Chapter 12

1. As enterprise-wide information systems grow more complex, configuration management becomes trivial.

2. Bandwidth requirements are expressed in bytes per minute.

3. In a public key encryption environment, each user on the network has a pair of keys: a foreign key and a private key.

4. The hardening process that makes a system more secure is fully automatic.

5. In a secluded engineering attack, an intruder uses social interaction to gain access to a computer system.

6. One highly publicized form of social engineering is called post texting, which is a method of obtaining personal information under false pretenses.

7. In dumpster diving attacks, an intruder raids desks or trash bins for valuable information.

8. Wrapping refers to the practice of storing backup media away from the main business location, in order to mitigate the risk of a catastrophic disaster, such as a flood, fire, or earthquake.

9. Retention periods of backups can be a specific number of months or years, depending on legal requirements and company policy.

10. In a broad sense, credentials include formal degrees, diplomas, or certificates granted by learning institutions to show that a certain level of education has been achieved.

11. Both adaptive and perfective maintenance activities decrease in a dynamic business environment.

12. Using a release methodology reduces the documentation burden.

13. When network traffic is encrypted, it is invisible and its content and purpose are masked.

14. The systems support and _____ phase begins when a system becomes operational and continues until the system reaches the end of its useful life. a. implementation b. verification c. security d. testing

15. If significant changes take place in an existing system or if a new version is released, the IT department might develop a _____. a. user training package b. user presence software c. maintenance module d. utility index

16. A(n) _____ is a centralized resource staffed by IT professionals who provide users with the support they need to do their jobs. a. help desk b. white spot c. maintenance software module d. utility point

17. A help desk can boost its productivity by using _____, which allows IT staff to take over a user's workstation and provide support and troubleshooting. a. high-level synthesis b. wireless fidelity c. word editing software d. remote control software

18. _____ costs include expenses for items such as supplies, equipment rental, and software leases. a. Operational b. Corrective c. Maintenance d. Adaptive

19. _____ expenses vary significantly during a system's operational life and include spending to support maintenance activities. a. Secure b. Maintenance c. Principal d. Capital

20. _____ include changing programs, procedures, or documentation to ensure correct system performance; adapting the system to changing requirements; and making the system operate more efficiently. a. Team building activities b. Elicitation activities c. Maintenance activities d. Testing activities

21. As shown in the accompanying figure, maintenance expenses usually are high when a system is implemented because problems must be detected, investigated, and resolved by _____. a. corrective maintenance b. adaptive maintenance c. perfective maintenance d. obsolete maintenance

22. As shown in the accompanying figure, once a system becomes stable, maintenance costs usually remain low and involve minor _____ maintenance. a. corrective b. adaptive c. perfective d. preventive

23. As shown in the accompanying figure, near the end of a system's useful life, _____ when it becomes clear that a company plans to replace the system. a. adaptive, corrective, and perfective maintenance expenses all increase rapidly b. perfective maintenance expenses increase rapidly, but adaptive and corrective maintenance typically decrease c. adaptive and corrective maintenance expenses increase rapidly, but perfective maintenance typically decreases d. adaptive, corrective, and perfective maintenance expenses all decrease rapidly

24. Corrective maintenance _____. a. adds enhancements to an operational system and makes the system easier to use b. diagnoses and corrects errors in an operational system c. involves changing an operational system to make it more efficient, reliable, or maintainable d. competes for resources in an operational system

25. Adaptive maintenance _____. a. adds enhancements to an operational system and makes the system easier to use b. diagnoses and corrects errors in an operational system c. involves changing an operational system to make it more efficient, reliable, or maintainable d. competes for resources in an operational system

26. Perfective maintenance _____. a. adds enhancements to an operational system and makes the system easier to use b. diagnoses and corrects errors in an operational system c. involves changing an operational system to make it more efficient, reliable, or maintainable d. competes for resources in an operational system

27. Perfective maintenance usually is cost effective _____ a system's operational life. a. early in b. during the middle of c. during the end of d. throughout

28. To avoid problems, preventive maintenance _____. a. adds enhancements to an operational system and makes the system easier to use b. diagnoses and corrects errors in an operational system c. involves changing an operational system to make it more efficient, reliable, or maintainable d. requires analysis of areas where trouble is likely to occur

29. In maintenance management, _____ means examining the whole in order to learn about the individual elements. a. synthesis b. adoption c. analysis d. elucidation

30. In maintenance management, _____ involves studying the parts of a system to understand the overall system. a. synthesis b. adoption c. fusion d. elucidation

31. Many IT departments also use a job title of _____ to designate positions that require a combination of systems analysis and programming skills. a. tester/programmer b. strategist/analyst c. programmer/analyst d. designer/debugger

32. _____ is a process for controlling changes in system requirements during software development. a. Data management b. Disk management c. Configuration management d. Email management

33. A _____ is responsible for assigning maintenance tasks to individuals or to a maintenance team. a. tester b. programmer c. system validator d. system administrator

34. In a typical system, the initial version of the system is 1.0, and the release that includes the first set of maintenance changes is version _____. a. 2.1 b. 1.1 c. 0.1 d. 2.1

35. _____ is the process of tracking system releases. a. Configuration control b. Version control c. Source control d. Quality control

36. When a new version of a system is installed, the prior release is _____, or stored. a. archived b. deleted c. discontinued d. reinstalled

37. A _____ is a formal reference point that measures system characteristics at a specific time. a. feature line b. baseline c. product point d. viewport

38. The _____ is the configuration of a system documented at the beginning of the project and consists of all necessary system requirements and design constraints. a. functional baseline b. extension baseline c. allocated baseline d. product baseline

39. The _____ documents a system at the end of the design phase, identifies any changes since the beginning of the project, and includes testing and verification of all system requirements and features. a. functional baseline b. operational baseline c. allocated baseline d. product baseline

40. The _____ describes a system at the beginning of system operation and includes the results of performance and acceptance tests for the operational system. a. functional baseline b. operational baseline c. allocated baseline d. product baseline

41. _____ includes monitoring a system for signs of trouble, logging all system failures, diagnosing the problem, and applying corrective action. a. Benchmark testing b. Throughput management c. Responsive testing d. Fault management

42. To measure system performance, companies use _____, which uses a set of standard tests on one system to compare its performance and capacity to that of other systems. a. metric analysis b. benchmark testing c. threat analysis d. allocation testing

43. In addition to benchmark testing, performance measurements, called _____, can monitor the number of transactions processed in a given time period, the number of records accessed, and the volume of online data. a. metrics b. wireframes c. viewports d. baselines

44. _____ is the overall time between a request for system activity and the delivery of the response. a. Response time b. Throughput time c. Refresh rate d. Base rate

45. _____ describes the amount of data that a system can transfer in a fixed time period. a. Latency b. Resolution c. Dimensionality d. Bandwidth

46. _____ measures actual system performance under specific circumstances and is affected by network loads and hardware efficiency. a. Throughput b. Resolution c. Dimensionality d. Latency

47. _____ measures the time between submitting a request for information and the fulfillment of the request. a. Bandwidth b. Turnaround time c. Throughput d. Frequency

48. _____ is a process that monitors current activity and performance levels, anticipates future activity, and forecasts the resources needed to provide desired levels of service. a. Restructuring b. Capacity planning c. Resource sizing d. Reorganizing

49. _____ protects information from unauthorized disclosure and safeguards privacy. a. Availability b. Integrity c. Confidentiality d. Accessibility

50. _____ prevents unauthorized users from creating, modifying, or deleting information. a. Availability b. Integrity c. Confidentiality d. Evacuation

51. _____ ensures that authorized users have timely and reliable access to necessary information. a. Availability b. Integrity c. Confidentiality d. Concealability

52. The first step in managing IT security is to develop a _____ based on confidentiality, integrity, and availability. a. security policy b. risk policy c. threat report d. concealment report

53. _____ analyzes an organization's assets, threats, and vulnerabilities. a. Risk uncertainty b. Risk diversification c. Risk identification d. Risk control

54. _____ measures risk likelihood and impact. a. Risk assessment b. Risk marker c. Risk identification d. Risk control

55. _____ develops safeguards that reduce risks and their impact. a. Risk assessment b. Risk verification c. Risk identification d. Risk control

56. A _____ is an internal or external entity that could endanger an asset. a. proxy b. facade c. firewall d. threat

57. A _____ is a security weakness or soft spot. a. proxy b. vulnerability c. firewall d. malware

58. A(n) _____ is an attack that takes advantage of a vulnerability. a. proxy b. exploit c. firewall d. archive

59. In IT security terms, a _____ is the impact of an attack multiplied by the likelihood of a vulnerability being exploited. a. proxy b. risk c. firewall d. warning

60. _____, a risk control strategy, eliminates risks by adding protective safeguards. a. Avoidance b. Acceptance c. Conveyance d. Transference

61. A _____ is the main line of defense between a local network, or intranet, and the Internet. a. malware b. firewall c. spyware d. threat

62. Typically, an intruder accesses a system using a compromised account, and may attempt a(n) _____, which is an unauthorized attempt to increase permission levels. a. privilege escalation attack b. denial-of-service attack c. malware penetration attack d. identity management invasion

63. One of his firm's clients details an incident in which a hacker — a former employee — thieved trade secrets from the client and threatened to release them to the competition if he was not paid. In which of the following categories should George place this incident? a. Vandalism b. Trespass and espionage c. Extortion d. Software attack

64. Another of George's clients has software that is outdated and has become increasingly vulnerable to attack. How does George categorize this threat? a. Human error b. Technical obsolescence c. Service failure d. Espionage

65. One of George's clients reports that the traffic on their network is being intercepted and scanned for valuable information. How does George categorize this incident? a. Spoofing b. Man in the middle c. Dumpster diving d. Sniffing

66. Another of George's clients describes a situation in which a caller to their service desk pretended to be a legitimate user and requested that his password to his company account be changed. How does George categorize this incident? a. Social engineering b. Mail bombing c. Spoofing d. Privilege escalation

67. Response time is affected by _____. a. system design b. capabilities c. follow-up messages d. processing methods

68. A(n) _____ can prevent an unauthorized person from booting a computer by using a CD-ROM or USB device. a. boot-level password b. application-level password c. BIOS-level password d. power-on password

69. _____ is concerned with managerial policies and controls that ensure secure operations. a. Procedural security b. Network security c. Operational security d. Application security