
C. Mitigation
D. Acceptance
21. Risk management consists of following steps
A. Identification
B. Assessment
C. Risk Control
D. Organizational Business processes restructuring
E. All of the above
22. Following is not one of the risk controls that you can apply.
A. Policies
B. Ensure Laws relevant to the organizational business are implemented
C. Programs
D. Technical controls
23. Types of Access Controls
A. Discretionary
B. NonDiscretionary
C. Mandatory
D. All of the above
E. None of the above
24. Which risk control is understanding the risk you are facing and do nothing about it
A. Avoidance
B. Acceptance
C. Mitigation
D. Transference
25. Which risk control aims to preempt the damage caused by the risk you identify
A. Avoidance
B. Acceptance
C. Mitigation
D. Transference
26. The amount and kinds of risks that organizations accept after evaluating the balance between Security and accessibility and applying the controls, is called
A. Residual Risk
B. Risk Mitigation
C. Risk Appetite
D. Any of the above
27. Determining that you are who you say you are, is called
A. Authorization
B. Authentication
C. Non-repudiation
D. Identification
E. All of the above
28. Process to ensure that the message was sent by the Sender and was received by the receive , is called
A. Authorization
B. Authentication
C. Non-repudiation
D. Identification
E. All of the above
29. A software program that looks like a useful utility program, but actually does malicious things such as tracking your password key strokes and sending to someone
A. Virus
B. Worm
C. Bot
D. Trojan Horse
30. A software program that needs a host software to attach itself and propagate
A. Virus
B. Worm
C. Bot
D. Trojan Horse
31. In practice it is almost impossible to safeguard any asset 100 percent, however valuable that may be. Hence, no asset has zero risk. The amount of risk not covered by any known safeguards is known as
A. Residual Risk
B. Risk Tolerance
C. Acceptable risk
D. All of the above
E. None of the above