|
________ involves searching for patterns and relationships among data. |
Data Mining |
|
________ reports enable users to drill down to view increasingly detailed levels of the data. |
OLAP |
|
The functions of a data warehouse are to do all of the following, EXCEPT ________. |
filter data |
|
When AllRoad Parts acquired data for its BI system from its operational database, it used all of the following conditions, EXCEPT ________. |
only select items with a unit price of more than $100 |
|
Which of the following is NOT an example of a task supported by business intelligence? |
Payroll |
|
Which of the following is an example of a supervised data mining technique? |
Regression analysis |
|
Among the following statements, which one is NOT applicable to Big Data? |
Big Data can be processed with traditional techniques |
|
In market-basket terminology, the ratio of confidence to the base probability of buying an item is the ________. |
lift |
|
Which of the following is NOT part of the BI system? |
capacity |
|
Which of the following statements is NOT true about business intelligence (BI) systems? |
BI systems support only decision-making activities. |
|
Among the following, what is the best way to distinguish between reporting tools and data mining tools? |
Complexity of techniquies used |
|
________ attempt to capture human expertise and put it into a format that can be used by nonexperts. |
Expert systems |
|
AllRoad Parts used a BI system to find candidate parts for the sale of 3D parts designs by using all of the following criteria, EXCEPT ________. |
by finding parts ordered in large quantities |
|
Which of the following is NOT true regarding Hadoop? |
Hadoop is a market-based analysis too |
|
A BI system enabled Target to identify customers who might be pregnant by ________. |
customer purchasing patterns of lotions and vitamins |
|
RFM analysis is a way of analyzing and ranking customers according to their ________. |
purchasing patterns |
|
Which of the following is NOT a primary activity in the BI process? |
Tracking the access and use of the data mining results |
|
An OLAP report has measures and dimensions. Which of the following is an example of a dimension? |
purchase date |
|
Which of the following is a standard for subscribing to content sources? |
Real simple syndication |
|
Which of the following is NOT an example of a static report? |
BI server |
|
Operational data can have many problems that make it unsuitable for data mining. Among the following, which is NOT a data problem in operational data that creates issues for data mining? |
Data is highly integrated |
|
An RFM score of ________ probably means this customer has taken their business elsewhere and is most likely not worth spending too many marketing resources on. |
555 |
|
In the next 10 years, BI applications can become so sophisticated that they might replace the BI analyst, due to all of the following reasons, EXCEPT ________. |
supervised learning is more accurate than unsupervised learning |
|
Which of the following is true of unsupervised data mining? |
Analysts do not create a model before running the analysis |
|
Among the different types of social media to manage and deliver organizational knowledge, the tool NOT in use for problem solving is ________. |
blogs |
|
Business intelligence (BI) systems are ________. |
information systems that process operational and other data to analyze past performance and to make predictions |
|
Which of the following is NOT a typical use for the outputs of a business intelligence system? |
Eliminating the need to access the corporate data warehouse |
|
Which of the following is NOT one of the primary activities in the BI process? |
perform data mining on Big Data |
|
Which of the following statements about the BI process is correct? |
The fundamental categories of BI analysis include reporting, data mining, Big Data, and knowledge management. |
|
A data warehouse contains all of the following components EXCEPT ________. |
tools for CRM |
|
Source data for a data warehouse might suffer from all of the following problems EXCEPT ________. |
data that are "meta" and not real |
|
The BI analysis reporting operation processes structured data by all of the following methods EXCEPT ________. |
hypothesis testing |
|
________ is the term which means "to further divide the data into more detail". |
Drill down |
|
Which of the following is commonly used as a synonym for data mining? |
Knowledge discovery in databases (KDD) |
|
Which of the following is a popular supervised data mining application used to predict values and make classifications? |
Neural Networks |
|
Which of the following is a technique for harnessing the power of thousands of computers working in parallel? |
MapReduce |
|
Big Data is a term used to describe data collections that are characterized by all of the following EXCEPT ________. |
font sizes greater than 20 |
|
Which of the following knowledge management applications would be used when action is required if a particular condition exists? |
Expert systems |
|
Which of the following hyper-social knowledge management media is defined as a listing of employees that includes not only their personal information, but also organizational structure and expertise? |
Rich directories |
|
Which of the following statements about static and dynamic reports is NOT accurate? |
A printed sales analysis is an example of a dynamic report |
|
Which of the following correctly identifies the two major functions of a BI server? |
Management and delivery |
|
Which of the following statements about the future of BI is NOT accurate? |
Data storage and CPU processing costs are increasing, making data mining less valuable. |
|
Which of the following is an example of a BI data source? |
Operational data |
|
For which of the following do data miners develop a model prior to the analysis and apply statistical techniques to data to estimate parameters of the model? |
Supervised data mining |
|
Which of the following is NOT a function of data warehouse? |
Storing data |
|
A hyper-social company uses __________ to create value from intellectual capital. |
Knowledge management |
|
What is a reporting application? |
Inputs data from one or more sources and applies reporting operations to that data to produce business intelligence |
|
Which of the following is a business intelligence task? |
Problem solving |
|
A data warehouse_____ |
obtains, stores, and manages data for business intelligence processing |
|
Which of the following involves obtaining, cleaning, organizing, relating, and cataloging source data? |
Data aquisition |
|
Hadoop is an open-source program that implements __________. |
MapReduce |
|
Which of the following best describes online analytical processing (OLAP)? |
OLAP is used for multidimensional data analysis, enabling users to view the same data in different ways using multiple dimensions. |
|
__________ is the first step in the development of a data warehouse. |
Extracting data from databases |
|
Static reports differ from dynamic reports in that _________ |
static reports are BI documents that are fixed at the time of creation and do not change |
|
Which of the following is NOT a possible problem associated with source data? |
Too little data |
|
Which of the following is true of static reports |
In the BI context, most static reports are published as PDF documents |
|
Which of the following is the ration of confidence to the base probablilty of buying an item? |
lift |
|
Which of the following is an open-source program the implements MapReduce? |
Hadoop |
|
With __________, data miners develop a model prior to the analysis and apply statistical techniques to data to estimate parameters of the model. |
supervised data mining |
|
Unsupervised data mining includes ___________. |
analysts who do not create a model or hypothesis before running the analysis |
|
Which of the following is NOT one of the five components of a BI system? |
Problem solving |
|
A(n) ____________ inputs data from one or more sources and applies operations to the data to produce business intelligence. |
Reporting application |
|
__________ is the process of creating value from intellectual capital and sharing that knowledge with employees, managers, suppliers, customers, and others who need that capital. |
Knowledge management |
|
Which of the following is true of RFM analysis? |
RFM is used to analyze and rank customers according to their purchasing patterns. |
|
Which of the following is a result of a market-basket analysis, where customers who buy product X also buy product Y? |
Cross-selling |
|
Which of the following activities immediately precedes the step of running a BI analysis on the data? |
Cleansing, organizing, and cataloging the data |
|
____________ shows how much the base probability increases or decreases when other products are purchased. |
lift |
|
Which of the following is used for multidimensional data analysis, enabling users to view the same data in different ways using multiple dimensions? |
OLAP |
|
If something is stored in the human mind, it is (or can be) information. If something is on a piece of paper or on a screen, it’s __________. |
data |
|
__________ is a technique readily implemented with basic reporting operations, and is used to analyze and rank customers according to their purchasing patterns. |
RFM analysis |
|
__________ is the fundamental category of business intelligence analysis that makes use of statistical techniques to find patterns and relationships among data for classification and prediction. |
data mining |
|
Which of the following is a conditional probablilty estimate? |
confidence |
|
__________ is characterized by huge volume, rapid velocity, and great variety. |
BigData |
|
Which of the following is true of push publishing |
Push publishing delivers business intelligence to users without any requests from the users. |
|
Patterns, relationships, trends, and predictions are referred to as __________. |
business intelligence |
|
Which of the following describes data acquisition? |
The process of obtaining, cleaning, organizing, relating, and cataloging source data |
|
Pretexting, phishing, and spoofing are all ________. |
threats that result in unauthorized data disclosure |
|
Threats that are intended to generate problems on a large scale and meant to last a long time are known as ___________. |
advanced persistent threats |
|
Which of the following statements is NOT correct? |
Forms of usurpation deny access to legitimate users. |
|
All the studies on the cost of computer crime are based on ________. |
surveys |
|
The small file placed on your computer by the Web sites you visit is called a ________. |
cookie |
|
Which is the single most important safeguard that an individual computer user can implement? |
using strong passwords |
|
Which of the following regarding the organization is NOT a consideration when creating the specifics of a data security policy? |
whether the organization is new or existing |
|
________ means to proactively balance the trade-off between risk and cost. |
manage risk |
|
Which information system components are protected by technical safeguards? |
hardware and software |
|
The process of converting text into unreadable formats so that it can be stored or transmitted securely is called __________. |
encryption |
|
Data safeguards protect databases and ________. |
other organizational data |
|
The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is an example of ________. |
physical security |
|
Organizations will create false targets that appear to attackers as valuable data that is easy to obtain; these are called ________.Organizations will create false targets that appear to attackers as valuable data that is easy to obtain; these are called ________. |
honeypots |
|
System procedures include actions to be taken during normal operations and for the purpose of __________. |
backup and recovery |
|
________ will enable an organization to determine whether it is under systematic attack or whether an incident is isolated. |
Centralized reporting |
|
When an incident does occur, ________ is of the essence. |
speed |
|
What is meant by the statement, "Computer crime is a game of cat and mouse"? |
As computer criminals find more ways to exploit vulnerabilities, security will improve as these threats emerge. |
|
The next major security challenges will likely be those affecting ________. |
mobil devices |
|
All of the following are projected trends for computer security for the next 10 years, EXCEPT ________. |
computer equipment will be more secure, with less threats and vulnerabilities |
|
Which of the following is considered a threat caused by human error? |
An employee inadvertently installs an old database on top of the current one. |
|
We do not know the full extent of losses due to computer security threats, because of all of the following reasons, EXCEPT ________. |
computer equipment prices are falling |
|
Data safeguards include all of the following, EXCEPT ________. |
data mining |
|
All of the following are types of malware, except ________. |
cookies |
|
________ a site means to take extraordinary measures to reduce a system’s vulnerability, using special versions of the operating system. |
hardening |
|
At a minimum, an organization’s security policy about protecting the data it gathers on employees must include all of the following, except ________. |
what non-organizational activities employees can do |
|
A(n) ________ will stipulate what an employee should do when he notices something like a virus. |
incident-response plan |
|
A(n) ___________ is a computer program that senses when another computer is attempting to scan or access a computer or network. |
intrusion detection program (IDS) |
|
The longer a security incident goes on, the _______. |
greater the cost |
|
Human safeguards involve the people and procedural components of information systems. All of the following constitute effective human safeguards, EXCEPT ________. |
incident-response plan |
|
The most secure and hard-to-break passwords have all of the following characteristics, EXCEPT ________. |
has six or fewer characters |
|
What among the following is NOT a type of security loss? |
forgotten passwords |
|
A ________ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth. |
phisher |
|
Non-word passwords are vulnerable to a(n) ________ attack, in which the password cracker tries every possible combination of characters. |
brute force |
|
A safety procedure that enables a trusted party to have a copy of the encryption key is called key ________. |
escrow |
|
All of the following are ways an organization prepares to respond to a security incident, EXCEPT ________. |
back up the data |
|
________ are false targets for computer criminals to attack. |
honeypots |
|
Which of the following is likely to occur in the next 10 years? |
Major incidents of cyberwarfare are likely |
|
All of the following statements are good practices to protect against security threats, EXCEPT ________. |
back up your browsing history, temporary files, and cookies |
|
According to the study done by Ponemon, which of the following has the lowest cost due to computer crime? |
stolen devices |
|
Which of the following is considered a computer crime? |
hacking of information systems |
|
Technical safeguards against computer security threats include all of the following EXCEPT ________. |
passwords |
|
________ is an opportunity for threats to gain access to assets. |
vulnerability |
|
Which of the following is a critical security function of senior management in an organization? |
establishing the security policy and manageing risk |
|
Which of the following concepts was used to create this code? |
a brute force attack |
|
Which of the following describes white-hat hacking? |
Involves the task of finding security flaws in your network and financial applications |
|
A(n) __________ is a sophisticated, possibly long-running, computer hack that is perpetrated by large, well-funded organizations such as governments. |
advanced persistent threat (APT) |
|
Which of the following statements is true of an advanced persistent threat (APT)? |
stuxnet is an example of an APT |
|
Which of the following is a way to prevent a hacker from using a brute force attack? |
create multiple, strong passwords |
|
Which of the following involves the task of finding security flaws in your network and financial applications? |
white-hat hackign |
|
Which of the following is a similar technique to pretexting that obtains unauthorized data via email? |
phishing |
|
Which of the following is true about faulty service? |
Faulty service includes problems that result because of incorrect system operation. |
|
In the context of information security management, which of the following occurs when someone deceives by pretending to be someone else? |
pretexting |
|
Which of the following is NOT a source of security threats? |
network sharing |
|
A __________ is an opportunity for a person or organization to gain access to individual or organizational assets. |
vulnerability |
|
How do job descriptions safeguard information systems from threats? |
by restricting information access under a need-to-know basis |
|
Which of the following is a human error causing a threat to an organization? |
a procedural mistakek |
|
Which of the following is not a minimum stipulation of a security policy? |
including professional dress policies in the security policy |
|
Which of the following refers to an organization-wide function that is in charge of developing data policies and enforcing data standards? |
data administration |
|
__________ consists of three interdependent factors: responsibility, accountability, and compliance. |
enforcement |
|
Which of the following is the part of a security plan that stipulates what an employee should do when a security problem occurs? |
incident response plan |
|
Computer criminals use denial-of-service attacks on information systems to __________. |
prevent legitimate users from using the system’s resources |
|
Which of the following describes IP spoofing? |
When an intruder uses another site’s Internet Protocol address to masquerade as that other site |
|
Which of the following best describes a threat? |
A person or organization that seeks to obtain or alter data or other assets illegally |
|
__________ are not always effective; some threats achieve their goal regardless. |
safeguards |
|
Which of the following uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices, in order to grant or deny access? |
biometric authentication |
|
Which of the folwing best describes hacking? |
unauthorized access to computer system |
|
Computer criminals can launch __________ attacks in which a malicious hacker floods a web server with bogus service requests that then tie up the server, so that it cannot service legitimate requests. |
denial of service |
|
Which of the following is NOT a recommended personal security safeguard? |
creating a password that is easy to remember and easy to figure out |
|
You buy a new office computer system online and use your credit card to pay the cost, which requires your credit card data to be transmitted over the Internet to complete the order. |
vulnerabillity |
|
Why is data an asset? |
A useful and valuable thing- holds all information and power for a company |
|
What is the rate of data growth? |
Doubling ever 6 months |
|
"Information Overload" |
Type of disruption- $900 billion cost to economy, people can’t do their jobs because there’s so much information |
|
"Information abundance" |
World has changed, jobs have changed, some people haven’t caught up to this change and recognized new environment – Challenge is for us all to geek up so we can take advantage of all of this new technology and data advancements |
|
Dark Data |
Idea that there is so much data spread across so many devices that it is inconsistent or on incompatible system- organizations can’t turn this data into anything of value |
|
Business Intelligence |
Term combining aspects of reporting, data exploration, and ad hoc queries and sophisticated data modeling and analysis |
|
Analytics |
Term describing extensive use of data, statistical and quantitative analysis, explanatory and predictive models, and face-based management to drive decisions and actions |
|
Data definition |
Raw facts and figures- alone it tells you nothing goal is to turn it to information |
|
Information |
Data presented in a context so it can answer a question or support decision making- combine it with knowledge |
|
Structured Data |
1. Organized 2. Pre-defined characteristics "Schema" |
|
Unstructured Data |
1. Not organized, no schema 2. Text- email, FB pages, new stories, etc. 3. Binary- images, video, audio |
|
Table |
Organized collection of data that’s made up of record and fields |
|
Record |
Row in your table- individual observation |
|
Field |
Column in your table- predetermined by your schema |
|
Relational databases |
Multiple tables are related together using acommon element |
|
Key field |
One of columns in a table that the data items in that field are unique for that row (they never repeat) |
|
Valid Relationship types |
Must be one key field when linking together -One:One -One:Many |
|
Views |
Allow users to see data from multiple tables joined together, appearing they are in the same table |
|
SQL |
Structured Query Language Langage used to create/manipulate data systems |
|
DBMS |
Database Management Systems Software for creating, maintaining, and manipulating data |
|
Leading DBMS Desktop-Based |
Microsoft Access |
|
Leading DBMS Server-Based |
Oracle, MySQL, Microsoft SQL Server |
|
TPS |
Transaction Processing Systems |
|
Two characteristics of a transaction |
1. Standardized 2. Occurs repeatedly |
|
Point of Sale System |
Cash register- products scanned in transaction |
|
How do loyalty cards generate valuable data? |
They know not only know what was sold but they know what was sold to whom→ provides valuable opportunities to targeting marketing |
|
Enterprise Software: CRM |
Customer Relationship management systems -Used to empower employees to track/record data at almost every point of customer contact (sales calls, complaint emails, returns, etc.) |
|
Enterprise Software: ERP |
Enterprise Resource Planning -paychecks, invoices, payments |
|
Enterprise Software: SCM |
Supply chain management – each order for finished goods, raw material, etc. |
|
4 Examples of Business Operations |
1. Health Care Industry 2. Michigan tags cows at birth 3. Transportation industry 4. Switzerland train cars |
|
Sources of customer-provided data |
1. Customer sureys 2. Product Registration cards 3. Contests |
|
Data Aggregator |
Firms that collect and resell data (as well as organize it, etc.) |
|
What is the impact of Moore’s Law and the Internet on privacy? |
Some feel that this Law, the falling cost of storage, and the increasing reach of the Internet have us on the cusp of a privacy train wreck- which may lead to more legislation that restricts data-use possibilities |
|
According to a Carnegie Mellon study, for 87% of Americans, what can be determined if you know their gender, birth date and zip code? |
They could be pinpointed by name |
|
What is HIPAA? What kind of data does it protect? |
US Health Insurance Portability and Accountability Act – provisions governing data use and privacy – healthy care providers, insurers, employers, financial industry, etc. |
|
According to Gartner Research, top CIOs say that _______ is the #1 challenge today. |
data growth |
|
What two problems arise from the challenge of data growth? |
1. Handling explosive growth with constrained budgets 2. Exploiting all of that data |
|
What is an SSD? |
Solid State Drivers Storage that uses flash memory so it is much faster |
|
How does SSD address data growth problems? |
Solid State Drivers Uses less electricity, improved performance and capacity, prices are dropping |
|
What is Automated Data Tiering? |
Match storage performance to access frequency- make these decisions automatically for you (whether it’s top tier, mid tier, bottom tie) based on importance |
|
What is DeDupe? |
Eliminates duplication in unstructured data Provides single storage for any data- multiple copies are "pointers" to single copy (causes GB to turn to 0) |
|
What are data silos? |
Data collections are completely separated with no possibility of communication or sharing between these silos |
|
How do data silos come into being? |
Obsolete legacy systems Incompatible systems |
|
Problem with data silos |
Companies are missing out on opportunities to discover correlations, pattern trends that will provide new insight on their data |
|
How do inconsistent data formats impact a business? |
All different codes/values are useless Garbage in, garbage out |
|
Operational Data |
Designed to integrate data from multiple sources for additional operations on the data |
|
How does the analysis of operational data compete with customers? |
When we run an analytics job trying to dig through this operational data looking for trends→ putting a significant amount of additional load on the systems (they are looking at thousands of transaction records, comparing results, etc.) – causes website to slow down, unacceptable delays, lost sales |
|
Solution to the problem of analysis of operational data |
Separate data repositories 1. Operational 2. Reporting and analytics- combine data and it’s cleaned as it comes in’ periodic import from operational systems (it will be up to date enough but not too much it slows website down) |
|
Data Warehouse |
Collection of databases designed to support decision making within the organization |
|
Characteristics of Data Warehouse |
1. Brings in many sources- periodic transfer, historical data 2. Fast Queries 3. Exploration |
|
How is a Data Mart different from a Data Warehouse? |
Scale is different- instead of looking at enterprise, you are looking at a specific problem or specific unit and trying to address their needs by using data from many sources |
|
What three characteristics are necessary for something to be "Big Data"? (three V’s) |
1. Volume- big data is too big 2. Velocity- data is arriving too fast 3. Variety- too little consistency in the data |
|
Hadoop- technically and practically |
Technically- open source system designed to be able to consume any data you want with distributing computing platform Practically- scalable, cost-effective, flexible, and fault-tolerant |
|
Components of Hadoop |
1. MapReduce 2. HDFS 3. Pig |
|
Predictive Policing- LA |
Example of Big data- used an equation of data to find areas in which they should increase police presence – predicted twice as many crimes |
|
Tesco Grocery Chain |
Example of Big Data – used big data to optimize refrigeration costs – energy costs down 20M euros per year |
|
Institute for Creative Technologies in LA |
Example of Big Data Improve therapy diagnoses to support US military in suicide prevention efforts |
|
Canned Reports |
Regular summaries of information in a predefined format |
|
Pros/ Cons of Canned Reports |
Pros- easy for users Cons- inflexible because it’s already designed in certain format, IT overhead (IT has to deal with tweaking if needed) |
|
Ad-Hoc Reporting Tools |
Tool that enables a tech-savvy user to develop and build their own reports |
|
Pros/ Cons of Ad-Hoc Reporting Tools |
Pros: Powerful/Flexible Cons: Demanding of user- must know how to use it, must know about business data, must understand the way the data is organized |
|
Dashboards |
Heads up display of critical indicators that allow managers to get a graphical glance at key performance metrics |
|
Pros of Dashboards |
Pros: gives graphic view of the software’s system, ability for some customization |
|
OLAP |
Online Analytical Processing A method of querying and reporting that takes data from standard relational databases, calculates and summarizes the data in advance, and then stores the data in a special database called a data cube |
|
Data Mining |
The process of using computers to identify hidden patterns and to build models from large data sets |
|
2 Things you need for Data Mining to work |
1. Organization must have clean, consistent data 2. Events in data should reflect current and future trends |
|
Pros/Cons of OLAP |
Online Analytical Processing Pros: Great when you need summary data Cons: not good when u need detailed data |
|
Which system components are combined to make up applications? |
hardware, software, data |
|
Regarding the relationship between business processes and information systems, which statement is correct? |
Every information system must support at least one process. |
|
Changes in technology or in business goals could lead an organization to make changes to its processes using ________. |
BPM |
|
The business process management cycle has four steps in the following order: |
model processes, create components, implement processes, assess results |
|
Which of the following statements regarding BPMN is NOT accurate? |
BPMN is a proprietary set of modeling notations. |
|
Which of the following statements is NOT accruate? |
Modeling processes involves a deep understanding of notation because standards do not exist in BPM. |
|
There are four feasibility studies that should be completed as part of the SDLC. During which SDLC phase should they be done? |
define system |
|
Which phase dictates what the new system should do, and is therefore the most important phase of the SDLC? |
determine requirements |
|
Because the process is formal and structured, it can be difficult to manage systems development projects using ________. |
the SDLC |
|
There is a point in an SDLC project where adding more workers will actually delay the completion of the project; this is known as ________. |
diseonomies of scale |
|
Scrum differs from the SDLC in that |
scrum is better suited to changing requirements during the development process |
|
If a team is using __________, the deliverables of the team are not so much design or other documents, but instead, a working version of the current system requirements. |
scrum |
|
Which of the following is NOT one of the four factors the favor better and faster development? |
There is an increase in deployment of mobile products. |
|
Unless _______ and users are actively involved in systems development projects, there will be many more million- and billion-dollar disasters on our hands. |
senior managers |
|
In a ________ installation, the new system runs alongside the old one until it has been tested and is fully operational. |
parallel |
|
Among the following, which is NOT a reason that can cause business processes to need changes and require management. |
new computer hardware is available |
|
________ is the standard set of terms and graphical notations for documenting business processes. |
business process modeling notation (BPMN) |
|
Among the following, what is NOT a typical characteristic of a successful project team? |
team composition remains fixed during the project |
|
A ________ shows the tasks, start and finish dates, and dependencies for the tasks of a project. |
Gantt chart |
|
Among the following statements about the systems development life cycle (SDLC), which one is FALSE? |
The average contribution per worker is directly proportional to the team size. |
|
The main problem of the SDLC approach to systems development is the ________ nature of the process. |
waterfall |
|
The project plan is made in the ________ phase of the systems development life cycle. |
system definition |
|
Among the following statements about information systems development, which one is FALSE? |
Systems development always aims at a fixed target. |
|
In considering the trade-offs for systems development processes, what could cause diseconomies of scale? |
adding more people |
|
Which of the following is NOT one of the dimensions of feasibility? |
planning |
|
Among the following statements, which one is NOT a key to success of SDLC projects? |
do not adjust the plan vis trade-offs |
|
Which of the following is NOT something to consider when performing a requirements analysis in SDLC? |
Consider organizational standards governing what hardware will be used. |
|
Among the following, which is NOT a stage in business process management (BPM)? |
change strategy |
|
Which of the following personnel do NOT play a role in the applications development process? |
business analysts |
|
________ are IS professionals who understand both business and technology. |
systems analysts |
|
Which of the following is done in the maintenance phase of the SDLC? |
fixing failures |
|
The easiest and cheapest time to alter the information system is in the ________ phase. |
requiremens analysis |
|
Which of the following is NOT one of the reasons for the problems with SDLC? |
lack of implementation trainging for users |
|
The correct sequence for the five phases in the systems development life cycle (SDLC) process is ________. |
System definition; requirements analysis; component design; implementation; system maintenance |
|
In a BPMN process diagram, a ________ represents the start of a process. |
thin-lined circle |
|
Which of the following statements does NOT represent an essential of the scrum process? |
Large complex projects can be managed with scrum. |
|
In the future, software vendors will find ways to make their solutions more agile using ________ and Web services. |
SOA |
|
Process and systems development will evolve in the following ways in the next 10 years, EXCEPT ________. |
systems will become less integrated |
|
In a BPMN process diagram, you can use ________ to simplify process diagrams and draw attention to interactions. |
swim-lane layout |
|
Which of the following are the inputs to the component design phase of the systems development life cycle? |
approved user requirements |
|
what are resources? |
people of computer applications that are assigned to roles |
|
Which term is used to describe the hierarchy of tasks to be done to complete a project? |
work breakdown structure (WBS) |
|
In order to achieve success within a SDLC project, which phase should be completed first or early on in the project? |
creating the work breakdown structure (WBS) |
|
Which of the following best define the image> |
gantt chart |
|
With scrum, what does velocity measure? |
How many system requirements the team can accomplish in a time period |
|
In a BPMN diagram, the diamond represents which one of the following? |
decision |
|
Which of the following is NOT one of the five phases in the SDLC process? |
approve user requirements |
|
Which of the following are data repositories? |
databases |
|
Which of the following is a technique used to create new business processes and to manage changes in existing processes? |
business process management |
|
What can the development team do to reduce the amount of time needed to complete a project? |
simplify the requirements |
|
Which of the following is NOT a principle of agile (Scrum) development? |
Choose not to work with customers during the duration. |
|
Which of the following is the software-industry standards organization that created a standard set of terms and graphical notations for documenting business processes? |
object management group (OMG) |
|
Which of the following statements is true about the role of prototypes? |
They provide evidence to assess the system’s technical and organizational feasibility. |
|
In a BPMN diagram, the horizontal rectangle represents which one of the following? |
an activity with a subprocess |
|
Which of the following is the primary purpose of the requirements phase of the systems development life cycle? |
determining he functions and features of a new systems |
|
__________ is a development process used for the development of business processes, information systems, and applications. |
scrum |
|
Scrum developers do not design an entire system at one time. Instead, they use __________ to design only the part of the system to be worked on next. |
just-in-time design |
|
Which of the following is a characteristic of a comprehensive test plan? |
It should ensure the execution of every single line of program code. |
|
__________ is a written, formal description of the system’s response to use and misuse scenarios. |
a test plan |
|
Which of the following is the first step in the system definition phase of the systems development life cycle? |
define the system goals and scope |
|
__________ is the standard that defines a set of terms and graphical notations for documenting business processes. |
business process modeling notation (BPMN) |
|
Which of the following statements is true about assessing the feasibility of projects? |
Technical feasibility refers to whether existing information technology is likely to be able to meet the needs of the new system. |
|
Which of the folowing is usd to develop business processes, information systems, and applications? |
scrum |
|
Which of the following is an example of a physical repository? |
inventory |
|
Which of the following can you convert a work breakdown structure into to show the task dependencies and task durations? |
gantt chart |
|
Which of the following is a set of management policies, practices, and tools that developers use to maintain control over the project’s resources? |
configuration control |
|
Which of the following describes Object management group (OMG) |
The software-industry standards organization that created a standard set of terms and graphical notations for documenting business processes |
|
Which of the following best shows the movement of data among activities? |
data flow |
|
Which of the following will NOT help a development team reduce the amount of time needed to complete a project? |
add more people to the project team |
|
What is business process modeling notation? (BPMN) |
The standard that defines a set of terms and graphical notations for documenting business processes |
|
Which of the following best define configuration control? |
A set of management policies, practices, and tools that developers use to maintain control over the project’s resources |
|
Today, with __________, prototypes and even finished systems can be constructed in the cloud within very small hardware budgets. |
elastic cloud computing |
|
A company that wants to implement changes to improve its business will use which of the following? |
business process management (BPM) |
|
__________ are people or computer applications that are assigned to roles. |
resouces |
|
Which type of project is most suitable to working with scrum? |
Smaller, faster designs that require project tasks to be completed in two days or shorter |
|
__________ measures how many system requirements the team can accomplish in a scrum time period. |
velocity |
|
What is malware |
Bad software- disable computer systems, disrupt operations, steal data |
|
Payload: Keylogger |
Malware will monitor every key stroke that you type |
|
Payload: Bot |
Allows cyber criminal to do anything they want to your computer remotely- machine does things in background without you knowing |
|
Payload: Ransomware |
When you execute malware, immediately installs itself on machine and encrypts all the data files on your PC with a password that doesn’t tell you – sends message "send money or never see files again" |
|
Types of systems targeted by malware |
1. Computers- windows, Mac, Linux 2. Mobile Devices- Android IOS, other Risk posed by fraudulent mobile apps |
|
What are CAPTCHAs? How are they able to prevent software from completing online forms? |
Completely Automated Public Turing test to tell Computer and Humans Apart – type of challenge-response test used in computing to determine whether or not the user is human |
|
CryptoWall is an example of what type of malware payload? |
Ransomware which has crypto locker as its predecessor |
|
What is the real cost of CryptoWall to organizations who are compromised by it? |
The downtime caused by data not being accessible and IT (overtime) hours to fix things, and sometimes whole departments sitting on their hands |
|
What’s the FBI’s advice to those organizations? |
If you had no backup, it was best to pay the ransom to get your files back |
|
What organization is behind CryptoWall? |
Evgeniy Bogachev – GameOver Zeus and CryptoLocker |
|
How do Trojans fool a user into executing them? |
1. Social engineering 2. Hidden Malware- utility software, games, bogus software updates 3. No need for vulnerabilities 4. Any way user can load a program- link in email, email attachments, web, etc. |
|
Do Trojans rely on software vulnerabilities to compromise a system? |
No |
|
How do viruses and host files relate? |
Viruses hide itself inside host file |
|
How do viruses propagate? |
Host file executed on new computer |
|
Do worms rely on host files? |
Yes |
|
How do worms propagate? |
1. Standard malware- no "useful program" or infected host file 2. Self-propagating via network 3. Exploits vulnerabilities to invade systems 4. Similar payloads Yes |
|
How is email used to distribute malware? |
Attachements, links |
|
In 2014, nearly ____% of the URL’s received via email are unsolicited malicious links |
25% |
|
What is phishing? |
A scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly |
|
How is phishing accomplished? |
From address, authentic looking graphics/links |
|
What is spoofing? |
Phish message claims to be legit but it isnt- appears to be from legitimate sender |
|
Tips for avoiding phishing scams |
Be suspicious of urgent requests, of request for personal info, don’t use links in email |
|
How is spearphishing different from phishing? |
Target- research the target Methods- carefully crafter email, valid source, personalized |
|
What is "CEO Fraud"? |
Targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments |
|
The article suggests that CEO Fraud works because ______ is "inherently insecure" |
|
|
What is malvertising? |
the use of online advertising to spread malware |
|
Drive-by Downloads |
User just opens page and is infected- exploits client vulnerability and no interaction is required |
|
Vulnerabilities exploited by drive-by downloads |
Exploits client vulnerability- operating system, web browser, browser plug-in |
|
What is the "vulnerability" being exploited in a Denial of Service (DoS) Attack? |
1. Heavy reliance on servers- e-commerce, communications, enterprise applications 2. Capacity- servers have maximum capacity, exceeding maximums=problems |
|
How does a DoS Attack work? |
1. Overwhelm the target server with service requests 2. Deny service to regular customers- attack consumes all normally available server capacity, nothing left for regular customers, regular customers frustrated and go elsewhere |
|
What is the impact of a DoS attack? |
Can make server crash entirely |
|
How does Distributed Denial of Service differ from a normal DoS attack? |
the attack comes from every direction at once- simultaneously- from multiple systems |
|
What percentage of companies in a 2013 survey were hit by 50+ DDoS attacks per month? |
11% |
|
Defense in depth – how does the castle metaphor apply to information security? |
You should not have a single layer defenses- you need a multi-layer defense system |
|
Risk assessment – what is the purpose? What steps are involved? |
Look at what your servers/databases are 1. List IT Assets 2. Assign value 3. Identify threats 4. Assign cost to replace 5. Determine acceptable downtime |
|
How to address Human Vulnerabilities |
Education/awareness training HR practices |
|
Endpoint protection |
Idea of anti-virus software, looks holistically at everything necessary to protect patching, anti-malware, and firewall |
|
Firewall |
Protect from outsiders |
|
Intrusion detection |
Monitor all the network track coming in and out of internet connection- looking for sequences that are security attacks |
|
Technological solutions to technological vulnerabilities: Access Controls |
Using ways to make sure the right users use the right programs – quality passwords, security rights, multi-factor authentication |
|
multi-factor authentication |
know + have (verification code) |
|
Principle of Least Privilege |
Business tech for the purpose of doing work- user given no more privilege than necessary to perform job |
|
Role Based Access Controls |
Don’t give access to person- give it to role and assign person to that role |
|
Honeypots |
A computer system on the internet that is expressly set up to attract and "trap" people who attempt to penetrate other people’s computer systems |
|
Blacklists |
List or register of entities or people, for reason or another, that are being denied a particular privilege, service, mobility, access or recognition |
|
Steps taken to protect BYOD and Mobile Devices |
1. Encryption 2. Mobile device management |
|
Steps taken to protect USB flash drives |
1. Hardware encryption 2. Ban them |
|
Steps taken to protect Disposal |
1. Shred document 2. Records management vendor |
|
What is DBAN? |
Free program that will repeatedly write patterns on 1s and 0s so that it wipes out data periodically |
|
Elements of a disaster recovery plan |
1. Data 2. Business 3. DR site 4. Acceptable recovery time |
|
Vulnerability Scan |
Device that scans for vulnerabilities across company’s network and notifies so we can remediate and repeat- goal is to report back to people |
|
Penetration testing |
Authorize a group of people to pretend to be hackers and try to break into system/ find vulnerabilities- Internal (IT team), external security consultants, social engineering and technological |
|
DR testing |
Discovery recovery- perform restore and verify systems work, simulated disasters |
|
How to Stop Gullible Employees" article from Cyberheist News- the most prevalent, successful threats rely on what vulnerability? |
Social engineering |
|
How to Stop Gullible Employees" article from Cyberheist News- What’s the "fastest and cheapest bang for your buck" when it comes to information security? |
User education training to counteract those threats |
|
Goal of encryption |
Ensure that a message is only read by the intended recipient… at least until the information is no longer useful to an unauthorized reader. |
|
Key-length impact on security and system performance |
Longer: more secure Longer: also slower Strong encryption: should take very long time to break |
|
What can the public key do? Who should have it? |
Pair of keys that are made available to anybody used only to encrypt, cannot decrypt |
|
What can the private key do? Who should have it? |
only known to the recipient, decrypts messages |
|
How is Public Key Encryption used? |
Protect web transactions -SSL, data encrypted b/w client and server, passwords, confidential data (medical, etc.) |
Share This
Flashcard
