Information Technology For Managers
3-1
Chapter 3 Project Management Solutions to End of Chapter Material Answers to What Would You Do Questions 1.
You are the Optum project leader taking over responsibility for implementing the Vermont Health Connect state health exchange. Your manager has just sent you a text asking you if you think it necessary to debrief Vermont state officials on what caused the project with CGI to spiral out of control. How do you reply? Students’ answers will vary. Some students may be in favor of debriefing Vermont state officials on what caused the project with CGI to spiral out of control. They may feel that this would help them in buying time for the team to deliver the project as per specifications.
2.
The new warehouse inventory control system will use the recently installed wireless network and RFID scanning equipment mounted on forklift trucks to track inventory in the warehouse. You have been holding off meeting with the project team to develop a schedule and cost estimate because three key members of the five-person project team are not available to meet until late next week. The CFO is on the phone with you. She needs dates, effort estimates, and dollar estimates to complete the capital and staffing forecast for next year and ensure there will be a budget for this project. What do you say? Students’ answers will vary. Some students may suggest arriving at an estimate based on the other two members’ schedule and cost estimates. Students may also suggest including contingency cost to the estimate to take care of all unforeseen costs that may arise during the course of the project.
Answers to Discussion Questions 1.
Do research online to find the success rate of IT projects compared to all types of organizational projects. Which has the higher success rate? Why do you think that this is so? Students’ answers will vary. Some students may mention that organizational projects are more successful than IT projects. There are many reasons why the success rate of IT projects is so low. IT projects are inherently complex activities that involve numerous
This study source was downloaded by 100000849927608 from CourseHero.com on 09-05-2022 16:36:03 GMT -05:00
https://www.coursehero.com/file/23272701/Reynolds-2e-SM-Ch03/
Information Technology For Managers
3-2
people playing many different roles—end users, sponsor, champion, project manager, project team member, etc. There are many opportunities for miscommunication, especially around defining the system scope and requirements. In addition, system requirements change and there is often a desire to change the project scope. Students may cite the example of the Standish Group that has found that 61 percent of all IT projects failed or faced major challenges such as lateness, budget overruns, and lack of required features. The Project Management Institute also found a gap between what organizations should be doing—aligning projects to the organization’s strategy—and what they are able to accomplish. The result is that 44 percent of strategic initiatives are unsuccessful. 2.
What is meant by the scope of a project? How can the scope of a project be defined? Project scope is a definition of which tasks are and which tasks are not included in a project. Project scope is a key determinant of the other project factors and must carefully be defined to ensure that a project meets its essential objectives. In general, the larger the scope of the project, the more difficult it is to meet cost, schedule, quality, and stakeholder expectations.
3.
Distinguish between the role of the project champion and the role of the project sponsor. Is one more important to the success of a project than the other? A project champion is a well-respected manager with a passion to see the project succeed and who removes barriers to the project success, whereas a project sponsor who is a senior manager from the business unit most affected by the project and who ensures the project will indeed meet the needs of his or her organization. Some students may find the roles of all key members equally important to the success of a project.
4.
Present an argument of why organizations should not include internal cross-charges in evaluating the economic desirability of projects. Now present an argument of why they should. What is your final position on the use of cross-charges? Students’ arguments will vary. However, students may mention that the effort of the employees involved in the development and implementation of an IT project represents a cost of the project. This cost, if a significant portion of the total project costs, should be included in determining the economic feasibility of the project.
5.
What is the difference between quality assurance and quality control? Quality assurance involves evaluating the progress of a project on an ongoing basis to ensure that it meets the identified quality standards. Quality control involves checking project results to ensure that they meet identified quality standards.
6.
Describe three specific actions that the ideal project sponsor should take to ensure the
This study source was downloaded by 100000849927608 from CourseHero.com on 09-05-2022 16:36:03 GMT -05:00
https://www.coursehero.com/file/23272701/Reynolds-2e-SM-Ch03/
Information Technology For Managers
3-3
success of a project. The ideal project sponsor is a senior manager of a business unit most affected by the project. The sponsor should ensure that the business unit’s expectations and needs are clearly communicated and understood. The sponsor should ensure that the project solution is truly workable and consistent with business and end-user requirements. The sponsor should work to overcome resistance to change and prepare the organization to embrace the new system and way of doing things. The sponsor should identify workers from business unit to be assigned on a full- or part-time basis to the project. 7.
Is there a difference between project time management and personal time management? Can someone be “good” at one but not the other? Explain your answer. Project time management includes defining an achievable completion date that is acceptable to the project stakeholders, developing a workable project schedule, and ensuring the timely completion of the project. It requires identifying specific tasks that project team members and/or other resources must complete; sequencing these tasks, taking into account any task dependencies or firm deadlines; estimating the amount of resources required to complete each task; estimating the elapsed time to complete each task; analyzing all this data to create a project schedule; and controlling and managing changes to the project schedule. Personal time management is essential if an individual wants to be effective and work well even under extreme pressure. The key to personal time management is to concentrate on getting results on the things that matter most and to assign lower priority to less important things. It is possible for someone to be good at personal time management but not be able to coordinate the activities of many people as required by project time management. If someone is not good at personal time management, it is unlikely that he/she will be good at project time management.
8.
Discuss the team dynamics for a highly effective (or ineffective) team of which you were a member. Can you explain why the team performed so well (or poorly) using the formingstorming-norming-performing model? Students’ answers will vary. However, students may mention that typically, a highly effective team successfully goes through a process that emulates the forming-stormingnorming-performing model. During the forming stage, the team meets to learn about the project, agrees on basic goals, and begins to work on project tasks. Team members are on their best behavior and try to be pleasant to one another while avoiding any conflict or disagreement. The team’s project manager in the formation stage tends to be highly
This study source was downloaded by 100000849927608 from CourseHero.com on 09-05-2022 16:36:03 GMT -05:00
https://www.coursehero.com/file/23272701/Reynolds-2e-SM-Ch03/
Information Technology For Managers
3-4
directive and tells members what needs to be done.. The team has moved into the storming stage when it recognizes that differences of opinion exist among team members and allows these ideas to compete for consideration. The team might argue and struggle, so it can be an unpleasant time for everyone. The project manager and team members must be tolerant of one another as they explore their differences. The project manager may need to continue to be highly directive. If the team survives the storming stage, it may enter the norming stage. During this stage, individual team members give up their preconceived judgments and opinions. Team members adjust their behavior toward one another and begin to trust one another. Teamwork actually begins. The project manager can be less directive and can expect team members to take more responsibility for decision making. Some teams advance beyond the norming stage into the performing stage. At this point, the team is performing at a high level. Team members are competent, highly motivated, and knowledgeable about all aspects of the project. They have become interdependent on one another and have developed an effective decision-making process that does not require the project manager. The team’s effectiveness is much more than the sum of the individual members’ contributions. The project manager encourages participative decision making, with the team members making most of the decisions. 9.
What sort of behaviors would indicate that the business organization is not fully engaged in a project and instead is looking to the project team to make the project a success? What is the danger with this attitude? Students’ answers will vary. Some behaviors that indicate that the business organization is not fully engaged in a project include: failure to work to clearly understand how the project will impact the organization, failure to take the lead in communicating the upcoming changes to the organization, and failure to lead the effort to identify and work through any organizational issues that arise. Such lack of leadership on the part of the business organization is likely to lead to many serious problems, such as failure to make the necessary changes in its work processes and behavior that would allow the project to succeed.
10. Identify some of the challenges of performing project integration management on a project in which team members are distributed globally and cannot physically meet in one location. How might these challenges be overcome? Students’ answers will vary. Some students may mention that project integration management requires the coordination of all appropriate people, resources, plans, and efforts to complete a project successfully. Frequent, clear, and timely communications among all participants are necessary to do this. Such communications are extremely This study source was downloaded by 100000849927608 from CourseHero.com on 09-05-2022 16:36:03 GMT -05:00
https://www.coursehero.com/file/23272701/Reynolds-2e-SM-Ch03/
Information Technology For Managers
3-5
difficult to ensure when people are distributed globally in different time zones and are unable to meet in one location at the same time. As a result, global teams rely on audio or audio/video conferences at a pre-scheduled time, email, and shared workplaces to enable effective communications. 11. Imagine that you are hiring a firm to complete a large but undetermined amount of project work for your firm. Which form of contract would you prefer and why? Students’ answers will vary. Some students may mention that a fixed-price contract will not work because the amount of service is not known. A cost-reimbursable contract requires paying a provider an amount that covers the provider’s actual costs plus an additional amount or percentage for profit. This type of contract does not predefine the provider’s costs and so does not control the total project cost very well. A time and materials contract pays the provider for both the time and materials required to do the job. The contract includes an agreed-upon hourly rate and unit price for the various materials to be used. However, the provider may extend the project to earn more revenue. Either costreimbursable or time and materials contract could be used coupled with tight cost management by a project manager. 12. How would you respond to a project team member who feels that risk management is a waste of time because the future cannot be predicted? Instead, this person prefers to react to problems as they occur. Students’ answers will vary. One should be patient with this team member and try to get him/her to accept the concept of risk management as a way of minimizing the impact of potential problems. With risk management, some potential problems can be eliminated. Backup plans can be developed for potential problems that cannot be eliminated.
Action Needed 1.
You are on the phone with the project sponsor of a project you are managing. He informs you that he accepted the role reluctantly and now, two months into this eight-month project, he is considering withdrawing as project sponsor. He does not see the need for this role and is extremely busy with his other responsibilities. How do you respond? Students’ answers will vary. An ideal sponsor works to overcome resistance to change and prepare the organization to embrace the new system and way of doing things. So, a project manager must try to make the sponsor realize his responsibilities toward the project. The manager could suggest the sponsor to use communication tools such as weekly e-mail newsletters and biweekly face-to-face meetings so that his or her other responsibilities are not compromised.
This study source was downloaded by 100000849927608 from CourseHero.com on 09-05-2022 16:36:03 GMT -05:00
https://www.coursehero.com/file/23272701/Reynolds-2e-SM-Ch03/
Information Technology For Managers
2.
3-6
You and a small group of managers from the sponsoring organization have just completed defining the scope, schedule, and cost for an important project in your firm. You estimate that the project will take 12 people about 10 months and cost just over $2.5 million. You just received an email from your manager insisting that the project schedule be shortened by three months because senior management is impatient for the improvements this project is expected to deliver. He promises to “free up” four additional resources within the next month or so to be assigned to your project. How do you respond? Students’ answers will vary. The individual can tell the manager that he/she and the small group of managers need to meet again to evaluate the options for cutting the schedule by three months. One option to be considered is the addition of four resources offered by the manager. The individual may raise questions such as—what sort of skills and experience would these resources need? Can they reduce the elapsed time by three months? What will be the additional cost? Another option to be considered is to reduce the scope of the initial release of the project so that it meets only the critical requirements and is complete three months earlier. The individual should ask the manager to identify other options he/she would like to have evaluated.
3.
You are surprised when your project team “pushes back” on your request for them to schedule a full-day offsite to work with you to develop a risk management plan. They state that they are simply too busy to afford time for this activity. And besides, they feel that if something unforeseen occurs, it is your responsibility to react to it. How do you respond to your team? Students’ answers will vary. Students may mention that one should be patient with the team members and try to get them to accept the concept of risk management as a way of minimizing the impact of potential problems. With risk management, some potential problems can be eliminated altogether. Back-up plans can be developed for potential problems that cannot be eliminated. The project team then needs to consider which risks need to be addressed with some sort of risk management plan. Generally, the team can ignore risks with a low probability of occurrence and low potential impact. Risks with a high probability of occurrence and a high potential impact need to have a risk owner assigned.
Web-Based Case BBC Digital Media Initiative Revisited 1.
Do research online to identify the capabilities of digital asset management software. What are the top rated digital asset management software products? Who uses this software? Students’ answers will vary. One approach that students could use is to perform a search
This study source was downloaded by 100000849927608 from CourseHero.com on 09-05-2022 16:36:03 GMT -05:00
https://www.coursehero.com/file/23272701/Reynolds-2e-SM-Ch03/
Information Technology For Managers
3-7
engine query on the term “digital asset management software” which will yield a halfdozen or more links to sites that list the top rated digital asset management software products and its users. 2.
Given the NAO’s findings and what you discover about available off-the-shelf products, would it have been wiser for the BBC to adopt a collection of these existing products? What actions would be necessary to gain the cooperation of the business units to incorporate this collection of products into their work processes? Students’ answers will vary. Some students will agree that it would have been wiser for the BBC to adopt a collection of off-the-shelf products because they provide a general set of features that can be used by many users. Students might perform a Web search to identify the actions that would be necessary to gain the cooperation of the business units to incorporate this collection of products into their work processes. Their search results will vary.
Case Study Webcor: Building Buy-In in the Brick-and-Mortar Business Discussion Questions 1.
How has Webcor used technology to support project management in the construction field? Students’ answers will vary. Students may mention that in 1984, Webcor integrated the Apple desktop into its work process. In 2011, Webcor made a significant commitment to virtual design and construction in its public sector building projects. Adopting Vico Software’s 5D Virtual Construction application allowed Webcor to estimate costs, schedule projects, and manage projects with increased efficiency. With this software, Webcor can take its customers through a series of what-if scenarios that allow them to make key design decisions from the start. Using the software, Webcor can also predict the scheduling and cost impact of changes that occur throughout building design and construction.
2.
List the main lessons IT managers can learn from Webcor Builders about the successful adoption of new technologies. Students’ answers will vary. Students may mention that the decision to adopt new technologies involved fairly high risks, given the potential resistance of its end users. With the firm backing of the top management team, Sarrubi (Webcor CIO) has used two tactics to persuade his blue-collar workforce to adopt technological innovation. First, Sarrubi searches for and hires what he calls technology “cheerleaders,” young
This study source was downloaded by 100000849927608 from CourseHero.com on 09-05-2022 16:36:03 GMT -05:00
https://www.coursehero.com/file/23272701/Reynolds-2e-SM-Ch03/
Information Technology For Managers
3-8
college graduates who are more collaborative and who have embraced technology from their early years as a means of producing higher quality work in less time. This strategy successfully persuaded older employees to adopt Box, a cloud-based storage platform for the company’s architectural drawings and financial documents. The organization’s adoption of the Box software grew out of a trial at one job site and just took off, caught fire, adoption-wise... And soon, what had started as a small group test grew into almost one hundred Box users within a few weeks. The reason for this growth was wordof-mouth testimonials that employees gave after using the software within the company. In addition to his cheerleader approach, Sarrubi also makes sure that working with the new technology is “as easy as using Amazon.” Cost, scalability, and return-on-investment are important factors the company considers when making IT decisions, but end-user preference is also a big factor in what technologies the company adopts. 3.
Webcor bought an application called PlanGrid to mark up construction blueprints on iPads. PlanGrid can be used when the workers are offline and later syncs up with files on the Box platform. Webcor frequently follows this approach of buying applications and then building application programming interfaces (APIs) to connect these programs to its main enterprise systems. What are the advantages and disadvantages of this IT development process? Students’ answers will vary. Some advantages of this process are its cost, scalability, return-on-investment, and user-friendliness. A primary disadvantage could be regarding the reliability of the service, which syncs up with files on the Box platform. Users should also be aware of the fact that the service can shut down or limit how an individual uses its API at any time.
4.
How might developing whole IT systems themselves, rather than adopting already developed solutions and integrating them using APIs, change Webcor’s ability to encourage IT adoption? Students’ answers will vary. Students may mention that developing whole IT systems themselves might help Webcor design solutions specific to its requirements. It might also help Webcor persuade its blue-collar workforce to adopt new technologies.
5.
What obstacles do companies face when developing customized IT systems themselves? Under what circumstances does it make sense? Students’ answers will vary. Students may mention that cost is a major obstacle in developing an IT system. Additionally, companies need to have a sufficient number of employees with the skills and experience required to deliver the product or service at an acceptable level of quality and within the required deadline.
This study source was downloaded by 100000849927608 from CourseHero.com on 09-05-2022 16:36:03 GMT -05:00
https://www.coursehero.com/file/23272701/Reynolds-2e-SM-Ch03/ Powered by TCPDF (www.tcpdf.org)
CHAPTER 1 – MANAGERS: KEY TO INFORMATION TECHNOLOGY RESULTS MULTIPLE CHOICE 1. The scope of the project, the data captured, and the usability of new information technology systems are some of the decisions taken by: a. software developers. b. managers. c. software testers. d. network administrators. ANS: B RATIONALE: Managers, working in conjunction with information technology (IT) specialists, must make many decisions when implementing a new IT solution, including how broad the project will be in scope, what data to capture, how databases and applications should be tailored, what information will flow from the systems and to whom, and, most importantly, how people will use the system to make a difference. 2. What approach should be followed by managers to ensure that information technology innovations pay off? a. Linguistic b. Holistic c. Relativistic d. Imperialistic ANS: B RATIONALE: Managers are the key to ensuring that information technology innovations pay off; they must lead a holistic approach that includes encouraging the acceptance of change, addressing changes in business processes and organizational structure, establishing new employee roles and expectations, and creating new measurement and reward systems. 3. _____ includes all tools that capture, store, process, exchange, and use information. a. Information technology b. Information hierarchy c. Information board d. Information broadcast ANS: A RATIONALE: Information technology includes all tools that capture, store, process, exchange, and use information. The field of information technology includes computer hardware, such as mainframe computers, servers, desktops, laptops, tablets, and smartphones; software, such as operating systems and applications for performing various functions; networks and related equipment, such as modems, routers, and switches; and databases for storing important data. 4. The set of information technology (IT) hardware, software, and networks in an organization is called its _____. a. IT organization b. IT hierarchy
c. IT infrastructure d. IT board ANS: C RATIONALE: An organization’s defined set of information technology (IT) hardware, software, and networks is called its IT infrastructure. An organization’s IT infrastructure must be integrated with employees and procedures to build, operate, and support information systems that enable a firm to meet its fundamental objectives. 5. Which of the following information technologies (IT) include information systems that improve the productivity of individual users in performing stand-alone tasks? a. Enterprise IT b. Personal IT c. Group IT d. Prototype IT ANS: B RATIONALE: Personal information technology (IT) includes information systems that improve the productivity of individual users in performing stand-alone tasks. Examples include personal productivity software such as word processing, presentation, and spreadsheet software; decision support systems, and online learning systems. 6. Rapidstudy, an online platform, is used to enhance the learning capabilities of students. This is an example of: a. personal information technology. b. enterprise information technology. c. group information technology. d. prototype information technology. ANS: A RATIONALE: Personal information technology includes information systems that improve the productivity of individual users in performing stand-alone tasks. Examples include personal productivity software such as word processing, presentation, and spreadsheet software; decision support systems, and online learning systems. 7. Which of the following information systems employ an analytic model to help users gain insights into a problem situation, examine alternate solutions, and recommend an appropriate course of action? a. A word processing software b. A decision support system c. A spreadsheet software d. A web conferencing system ANS: B RATIONALE: A decision support system (DSS) employs analytic models to help users gain insights into a problem situation, examine alternative solutions, and recommend an appropriate course of action. For example, VisualDx is a clinical decision support system that provides instant access to concise disease information and high-quality medical images.
8. VisualDX provides instant access to concise disease information and high-quality medical images. This is an example of: a. word processing system. b. interorganizational information system. c. decision support system. d. online learning system. ANS: C RATIONALE: A decision support system (DSS) employs analytic models to help users gain insights into a problem situation, examine alternative solutions, and recommend an appropriate course of action. For example, VisualDx is a clinical decision support system that provides instant access to concise disease information and high-quality medical images. 9. Hypermedia, podcasts, and Webcasts are the techniques used in: a. decision enabled systems. b. product lifecycle systems. c. transaction processing systems. d. online learning systems. ANS: D RATIONALE: Online learning systems encompass a number of computer-enhanced learning techniques, including computer-based simulations, multimedia disks, Web-based learning materials, hypermedia, podcasts, and Webcasts. 10. Which of the following best describes a group information technology information system? a. It includes information systems that improve the productivity of individual users in performing standalone tasks. b. It includes information systems that organizations use to define structured interactions with external customers. c. It includes information systems that improve communications and support collaboration among members of a project. d. It includes information systems that organizations use to define structured interactions among their employees and suppliers. ANS: C RATIONALE: Group information technology includes information systems that improve communications and support collaboration among the members of a workgroup. Examples include the use of Web conferencing, wikis, and electronic corporate directories. 11. Web conferencing and electronic corporate directories are examples of: a. personal information technologies. b. group information technologies. c. process information technology. d. prototype information technology. ANS: B
RATIONALE: Group information technology (IT) includes information systems that improve communications and support collaboration among members of a workgroup. Examples include the use of Web conferencing, wikis, and electronic corporate directories. 12. Which of the following is an example of a personal information technology system? a. Project management software b. Instant messaging service c. Transaction processing system d. Decision support system ANS: D RATIONALE: Personal information technology includes information systems that improve the productivity of individual users in performing stand-alone tasks. Examples include personal productivity software such as word processing, presentation, and spreadsheet software; decision support systems, and online learning systems. 13. Which of the following uses information technology to conduct meetings or presentations via the Internet? a. Web conferencing b. Really simple syndication feed c. Podcast d. Electronic bulletin board ANS: A RATIONALE: Web conferencing uses information technology to conduct meetings or presentations in which participants are connected via the Internet. Screen sharing is the most basic form of Web conference—each participant sees whatever is on the presenter’s screen, be it a spreadsheet, legal document, artwork, or blueprint. 14. Which of the following is the most basic form of Web conferencing? a. Podcasting b. Network sharing c. Webinar d. Screen sharing ANS: D RATIONALE: Web conferencing uses information technology to conduct meetings or presentations in which participants are connected via the Internet. Screen sharing is the most basic form of Web conference—each participant sees whatever is on the presenter’s screen, be it a spreadsheet, legal document, artwork, or blueprint. 15. In _____, the audio and video information is shown from the presenter to participants. a. screen sharing b. network sharing c. Webcasting d. podcasting ANS: C
RATIONALE: Web conferencing uses information technology to conduct meetings or presentations in which participants are connected via the Internet. Another form of Web conferencing is Webcasting, in which audio and video information is broadcast from the presenter to participants. 16. Which of the following is true of a Webinar? a. It automatically delivers to subscribers the updated posts from their favorite blogs with limited one-way communication. b. It is a live Internet presentation that supports interactive communications between the presenter and the audience. c. It provides a set of tools to report project status. d. It determines the resource availability and schedule rooms for meetings over the internet. ANS: B RATIONALE: Web conferencing uses information technology to conduct meetings or presentations in which participants are connected via the Internet. Another type of Web conference, a Webinar, is a live Internet presentation that supports interactive communications between the presenter and the audience. 17. A _____ is a Web site that allows users to edit and change its content easily and rapidly. a. wiki b. forum c. podcast d. blog ANS: A RATIONALE: A wiki (Hawaiian for fast) is a Web site that allows users to edit and change its content easily and rapidly. The wiki may be either a hosted Internet site or a site on a company’s intranet. 18. _____ is a free software project that produces libraries and programs for handling multimedia data. a. FLmpeg b. FFmpeg c. LLmpeg d. PLmpeg ANS: B RATIONALE: FFmpeg is a free software project that produces libraries and programs for handling multimedia data. FFmpeg adopted the use of Trac, an enhanced wiki and issue tracking system, in June 2014 to provide support for software developers. 19. Which of the following is used in large organizations to find the right person to collaborate on an issue or on an opportunity? a. Electronic bulletin boards b. Electronic yellow pages c. Electronic enterprise systems d. Electronic corporate directories ANS: D RATIONALE: Electronic corporate directories are used in large organizations to find the right person with whom to collaborate on an issue or opportunity. Increasingly, organizations are creating online
electronic corporate directories to solve this problem. IBM created an application called Bluepages— IBM’s Facebook for the enterprise. 20. Which of the following is true of Bluepages? a. It enables an employee to contact other employees and their backups. b. It captures data from company transactions and other key events. c. It supports sales, marketing, and customer service processes. d. It supports the flow of data among different organizations to achieve shared goals. ANS: A RATIONALE: IBM created an application called Bluepages—IBM’s Facebook for the enterprise. This group IT application enables an employee to contact other employees and their backups, in case of an absence or vacation. 21. Which of the following information technologies (IT) is used by organizations to define structured interactions among their own employees and with external customers? a. Private IT b. Group IT c. Enterprise IT c. Prototype IT ANS: C RATIONALE: Enterprise information technology (IT) includes information systems that organizations use to define structured interactions among their own employees and/or with external customers, suppliers, government agencies, and other business partners. 22. Successful implementation of enterprise information technology system requires: a. a set of tools for project managers and members to report project plans and status. b. the radical redesign of fundamental work processes and the automation of new processes. c. information systems that improve communications and support collaboration among members of a workgroup. d. integrated data, text, voice, and video in a single solution that encompasses instant messaging, presence information, and video conferencing. ANS: B RATIONALE: Enterprise information technology (IT) includes information systems that organizations use to define structured interactions among their own employees and/or with external customers, suppliers, government agencies, and other business partners. Successful implementation of these systems often requires the radical redesign of fundamental work processes and the automation of new processes. 23. In an enterprise information technology, payroll is a part of the: a. target process. b. requirement process. c. design process. d. planning process. ANS: A
RATIONALE: Enterprise information technology includes information systems that organizations use to define structured interactions among their own employees and/or with external customers, suppliers, government agencies, and other business partners. Target processes may include purely internal activities within the organization (such as payroll) and those that support activities with external customers and suppliers. 24. Interorganizational systems are examples of _____. a. group information technologies b. private information technologies c. marketing information technologies d. enterprise information technologies ANS: D RATIONALE: Enterprise information technology includes information systems that organizations use to define structured interactions among their own employees and/or with external customers, suppliers, government agencies, and other business partners. Three examples of enterprise information technology are transaction processing, enterprise, and interorganizational systems. 25. A _____ captures data from company transactions and other key events, and then updates the firm’s records, which are maintained in electronic files or databases. a. transaction processing system (TPS) b. transaction migration system (TMS) c. transaction secured system (TSS) d. transaction broadcast system (TBS) ANS: A RATIONALE: A transaction processing system (TPS) captures data from company transactions and other key events, and then updates the firm’s records, which are maintained in electronic files or databases. Each TPS supports a specific activity of the firm, and several may work together to support an entire business process. 26. Shipment planning and shipment execution are the stages involved in: a. inventory control. b. structured interaction. c. order processing. d. target process. ANS: C RATIONALE: Each transaction processing system (TPS) supports a specific activity of the firm, and several may work together to support an entire business process. For example, some organizations use many TPSs to support their order processing, which includes order entry, shipment planning, shipment execution, inventory control, and accounts receivable. 27. Data captured using the order entry transaction processing system is used to: a. replicate a set of orders. b. process the refund for returned orders. c. create new orders. d. update a file of open orders.
ANS: D RATIONALE: Data captured using the order entry transaction processing system is used to update a file of open orders—orders received but not yet shipped. 28. Which of the following acts as an input to the shipment planning transaction processing system that determines the orders to be filled, the shipping date, and the location from which each order will be shipped? a. The open order file b. The planned order file c. The exchange order file d. The local order file ANS: A RATIONALE: Data captured using the order entry transaction processing system (TPS) is used to update a file of open orders—orders received but not yet shipped. The open order file, in turn, is used as input to the shipment planning TPS, which determines the orders to be filled, the shipping date, and the location from which each order will be shipped. The result is the planned order file, which is passed downstream to the shipment execution TPS, and so on. 29. Which of the following best describes an enterprise system? a. It captures data from company transactions and other key events, and then updates the firm’s records, which are maintained in electronic files or databases. b. It enables the sharing of information across all business functions and all levels of management. c. It includes information systems that improve communications and support collaboration among the members of a workgroup. d. It encompasses a number of computer-enhanced learning techniques, including computer-based simulations, multimedia DVDs, Web-based learning materials, hypermedia, podcasts, and Webcasts. ANS: B RATIONALE: Many organizations employ enterprise systems to support their operation and planning functions and to enable the sharing of information across all business functions and all levels of management. These systems employ a database of key operational and planning data that can be shared by all employees and, in some situations, customers and suppliers. 30. Customer relationship management (CRM) and product life cycle management (PLM) are common types of: a. personal systems. b. group systems. c. resource planning systems. d. enterprise systems. ANS: D RATIONALE: Enterprise systems employ a database of key operational and planning data that can be shared by all employees and, in some situations, customers and suppliers. The three most common types of enterprise systems are enterprise resource planning systems, customer relationship management systems, and product life cycle management systems.
31. Which of the following systems support the supply chain processes such as order processing, inventory management, and purchasing? a. Customer relationship management (CRM) b. Product life cycle management (PLM) c. Enterprise resource planning (ERP) d. Organizational information system (OIS) ANS: C RATIONALE: An enterprise resource planning (ERP) system is a set of integrated programs that manage a company’s vital business operations. They support the supply chain processes, such as order processing, demand planning, inventory management, and purchasing. 32. _____ systems support the sales and marketing processes. a. Customer relationship management (CRM) b. Product life cycle management (PLM) c. Enterprise resource planning (ERP) d. Organizational information system (OIS) ANS: A RATIONALE: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters. This includes sales, marketing, and customer service processes. 33. Which of the following supports the flow of data among different organizations to achieve shared goals? a. Customer relationship management b. Product life cycle management c. Enterprise resource planning system d. Interorganizational information system ANS: D RATIONALE: Interorganizational information systems support the flow of data among different organizations to achieve shared goals. For example, some organizations need to share data for purchase orders, invoices, and payments along with information about common suppliers and financial institutions. 34. Fillkart, an online shopping Web site, needs to share data for purchase orders, invoices, and payments along with information about common suppliers and financial institutions. Which of the following will support these needs of Fillkart? a. Customer relationship management. b. Product life cycle management. c. Interorganizational information system. d. Enterprise resource planning. ANS: C RATIONALE: Interorganizational information systems support the flow of data among different organizations to achieve shared goals. For example, some organizations need to share data for purchase orders, invoices, and payments along with information about common suppliers and financial institutions. 35. Which of the following is true of interorganizational information systems?
a. It speeds up the flow of material and information. b. It increases the effort of processing a transaction. c. It increases the cost of processing a transaction. d. It reduces the flow of payments while concentrating on the flow of material and information. ANS: A RATIONALE: Interorganizational information systems support the flow of data among different organizations to achieve shared goals. They speed up the flow of material, payments, and information, while allowing companies to reduce the effort and costs of processing such transactions. 36. Which of the following is a step taken by organizations to ensure efficient and effective sharing of information? a. Discussing the gist of the information b. Duplicating the information c. Increasing the cost of processing the information d. Using compatible technologies ANS: D RATIONALE: To ensure efficient and effective sharing of information, organizations must agree in advance on the nature and format of information to be exchanged, and they must use compatible technologies. The companies must work together to resolve technical issues relating to data definitions and formats, database designs, standards to ensure high data quality, and compatible technology infrastructures. 37. Organizations are concerned about the profits they receive for their investments in information technology (IT) than the amount spent on the investment. This is to done to: a. ensure smooth introduction and adoption of IT. b. identify appropriate IT opportunities. c. ensure that IT risks are mitigated. d. adopt the section 404 of the Sarbanes-Oxley Act. ANS: B RATIONALE: The most important consideration is what organizations are getting out of their investments in information technology (IT), not how much they are investing in IT. This helps to identify the appropriate IT opportunities. 38. Identify the industry that has the highest information technology spending. a. Agriculture b. Food c. Finance d. Automobile ANS: C RATIONALE: Organizations typically spend 1 to 6 percent of their total revenues on information technology (IT); this spending is generally higher for industries in which IT is more critical to success, such as health care and financial services.
39. The Change Management Continuum Model, the Unified Theory of Acceptance and Use of Technology, and the Diffusion of Innovation Theory are the theories that can help: a. in smooth introduction and adoption of information technology. b. to identify appropriate information technology opportunities. c. in ensuring that information technology risks are mitigated. d. to implement the section 404 of the Sarbanes-Oxley Act. ANS: A RATIONALE: Several theories on organizational change management can help smooth the introduction and adoption of information technology. Three such theories are: the Change Management Continuum Model, the Unified Theory of Acceptance and Use of Technology, and the Diffusion of Innovation Theory. 40. Which of the following models describe the key activities that are needed to build commitment for change? a. The Unified Acceptance Model b. The Change Management Technology Model c. The Change Management Continuum Model d. The Diffusion of Innovation Model ANS: C RATIONALE: D.R. Conner developed the Change Management Continuum Model, which describes the key activities that are needed to build commitment for change. This model provides a roadmap to guide management actions at each stage of the introduction of a new system. 41. The _____ provides a roadmap to guide the management actions at each stage of the introduction of a new system. a. Unified Acceptance Model b. Change Management Continuum Model c. Change Management Technology Model d. Diffusion of Innovation Model ANS: B RATIONALE: D.R. Conner developed the Change Management Continuum Model, which describes key activities that are needed to build commitment for change. This model provides a roadmap to guide the management actions at each stage of the introduction of a new system. 42. Which of the following is a phase of the Change Management Continuum Model? a. Inform b. Adopt c. Perception d. Internalization ANS: A RATIONALE: Inform, educate, and commit are the phases of the Change Management Continuum Model. Its goal is to make people aware of the change and why it is occurring.
43. Positive perception, adoption, and institutionalization are the stages of the _____ phase of the Change Management Continuum Model. a. inform b. educate c. contact d. commit ANS: B RATIONALE: The educate phase makes people recognize the impact of change on them and their way of working. Positive perception, adoption, and institutionalization are the stages of the educate phase of the Change Management Continuum Model. 44. The _____ stage of the Change Management Continuum Model demonstrates a positive impact on the organization. a. internalization b. institutionalization c. adoption d. perception ANS: C RATIONALE: The adoption stage comes under the educate phase of the Change Management Continuum Model. It describes the change that has demonstrated a positive impact on the organization. 45. Identify the stage in the Change Management Continuum Model that incorporates the changes in the routine operating procedures of an organization. a. Internalization b. Perception c. Adoption d. Institutionalization ANS: D RATIONALE: Institutionalization stage in the Change Management Continuum Model incorporates the changes in the routine operating procedures of an organization. It comes under the educate phase. 46. Which of the following best describes the awareness stage of the Change Management Continuum Model? a. A person becoming aware that a change is to take place b. A person gaining basic knowledge of the change c. A person incorporating the change in routine operating procedures d. A person committed to a change due to personal interest ANS: B RATIONALE: In the awareness stage of the Change Management Continuum Model, a person has a basic knowledge of the change. This stage comes under the inform phase. 47. Which of the following is true of the Internalization phase of the Change Management Continuum Model? a. Employees are highly committed to the change because it suits their interests.
b. Employees formally incorporate the change into routine operating procedures of the organization. c. Employees comprehend the nature and intent of the change and how he or she will be affected. d. Employees gain a basic knowledge of the change. ANS: A RATIONALE: In the internalization stage of the Change Management Continuum Model, people are highly committed to the change because it matches their interests, goals, and values. This phase comes under the commit phase. 48. Usefulness, ease of use, management expectations, and facilitating conditions are the key factors of: a. the Change Management Continuum Model. b. the Diffusion of Innovation Theory. c. the Change Management Consistent Model. d. the Unified Theory of Acceptance and Use of Technology. ANS: D RATIONALE: The Unified Theory of Acceptance and Use of Technology identifies four key factors that directly determine a user’s acceptance and usage of information technology. They are usefulness, ease of use, management expectations, and facilitating conditions. 49. In the Unified Theory of Acceptance and Use of Technology, who provides the technical infrastructure help in learning and using the new technology? a. End user b. Client c. Super user d. Tester ANS: C RATIONALE: In the Unified Theory of Acceptance and Use of Technology, the end users want to know that they will be provided with sufficient time to be trained in a quality manner and that there will be others (help desk or “super users”) available to help when necessary. The necessary organizational and technical infrastructures must be in place to support end users in learning and using the new technology. 50. The _____ explains how a new idea or product gains acceptance and spreads through a specific population or subset of an organization. a. Change Management Continuum Model b. Diffusion of Innovation Theory c. Change Management Consistent Model d. Unified Theory of Acceptance and Use of Technology ANS: B RATIONALE: The Diffusion of Innovation Theory was developed by E.M. Rogers to explain how a new idea or product gains acceptance and diffuses (or spreads) through a specific population or subset of an organization. A key point of this theory is that adoption of any innovation does not happen all at once for all members of the targeted population; rather, it is a drawn-out process, with some people quicker to adopt the innovation than others. 51. Which of the following adopter categories is very conservative and highly skeptical of change? a. Laggard b. Early majority
c. Early adopter d. Innovator ANS: A RATIONALE: Laggards are very conservative and highly skeptical of change. Their peers need to demonstrate on the benefits of change to convince them. 52. Which of the following adopter categories is considered as risk takers? a. Laggard b. Early majority c. Late majority d. Innovator ANS: D RATIONALE: Innovators are always the first to try new products and ideas. They are considered as risk takers. 53. Which of the following best describes late majority? a. They are the first to try new products and ideas. b. They listen to and follow the opinion of leaders. c. They are skeptical to changes and new ideas. d. They are the leaders whom others listen to and understand the need for change. ANS: C RATIONALE: Late majorities are people who are skeptical to changes and new ideas. They need to be provided with details of successful implementation of changes. 54. John, a product manager, decides to adopt to a new strategy to improve the quality of products served by his company. He also has the additional responsibility of convincing his team members to use the new strategy. In the context of innovation adopters, John is an example of a(n): a. laggard. b. early adopter. c. early majority. d. late majority. ANS: B RATIONALE: John is an example of an early adopter. Early adopters are opinion leaders whom others listen to and follow; they are aware of the need for change. 55. What is the strategy required by successful enterprise information technology system? a. Top-down imposition of standards and procedures b. Bottom-up imposition of standards and procedures c. Refactoring the standards and procedures d. Reengineering the standards and procedures ANS: A RATIONALE: A successful enterprise information technology (IT) system requires the top-down imposition of standards and procedures that spell out exactly how transactions must be conducted and how the supporting information must be captured, stored, and shared. As a result, senior management sometimes encourages adoption of enterprise IT by threatening penalties for nonconformance.
56. Data assets must be secured from unwanted intrusion, loss, and alteration. This is to: a. ensure the smooth adoption of the systems information technology. b. ensure the smooth transfer of information technology. c. ensure the smooth mitigation of risks in information technology. d. ensure the smooth induction of information technology. ANS: C RATIONALE: Information technology (IT) resources are used to capture, store, process, update, and exchange information that controls valuable organizational assets. As a result, special measures are needed to ensure that the information and its control mechanisms can stand up to intense scrutiny. Data assets must be secure from unwanted intrusion, loss, and alteration, and personal data must be secured to protect individual privacy rights. If information technology assets including data, software, hardware, and networks are rendered inoperable due to a disaster of any type, business continuity plans must be in place to ensure the ongoing operation of critical business functions that depend on those assets. Failure to ensure that IT risks are mitigated can lead to serious problems, such as business disruptions, data breaches exposing employee and/or customer personal data, and legal penalties. 57. Exposing employee and customer personal data to an untrusted environment is an example of: a. data spam. b. data phishing. c. data adware. d. data breach. ANS: D RATIONALE: A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. Data breaches expose the employee and/or customer personal data. 58. Data breaches lead to: a. the physical damage of a personal computer. b. the loss of business opportunity. c. the decreased customer support cost for information hotlines. d. the decreased customer support cost for credit monitoring services. ANS: B RATIONALE: Data breaches involving large databases of personal information are all too common. The cost to an organization that suffers a data breach can be quite high, including lost business opportunity associated with customers whose patronage has been lost due to the incident, public relations–related costs to manage the firm’s reputation, and increased customer support costs for information hotlines and credit monitoring services for victims. 59. Which of the following requires that all reports filed with the Securities and Exchange Commission (SEC) include a statement signed by the chief executive officer and the chief financial officer attesting the accuracy of the information provided in the reports? a. Smooth adoption of information technology b. Smooth introduction of information technology c. Diffusion of innovation Act d. Section 404 of the Sarbanes-Oxley Act ANS: D RATIONALE: Section 404 of the Sarbanes-Oxley Act requires that all reports filed with the Securities and Exchange Commission (SEC) include a statement signed by the chief executive officer and the chief
financial officer attesting that the information contained in the reports is accurate. The company also must submit to an audit to prove that it has controls in place to ensure accurate information. 60. An organization has to submit an audit to prove that it has accurate information on their assets. This is done to be in accordance to the: a. Section 906 of the Sarbanes-Oxley Act. b. Section 404 of the Sarbanes-Oxley Act. c. Section 802 of the Sarbanes-Oxley Act. d. Section 301 of the Sarbanes-Oxley Act. ANS: B RATIONALE: Section 404 of the Sarbanes-Oxley Act requires that all reports filed with the Securities and Exchange Commission (SEC) include a statement signed by the CEO and CFO attesting that the information contained in the reports is accurate. The company also must submit to an audit to prove that it has controls in place to ensure accurate information. 61. Hackers carry out a denial-of-service attack on an organization’s Web site. This leads to the: a. violation of legally mandated procedures for controlling information technology assets. b. violation of generally accepted accounting principles. c. inability to continue operations due to a deliberate attack on the information technology assets. d. theft of computers from a corporate training facility. ANS: C RATIONALE: Hackers carry out a denial-of-service attack on an organization’s Web site. This leads to the inability to continue the information technology (IT) operations due to a deliberate attack on the IT assets. 62. Which of the following scenarios best describes the violation of legally mandated procedures for controlling the information technology (IT) assets? a. IT system controls are inadequate to meet specific federal Sarbanes-Oxley guidelines that require companies to maintain the integrity of financial data. b. IT system controls are violated so that the same person can both initiate a purchase order and approve the invoice for that purchase order. c. Employees waste time at work visiting Web sites unrelated to their work. d. Hackers access and download customer data, including account numbers, and carry out a denial-ofservice attack on an organization’s Web site. ANS: A RATIONALE: Information technology (IT) system controls are inadequate to meet specific federal Sarbanes-Oxley guidelines that require companies to maintain the integrity of financial data. This is an example of violating legally mandated procedures for controlling IT assets. 63. Employees of Jackshay Corp. misuse their time by viewing online shopping Web sites that is unrelated to their job. This leads to: a. violation of generally accepted accounting principles. b. violation of the organization’s defined procedures and/or accounting practices. c. compromise of confidential data regarding organizational plans, products, or services. d. inappropriate use of information technology resources that reduces worker productivity. ANS: D
RATIONALE: Employees waste time at work visiting Web sites unrelated to their work. This is an example of inappropriate use of information technology resources that reduces worker productivity. 64. Which of the following scenarios best describes the compromise of confidential data regarding organizational plans, products, or services? a. Fire destroys all the physical assets in an organization. b. Employees use corporate email to disseminate sexually explicit material. c. Senior executive loses laptop containing critical data. d. Employees waste time at work visiting Web sites unrelated to their work. ANS: C RATIONALE: A senior executive has lost his laptop that contains critical data. This is an example that describes compromise of confidential data regarding organizational plans, products, or services. 65. Increased costs and wasted effort are consequences of: a. failed information technology projects. b. missed information technology projects. c. complicated information technology projects. d. overlooked information technology projects. ANS: A RATIONALE: Managers cannot afford to ignore information technology (IT) projects, because failed IT projects lead to increased costs, missed opportunities, and wasted time and effort. Far too much money and time has been wasted on failed, ineffective, or wasted information systems in both the private industry and public service arenas. TRUE/FALSE: 1. Companies capture significant benefits by just implementing information technology into their operations. ANS: False RATIONALE: Companies that merely insert information technology (IT) into their operations without making changes that exploit the new IT capabilities will not capture significant benefits. 2. A decision support system (DSS) employs theoretical models to help users gain insights into a real time situation. ANS: False RATIONALE: A decision support system (DSS) employs analytic models to help users gain insights into a problem situation, examine alternative solutions, and recommend an appropriate course of action. 3. Webinar is the most basic form of Web conference. ANS: False RATIONALE: Screen sharing is the most basic form of Web conference—each participant sees whatever is on the presenter’s screen, be it a spreadsheet, legal document, artwork, blueprint, or a medical scan image.
4. Product life cycle management supports only the research and development phase of a product. ANS: False RATIONALE: Product life cycle management (PLM) systems support the processes associated with the various phases of the life cycle of a product, including sales and marketing, research and development, concept development, product design, prototyping and testing, manufacturing process design, production and assembly, delivery and product installation, service and support, and product retirement and replacement. 5. Interorganizational information systems help to reduce the effort and cost of processing a company’s transaction. ANS: True RATIONALE: Interorganizational information systems speed up the flow of material, payments, and information, while allowing companies to reduce the effort and costs of processing such transactions. 6. When a new information technology is introduced, managers are highly encouraged to adopt the technology first and then try to figure out its implications. ANS: False RATIONALE: All too often when new information technology is introduced, managers adopt the technology first and then try to figure out what to do with it and how to cope with its implications. Such an approach is strongly discouraged as it can cause an increase in costs, lost worker productivity, wasted effort, and missed business opportunities. 7. The goal of commit phase in the Change Management Continuum Model is to make people aware of the change. ANS: False RATIONALE: The goal of commit phase in the Change Management Continuum Model is to make people accept the change since it has become a part of their everyday life. 8. Introducing an enterprise information technology system represents a major organizational change. ANS: True RATIONALE: Introducing an enterprise information system requires large amounts of resources and significant changes in procedures, roles and responsibilities, reward systems, and decision making. In other words, it represents a major organizational change. 9. Laggards are risk takers who attempts to try new products and ideas. ANS: False RATIONALE: Laggards are very conservative and highly skeptical of change. 10. Fire destroys resources at the corporate headquarters of an organization. This is an example of violation of generally accepted accounting principles.
ANS: False RATIONALE: Fire destroying the resources of an organization is an example of inability to continue operations due to a natural disaster or accident. ESSAY: 1. George, a physician, searches a database by symptoms, visual clues, and other patient factors to diagnose diseases and develop treatment plans. Discuss the support system used by the physician. ANS: The physician uses a decision support system (DSS). It employs analytic models to help users gain insights into a problem situation, examine alternative solutions, and recommend an appropriate course of action. For example, VisualDx is a clinical decision support system that provides instant access to concise disease information and high-quality medical images. Its database encompasses more than 1300 medical conditions and nearly 30,000 images. Physicians can search this database by symptoms, visual clues, and other patient factors to diagnose diseases and develop treatment plans. 2. What are the benefits of interorganizational information systems? ANS: Interorganizational information systems support the flow of data among different organizations to achieve shared goals. For example, some organizations need to share data for purchase orders, invoices, and payments along with information about common suppliers and financial institutions. Interorganizational information systems speed up the flow of material, payments, and information, while allowing companies to reduce the effort and costs of processing such transactions. 3. Discuss the Diffusion of Innovation theory. What is the difference between an innovator and a laggard? ANS: The Diffusion of Innovation Theory was developed by E.M. Rogers to explain how a new idea or product gains acceptance and diffuses (or spreads) through a specific population or subset of an organization. A key point of this theory is that adoption of any innovation does not happen all at once for all members of the targeted population; rather, it is a drawn-out process, with some people quicker to adopt the innovation than others. An innovator is a risk taker who is always the first to try new products and ideas, whereas a laggard is a person who is very conservative and skeptical of change. 4. Explain Section 404 of the Sarbanes-Oxley Act with an example. ANS: Section 404 of the Sarbanes-Oxley Act requires that all reports filed with the Securities and Exchange Commission (SEC) include a statement signed by the chief executive officer (CEO) and chief financial officer (CFO) attesting that the information contained in the reports is accurate. The company also must submit to an audit to prove that it has controls in place to ensure accurate information. For example, the SEC brought charges against the CEO and CFO of a Florida-based computer equipment company for misrepresenting to external auditors and the investing public the state of its internal controls over financial reporting. The CFO agreed to pay a $23,000 penalty and to be barred from serving as an officer and director of a publicly traded company for five years. The SEC is continuing to litigate its case against the company’s CEO.
CHAPTER 3— PROJECT MANAGEMENT MULTIPLE CHOICE: 1. Which of the following provides customer benefits and gives a tough competition for competitors to imitate? a. Core analysis b. Core scheduling c. Core competency d. Core distribution ANS: C RATIONALE: Researchers Gary Hamel and C.K. Prahalad defined the term core competency to mean something that a firm can do well and that provides customer benefits, is hard for competitors to imitate, and can be leveraged widely to many products and markets. Today, many organizations recognize project management as one of their core competencies and see their ability to manage projects better as a way to achieve an edge over competitors and deliver greater value to shareholders and customers. 2. Which of the following is true of core competency? a. It makes it easy for competitors to know the strategy of their rivals. b. It makes it difficult for competitors to imitate others products. c. It cannot be leveraged widely to many products. d. It cannot penetrate into markets. ANS: B RATIONALE: Researchers Gary Hamel and C.K. Prahalad defined the term core competency to mean something that a firm can do well and that provides customer benefits, is hard for competitors to imitate, and can be leveraged widely to many products and markets. Today, many organizations recognize project management as one of their core competencies and see their ability to manage projects better as a way to achieve an edge over competitors and deliver greater value to shareholders and customers. 3. A(n) _____ is a temporary endeavor undertaken to create a unique product. a. project b. object c. entity d. portfolio ANS: A RATIONALE: A project is a temporary endeavor undertaken to create a unique product, service, or result. Each project attempts to achieve specific business objectives and is subject to certain constraints, such as total cost and completion date. 4. The total cost of a project and its completion date are examples of project _____. a. tables b. variables c. templates d. constraints
ANS: D RATIONALE: A project is a temporary endeavor undertaken to create a unique product, service, or result. Each project attempts to achieve specific business objectives and is subject to certain constraints, such as total cost and completion date. 5. The scope of a project, quality, and user expectations are the _____ of a project. a. inerts b. variables c. constraints d. templates ANS: B RATIONALE: Five highly interrelated parameters define a project—scope, cost, time, quality, and user expectations. If a project team has decided to allow scope changes during the project, then time and effort must be allowed to assess how the scope change will affect the interrelated project variables of cost, schedule, quality, and expectations. 6. Project _____ is a key determinant of other project factors and must be carefully defined. a. cost b. scope c. quality d. milestone ANS: B RATIONALE: Project scope is a definition of which tasks are and which tasks are not included in a project. Project scope is a key determinant of the other project factors and must carefully be defined to ensure that a project meets its essential objectives. 7. Which of the following best describes project scope? a. It enables sound economic decisions about whether employees should be assigned to project work or to operational activities. b. It is the degree to which a project meets the needs of its users. c. It ensures that a project meets its essential objectives. d. It includes all the capital, expenses, and internal cross-charges associated with a project’s buildings, operation, maintenance, and support. ANS: C RATIONALE: Project scope is a definition of which tasks are and which tasks are not included in a project. Project scope is a key determinant of the other project factors and must carefully be defined to ensure that a project meets its essential objectives. 8. Which of the following variables includes the internal cross-charges associated with a project’s buildings, operation, maintenance, and support? a. Cost b. Time c. Quality d. Scope
ANS: A RATIONALE: The cost of a project includes all the capital, expenses, and internal cross-charges associated with a project’s buildings, operation, maintenance, and support. Capital is money spent to purchase assets that appear on the organization’s balance sheet and are depreciated over the life of the asset. 9. _____ is the money spent to purchase assets that appear on an organization’s balance sheet and are depreciated over the life of the asset. a. Proceeds b. Capital c. Liability d. Cross-charge ANS: B RATIONALE: Capital is money spent to purchase assets that appear on an organization’s balance sheet and are depreciated over the life of the asset. Capital items typically have a useful life of at least several years. A building, office equipment, computer hardware, and network equipment are examples of capital assets. 10. _____ items are nondepreciable items that are consumed shortly after they are purchased. a. Capital b. Principal c. Liable d. Expense ANS: D RATIONALE: Expense items are nondepreciable items that are consumed shortly after they are purchased. Typical expenses associated with an information technology-related project include the use of outside labor or consultants, travel, and training. 11. Travel-related costs in an information technology-related project can be classified as _____. a. capital b. an expense c. a cross-charge d. revenue ANS: B RATIONALE: Expense items are nondepreciable items that are consumed shortly after they are purchased. Typical expenses associated with an information technology-related project include the use of outside labor or consultants, travel, and training. 12. Which of the following is true of cross-charging? a. It ensures that a project meets its essential objectives. b. It determines the degree to which a project meets the needs of its users. c. It decides whether employees should be assigned to project work or to operational activities. d. It determines whether a project can be completed in the stipulated time or not.
ANS: C RATIONALE: The rationale behind cross-charging is to enable sound economic decisions about whether employees should be assigned to project work or to operational activities. If employees are assigned to a project, cross-charging helps organizations determine which project makes the most economic sense. 13. The _____ business unit is the business unit most affected by the project and the one whose budget will cover the project costs. a. inheritor b. express c. sponsoring d. receiving ANS: C RATIONALE: Many organizations use a system of internal cross-charges to account for the cost of employees assigned to a project. For example, the fully loaded cost (salary, benefits, and overhead) of a manager might be set at $120,000 per year. The sponsoring organization’s budget is cross-charged this amount for each manager who works full time on the project. The sponsoring business unit is the business unit most affected by the project and the one whose budget will cover the project costs. 14. _____ is defined as the degree to which a project meets the needs of its users. a. Cost b. Quality c. Time d. Scope ANS: B RATIONALE: The quality of a project can be defined as the degree to which the project meets the needs of its users. The quality of a project that delivers an information technology (IT)-related system may be defined in terms of the system’s functionality, features, system outputs, performance, reliability, and maintainability. 15. The _____ of a project that delivers an information technology-related system may be defined in terms of the system’s functionality, features, system outputs, performance, reliability, and maintainability. a. time b. scope c. cost d. quality ANS: D RATIONALE: The quality of a project can be defined as the degree to which the project meets the needs of its users. The quality of a project that delivers an information technology (IT)-related system may be defined in terms of the system’s functionality, features, system outputs, performance, reliability, and maintainability. 16. _____ is the application of knowledge, skills, and techniques to project activities to meet project requirements. a. Project management
b. Project pyramid c. Project literacy d. Project analysis ANS: A RATIONALE: Project management is the application of knowledge, skills, and techniques to project activities to meet project requirements. Project managers must deliver a solution that meets specific scope, cost, time, and quality goals while managing the expectations of the project stakeholders. 17. Identify the activity that involves high levels of creativity and freedom. a. Analytic b. Scientific c. Annalistic d. Artistic ANS: D RATIONALE: The essence of artistic activity is that it involves high levels of creativity and freedom to do whatever the artist feels. The “art” of project management involves salesmanship and psychology in convincing others of the need to change and that this project is right to do. 18. Phil, an engineer, creates use case diagrams for his company. His work involves following defined routines and exacting adherence to laws. Which of the following activities corresponds to his work? a. Annalistic b. Scientific c. Probabilistic d. Artistic ANS: B RATIONALE: The essence of artistic activity is that it involves high levels of creativity and freedom to do whatever the artist feels. Scientific activity, on the other hand, involves following defined routines and exacting adherence to laws. 19. Initiation, scope planning, scope definition, scope verification, and scope change control are the key activities of: a. scope engineering. b. scope networking. c. scope management. d. scope resolution. ANS: C RATIONALE: Scope management includes defining the work that must be done as part of the project and then controlling the work to stay within the agreed-upon scope. Key activities include initiation, scope planning, scope definition, scope verification, and scope change control. 20. Identify the technique that defines the scope of an information system by identifying the business processes it will affect. a. Functional decomposition b. Functional accretion
c. Functional aggregation d. Functional management ANS: A RATIONALE: Functional decomposition is a frequently used technique to define the scope of an information system by identifying the business processes it will affect. It breaks a complex task into several simpler tasks. 21. A(n) _____ is a set of logically related tasks performed to achieve a defined outcome. a. milestone b. incident c. objective d. process ANS: D RATIONALE: A process is a set of logically related tasks performed to achieve a defined outcome. A process is usually initiated in response to a specific event and requires input, which it processes to create output. 22. Identify the naming convention used to define each process in a functional decomposition chart. a. Subject-object b. Verb-subject c. Noun-adjective d. Adverb-adjective ANS: B RATIONALE: To create the functional decomposition chart, begin with the name of the system and then identify the highest-level processes to be performed. Each process should be given a two-word “verbsubject” name that clearly defines the process. 23. _____ includes defining an achievable completion date that is acceptable to the project stakeholders, developing a workable project schedule, and ensuring the timely completion of the project. a. Slack time b. Critical time c. Project completion d. Time management ANS: D RATIONALE: Time management includes defining an achievable completion date that is acceptable to the project stakeholders, developing a workable project schedule, and ensuring the timely completion of the project. Successful project time management requires identifying specific tasks that project team members and/or other resources must complete. 24. Which of the following identifies the project activities that must be completed, the expected start and end dates, and what resources are assigned to each task? a. Project schedule b. Project milestone c. Project deadline
d. Slack time ANS: A RATIONALE: A project schedule identifies the project activities that must be completed, the expected start and end dates, and what resources are assigned to each task. A project schedule is needed to complete a project by a defined deadline, avoid rework, and ensure that people know what to do and when to do it. 25. A _____ is the critical date for completing a major part of a project. a. project schedule b. project milestone c. project deadline d. project evaluation ANS: B RATIONALE: A project milestone is a critical date for completing a major part of a project. Major parts include program design, coding, testing, and release (for a programming project). 26. A _____ is the date an entire project should be completed and operational. a. project schedule b. project milestone c. project evaluation d. project deadline ANS: D RATIONALE: The project deadline is the date an entire project should be completed and operational. It is the time when the organization can expect to begin to reap the benefits of the project. 27. The amount of time an activity can be delayed without delaying the entire project is known as _____. a. critical time b. slack time c. project evaluation d. project milestone ANS: B RATIONALE: In a systems development project, each activity is assigned an earliest start time and an earliest finish time. Each activity is also allocated slack time, which is the amount of time an activity can be delayed without delaying the entire project. 28. Which of the following best describes the critical path of a project? a. It is the date an entire project should be completed and operational—when the organization can expect to begin to reap the benefits of the project. b. It identifies the project activities that must be completed, the expected start and end dates, and what resources are assigned to each task. c. It is a critical date for completing a major part of a project. d. It consists of all activities that, if delayed, would delay an entire project. ANS: D
RATIONALE: The critical path of a project consists of all activities that, if delayed, would delay the entire project. These activities have zero slack time. Any problems with critical path activities will cause problems for the entire project. To ensure that critical path activities are completed on time, project managers use certain approaches and tools such as GanttProject, Microsoft Project, ProjectLibre, or Webplanner to help compute these critical project attributes. 29. Identify the formal approach that creates three time estimates for an activity. a. Program Evaluation and Review Technique (PERT) b. Work breakdown structure (WBS) c. Gantt chart technique (GCT) d. Grid breakdown structure (GBS) ANS: A RATIONALE: A formalized approach called Program Evaluation and Review Technique (PERT) creates three time estimates for an activity: shortest possible time, most likely time, and longest possible time. A formula is then applied to determine a single PERT time estimate. 30. _____ is a graphical tool used for planning, monitoring, and coordinating projects. a. A predecessor chart b. A work breakdown structure c. A Gantt chart d. A query chart ANS: C RATIONALE: A Gantt chart is a graphical tool used for planning, monitoring, and coordinating projects; it is essentially a grid that lists activities and deadlines. Each time a task is completed, a marker such as a darkened line is placed in the proper grid cell to indicate the completion of a task. 31. A(n) _____ is an outline of the work to be done to complete the project. a. attenuation list b. work breakdown structure c. organization breakdown structure d. cost management chart ANS: B RATIONALE: The development of a work breakdown structure is a critical activity needed for effective time management. A work breakdown structure (WBS) is an outline of the work to be done to complete the project. 32. Development of a(n) _____ leads to creation of a schedule and budget. a. work breakdown structure b. organization breakdown structure c. Web planner d. Gantt chart ANS: A RATIONALE: Development of a work breakdown structure leads to creation of a schedule and budget. A work breakdown structure is an outline of the work to be done to complete the project.
33. _____ ensures that a project will meet the needs for which it was undertaken. a. Quality analysis b. Quality schedule c. Quality expatriation d. Quality management ANS: D RATIONALE: Quality management ensures that a project will meet the needs for which it was undertaken. This process involves quality planning, quality assurance, and quality control. 34. Which of the following processes determines the quality standards that are relevant to a project? a. Quality assurance b. Quality planning c. Quality control d. Quality analysis ANS: B RATIONALE: Quality planning involves determining which quality standards are relevant to a project and determining how they will be met. It is a process of quality management. 35. Which of the following processes ensures that a project meets the identified quality standards? a. Quality testing b. Quality planning c. Quality assurance d. Quality forecast ANS: C RATIONALE: Quality assurance involves evaluating the progress of a project on an ongoing basis to ensure that it meets the identified quality standards. It is a process of quality management. 36. Which of the following best describes the quality control process? a. Quality control involves determining which quality standards are relevant to a project and determining how they will be met. b. Quality control involves evaluating the progress of a project on an ongoing basis to ensure that it meets the deadlines. c. Quality control includes developing and managing a project budget. d. Quality control involves checking project results to ensure that they meet identified quality standards. ANS: D RATIONALE: Quality control involves checking project results to ensure that they meet identified quality standards. It is a process of quality management. 37. Which of the following is true of human resource management? a. It includes organizational planning, staff acquisition, and team development. b. It includes communications planning, information distribution, performance reporting, and managing communications to meet the needs of project shareholders.
c. It involves acquiring goods and/or services for a project from sources outside the performing organization. d. It requires the coordination of all appropriate people, resources, plans, and efforts to complete a project successfully. ANS: A RATIONALE: Human resource management is about making the most effective use of the people involved with a project. It includes organizational planning, staff acquisition, and team development. 38. Identify the stage in the forming-storming-norming-performing model in which a team meets to learn about a project, agrees on basic goals, and begins to work on project tasks. a. Storming b. Norming c. Forming d. Performing ANS: C RATIONALE: During the forming stage, a team meets to learn about a project, agrees on basic goals, and begins to work on project tasks. Team members are on their best behavior and try to be pleasant to one another while avoiding any conflict or disagreement. 39. A software development team of programmers discusses the differences of opinion among its team members. In the context of the forming-storming- norming-performing model, they are in the: a. norming stage. b. storming stage. c. forming stage. d. performing stage. ANS: B RATIONALE: A team has moved into the storming stage when it recognizes that differences of opinion exist among team members and allows these ideas to compete for consideration. In this stage, the team might argue and struggle, so it can be an unpleasant time for everyone. 40. Which of the following best describes the norming stage? a. It allows every individual team member to give up his or her preconceived judgments and opinions. b. It recognizes that differences of opinion exist among team members and allows these ideas to compete for consideration. c. A team meets to learn about a project, agrees on basic goals, and begins to work on project tasks. d. Team members have become interdependent on one another and have developed an effective decisionmaking process that does not require the project manager. ANS: A RATIONALE: If a team survives the storming stage, it may enter the norming stage. During this stage, individual team members give up their preconceived judgments and opinions. Members who felt a need to take control of the team give up this impulse. Team members adjust their behavior toward one another and begin to trust one another.
41. Team members adjust their behavior toward one another and begin to trust one another in the _____ stage. a. forming b. storming c. norming d. performing ANS: C RATIONALE: If a team survives the storming stage, it may enter the norming stage. During this stage, individual team members give up their preconceived judgments and opinions. Members who felt a need to take control of the team give up this impulse. Team members adjust their behavior toward one another and begin to trust one another.
42. A design team led by John Dave is highly motivated and knowledgeable about all aspects of the project. After a series of tests, it is proved that the team members are capable of completing the project without the guidance of their manager. John’s team is in the: a. norming stage. b. storming stage. c. forming stage. d. performing stage. ANS: D RATIONALE: Some teams advance beyond the norming stage into the performing stage. At this point, the team is performing at a high level. Team members are competent, highly motivated, and knowledgeable about all aspects of the project. They have become interdependent on one another and have developed an effective decision-making process that does not require the project manager. Dissent is expected, and the team has developed an effective process to ensure that everyone’s ideas and opinions are heard. Work is done quickly and with high quality. 43. A _____ consists of senior managers representing the business and information technology organizations—to provide guidance and support to the project. a. quality control team b. project steering team c. scope management team d. project development team ANS: B RATIONALE: In addition to the development team, each project should have a project steering team, made up of senior managers representing the business and information technology organizations— to provide guidance and support to the project. The number of members on the steering team should be limited (three to five) to simplify the decision-making process and ease the effort to schedule a quorum of these busy executives. 44. Which of the following members of a project steering team removes barriers to the project success? a. A project sponsor b. A subject matter expert c. A project champion
d. A technical resource ANS: C RATIONALE: The project champion is a well-respected manager with a passion to see a project succeed and removes barriers to the project success. He or she is a key member of the steering team. 45. Which of the following best describes the role of a project sponsor? a. He or she ensures that a project will meet the needs of his or her organization. b. He or she has a passion to see a project succeed and removes barriers to the project success. c. He or she provides knowledge and expertise in a particular aspect important to a project. d. He or she ensures proper technology staffing for a project. ANS: A RATIONALE: A project sponsor is a senior manager from the business unit most affected by a project. He or she ensures that the project will meet the needs of his or her organization. 46. Who provides knowledge and proficiency in a particular aspect important to a project? a. A software sponsor b. A project reviewer c. A project champion d. A subject matter expert ANS: D RATIONALE: A subject matter expert is someone who provides knowledge and expertise in a particular aspect important to the project. For example, an accounting system project may seek advice from a member of the internal auditing group in defining the mandatory control features of a new system. 47. Who adds value to a project with his subject matter expertise in an information technology topic? a. A project sponsor b. A technical resource c. A project champion d. A software sponsor ANS: B RATIONALE: A technical resource is essentially a subject matter expert in an information technology (IT) topic of value to a project. For example, the accounting system project may seek advice from a database management system guru (either inside or outside the company) to minimize the processing time for certain key business transactions. 48. _____ involves the generation, collection, dissemination, and storage of project information in a timely and effective manner. a. Communications management b. Human resource management c. Cost management d. Scope management ANS: A
RATIONALE: Communications management involves the generation, collection, dissemination, and storage of project information in a timely and effective manner. It includes communications planning, information distribution, performance reporting, and managing communications to meet the needs of project shareholders. 49. _____ risks cannot be managed directly. a. Exposure b. Unknown c. Unsystematic d. Model ANS: B RATIONALE: Unknown risks cannot be managed directly; however, an experienced project manager will build some contingency into the project budget and schedule to allow for their occurrence. While inexperienced project managers realize that things may go wrong, they fail to identify and address known risks and do not build in contingencies for unknown risks. 50. Who is responsible for developing a risk management strategy? a. A risk reviewer b. A technical resource c. A project champion d. A risk owner ANS: D RATIONALE: Risks with a high probability of occurrence and a high potential impact need to have a risk owner assigned. The risk owner is responsible for developing a risk management strategy and monitoring the project to determine if the risk is about to occur or has occurred. 51. Which of the following is true of risk management software? a. It can provide more realistic estimates for project milestones and budgets. b. It can provide more realistic estimates for slack time and budgets. c. It can provide more realistic estimates for project schedules and budgets. d. It can provide more realistic estimates for a work breakdown structure. ANS: A RATIONALE: Risk management software—such as Risk Management from Intelex, Full Monte from Barbecana, and @Risk from Intaver Institute—integrates with project scheduling software and can reflect the potential impact of various risks on the project schedule and cost. Use of such software can lead to more realistic estimates for project milestones and budgets. 52. Which of the following project management knowledge areas is responsible for acquiring goods and services for the project from sources outside the performing organization? a. Scope management b. Communications management c. Risk management d. Procurement management ANS: D
RATIONALE: Procurement management involves acquiring goods and/or services for the project from sources outside the performing organization. This activity is divided into five processes. 53. Which of the following statements best describes the plan contracting process of procurement management? a. It obtains bids, information, proposals, or quotations from potential providers. b. It documents requirements for products and services and identifies potential providers. c. It determines what is needed and when. d. It reviews the offers and starts the negotiations with the preferred provider. ANS: B RATIONALE: Plan contracting process documents requirements for products and services. This process also identifies potential providers. 54. Identify the process in procurement management that determines the requirements for a project. a. Plan contracting b. Contract administration c. Plan purchase and acquisition d. Request seller responses ANS: C RATIONALE: Plan purchase and acquisition process determines what is needed and when. The make-orbuy decision is a key decision made during the plan purchase and acquisition process. 55. Which of the following statements best describes the request seller response process of procurement management? a. It obtains bids, information, proposals, or quotations from potential providers. b. It documents requirements for products and services and identifies potential providers. c. It manages the relationship between the buyer and the seller. d. It reviews the offers from and starts the negotiations with the preferred seller. ANS: A RATIONALE: The request seller response process obtains bids, information, proposals, or quotations from potential providers. 56. In the context of procurement management, identify the process that reviews the offers from sellers and identifies the provider. a. Request seller response b. Plan contracting c. Contract closure d. Select seller ANS: D RATIONALE: During the select seller process, offers from sellers are reviewed, and the preferred provider is identified. Negotiations are started in this process.
57. Carlton has ordered a digital watch from an e-commerce Web site. He wants to track the shipment details to estimate the delivery of the product. In the context of procurement management, identify the process that helps Carlton to track his watch shipped by the provider. a. Plan purchase and acquisition b. Plan contracting c. Contract administration d. Contract closure ANS: C RATIONALE: The contract administration process manages all aspects of the contract and the relationship between the buyer and the provider. The process includes tracking and documenting the provider’s performance, managing contract changes, and taking any necessary corrective actions. 58. Which of the following decisions involves comparing the benefits and drawbacks of in-house production versus outsourcing of a given product or service? a. Break-or-make decision b. Make-or-sell decision c. Break-or-buy decision d. Make-or-buy decision ANS: D RATIONALE: The make-or-buy decision is a key decision made during the plan purchase and acquisition process. The make-or-buy decision involves comparing the pros and cons of in-house production versus outsourcing of a given product or service. 59. A(n) _____ is a legally binding agreement that defines the terms and conditions of the buyer–provider relationship. a. contract b. milestone c. expatiate d. strategy ANS: A RATIONALE: A contract is a legally binding agreement that defines the terms and conditions of the buyer–provider relationship. This includes who is authorized to do what, who holds what responsibilities, costs and terms of payment, remedies in case of breach of contract, and the process for revising the contract. 60. Atelco Inc., a hardware firm, orders 50 laptops with the same configuration. In the context of contract categories, this scenario is an example of a: a. cost-plus-fee contract. b. cost-plus-percentage contract. c. fixed-price contract. d. time and material contract. ANS: C
RATIONALE: In a fixed-price contract, the buyer and provider agree to a total fixed price for a welldefined product or service. For example, the purchase of a large number of laptop computers with specified capabilities and features frequently involves a fixed-price contract. 61. Which of the following is the type of contract that pays the provider an amount that covers the provider’s actual costs plus an additional amount? a. Material contract b. Cost-reimbursable contract c. Fixed-price contract d. Time contract ANS: B RATIONALE: Cost-reimbursable contract requires paying the provider an amount that covers the provider’s actual costs plus an additional amount or percentage for profit. Three common types of costreimbursable contracts exist. They are cost-plus-fee contract, cost-plus-fixed-fee contract, and cost-plusincentive-fee contract. 62. John, a civil engineer, pays the heavy equipment provider an agreed-upon hourly rate and unit price for the various materials to be used. In the context of contract categories, this scenario is an example of a: a. cost-plus-fee contract. b. cost-plus-percentage contract. c. fixed-price contract. d. time and material contract. ANS: D RATIONALE: In a time and material contract, the buyer pays the provider for both the time and materials required to complete the contract. The contract includes an agreed-upon hourly rate and unit price for the various materials to be used. 63. Identify the knowledge area that requires the assimilation of eight other project management knowledge areas. a. Project integration management b. Procurement management c. Human resource management d. Communications integration management ANS: A RATIONALE: Project integration management is perhaps the most important knowledge area because it requires the assimilation of all eight other project management knowledge areas. Project integration management requires the coordination of all appropriate people, resources, plans, and efforts to complete a project successfully. 64. _____ requires the coordination of all appropriate people, resources, plans, and efforts to complete a project successfully. a. Communications management b. Procurement management c. Human resource management d. Project integration management
ANS: D RATIONALE: Project integration management is perhaps the most important knowledge area because it requires the assimilation of all eight other project management knowledge areas. Project integration management requires the coordination of all appropriate people, resources, plans, and efforts to complete a project successfully. 65. In the context of project integration management, which of the following best describes the process of monitoring and controlling a project? a. This process develops a project charter that formally recognizes the existence of the project, outlines the project objectives and how they will be met, lists key assumptions, and identifies major roles and responsibilities. b. This process requires regularly measuring effort and expenditures against the project tasks, recognizing when significant deviations occur from the schedule or budget, and taking corrective action to regain alignment with the plan. c. This process develops a preliminary project scope statement to define and gain consensus about the work to be done. d. This process closes a project successfully by gaining stakeholder and customer acceptance of the final product. ANS: B RATIONALE: Monitoring and controlling the project work regularly measures the effort and expenditures against the project tasks, recognizing when significant deviations occur from the schedule or budget. It also takes corrective actions to regain alignment with the plan. TRUE/FALSE: 1. Projects are repetitive activities that are performed over and over again. ANS: False RATIONALE: Projects are different from operational activities, which are repetitive activities performed over and over again. Projects are not repetitive; they come to a definite end once the project objectives are met or the project is cancelled. 2. It is easier to meet the quality and stakeholder expectations if the project has a large scope. ANS: False RATIONALE: In general, the larger the scope of the project, the more difficult it is to meet cost, schedule, quality, and stakeholder expectations. 3. Cross-charges in an information technology-related project include the use of outside labor, travel, and training. ANS: False RATIONALE: Expense items are nondepreciable items that are consumed shortly after they are purchased. Typical expenses associated with an IT-related project include the use of outside labor or consultants, travel, and training.
4. Project management uses repeatable processes and techniques to achieve project goals. ANS: True RATIONALE: Project management is also part science because it uses time-proven, repeatable processes and techniques to achieve project goals. 5. A functional decomposition chart begins with identifying the lower-level subprocesses. ANS: False RATIONALE: To create the functional decomposition chart, begin with the name of the system and then identify the highest-level processes to be performed. 6. Tasks excluded from the work breakdown structure are within the scope of the project. ANS: False RATIONALE: Development of a work breakdown structure (WBS) is another approach to defining the scope of a project—work not included in the WBS is outside the scope of the project. 7. The human resources manager ensures that a project uses approved technologies and vendors. ANS: False RATIONALE: The information technology (IT) manager ensures proper IT staffing for the project and ensures the project uses approved technology and vendors. 8. In creating a new information technology (IT) related system that includes the acquisition of new computing and/or networking hardware, the hardware takes longer than expected to arrive at the installation site. In the context of risk management, this is an example of an unknown risk. ANS: False RATIONALE: Known risks are risks that can be identified and analyzed. For example, in creating a new IT-related system that includes the acquisition of new computing and/or networking hardware, a known risk might be that the hardware will take longer than expected to arrive at the installation site. If the hardware is delayed by several weeks, it could have a negative effect on the project completion date. 9. The make-or-buy decision compares the advantages and disadvantages of in-house production versus outsourcing of a given product or service. ANS: True RATIONALE: The make-or-buy decision is a key decision made during the plan purchase and acquisition process. The make-or-buy decision involves comparing the pros and cons of in-house production versus outsourcing of a given product or service. 10. Project integration management requires the assimilation of all eight other project management knowledge areas. ANS: True
RATIONALE: Project integration management is perhaps the most important knowledge area because it requires the assimilation of all eight other project management knowledge areas. ESSAY: 1. Briefly explain the parameters that define a project. ANS: Five highly interrelated parameters define a project—scope, cost, time, quality, and user expectations. Project scope is a definition of which tasks are and which tasks are not included in a project. The cost of a project includes all the capital, expenses, and internal cross-charges associated with the project’s buildings, operation, maintenance, and support. The timing of a project is frequently a critical constraint. Often, projects must be completed by a certain date to meet an important business goal or a government mandate. The quality of a project can be defined as the degree to which the project meets the needs of its users. As a project begins, stakeholders will form expectations—or will already have expectations— about how the project will be conducted and how it will affect them. For example, based on previous project experience, the end users of a new IT system may expect that they will have no involvement with the system until it is time for them to be trained. 2. Brief the steps involved in the creation of a functional decomposition chart. ANS: Functional decomposition is a frequently used technique to define the scope of an information system by identifying the business processes it will affect. To create the functional decomposition chart, begin with the name of the system and then identify the highest-level processes to be performed. Each process should be given a two-word “verb-subject” name that clearly defines the process. Next, break those high-level processes down into lower-level subprocesses. Typically, three or four levels of decomposition are sufficient to define the scope of the system. 3. Define the objective of quality management. Explain the various processes involved in it. ANS: Quality management ensures that the project will meet the needs for which it was undertaken. This process involves quality planning, quality assurance, and quality control. Quality planning involves determining which quality standards are relevant to the project and determining how they will be met. Quality assurance involves evaluating the progress of the project on an ongoing basis to ensure that it meets the identified quality standards. Quality control involves checking project results to ensure that they meet identified quality standards. 4. How is a subject matter expert different from a technical resource in the project steering team? Explain with an example. ANS: A subject matter expert is someone who provides knowledge and expertise in a particular aspect important to the project. For example, an accounting system project may seek advice from a member of the internal auditing group in defining the mandatory control features of a new system. A technical resource is essentially a subject matter expert in an information technology topic of value to the project. For example, the accounting system project may seek advice from a database management system guru (either inside or outside the company) to minimize the processing time for certain key business transactions.
CHAPTER 4—BUSINESS PROCESS AND IT OUTSOURCING MULTIPLE CHOICE 1. _____ is an arrangement in which one company contracts with another organization to provide services that could be provided by company employees. a. Outsourcing b. Scaling c. Marketing d. Manufacturing ANS: A RATIONALE: Outsourcing is an arrangement in which one company contracts with another organization to provide services that could be provided by company employees. When the people doing the work are located in another country, the arrangement is called offshore outsourcing. 2. Which of the following organizations outsources its work? a. Lenc Inc. is a chain of stores that sells home appliances and is spread across the United States. Goods not available in one of its stores can be procured from its other stores. b. Zeta Inc. supplies raw materials to Clips&Hangers, a soap and detergent manufacturing organization. c. Lusach Dine entered into a two-year contract with Soy&Cream for procuring its dairy products. d. Ace Healthcare entered into a five-year contract with Masters Inc. to take care of Ace Healthcare’s recruiting process and insurance policies. ANS: D RATIONALE: Outsourcing is an arrangement in which one company contracts with another organization to provide services that could be provided by company employees. Ace Healthcare entered into a fiveyear contract with Masters Inc. Masters Inc. takes care of the recruiting process and insurance policies for Ace Healthcare. Therefore, Ace healthcare has outsourced its insurance policy process and recruiting process to Masters Inc. 3. Bersk, a brewing company, entered into a three-year contract with Seins Inc. According to the contract, Seins Inc. will package and market the beverages produced by Bersk. This is an example of _____. a. liquidating b. outsourcing c. amalgamating d. conglomerating ANS: B RATIONALE: Outsourcing is an arrangement in which one company contracts with another organization to provide services that could be provided by company employees. In this case, Bersk outsourced the packaging and marketing of its beverages to Seins Inc. 4. When the people of an organization doing the work for another organization are located in another country, the arrangement is called _____. a. horizontal integration b. business unit sponsoring c. offshore outsourcing d. functional decomposition ANS: C
RATIONALE: Outsourcing is an arrangement in which one company contracts with another organization to provide services that could be provided by company employees. When the people of an organization doing the work are located in another country, the arrangement is called offshore outsourcing. 5. Many organizations contract with service providers to handle their complete services such as accounting and finance, customer services, human resources, and research and development. This is known as _____. a. vertical integration b. business process outsourcing c. outbound telemarketing process d. horizontal integration ANS: B RATIONALE: Outsourcing takes many forms and is by no means limited to information technology outsourcing (ITO). Many organizations contract with service providers to handle complete business processes such as accounting and finance, customer services, human resources, and even research and development, in what is called business process outsourcing (BPO). 6. _____ provides valuable customer benefits, is hard for competitors to imitate, has a direct impact on the organization’s customers, is a major cost driver, is essential for providing services, and can be leveraged widely across many products and markets. a. Physical capital b. A core business process c. A retail price index d. Sequential sampling ANS: B RATIONALE: A core business process is one that provides valuable customer benefits, is hard for competitors to imitate, and can be leveraged widely across many products and markets. It takes the unique knowledge and skills of the organization’s workers to operate these processes effectively. Core processes have a direct impact on the organization’s customers, are major cost drivers, or are essential for providing services. 7. Which of the following is true about a core business process? a. It requires an organization’s workers to possess unique knowledge and skills. b. It has a direct impact on the organization’s infrastructure. c. It is easy for competitors to imitate the process. d. It decelerates a product’s time to market. ANS: A RATIONALE: A core business process is one that provides valuable customer benefits, is hard for competitors to imitate, and can be leveraged widely across many products and markets. It requires an organization’s workers to possess unique knowledge and skills to operate it effectively. 8. Which of the following is true about outsourcing? a. Organizations outsource to reduce the money spent on tax and revenue. b. Organizations outsource to decelerate a product’s time to market. c. Organizations outsource to increase production cost. d. Organizations outsource to improve their focus on core operations. ANS: D
RATIONALE: Organizations decide to outsource for many reasons. The most frequently cited reasons are to cut costs, improve the firm’s focus on core operations, upgrade the firm’s capabilities and services, and accelerate time to market. 9. Which of the following is a true statement? a. Organizations that do not outsource probably have greater recruiting expenses than outsourcing organizations. b. Organizations that do not outsource have lesser cost of production than outsourcing organizations. c. Organizations that do not outsource have lesser marketing and deployment expenses than outsourcing organizations. d. Organizations that do not outsource pay more tax than outsourcing organizations. ANS: A RATIONALE: Organizations that do not outsource probably have greater recruiting, training, research and development, marketing, and deployment expenses. These costs must be passed along in the form of higher prices to the customer, placing the firms at a competitive cost disadvantage. 10. A firm in the United States hired experienced software engineers from Japan and Korea for $20 per hour, whereas they hired software engineers from the United States for $180 per hour.The engineers in Japan and Korea couldn’t discuss and share their views with the project leaders as freely as the employees in the United States. A project took four months longer than expected to complete. What could be the most appropriate reason for the delay in the project? a. Difficulty in communication of goals and needs due to the language barrier b. Difficulty in transferring the payroll c. Difficulty in understanding machine language d. Difficulty in providing the same labor status as the engineers in the US to the engineers from Japan and Korea ANS: A RATIONALE: Organizations outsourcing their work to different nations often encounter difficulties in communicating their needs due to language barriers. However, there are other benefits associated in outsourcing work to different nations. 11. The core business process of a locomotive firm is designing engines. It outsources the production of automobile bodies and several of its parts to different organizations in South Africa and South Asia. Which of the following could be the most appropriate reason for the locomotive firm to outsource? a. To increase marketing expenses on the core operation b. To decelerate the product’s time to the market c. To increase the product’s deployment expenses d. To focus on the firm’s main operations ANS: D RATIONALE: A rationale for outsourcing is to enable an organization to focus on its most important priorities. It is highly ineffective to divert the time and energy of key company resources to do routine work that does not require unique skills or intimate knowledge of the firm, its products, its services, and its customers. 12. _____ frees up a large amount of resources and management effort that can be redirected to other more strategic issues within an organization. a. Advertising b. Bootstrapping
c. Outsourcing d. Liquidating ANS: C RATIONALE: An important rationale for outsourcing is to enable an organization to focus on its most important priorities. It is highly ineffective to divert the time and energy of key company resources to do routine work that does not require unique skills or intimate knowledge of the firm, its products, its services, and its customers. Outsourcing frees up a large amount of resources and management effort that can be redirected to other more strategic issues within an organization. 13. Heinsert Inc. is a computer manufacturing firm. Its core business process is the production of efficient processors and storage disks. It outsources the manufacturing of its computer screen to a camera and lens manufacturing firm called Zetax, which is highly efficient and has world-class capabilities. Identify the most appropriate reason why Heinsert outsources its computer screen production. a. To increase the marketing expenses on its core operation b. To upgrade its products’ capabilities and services c. To increase the revenue of its products d. To decelerate the products’ time to market ANS: B RATIONALE: An outsourcing service provider can perform a business process better than its clients ever could. The outsourcing provider might be highly efficient, with world-class capabilities and access to new technology, methods, and expertise that would not be cost effective for its clients to acquire and maintain. Thus, outsourcing a function can provide a considerable upgrade in capabilities and service. 14. ScanX is a digital media organization. One of the organization’s key business strategies is to launch online courses for high schools. The organization works to develop the platform for the online course on a time constraint. ScanX decides to outsource the launch of the product to clients in various nations so that it can meet the deadline. Which of the following would be the most appropriate reason for ScanX to outsource? a. To accelerate the product’s time to market b. To increase product deployment expenses c. To increase marketing expenses on the core operation d. To reduce the revenues and tax expenses ANS: A RATIONALE: In today’s highly competitive global marketplace, any delay in the introduction of a new product or service can negatively impact customer satisfaction, brand image, and cash flow. The introduction of a new product or service often requires a high level of expertise and/or significant infrastructure not yet present within the organization. In such cases, outsourcing can accelerate and smooth out the start-up. 15. Organizations that outsource to other firms also lay off portions of their own staff as part of outsourcing. People lose their jobs as their work has been outsourced to a different firm at lower wages. The employees become bitter and nonproductive after such layoffs. Identify the issue associated with outsourcing that affects an organization’s positives in such cases. a. Payroll issues b. Employee morale c. Legal issues d. Security breach
ANS: B RATIONALE: The use of outsourcing has always been controversial because the end result is that some people lose their jobs while others gain jobs, often at far lower wages. It often affects the morale of employees who may become bitter and nonproductive. 16. Icarus Inc. manufactures fighter planes for the government. It made a strategic decision to outsource the production of wings and turbines to another firm for the purpose of reducing production cost and development time by two years. However, the outsourcing provider developed the planes' wings and turbines using low-grade material, which led to Icarus Inc. losing its contract with the government. The loss of time and revenue was non-amendable and the company was closed down eventually. Which of the following issues associated with outsourcing best describes the cause of Icarus Inc. shutting down? a. Security breaches b. Legal issues c. Quality problems d. Employee morale ANS: C RATIONALE: Outsourcing part or all of a business process introduces significant risks that the service provider will create quality problems. For example, Boeing made a strategic decision to outsource development of the 787 Dreamliner aircraft with a goal of reducing costs by $4 billion and cutting development time by two years. However, the development effort spiraled out of control and it led to severe quality challenges. 17. A(n) _____ in an outsourcing agreement defines the conditions under which either party may exit the outsourcing relationship. a. termination clause b. balance sheet c. offer document d. defense agreement ANS: A RATIONALE: Every outsourcing agreement between two or more organizations contains a termination clause that defines the conditions under which either party may exit the outsourcing relationship. Common termination reasons include termination for convenience, termination for failure to meet service and performance levels, termination for material breach of contract, and termination for financial crises. 18. Identify the termination clause that allows an organization to unilaterally terminate an outsourcing contract at any time with or without giving a reason. a. Termination for failure to meet service and performance levels b. Termination for material breach of contract c. Termination for convenience d. Termination for financial crises ANS: C RATIONALE: Termination for convenience gives a party the right to unilaterally terminate the contract at any time—with or without giving a reason. The other party is generally entitled to a negotiated settlement for an equitable recovery of costs and losses incurred. 19. Identify the termination clause that breaks the outsourcing agreement irreparably and defeats the purpose of making the contract in the first place. a. Termination for failure to meet service and performance levels
b. Termination for material breach of contract c. Termination for convenience d. Termination for financial crises ANS: B RATIONALE: A material breach of contract is a failure to perform that strikes so deeply at the heart of the contract that it renders the agreement irreparably broken and defeats the purpose of making the contract in the first place. If a material breach occurs, the other party can simply end the agreement and go to court to try to collect damages caused by the breach. 20. Which termination clause allows an organization to end the outsourcing agreement and go to court to collect compensation for the damages caused? a. Termination for convenience b. Termination for financial crises c. Termination for failure to meet service and performance levels d. Termination for material breach of contract ANS: D RATIONALE: A material breach of contract is a failure to perform that strikes so deeply at the heart of the contract that it renders the agreement irreparably broken and defeats the purpose of making the contract in the first place. If a material breach occurs, the other party can simply end the agreement and go to court to try to collect damages caused by the breach. 21. Xsis Inc. is an information technology (IT) and services company. It used to outsource its technical support calls to a company located in a Southeast Asian country. Xsis Inc. started receiving a lot of complaints from customers on language difficulties and delays in reaching senior technicians when speaking to support personnel. The reduction in the volume of calls for its services led Xsis Inc. to terminate its outsourcing contract. Identify the appropriate issue related to outsourcing that led Xsis Inc. to terminate its contract with the company in Southeast Asia. a. Employee morale b. Technical and legal issues c. Negative impact on customer relationships and satisfaction d. Data security and integrity issues ANS: C RATIONALE: Outsourcing can greatly reduce the amount of direct communication between a company and its customers. This prevents a company from building solid relationships with its customers, and often leads to dissatisfaction on one or both sides. 22. City-mart, a supermarket chain, used to outsource its logistics service. Over a period of time, the company discovered an irregularity in the amount of products delivered and the payments collected for those products. It was found that the systems for payment acceptance and logistics were breached by a foreign agent in the firm, which led to the termination of the outsourcing contract by City-mart. Which of the following would be the most appropriate issue related to outsourcing in this scenario? a. Negative impact on customer relationships and satisfaction b. Data security and integrity issues c. Vertical integration d. Horizontal integration ANS: B
RATIONALE: A key outsourcing issue is concern over maintaining data security and integrity to safeguard against data security lapses. Indeed, a study by computer security firm Trustwave found that in nearly two-thirds of 450 data breaches examined, an outsourcing firm responsible for IT system support, development, or maintenance had introduced security flaws that were easily exploited by hackers. 23. A firm in the United States outsources its technical support to a firm in South Asia. The technical support firm collects customers’ personal data and submits them to the service provider. However, a customer would not want information about him or her to be available to others without his or her approval. Identify the issue associated with offshore outsourcing that would arise if the service provider is not particularly careful to ensure it has control over who has access to their data. a. Diminishing cost advantages b. Tax evasion c. Data privacy d. Jurisdiction ANS: C RATIONALE: Most offshore outsourcing agreements specify that the customer retains ownership of all data it submits to the service provider and that the data is to be kept strictly confidential. Companies choosing to outsource offshore must be particularly careful to ensure they have control over who has access to their data. 24. A healthcare organization in Canada outsources its insurance work to a service provider in South Asia. The employees in South Asia used to receive less than half the salary that the employees in Canada received. But in recent years, there has been a rapid increase in employees’ salaries in South Asia. Slowly, the healthcare organization is reducing the level of outsourcing and is employing people in Canada. Which of the issues associated with offshore outsourcing describes the above scenario? a. Diminishing cost advantages b. Important technology issues c. Frictional unemployment issues d. Data privacy and integrity issues ANS: A RATIONALE: Salaries in developing countries such as China, India, Latin America, and the Philippines are increasing rapidly. And the cost advantage to outsource to such countries is being reduced. 25. _____ allows a service provider organization to own and manage the infrastructure (including computing, networking, and storage devices) with tenant organizations by accessing slices of shared hardware resources via the Internet. a. Voluntary liquidation b. Public cloud computing c. Vertical market integration d. Service portfolio ANS: B RATIONALE: Public cloud computing allows a service provider organization to own and manage the infrastructure (including computing, networking, and storage devices) with cloud user organizations (called tenants) by accessing slices of shared hardware resources via the Internet. The service provider can deliver increasing amounts of computing, network, and storage capacity on demand and without requiring any capital investment on the part of the cloud users.
26. Which of the following would be the most appropriate solution for organizations whose computing needs vary greatly depending on changes in demand? a. Vertical market integration b. Private cloud computing c. Public cloud computing d. Horizontal market integration ANS: C RATIONALE: With public cloud computing, a service provider organization owns and manages the infrastructure (including computing, networking, and storage devices) with cloud user organizations (called tenants) accessing slices of shared hardware resources via the Internet. Public cloud computing is a great solution for organizations whose computing needs vary greatly depending on changes in demand. Amazon, Cisco Systems, IBM, Microsoft, Rackspace, Verizon Communications Inc., and VMW are among the largest cloud computing service providers. 27. Which of the following can be a faster, cheaper, and more agile approach to build and manage an information technology (IT) infrastructure? a. Public cloud computing b. Service portfolio management c. Fixed term contract d. Enterprise application integration ANS: A RATIONALE: Public cloud computing allows a service provider organization to own and manage the infrastructure (including computing, networking, and storage devices) with cloud user organizations (called tenants) accessing parts of shared hardware resources via the Internet. It can be a faster, cheaper, and more agile approach to building and managing an IT infrastructure. 28. Which of the following is true about public cloud computing? a. It is expensive. b. It is less secure. c. It is relatively slow. d. It is less agile. ANS: B RATIONALE: Since cloud users use someone else’s data center, public cloud computing has potential issues with service levels, loss of control, disaster recovery, and data security. Data security in particular is a key concern because when using a public cloud computing service, you are relying on someone else to safeguard your data. 29. _____ is a software delivery approach in which an organization outsources the equipment used to support its data processing operations, including servers, storage devices, and networking components. a. Infrastructure as a service b. Software as a service c. Service portfolio management d. Enterprise application management ANS: A RATIONALE: Infrastructure as a service (IaaS) is a software delivery approach in which an organization outsources the equipment used to support its data processing operations, including servers, storage
devices, and networking components. The service provider owns the equipment and is responsible for housing, running, and maintaining it. 30. Quake Inc., a software giant, outsources its customer relationship management amenity to Zeins Inc. The contract between the two firms requires Zeins Inc. to exclusively use tools supplied by Quake Inc. and also makes Zeins responsible for the maintenance of the tools. Identify the type of service in the above scenario. a. Platform as a service b. Vertical integration c. Infrastructure as a service d. Horizontal integration ANS: C RATIONALE: Infrastructure as a service (IaaS) is a software delivery approach in which an organization outsources the equipment used to support its data processing operations, including servers, storage devices, and networking components. The service provider owns the equipment and is responsible for housing, running, and maintaining it. 31. Which of the following software delivery approaches provides users remote access to software as a Web-based service? a. Application deployment approach b. Software deployment approach c. Software as a service d. Platform as a service ANS: C RATIONALE: Software as a service (SaaS) is a software delivery approach that provides users with access to software remotely as a Web-based service. SaaS pricing is based on a monthly fee per user and typically results in lower costs than a licensed application. 32. Serios is a software development firm in Canada. It creates an application to guide the development of Maglev trains in Mexico City and outsources the design and maintenance of the application to Ieinsta Inc. in Mexico City. The contract between the firms requires Ieinsta Inc. to use only the software provided by Serios. Ieinsta Inc. has to access the software remotely as a Web-based service. Identify the type of service provided by Serios in this scenario. a. Infrastructure as a service b. Software deployment service c. Platform as a service d. Software as a service ANS: D RATIONALE: Software as a service (SaaS) is a software delivery approach that provides users with access to software remotely as a Web-based service. SaaS pricing is based on a monthly fee per user and typically results in lower costs than a licensed application. 33. Identify an advantage of the software as a service (SaaS) approach in public cloud computing. a. The user can create an application using tools and libraries from the provider. b. The user handles software maintenance and upgrading features. c. The user controls software deployment and configuration settings. d. The user does not need to purchase and install additional hardware to provide increased capacity.
ANS: D RATIONALE: SaaS is a software delivery approach that provides users with access to software remotely as a Web-based service. SaaS pricing is based on a monthly fee per user and typically results in lower costs than a licensed application. As the software is hosted remotely, users do not need to purchase and install additional hardware to provide increased capacity. 34. _____ is a public cloud computing approach that provides users with a computing platform, which includes an operating system, a programming language execution environment, database services, and a Web server. a. Software as a service b. Platform as a service c. Security as a service d. Backend as a service ANS: B RATIONALE: Platform as a service (PaaS) provides users with a computing platform, typically including operating system, programming language execution environment, database services, and Web server. The user can create an application or service using tools and/or libraries from the provider. 35. Valley Inc. is a Texas-based firm that develops applications for heavy machinery. The major part of coding and development is outsourced to Rousc Inc., in North Korea. As per the contract, Valley Inc. provides Rousc Inc. with the programming language execution environment, database services, and a Web server. Rousc Inc. also gets to control the application’s deployment and configuration settings. Which type of service does Valley Inc. provide? a. Forward market integration service b. Software as a service c. Platform as a service d. Reverse market integration service ANS: C RATIONALE: Platform as a service (PaaS) provides users with a computing platform, typically including operating system, programming language execution environment, database services, and Web server. The user can create an application or service using tools and/or libraries from the provider. The user also controls software deployment and configuration settings. 36. Which public cloud computing approach allows the user to create an application or service using tools and/or libraries from the provider and control software deployment and configuration settings? a. Platform as a service b. Software as a service c. Autonomic computing d. Service portfolio management ANS: A RATIONALE: Platform as a service (PaaS) provides users with a computing platform, typically including operating system, programming language execution environment, database services, and Web server. Users can create an application or service using tools and/or libraries from the provider. 37. _____ enables application developers to develop, test, and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software. a. Autonomic computing b. Service portfolio management
c. Platform as a service d. Security as a service ANS: C RATIONALE: Platform as a service (PaaS) provides users with a computing platform, typically including operating system, programming language execution environment, database services, and Web server. It enables application developers to develop, test, and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software. 38. Which of the following is a component used by a cloud user in a cloud computing environment? a. A storage device b. A web server c. An operating system d. A smartphone ANS: D RATIONALE: Smartphones, tablets, laptops, and desktops are the components used by a cloud user in a cloud computing environment. These components are used to gain full advantage of cloud computing. 39. Identify a component of infrastructure as a service (IaaS) cloud computing. a. A network device b. A laptop c. A smartphone d. A database ANS: A RATIONALE: Infrastructure as a service (IaaS) is a software delivery approach in which an organization outsources the equipment used to support its data processing operations, including servers, storage devices, and networking components. Virtual machines, servers, storage devices, and network devices are the components of IaaS cloud computing. 40. Identify a component of platform as a service (PaaS) in a cloud computing environment. a. A virtual machine b. Bluetooth c. A network device d. An operating system ANS: D RATIONALE: Operating system, programming language, database, and Web server are the components of platform as a service (PaaS) in a cloud computing environment. The user can create an application or service using tools and/or libraries from the provider. 41. Which of the following challenges is faced by organizations that are moving toward the cloud computing environment? a. Hidden costs b. Flexible user support c. Less than expected downtime d. Invisible system complexity ANS: A
RATIONALE: Organizations moving toward the cloud computing environment face issues such as complex pricing arrangements and hidden costs that reduce expected cost savings, performance issues that cause wide variations in performance over time, poor user support, and greater than expected downtime. 42. Which of the following cloud computing technologies separates a physical computing device into one or more devices, each of which can be easily used and managed to perform computing tasks? a. Personalization b. Visualization c. Virtualization d. Polymerization ANS: C RATIONALE: Virtualization is the main enabling technology for cloud computing. It separates a physical computing device into one or more “virtual” devices (e.g., server or storage device), each of which can be easily used and managed to perform computing tasks. 43. Which of the following technicians uses software to divide one physical server into a number of virtual machines, with each virtual machine capable of processing a set of data for users from a given organization? a. A program analyst b. A server administrator c. A technical head d. A software developer ANS: B RATIONALE: Virtualization is the main enabling technology for cloud computing. It separates a physical computing device into one or more “virtual” devices (e.g., server or storage device), each of which can be easily used and managed to perform computing tasks. A server administrator uses software to divide one physical server into a number of virtual machines, with each virtual machine capable of processing a set of data for users from a given organization. 44. The ability of information technology (IT) systems to manage themselves and adapt to changes in the computing environment, business policies, and operating objectives is known as _____. a. virtualization b. autonomic computing c. visualization d. smart sourcing ANS: B RATIONALE: Autonomic computing, an enabling technology for cloud computing, is the ability of IT systems to manage themselves and adapt to changes in the computing environment, business policies, and operating objectives. 45. Identify the goal of autonomic computing. a. To divide one physical server into many virtual machines with each virtual machine capable of processing a set of data for users from a given organization b. To provide users with a computing platform that includes an operating system, database services, and a Web server c. To outsource the equipment used to support data processing operations, including servers, storage devices, and networking components
d. To create complex systems that run themselves, while keeping the system’s complexity invisible to the end user ANS: D RATIONALE: The goal of autonomic computing is to create complex systems that run themselves, while keeping the system’s complexity invisible to the end user. Autonomic computing addresses four key functions: self-configuring, self-healing, self-optimizing, and self-protecting. 46. Which of the following functions is addressed by autonomic computing? a. Self-configuring b. Self-accounting c. Self-damaging d. Self-producing ANS: A RATIONALE: Autonomic computing is the ability of information technology systems to manage themselves and adapt to changes in the computing environment, business policies, and operating objectives. Autonomic computing addresses four key functions: self-configuring, self-healing, selfoptimizing, and self-protecting. 47. Which of the following types of clouds is integrated through networking and is composed of both private and public clouds? a. Symmetric cloud b. Grid cloud c. Hybrid cloud d. Asymmetric cloud ANS: C RATIONALE: A hybrid cloud is composed of both private and public clouds integrated through networking. Organizations typically use the public cloud to run applications with less sensitive security requirements and highly fluctuating capacity needs, but run more critical applications, such as those with significant compliance requirements, on the private portion of their hybrid cloud. 48. Which of the following strategies is based on analyzing the work to be done, including its associated current processes and the level of effectiveness and resources required? a. Outsourcing governance process b. Smart sourcing c. Outsourcing contract d. Service-level agreement ANS: B RATIONALE: The critical component to obtaining successful results from any outsourcing activity is executive level understanding and support for a smart sourcing strategy. Smart sourcing is based on analyzing the work to be done, including its associated current processes and the level of effectiveness and resources required, and then determining the best way to do that work in the future, whether with internal employees, onshore or offshore outsourcing firms, or some combination. 49. The Statement on Standards for Attestation Engagements 16 (SSAE 16) is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). What does it define? a. It defines the method in which service companies must report on their compliance controls.
b. It defines the knowledge and skills required to operate core processes effectively. c. It defines the integration of public and private clouds through networking. d. It defines the issues faced by an organization integrating with a cloud computing environment. ANS: A RATIONALE: SSAE 16 is a regulation created by the Auditing Standards Board of the American Institute of Certified Public Accountants that defines how service companies must report on compliance controls. SSAE reports provide the auditors of user organizations with detailed information about controls at a service organization that affect the information provided to users. User auditors review the report to understand how the service organization interacts with the user’s financial reporting system, including how the information gets incorporated into the user’s financial statements. If a public company is using an outsourcing firm to perform financially significant duties for it, the public company is required to use a SSAE 16-qualified provider. 50. What does the Type 1 Statement on Standards for Attestation Engagements 16 (SSAE 16) report? a. It reports on the upfront infrastructure costs of a firm and on projects that differentiate their core business processes. b. It reports on the issues faced by an organization integrating with a cloud computing environment. c. It reports on the suitability of the design of the controls of an application service provider over a period of time. d. It reports on the fairness of the presentation of management’s description of a service organization’s system. ANS: D RATIONALE: SSAE 16 is a regulation created by the Auditing Standards Board of the American Institute of Certified Public Accountants that defines how service companies must report on compliance controls. In a Type 1 SSAE 16 engagement, the service auditor reports on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date. 51. What does the Type 2 Statement on Standards for Attestation Engagements 16 (SSAE 16) evaluate? a. It reports on the issues faced by an organization integrating with cloud computing environment. b. It reports on the suitability of the design of the controls of a service provider over a period of time. c. It reports on the fairness of the presentation of management’s description of a service organization’s system. d. It reports on the upfront infrastructure costs of a firm and on projects that differentiate their core business process. ANS: B RATIONALE: SSAE 16 is a regulation created by the Auditing Standards Board of the American Institute of Certified Public Accountants that defines how service companies must report on compliance controls. Type 2 SSAE 16 engagement evaluates the suitability of the design of the controls over a period of time. Most organizations do not even consider using an outsourcing service provider without a clean Type 2 report in place. 52. Why was the International Standard on Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization developed? a. To provide an international assurance standard for allowing public accountants to issue a report for use by user organizations b. To provide an international standard for measurements and to keep a check on the proper usage of the metric system
c. To provide an international standard and code of conduct for the protection of corporate data, copyrights, patents, and trade secrets d. To provide an international assurance standard for the confidentiality of customer data and retaining the ownership of all data submitted to the service provider ANS: A RATIONALE: The International Standard on Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization was developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting. It is the international equivalent of SSAE 16 and was issued by the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC). 53. A _____ is a high-level, summary document that defines both the services and the performance and availability levels at which those services will be provided by a service provider to an organization. a. customer service agreement b. product-level contract c. service-level agreement d. research and analysis service document ANS: C RATIONALE: Before signing an outsourcing contract, an organization should benchmark its existing service levels so that it knows how well the services are currently being delivered, as well as the associated costs. This benchmark can then be used to establish a reasonable baseline for negotiating target results and costs with the outsourcing service provider. The agreed-to targets are then used to define the service-level agreement (SLA) of the contract. A service-level agreement is a high-level, summary document that defines both the services and the performance and availability levels at which those services will be provided. 54. Identify the goal of a service-level agreement. a. To provide an international assurance standard for allowing public accountants to issue a report for use by user organizations b. To manage expectations between customer and service provider by creating a common understanding about services, priorities, and responsibilities c. To create complex systems that run themselves, while keeping the system’s complexity invisible to the end user in a public cloud environment d. To report on the fairness of the presentation of management’s description of a service organization’s system ANS: B RATIONALE: A service-level agreement is a high-level, summary document that defines both the services and the performance and availability levels at which those services will be provided. Its goal is to manage expectations between customer and service provider by creating a common understanding about services, priorities, and responsibilities. 55. Which of the following processes defines periodic formal reviews between the outsourcing company and its service provider and explicit escalation procedures in the event of a disagreement? a. A service-level agreement b. Smart sourcing c. Governance process
d. A research and analysis process ANS: C RATIONALE: Governance of an outsourcing contract involves formal and informal processes and rules to manage the relationship between the two organizations. Governance defines procedures such as periodic formal reviews between the outsourcing company and its service provider and explicit escalation procedures in the event of a disagreement. 56. Identify the goal of outsourcing governance procedures. a. To report on the fairness of the presentation of management’s description of a service organization’s system and the suitability of the design of the controls b. To create complex systems that run themselves, while keeping the system’s complexity invisible to the end user in a public cloud environment c. To provide data and resources on the upfront infrastructure costs of a firm and on projects that differentiate their core business process d. To ensure that the outsourcing initiative succeeds, even as personnel, business needs, and operating conditions change ANS: D RATIONALE: Governance defines procedures such as periodic formal reviews between the outsourcing company and its service provider and explicit escalation procedures in the event of a disagreement. The goal of such procedures is to ensure that the outsourcing initiative succeeds, even as personnel, business needs, and operating conditions change. 57. Who participates in the conflict resolution process for resolving any issues in an outsourcing agreement? a. The service-level agreement manager b. The executive employment agreement manager c. The chief executive officer d. The human resource officer ANS: A RATIONALE: The service-level agreement (SLA) manager establishes a good working relationship with the other organization’s SLA manager and maintains regular and ongoing communications. The SLA manager also performs an ongoing assessment of the process used to track and report service levels and participates in the conflict resolution process for resolving any issues in the outsourcing agreement. TRUE/FALSE: 1. Core processes have a direct impact on an organization’s customers, are major cost drivers, and are essential for providing services. ANS: True RATIONALE: A core business process is one that provides valuable customer benefits, is hard for competitors to imitate, and can be leveraged widely across many products and markets. It takes the unique knowledge and skills of the organization’s workers to operate these processes effectively. They have a direct impact on the organization’s customers, are major cost drivers, and are essential for providing services. 2. Outsourcing service providers have a higher cost structure due to greater economies of scale, specialization, or expertise.
ANS: False RATIONALE: Outsourcing service providers have a lower cost structure due to greater economies of scale, specialization, or expertise, which means they can perform the work at a much lower cost than their clients. In addition, the fundamental costs of doing business in a developing country are much lower than those in a developed country. 3. The fundamental costs of doing business in a developing country are higher than those in a developed country. ANS: False RATIONALE: The fundamental costs of doing business in a developing country—employee health care, retirement, and unemployment; taxes; and environmental and regulatory compliance—are much lower than those in a developed country. Such cost advantages tip the scales in favor of offshore outsourcing. 4. Substantive law is the part of the law that creates, defines, and regulates rights, including the law of contracts. ANS: True RATIONALE: Substantive law is the part of the law that creates, defines, and regulates rights, including the law of contracts. 5. All countries have the same stance on the protection of corporate data, copyrights, patents, and trade secrets. ANS: False RATIONALE: Various countries have widely divergent stances on the protection of corporate data, copyrights, patents, and trade secrets. An organization should consider whether the country has laws that will protect the firm’s intellectual property; also, it must determine whether the laws are actually enforced. 6. In public cloud computing, the service provider can deliver increasing amounts of computing, network, and storage capacity on demand and without requiring any capital investment on the part of the cloud users. ANS: True RATIONALE: With public cloud computing, a service provider organization owns and manages the infrastructure with cloud user organizations (called tenants) accessing slices of shared hardware resources via the Internet. The service provider can deliver increasing amounts of computing, network, and storage capacity on demand and without requiring any capital investment on the part of the cloud users. 7. Each private cloud has a defined set of available resources and users, with predefined quotas that limit how much capacity users of that cloud can consume. ANS: True RATIONALE: A private cloud environment is a single tenant cloud. Organizations that implement a private cloud often do so because they are concerned that their data will not be secure in a public cloud. Each private cloud has a defined set of available resources and users, with predefined quotas that limit how much capacity users of that cloud can consume.
8. The level of outsourcing risk is heightened as the organization increases the scope of processes being outsourced. ANS: True RATIONALE: A significant outsourcing risk is dealing with increased management complexity. This level of risk is heightened as the organization increases the scope of processes being outsourced. Many organizations hesitate to outsource processes that are considered mission critical, that are tightly linked to other key processes, that clearly differentiate them from the competition, or that strongly influence sales. 9. A good service-level agreement defines the customer’s right to audit the provider’s compliance and to conduct on-site inspections. ANS: True RATIONALE: A service-level agreement is a high-level, summary document that defines both the services and the performance and availability levels at which those services will be provided. A good service-level agreement defines the customer’s right to audit the provider’s compliance and to conduct on-site inspections. 10. The service-level agreement (SLA) manager serves as the primary point of contact for any issues related to the delivery of the services covered in the SLA. ANS: True RATIONALE: One of the keys to a successful outsourcing relationship is for both the customer and the outsourcing service provider to assign an SLA manager. The SLA manager serves as the primary point of contact for any issues related to the delivery of the services covered in the SLA. ESSAY: 1. Who is a global service provider? ANSWER: An advanced stage of outsourcing involves evaluating all aspects of an organization’s business activities to take advantage of an outsourcer’s best practices, business contacts, capabilities, experience, intellectual property, global infrastructure, or geographic presence by tapping resources and providing capabilities anywhere around the globe. An outsourcing firm that can provide these services is referred to as a global service provider (GSP). GSP fills a higher-level need than outsourcing firms that simply provide low-cost staff augmentation services. 2. Describe hybrid cloud computing. ANSWER: A hybrid cloud is composed of both private and public clouds integrated through networking. Organizations use the public cloud to run applications with less sensitive security requirements and highly fluctuating capacity needs. The private portion of the hybrid cloud is used to run critical applications, such as those with significant compliance requirements. 3. List the key questions that an organization should answer to separate its core business processes from less critical processes. ANSWER: A significant outsourcing risk is dealing with increased management complexity. This level of risk is heightened as the organization increases the scope of processes being outsourced. Many organizations hesitate to outsource processes that are considered mission critical, that are tightly linked to other key processes, that clearly differentiate them from the competition, or that strongly influence sales.
Organizations can answer the following key questions to separate their core business processes from less critical processes: How critical is the project or process to unique strategic differentiation? How competitive and innovative is the organization in this business area? How cost effective are activities in this business area? How much customer value does the project or process provide? 4. List five factors for evaluating outsourcing partners. ANSWER: When outsourcing a major business process or project, an organization should think in terms of hiring a partner, not just a provider. Organizations should choose outsourcing firms based on several factors. Some of them are as follows: Proven experience in business process outsourcing Reputation Knowledge of the industry Expertise in the organization’s processes Price Freedom from major lawsuits and customer complaints 5. List five functions of an efficient service-level agreement. ANSWER: A service-level agreement (SLA) is a high-level, summary document that defines both the services and the performance and availability levels at which those services will be provided by a provider. Some of the functions that an efficient SLA performs is as follows: Clearly identifies each service included in the outsourcing agreement Defines security standards and methods to be employed Specifies measurable performance levels for each service Defines details on how performance levels will be measured and reported for each service Defines both the customer’s and the service provider’s responsibility in meeting the performance level for each service 6. Describe the three basic alternatives of ownership of assets and facilities in an outsourcing contract. ANSWER: The ownership of assets and facilities is one important factor in determining the cost of the outsourcing contract. The three basic ownership alternatives are as follows: The firm can transfer ownership of the assets along with operational responsibility to the outsourcing service provider. The firm can transfer the assets to a third party under a leaseback arrangement. The firm can retain ownership of the assets while the provider takes on the operational responsibility.
Chapter 5: CORPORATE AND IT GOVERNANCE MULTIPLE CHOICE: 1. Interest in corporate governance has grown due to _____ scandals. a. accounting b. espionage c. journalistic d. plagiarism ANS: A RATIONALE: Interest in corporate governance has grown due to accounting scandals resulting in bankruptcies, multimillion-dollar fines, and/or jail sentences for senior executives at companies such as Arthur Andersen, Computer Associates, Enron, Global Crossing, Hewlett Packard, J.P. Morgan, Tesco, Tyco, and Worldcom. In addition, board members who are responsible for paying executives have been challenged as a result of several scandals. 2. Information technology (IT) _____ is a framework that ensures that information technology decisions are made while taking into account the goals and objectives of the business. a. wiki b. acquisition c. protocol d. governance ANS: D RATIONALE: Information technology governance is a framework that ensures that information technology decisions are made while taking into account the goals and objectives of the business. Governance includes defining the decision-making process itself, as well as defining who makes the decisions; who is held accountable for results; and how the results of decisions are communicated, measured, and monitored. 3. An organization’s _____ and board of directors are responsible for governance. a. executives b. customers c. retailers d. clients ANS: A RATIONALE: An organization’s executives and board of directors are responsible for governance. They carry out this duty through committees that oversee critical areas such as audits, compensation, and acquisitions. 4. According to enlightened organizations, information technology (IT) governance is the responsibility of: a. project management. b. IT management. c. human resource management.
d. executive management. ANS: D RATIONALE: An organization’s executives and board of directors are responsible for governance. They carry out this duty through committees that oversee critical areas such as audits, compensation, and acquisitions. Enlightened organizations recognize that information technology (IT) governance is not the responsibility of IT management but of executive management, including the board of directors. 5. Which of the following is considered a primary goal of effective information technology (IT) governance? a. Mitigating IT-related risks b. Identifying appropriate IT opportunities c. Ensuring smooth induction of IT in an organization d. Complying with section 504 of the Sarbanes-Oxley Act ANS: A RATIONALE: The two primary goals of effective information technology (IT) governance are ensuring that an organization achieves good value from its investments in IT and mitigating IT-related risks. Achieving good value from IT investments requires a close alignment between business objectives and IT initiatives. Mitigating IT-related risks means embedding accountability and internal controls in the organization. 6. Identify the portfolio management in which a manager weighs the rate of return and balances it against the risks associated with each investment. a. Human resource portfolio management b. Sourcing portfolio management c. Finance portfolio management d. Marketing portfolio management ANS: C RATIONALE: Information technology governance is similar to financial portfolio management, in which a manager weighs the rate of return and balances it against the risks associated with each investment. The manager then makes choices to achieve a good rate of return at an acceptable level of risk. 7. Which of the following is true of mitigating information technology (IT)-related risks? a. It delivers an organization’s strategic goals b. It aligns the business goals and objectives with IT project goals and objectives c. It achieves results with a high degree of predictability d. It embeds accountability and internal controls in an organization ANS: D RATIONALE: Mitigating information technology (IT)-related risks means embedding accountability and internal controls in the organization. Value and risk are the two main goals of IT governance. 8. Which of the following is an example of an organization’s strategic goal? a. Increased costs b. Increased market share
c. Increased time to market d. Decreased revenues ANS: B RATIONALE: Only information technology projects that are consistent with the business strategy and that support business goals and objectives should be considered for staffing and funding. Such projects will deliver the organization’s strategic goals, whether they are increased revenues, decreased costs, improved customer service, increased market share, or decreased time to market. 9. Which of the following is essential to allow information technology projects to be aligned with business goals? a. The projects must deliver expected business results on time and within budget. b. The projects must embed accountability and internal controls in an organization. c. The projects must be delayed to achieve the required quality. d. The projects must go beyond the budget to maintain the quality. ANS: A RATIONALE: For information technology projects to be aligned with business goals and properly staffed, funded, and executed, the projects must deliver expected business results on time and within budget. This process involves applying good project management principles to ensure that work is done efficiently and that results can be achieved with a high degree of predictability. 10. Which of the following is an intent of the Bank Secrecy Act? a. To create international standards that strengthen global capital and liquidity rules with the goal of promoting a more resilient banking sector b. To strengthen computer and network security within the U.S. federal government and affiliated parties by mandating yearly audits c. To detect and prevent money laundering by requiring financial institutions to report certain transactions to government agencies. d. To protect against identity theft by imposing disclosure requirements for businesses and government agencies that experience security breaches that might put the personal information of California residents at risk ANS: C RATIONALE: The intention of the Bank Secrecy Act is to detect and prevent money laundering by requiring financial institutions to report certain transactions to government agencies. It also withholds from clients that such reports were filed about them. 11. Which of the following act creates international standards that strengthen global capital and liquidity rules? a. Foreign corrupt practices Act b. Gramm-Leach-Bliley Act c. California Senate Bill 1386 d. Basel II Accord ANS: D
RATIONALE: Basel II Accord creates international standards that strengthen global capital and liquidity rules with the goal of promoting a more resilient banking sector. Its goal is to promote a more resilient banking sector. 12. Which of the following protects against identity theft of California residents? a. California Secrecy Act b. California Senate Bill 1386 c. California Union Data Protection Directive d. California Information Security Management Act ANS: B RATIONALE: California Senate Bill 1386 act protects against identity theft by imposing disclosure requirements for businesses and government agencies that experience security breaches that might put the personal information of California residents at risk. This is the first of many state laws aimed at protecting consumers from identity theft. 13. Identify the purpose of the Foreign Corrupt Practices Act. a. To govern the collection, use, and disclosure of personally identifiable information in the course of commercial transactions b. To protect cardholder data and ensure that merchants and service providers maintain strict information security standards c. To prevent certain classes of persons and entities from making payments to foreign government officials d. To create international standards that strengthen global capital and liquidity rules with the goal of promoting a more resilient banking sector ANS: C RATIONALE: The intent of the Foreign Corrupt Practices Act is to prevent certain classes of persons and entities from making payments to foreign government officials. This is done in an attempt to obtain or retain business. 14. Which act identifies the U.S. taxpayers who hold financial assets in non-U.S. financial institutions and offshore accounts? a. Foreign Account Tax Compliance Act b. Foreign Corrupt Practices Act c. U.S. Senate Bill Act d. Basel II Tax Accord ANS: A RATIONALE: Foreign Account Tax Compliance Act identifies U.S. taxpayers who hold financial assets in non-U.S. financial institutions and offshore accounts. This is done so that the taxpayers cannot avoid their U.S. tax obligations. 15. Which act strengthens computer and network security within the U.S. federal government? a. Federal Union Data Protection Act b. Federal Information Security Management Act c. Federal Corrupt Practices Act d. Federal-Bliley Act
ANS: B RATIONALE: Federal Information Security Management Act strengthens computer and network security within the U.S. federal government and affiliated parties (such as government contractors). This is done by mandating yearly audits. 16. Which of the following is true of European Union Data Protection Directive? a. It strengthens computer and network security within the European federal government and affiliated parties (such as government contractors) by mandating yearly audits. b. It protects the privacy of European Union citizens’ personal information by placing limitations on sending such data outside of the European Union to areas that are deemed to have less than adequate standards for data security. c. It identifies European taxpayers who hold financial assets in non-European financial institutions and offshore accounts so that they cannot avoid their tax obligations. d. It protects against identity theft by imposing disclosure requirements for businesses and government agencies that experience security breaches that might put the personal information of European residents at risk. ANS: B RATIONALE: The European Union Data Protection Directive protects the privacy of European Union citizens’ personal information. It protects by placing limitations on sending such data outside of the European Union to areas that are deemed to have less than adequate standards for data security. 17. Which of the following is true of the Personal Information Protection and Electronic Documents Act (Canada)? a. It governs the collection, use, and disclosure of personally identifiable information in the course of commercial transactions. b. It protects against identity theft by imposing disclosure requirements for businesses and government agencies that experience security breaches. c. It protects cardholder data and ensures that merchant and service providers maintains strict information security standards. d. It strengthens computer and network security by mandating yearly audits. ANS: A RATIONALE: The Personal Information Protection and Electronic Documents Act (Canada) governs the collection, use, and disclosure of personally identifiable information in the course of commercial transactions. It is created in response to European Union data protection directives 18. Identify the objective of the Gramm-Leach-Bliley Act. a. To identify the U.S. taxpayers who hold financial assets in non-U.S. financial institutions and ensure that they agree to the U.S. tax obligations b. To protect cardholder data and ensure that merchant and service providers maintain strict information security standards c. To protect the privacy and security of individually identifiable financial information collected and processed by financial institutions d. To prevent certain classes of persons and entities from making payments to foreign government officials in an attempt to obtain or retain business
ANS: C RATIONALE: The intent of the Gramm-Leach-Bliley Act is to protect the privacy and security of individually identifiable financial information collected and processed by financial institutions. 19. Which of the following is a process established by an organization’s board of directors to provide reasonable assurance for the effectiveness and efficiency of operations? a. Service transition b. Internal control c. Knowledge management d. Proactive analysis ANS: B RATIONALE: Internal control is the process established by an organization’s board of directors, managers, and information technology systems to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations. A fundamental concept of good internal controls is the careful separation of duties associated with a key process so that the duties must be performed by more than one person. 20. _____ is essential for any process that involves the handling of financial transactions so that fraud requires the collusion of two or more parties. a. Separation of duties b. Separation of process c. Separation of hierarchy d. Separation of analysis ANS: A RATIONALE: A fundamental concept of good internal controls is the careful separation of duties associated with a key process so that the duties must be performed by more than one person. Separation of duties is essential for any process that involves the handling of financial transactions so that fraud requires the collusion of two or more parties. 21. Which of the following is true of internal control? a. It renews the health insurance of the taxpayers. b. It checks bank statements of the citizens for accuracy. c. It verifies the taxpayers of a country for their income. d. It protects an organization’s resources. ANS: D RATIONALE: Internal control is the process established by an organization’s board of directors, managers, and information technology systems to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations. It plays a key role in preventing and detecting fraud and protecting an organization’s resources. 22. Which of the following is a goal of effective information technology (IT) governance? a. Resource management b. Risk management
c. Operations alignment d. Strategic alignment ANS: B RATIONALE: Information technology (IT) value delivery and risk management are the goals of effective IT governance. Strategic alignment and IT resource management are the methods for achieving these goals. 23. Which of the following is a method used to achieve the goals of information technology (IT) governance? a. Strategic alignment b. IT value delivery c. Risk management d. Operations management ANS: A RATIONALE: Information technology (IT) value delivery and risk management are the goals of effective IT governance. Strategic alignment and IT resource management are the methods for achieving these goals. 24. Identify the process that helps successful managers achieve high value from their investments in information technology (IT). a. IT governance b. IT collaboration c. Corporate collaboration d. Collaborative governance ANS: A RATIONALE: Successful managers seek opportunities to deliver the potential benefits promised by IT. Thus, successful managers need a process that can help them achieve high value from their investments in information technology (IT), manage associated risks, and deliver IT-related solutions that comply with increasing regulatory compliance demands. IT governance is just such a process. 25. Which of the following factors influences information technology (IT) related initiatives? a. A company’s internal control system b. A company’s balance sheet c. Career growth of employees d. The values of IT stakeholders ANS: D RATIONALE: Information technology (IT) related initiatives are seldom simple and straightforward. They are influenced by many factors: the vision, mission, and values of the organization; community and organizational ethics and values; a myriad of laws, regulations, and policies; industry guidelines and practices; changing business needs; and the values of the IT stakeholders and company owners. 26. Which of the following is true of the Committee of Sponsoring Organizations (COSO) 2013 framework?
a. It provides best practice recommendations on information security management for use by those responsible for initiating, implementing, or maintaining information security management systems. b. It provides guidance on enterprise risk management, internal control, and fraud deterrence. c. It provides a proven and practical framework for planning and delivering information technologyrelated services. d. It provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations. ANS: B RATIONALE: The Committee of Sponsoring Organizations (COSO) 2013 framework provides guidance on enterprise risk management, internal control, and fraud deterrence. It is designed to improve organizational performance and governance and reduce the extent of fraud in organizations. 27. _____ is a set of guidelines whose goal is to align information technology resources and processes with business objectives, quality standards, monetary controls, and security needs. a. International Standards Organization (ISO) 27002 b. Control Objectives for Information and Related Technology (COBIT) c. Committee of Sponsoring Organizations (COSO) 2013 d. Information Infrastructure Library (ITIL) ANS: B RATIONALE: Control Objectives for Information and Related Technology (COBIT) is a set of guidelines whose goal is to align information technology resources and processes with business objectives, quality standards, monetary controls, and security needs. It provides a framework for information technology management and governance consisting of process descriptions, control objectives, management guidelines, and models to assess maturity and capability for each process. 28. Which of the following provides a framework for information technology (IT) management and governance consisting of process descriptions, management guidelines, and models to assess maturity and capability for each process? a. Committee of Sponsoring Organizations (COSO) 2013 b. Information Infrastructure Library (ITIL) c. Control Objectives for Information and Related Technology (COBIT) d. International Standards Organization (ISO) 27002 ANS: C RATIONALE: Control Objectives for Information and Related Technology (COBIT) provides a framework for information technology management and governance consisting of process descriptions, control objectives, management guidelines, and models to assess maturity and capability for each process. It is a set of guidelines whose goal is to align information technology resources and processes with business objectives, quality standards, monetary controls, and security needs. 29. Which of the following is an overview of the international standards organization (ISO) framework? a. It provides guidance on enterprise risk management, internal control, and fraud deterrence. b. It provides best practice recommendations on information security management for use by those responsible for initiating, implementing, or maintaining information security management systems. c. It provides a proven and practical framework for planning and delivering information technology services.
d. It provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations. ANS: B RATIONALE: International standards organization (ISO) framework provides best practice recommendations on information security management. It is developed for use by those responsible for initiating, implementing, or maintaining information security management systems. 30. Which of the following frameworks provides information technology (IT) services based on a synthesis of the best ideas from international practitioners? a. IT Infrastructure Library (ITIL) b. Committee of Sponsoring Organizations (COSO) 2013 c. Control Objectives for Information and Related Technology (COBIT) d. International Standards Organization (ISO) 27002 ANS: A RATIONALE: Information Technology Infrastructure Library (ITIL) provides a proven and practical framework for planning and delivering IT services based on a synthesis of the best ideas from international practitioners. It also provides best practices and criteria for effective IT services such as help desk, network security, and IT operations. 31. _____ advocates that information technology services be aligned with the objectives of the business and support the core business processes. a. The Human Resources Act b. The finance directory c. The Control Objectives for Information and Related Technology (COBIT) d. The Information Technology Infrastructure Library (ITIL) ANS: D RATIONALE: Information Technology Infrastructure Library (ITIL) provides best practices and criteria for effective IT services such as help desk, network security, and IT operations. ITIL advocates that IT services be aligned with the objectives of the business and support the core business processes. 32. _____ is a useful tool to improve the quality and measurability of information technology (IT) governance or to implement a system for improved regulatory compliance. a. Control Objectives for Information and Related Technology (COBIT) b. Information Technology Infrastructure Library (ITIL) c. Committee of Sponsoring Organizations (COSO) d. International Standards Organization (ISO) ANS: A RATIONALE: Control Objectives for Information and Related Technology (COBIT) provides guidelines for 37 processes that span a wide range of information technology (IT)-related activities. COBIT is a useful tool to improve the quality and measurability of IT governance or to implement a control system for improved regulatory compliance.
33. Which phase of the Information Technology Infrastructure Library (ITIL) involves understanding the service offerings required to meet the needs of the IT customers? a. Service design b. Service operation c. Service strategy d. Service transition ANS: C RATIONALE: Service strategy involves understanding who the information technology (IT) customers are, the service offerings required to meet their needs. It also analyzes IT capabilities and resources required to develop and successfully execute these offerings. 34. Which of the following best describes the service transition phase of the Information Technology Infrastructure Library (ITIL)? a. It involves understanding who the IT customers are, the service offerings required to meet their needs, and the IT capabilities and resources required to develop and successfully execute these offerings. b. It involves following the design to build, test, and move into production the services that will meet customer expectations. c. It ensures that the new and/or changed services are designed effectively to meet customer expectations. d. It provides a means for an IT organization to measure and improve the service levels, the technology, and the efficiency and effectiveness of processes used in the overall management of services. ANS: B RATIONALE: Service transition involves following the design to build, test, and move into production the services that will meet customer expectations. It is the phase next to the service design phase. 35. _____ ensures that the new and/or changed services are modeled effectively to meet customer expectations. a. Service design b. Service operation c. Service transition d. Service strategy ANS: A RATIONALE: Service design ensures that the new and/or changed services are designed effectively to meet customer expectations. The designed service is then built, tested, and moved in the service transition phase. 36. Spivy Tech, a software firm, has decided to change one of its services to effectively meet its customer expectations. In the context of Information Technology Infrastructure Library (ITIL), identify the phase of the service life cycle that ensures that the changed services are designed effectively to meet customer expectations. a. Service design b. Service operation c. Service strategy d. Service transition ANS: A
RATIONALE: Service design ensures that the new and/or changed services are designed effectively to meet customer expectations. The designed service is then built, tested, and moved in the service transition phase. 37. In the context of Information Technology Infrastructure Library, _____ delivers information technology (IT) services on an ongoing basis while monitoring the overall quality of the service. a. service design b. service transition c. service strategy d. service operation ANS: D RATIONALE: Service operation delivers information technology services on an ongoing basis while monitoring the overall quality of the service. The delivered services are the built in the service transition phase. 38. In the context of Information Technology Infrastructure Library, _____ provides a means for an information technology (IT) organization to measure and improve the service levels. a. continual transition improvement b. continual process improvement c. service strategy d. service operation ANS: B RATIONALE: Continual process improvement provides a means for an information technology organization to measure and improve the service levels, the technology. It also improves the efficiency and effectiveness of processes used in the overall management of services. 39. In the Plan-Do-Check-Act (PDCA) model, identify the step that requires the improvement team to identify its target improvement area. a. The Do step b. The Check step c. The Plan step d. The Act step ANS: C RATIONALE: The Plan step requires the improvement team to identify its target improvement area, analyze how things work currently, and identify opportunities for improvement. This step is followed by a Do step that implements the change decided in the Plan step. 40. Patrick, a senior manager, has decided to promote one of his team members as an associate mentor based on her skill and hard work. Which stage in the Plan-Do-Check-Act (PDCA) model corresponds to this scenario? a. The Do step b. The Check step c. The Plan step d. The Act step
ANS: A RATIONALE: In the Do step, the change decided in the Plan step is implemented, often on a pilot or limited basis to assess the potential impact of the proposed change(s). This step is followed by a Check step that measures the results of change. 41. Benchmarking the current process using the Control Objectives for Information and Related Technology (COBIT) framework is done in the _____ step of the Plan-Do-Check-Act model. a. Plan b. Do c. Check d. Act ANS: A RATIONALE: Choosing a specific information technology process to improve, setting goals for the chosen processes, benchmarking the current process using the Control Objectives for Information and Related Technology (COBIT) framework, analyzing the current process, identifying gaps between actual and ideal processes, and developing improvement ideas using best practices from COBIT are activities done in the Plan step of the Plan-Do-Check-Act model. The Plan step requires the improvement team to identify its target improvement area, analyze how things work currently, and identify opportunities for improvement.
42. In the _____ step of the Plan-Do-Check-Act model, the results of a change are measured. a. Do b. Check c. Plan d. Act ANS: B RATIONALE: In the Check step, the results of a change are measured. This step is followed by an Act step, where an improvement team considers whether it is worth continuing the process with the recently implemented change. 43. Gink Corporation, a multinational company, has several branches throughout the world. They have recently installed a new security mechanism in their California branch. However, they are not happy with the profit earned by that particular branch. If the results in the upcoming months are not fruitful, they might consider shutting down its operations to avoid loss of revenue. Which stage in the Plan-Do-CheckAct (PDCA) model corresponds to this scenario? a. The Do step b. The Check step c. The Plan step d. The Act step ANS: D RATIONALE: In the Act step, the improvement team considers whether it is worth continuing a process with a recently implemented change. If the change is too complicated for people to follow or if it led to insignificant improvements, then the change may be aborted. At this point the team would go back to the
Do step and start over. Thus, the completion of one cycle of improvement flows into the beginning of the next cycle. 44. A _____ defines the people and procedures required to ensure timely and orderly resumption of an organization’s essential, time-sensitive processes with minimal interruption. a. business initiation plan b. business valuation plan c. business continuity plan d. business improvement plan ANS: C RATIONALE: A business continuity plan defines the people and procedures required to ensure timely and orderly resumption of an organization’s essential, time-sensitive processes with minimal interruption. Having a business continuity plan in place before the business interruption occurs is critical. 45. Which of the following specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system? a. The International Standards Organizational standard ISO 22301:2012 b. The International Standards Organizational standard ISO 22313:2012 c. The International Standards Organizational standard ISO 22320:2011 d. The International Standards Organizational standard ISO 22323:2010 ANS: A RATIONALE: The International Standards Organizational standard ISO 22301:2012 (“Societal Security– Business Continuity Management Systems–Requirements”) specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system to prepare for, respond to, and recover from disruptive events when they arise. The standard is applicable to organizations in all industries, profit and nonprofit, and of all sizes. 46. Which of the following is the effort made by an ordinarily prudent party to avoid harm to another party? a. Business stake b. Due diligence c. Outsourcing d. Internal control ANS: B RATIONALE: Due diligence is the effort made by an ordinarily prudent or reasonable party to avoid harm to another party. Failure to make this effort may be considered negligence. 47. Which of the following is considered a part of due diligence? a. The scope of the Plan-Do-Check-Act (PDCA) model b. Metrics and best practices of information technology (IT) related processes c. A written and tested business continuity plan d. Information security management ANS: C
RATIONALE: Being able to show a written, tested business continuity plan is considered part of due diligence. Indeed, many laws and regulations specify requirements for business continuity planning. The requirements vary by country and by industry. 48. The scope of a full _____ addresses the health and safety of all workers. a. business initiation plan b. business valuation plan c. business improvement plan d. business continuity plan ANS: D RATIONALE: The scope of a full business continuity plan addresses the health and safety of all workers. It minimizes financial loss, including damages to facilities, critical data, records, finished products, and raw materials; minimizes the interruption to critical business processes; and provides for effective communications to customers, business partners, and shareholders. 49. Identify the process in a disaster recovery plan that is responsible for contracts and payroll information. a. Identify vital records and data b. Define resources and actions to recover c. Define emergency procedures d. Conduct a business impact analysis ANS: A RATIONALE: Every company has key electronic records and hard copy data that are essential to manage and control the cash flow and other tangible assets of the organization. These records include customer data, contracts, current order information, accounts payable data, accounts receivable data, inventory records, and payroll information. Companies must identify vital records and data and then determine where and how they are being stored and backed up. 50. Which of the following is a recommended approach for data backup? a. Allow employees to take copies of vital data home at the end of the work day. b. Store the data in a building adjacent to the company. c. Store all the data in an external disk and place it in the server room. d. Use online databases to update and backup the data. ANS: D RATIONALE: The recommended and widely implemented approach for data backup is to use online databases to update the data; as online databases are updated, companies can have these changes mirrored on a backup database hundreds of miles away. This approach is expensive, but it provides rapid access to current data in the event of a disaster. 51. Which of the following is an inexpensive yet safe way to backup vital data? a. Allow employees to take backup copies of vital data home at the end of the work day. b. Copy online databases to magnetic storage devices and ship them off-site. c. Store the backup data in a building located near the company. d. Use online databases to update and backup the data.
ANS: B RATIONALE: An inexpensive yet safe approach to backup vital data is to copy online databases every night to high-volume, inexpensive magnetic storage devices and ship them off-site to a data storage facility in another state. This low-cost solution minimizes the potential for losing more than one day of data. 52. The time within which a business function must be recovered before an organization suffers serious damage is known as the: a. critical time objective. b. business recovery time. c. recovery time objective. d. attrition recovery time. ANS: C RATIONALE: The time within which a business function must be recovered before an organization suffers serious damage is called the recovery time objective. Based on this data, each business function can be placed in the appropriate category. 53. Which of the following best describes the “AA” priority business function of a firm? a. This business function is extremely critical to the operation of the firm and cannot be unavailable for more than a few minutes without causing severe problems. b. This business function is critical to the operation of the firm and cannot be unavailable for more than a few hours without causing severe problems. c. This business function, while significant, can be unavailable for up to a few days without causing severe problems. d. This business function can be unavailable for several days in times of a major disaster without causing major problems. ANS: B RATIONALE: The “AA” business function is critical to the operation of a firm and cannot be unavailable for more than a few hours without causing severe problems. Accounts receivable and accounts payable can be examples of this business function. 54. Payroll is an example of a: a. “A” priority business function. b. “AAA” priority business function. c. “AA” priority business function. d. “B” priority business function. ANS: A RATIONALE: Payroll business function, while significant, can be unavailable for up to a few days without causing severe problems. Thus, it belongs to the “A” priority business function. 55. Ernsyl, an e-publishing firm, consists of 500 employees. However, the HR manger feels that they need to double their employee strength in the upcoming year to meet the needs of the future projects that are in pipeline. In the context of business functions, this scenario is an example of a:
a. “A” priority business function. b. “AAA” priority business function. c. “AA” priority business function. d. “B” priority business function. ANS: D RATIONALE: Employee recruiting is a business function that can be unavailable for several days in times of a major disaster without causing major problems. Thus it belongs to the “B” priority business function. 56. Which of the following best describes the ‘’AAA’’ priority business function of a firm? a. This business function, while significant, can be unavailable for up to a few days without causing severe problems. b. This business function is critical to the operation of the firm and cannot be unavailable for more than a few hours without causing severe problems. c. This business function is extremely critical to the operation of the firm and cannot be unavailable for more than a few minutes without causing severe problems. d. This business function can be unavailable for several days in times of a major disaster without causing major problems. ANS: C RATIONALE: The “AAA” business function is extremely critical to the operation of a firm and cannot be unavailable for more than a few minutes without causing severe problems. Order processing is an example of this business function. 57. _____ is the replication and hosting of physical or virtual servers and other necessary hardware and software by a third-party service provider to deliver information technology services in the event of a disaster. a. Disaster recovery as a service (DRaaS) b. Disaster recovery as an event (DRaaE) c. Disaster recovery as a platform (DRaaPL) d. Disaster recovery as a solution (DRaaSL) ANS: A RATIONALE: Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers and other necessary hardware and software by a third-party service provider to deliver information technology services in the event of a disaster. Many small-to-midsized organizations implement a DRaaS strategy to avoid the costs and effort associated with building and maintaining their own off-site disaster recovery (DR) environment. 58. _____ defines the steps to be taken during a disaster and immediately following it. a. Business impact analyses b. Emergency procedures c. Recovery time objective d. Due diligences ANS: B
RATIONALE: Emergency procedures define the steps to be taken during a disaster and immediately following it. A little planning and practice of such procedures can minimize loss of life and injuries as well as reduce the impact on a business and its operations. 59. Which of the following disaster recovery teams provides direction and command during a disaster? a. The emergency response group b. The business continuity group c. The control group d. The business recovery group ANS: C RATIONALE: The control group provides direction and control during a disaster and operates from a secure emergency operations center equipped with emergency communications gear. The group gathers and analyzes data needed to make decisions and direct the work of the emergency response team and business recovery team. 60. Which of the following best describes the role of a control group in the disaster recovery team? a. It helps save lives and contain the impact of the disaster. b. It assess the extent of the damage and decide if or when it may be safe to reenter the affected work area. c. It recommends whether the disaster recovery plan needs to be put into effect or not. d. It gathers and analyzes the data needed to make decisions and direct the work of the emergency response team and business recovery team. ANS: D RATIONALE: The control group provides direction and control during a disaster and operates from a secure emergency operations center equipped with emergency communications gear. The group gathers and analyzes data needed to make decisions and direct the work of the emergency response team and business recovery team. 61. Which of the following best describes the role of an emergency response team in the disaster recovery team? a. They help save lives and contain the impact of the disaster. b. They assess the extent of the damage and decide if or when it may be safe to reenter the affected work area. c. They recommend whether the disaster recovery plan needs to be put into effect or not. d. They gather and analyze the data needed to make decisions and direct the work of the emergency response team and business recovery team. ANS: A RATIONALE: For most organizations, the emergency response team includes members of the fire department, police department, and other first responders. Some large organizations have their own emergency firefighting department. Their role is to help save lives and contain the impact of the disaster. 62. The _____ team in most organizations includes members of the fire department, police department, and other first responders. a. emergency response b. control
c. business recovery d. business continuity ANS: a RATIONALE: The emergency response team in most organizations includes members of the fire department, police department, and other first responders. The members of this team should be carefully selected based on their areas of expertise, experience, and ability to function well under extreme pressure. 63. Which group in the disaster recovery team decides when employees can reenter the affected work area after a disaster? a. The emergency response group b. The control group c. The business recovery group d. The business continuity group ANS: C RATIONALE: The business recovery group includes employees and nonemployee specialists who assess the situation once it is safe to do so. They assess the extent of the damage and decide if or when it may be safe to reenter the affected work area. 64. An earthquake relief team has arrived at an affected area of a company to assess the extent of damage. They recommend the immediate implementation of the disaster recovery plan as they feel that the impact of the earthquake was very high. In the context of disaster recovery teams, the earthquake relief team is an example of a(n) _____. a. emergency response group b. business recovery group c. control group d. business continuity group ANS: B RATIONALE: The business recovery group includes employees and nonemployee specialists who assess the situation once it is safe to do so. They assess the extent of the damage and decide if or when it may be safe to reenter the affected work area. They recommend whether the disaster recovery plan needs to be put into effect, depending on the impact of the disaster or incident. 65. Who receives additional training in crowd control to help workers evacuate from a work area? a. Manager b. Supervisor c. Administrative officer d. Floor warden ANS: D RATIONALE: It is a good practice to identify “floor wardens” who are responsible for evacuating a given floor or work area. These floor wardens receive additional training in crowd control, first aid, CPR, operation of defibrillators, and helping handicapped workers evacuate. TRUE/FALSE:
1. The rise in the popularity of corporate governance is due to plagiarism scandals. ANS: False RATIONALE: Interest in corporate governance has grown due to accounting scandals resulting in bankruptcies, multimillion-dollar fines, and/or jail sentences. 2. Only information technology projects that are consistent with the business strategy and that support business goals and objectives should be considered for staffing and funding. ANS: True RATIONALE: Only information technology projects that are consistent with the business strategy and that support business goals and objectives should be considered for staffing and funding. Such projects will deliver an organization’s strategic goals, whether they are increased revenues, decreased costs, improved customer service, increased market share, or decreased time to market. 3. The objective of the Foreign Account Tax Compliance Act is to prevent certain classes of persons and entities from making payments to foreign government officials. ANS: False RATIONALE: The objective of the Foreign Account Tax Compliance Act is to identify U.S. taxpayers who hold financial assets in non-U.S. financial institutions and offshore accounts so that they cannot avoid their U.S. tax obligations. 4. The USA PATRIOT Act protects the interests of investors and consumers by requiring that the annual reports of public companies include an evaluation of the effectiveness of internal control over financial reporting. ANS: False RATIONALE: The USA PATRIOT Act is designed to combat the financing of terrorism through money laundering and other financial crimes. 5. Performance measurement is the process by which an organization achieves its information technology governance goals. ANS: False RATIONALE: Performance measurement is the means by which management tracks how well its information technology governance efforts are succeeding. 6. Information technology-related initiatives are simple and straightforward. ANS: False RATIONALE: Information technology (IT)-related initiatives are seldom simple and straightforward. They are influenced by many factors: the vision, mission, and values of the organization; community and organizational ethics and values; a myriad of laws, regulations, and policies; industry guidelines and practices; changing business needs; and the values of the IT stakeholders and company owners.
7. The information technology infrastructure library (ITIL) is used to standardize, integrate, and manage information technology (IT) service delivery. ANS: True RATIONALE: The IT Infrastructure Library (ITIL) is a set of guidelines initially formulated by the U.K. government in the late 1980s and widely used today to standardize, integrate, and manage IT service delivery. ITIL provides a proven and practical framework to plan and deliver IT operational services based on a synthesis of the best ideas from international practitioners. 8. A business continuity plan is to be implemented after the occurrence of an interruption in a service. ANS: False RATIONALE: Having a business continuity plan in place before a business interruption occurs is critical; otherwise, an organization may not be able to respond quickly enough to prevent service interruption. 9. The International Standards Organizational standard ISO 22301:2012 is applicable only to nonprofit organizations. ANS: False RATIONALE: The International Standards Organizational standard ISO 22301:2012 (“Societal Security– Business Continuity Management Systems–Requirements”) specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system to prepare for, respond to, and recover from disruptive events when they arise. The standard is applicable to organizations in all industries, profit and nonprofit, and of all sizes. 10. The disaster recovery plan must be tested in advance to ensure that it is effective and that people can execute it. ANS: True RATIONALE: The disaster recovery plan must be tested to ensure that it is effective and that people can execute it. Many companies practice the disaster recovery plan for at least one AAA priority system once per year. ESSAY: 1. Define Control Objectives for Information and Related Technology (COBIT). What are the principles proposed by COBIT that guide the governance of information technology (IT)? ANS: Control Objectives for Information and Related Technology (COBIT) is a set of guidelines whose goal is to align information technology (IT) resources and processes with business objectives, quality standards, monetary controls, and security needs. These guidelines are issued by the IT Governance Institute. They provide metrics, best practices, and critical success factors for COBIT-defined IT-related processes. COBIT 5.0 proposes five principles that guide governance of IT: a. Meeting stakeholder needs b. Covering an enterprise end-to-end c. Applying a single, integrated framework d. Enabling a holistic approach
e. Separating governance from management 2. Explain the need for a business continuity plan. ANS: A business continuity plan defines the people and procedures required to ensure timely and orderly resumption of an organization’s essential, time-sensitive processes with minimal interruption. Having a business continuity plan in place before a business interruption occurs is critical; otherwise, the organization may not be able to respond quickly enough to prevent service interruption. 3. Define a disaster recovery plan. What are the various process involved in developing a disaster recovery plan? ANS: A disaster recovery plan is a component of the organization’s business continuity plan that defines the process to recover an organization’s business information system assets including hardware, software, data, networks, and facilities in the event of a disaster. The disaster recovery plan focuses on technology recovery and identifies the people or the teams responsible for taking action in the event of a disaster, what exactly these people will do when a disaster strikes, and the information system resources required to support critical business processes. The process involved in developing a disaster recovery plan includes: a. Identifying vital records and data. b. Conducting a business impact analysis. c. Defining resources and actions to recover. d. Defining emergency procedures. e. Identifying and training business continuity teams. f. Training employees. g. Practicing and updating plan.
CHAPTER 6— COLLABORATION TOOLS MULTIPLE CHOICE 1. A(n) _____ allows users to leave messages or read public messages that announce upcoming events, new products, and changes in services as well as solutions to problems encountered using the organization’s products or services. a. electronic bulletin board b. calendaring software c. presence information tool d. intermediate workspace ANS: A RATIONALE: An electronic bulletin board allows users to leave messages or read public messages that announce upcoming events, new products, and changes in services as well as solutions to problems encountered using the organization’s products or services. Organizations often add bulletin board capabilities to their Web sites to attract a community of users and increase site traffic. 2. Why do organizations add bulletin board capabilities to their Web sites? a. To create audio programs b. To provide technical support c. To increase site traffic d. To upgrade system software ANS: C RATIONALE: An electronic bulletin board allows users to leave messages or read public messages that announce upcoming events, new products, and changes in services as well as solutions to problems encountered using the organization’s products or services. Organizations often add bulletin board capabilities to their Web sites to attract a community of users and increase site traffic. 3. Which of the following is a collaboration tool used by organizations to keep visitors informed about developments associated with the organization? a. A shared workspace b. Web conferencing c. A presence information tool d. An electronic bulletin board ANS: D RATIONALE: An electronic bulletin board allows users to leave messages or read public messages that announce upcoming events, new products, and changes in services as well as solutions to problems encountered using the organization’s products or services. Organizations often add bulletin board capabilities to their Web sites to attract a community of users and increase site traffic. Often the bulletin board is used to keep visitors informed about developments associated with the organization. 4. A _____ is a Web site in which contributors provide ongoing commentary on a particular subject. It is also used as a personal online diary or as a way to address current issues and local news. a. wiki b. blog c. podcast d. Webcast
ANS: B RATIONALE: A blog is a Web site in which contributors provide ongoing commentary on a particular subject. A blog is sometimes used as a personal online diary or as a way to address current issues and local news. 5. Increasingly, organizations are using _____ externally for branding, marketing, or public relations purposes. a. corporate presence information b. corporate podcasts c. corporate blogs d. corporate wikis ANS: C RATIONALE: A blog is a Web site in which contributors provide ongoing commentary on a particular subject. A blog provides updates on organizational efforts, including new products and services. Increasingly, organizations are using corporate blogs externally for branding, marketing, or public relations purposes. 6. _____ can be a good way for a corporation to make itself appear more personable and appealing. a. Corporate blogging b. Corporate auditing c. Corporate financing d. Corporate training ANS: A RATIONALE: Increasingly, organizations are using corporate blogs externally for branding, marketing, or public relations purposes. Corporate blogging can be a good way for a corporation to make itself appear more personable and appealing. 7. Which of the following is true of the First Amendment of the U.S. Constitution? a. It protects Americans from high tax rates and enables them to be eligible for federal insurance policies. b. It protects Americans’ rights to freedom of religion and freedom of expression. c. It delays laws that affect employees’ salary increases from taking effect until after the next congressional election. d. It protects employees’ property rights and provides compensation in case the state takes over the organization. ANS: B RATIONALE: The First Amendment of the U.S. Constitution protects Americans’ rights to freedom of religion and freedom of expression. This amendment provides protection from potential actions by the federal government. It does not apply to actions that private companies or individuals may take if what the employee says is untrue and damages the organization or individual. 8. _____ allows people to capture and record scheduled meetings and events. a. A firewall b. Really Simple Syndication c. A shared workspace d. Calendaring software ANS: D
RATIONALE: Calendaring software allows people to capture and record scheduled meetings and events. It can also be used to determine the resource availability and schedule rooms and meetings. 9. Identify the collaboration tool used by organizations to determine the availability of team members and to send email notifications and reminders for meetings and event participations. a. Really Simple Syndication b. Calendaring software c. A Webcast d. A podcast ANS: B RATIONALE: Calendaring software allows people to capture and record scheduled meetings and events. The software enables you to check the electronic calendar of team members for open time slots and to send email notifications and reminders to meeting and event participants. 10. A project manager in Sam’s Inc. has to update his fifty-member team on an upcoming project. He needs to schedule a meeting with all the members for this purpose. He finds it difficult to know the availability of each member to schedule the meeting at a convenient time. Which of the following collaboration tools will help the project manager to find the availability of the members? a. Calendaring software b. A podcast c. A Web conference d. Really Simple Syndication ANS: A RATIONALE: Calendaring software allows people to capture and record scheduled meetings and events. The software enables one to check the electronic calendar of team members for open time slots and to send email notifications and reminders to meeting and event participants. 11. Which of the following tools is used to send scheduled email alerts to remind individuals about their upcoming tasks or assignments? a. A Really Simple Syndication feed b. Calendaring software c. A podcast d. Presence information ANS: A RATIONALE: Calendaring software provides immediate access to the schedule for all involved staff members no matter where they are, via their personal computer or mobile device. In addition, the software can also send scheduled email alerts to remind individuals of upcoming appointments. 12. _____ includes a number of technologies and products that allows remote access and remote collaboration on a person’s computer. a. Calendaring software b. Instant messaging c. Desktop sharing d. Web conferencing ANS: C
RATIONALE: Desktop sharing includes a number of technologies and products that allows remote access and remote collaboration on a person’s computer. It can be used to provide technical support and product demos. 13. Which of the following is true of a desktop sharing collaboration tool? a. It determines resource availability and helps schedule rooms and meetings. b. It provides technical support, on-demand customer support, and product demos. c. It helps conduct collaborative meetings and live presentations over the Internet. d. It provides users with the ability to see a colleague’s availability status. ANS: B RATIONALE: Desktop sharing offers desktop remote control, data backup, file sharing, remote system administration, and on-demand customer support. It is an effective means to provide technical support and product demos. A common form of desktop sharing called remote log-in makes it possible for technicians to access users’ computers distantly to perform setup, training, diagnostics, and repair. 14. John noticed that the touchpad of his new laptop was not working. He immediately called customer service and explained the issue. The customer service technician deduced that a missing software driver associated with the touchpad had caused the problem and fixed it by gaining access to John’s laptop. Identify the collaboration tool used by the technician to resolve the issue. a. A Really Simple Syndication feed b. Remote log-in c. Presence information d. An electronic bulletin board ANS: B RATIONALE: Desktop sharing includes a number of technologies and products that allows remote access and remote collaboration on a person’s computer. Remote log-in, a common form of desktop sharing, allows users to connect to their computer while they are away from the computer. 15. Jeremy, a project leader in Cystope Technologies is asked to update the logs for several employees in the afternoon on his day off, as the logs have to be dispatched to headquarters by the end of the day. It is not feasible for him to travel to office and other employees are not allowed to access his system as per company rules. Identify the collaboration tool that will help the Jeremy access his system without going to the office. a. Microsoft Lync b. Instant messaging c. Freemium model d. Remote log-in ANS: D RATIONALE: Remote log-in allows users to connect to their office computer while they are away from the office. Remote log-in makes it possible for technicians to access users’ computers distantly to perform setup, training, diagnostics, and repair. All of these services are provided with no need for travel by the user or the technician and without requiring the shipment of computers back and forth. 16. A few project leaders of Zord Inc. started facing problems with their systems. The head technician, who was on leave, was consulted. Since he knew the solution but visiting the firm was not feasible, the head technician required access to their systems. Identify the collaboration tool that would help the head technician in this scenario.
a. Remote log-in b. A podcast c. Calendaring software d. A Webinar ANS: A RATIONALE: Remote log-in allows users to connect to their office computer while they are away from the office. Remote log-in makes it possible for technicians to access users’ computers distantly to perform setup, training, diagnostics, and repair. All of these services are provided with no need for travel by the user or the technician and without requiring the shipment of computers back and forth. 17. _____ makes it possible for technicians to access users’ computers distantly to perform setup, training, diagnostics, and repair. a. Instant messaging b. Remote log-in c. Presence information d. Really Simple Syndication ANS: B RATIONALE: Remote log-in allows users to connect to their office computer while they are away from the office. Remote log-in makes it possible for technicians to access users’ computers distantly to perform setup, training, diagnostics, and repair. All of these services are provided with no need for travel by the user or the technician and without requiring the shipment of computers back and forth. 18. Which of the following is a benefit of a desktop sharing collaboration tool? a. It minimizes the users’ downtime and enables them to return to productive work as quickly as possible. b. It provide users with the ability to see a colleague’s availability status and plan work flow accordingly. c. It allows participants to create and edit Web page content freely using any browser or wiki software. d. It provides ease of access to digital content that is of interest to project team members and work groups. ANS: A RATIONALE: Desktop sharing includes a number of technologies and products that allows remote access and remote collaboration on a person’s computer. Remote log-in makes it possible for technicians to access users’ computers distantly to perform setup, training, diagnostics, and repair. All of these services are provided with no need for travel by the user or the technician and without requiring the shipment of computers back and forth. Such service minimizes the users’ downtime and enables them to return to productive work as quickly as possible. 19. _____ is a one-to-one conversation in which one computer communicates with another for the purpose of exchanging text and images. a. A wiki b. Really simple syndication c. Instant messaging d. A shared workspace ANS: C
RATIONALE: Instant messaging (IM) is a one-to-one conversation in which one computer communicates with another for the purpose of exchanging text, images, and more. It can be used to send and receive brief text messages to provide updates and ask and respond to questions. 20. Which of the following is considered a vital feature of instant messaging services for a business? a. Data backup b. Remote system administration c. Asynchronous communication d. Ability to work on multiple platforms ANS: D RATIONALE: Instant messaging (IM) is a one-to-one conversation in which one computer communicates with another for the purpose of exchanging text, images, and more. Important features to look for in instant messaging applications for a business setting include the ability to work on Windows and Mac computers and laptops as well as on Android and iPhone smartphones, strong encryption of messages, and the ability to set up and make conference calls from within the application. 21. Instant messaging is primarily used in a(n) _____ communications mode. a. synchronous b. asynchronous c. isochronous d. isosynchronous ANS: A RATIONALE: Instant messaging (IM) is a one-to-one conversation in which one computer communicates with another for the purpose of exchanging text, images, and more. It is less formal than email and is used primarily in a synchronous communications mode, with both parties sending and receiving messages in real time. 22. _____ is used primarily in a synchronous communications mode, with both parties sending and receiving messages in real time. a. A wiki b. A shared workspace c. Blogging d. Instant messaging ANS: D RATIONALE: Instant messaging (IM) is a one-to-one conversation in which one computer communicates with another for the purpose of exchanging text, images, and more. It is less formal than email and is used primarily in a synchronous communications mode, with both parties sending and receiving messages in real time. 23. _____ refers to the use of a digital forum where multiple people can communicate with one another by sending text, images, and screenshots to everyone at once. a. Wiki b. Chat c. Desktop sharing d. Shared workspace ANS: B
RATIONALE: Chat refers to the use of a digital forum (chatroom) where multiple people can communicate with one another by sending text, images, and screenshots to everyone at once. WhatsApp is one such chat application where people can sent and receive texts/images in real time. 24. Which of the following is true of chat? a. It can be used to send texts to many users at once. b. It supports only one-to-one conversation. c. It helps to capture and record scheduled meetings. d. It can help people remotely access a computer. ANS: A RATIONALE: Chat refers to the use of a digital forum (chatroom) where multiple people can communicate with one another by sending text, images, and screenshots to everyone at once. WeChat is one such chat application where people can sent and receive texts/images in real time. 25. A _____ is a business model in which the core product is given away without charge to a large group of users while the premium version of the product is sold to a smaller fraction of the overall user base. a. dual licensing model b. reverse-bounty model c. direct sales model d. freemium model ANS: D RATIONALE: The freemium model is a business model in which the core product is given away free of charge to a large group of users while the premium version of the product is sold to a smaller fraction of the overall user base. Skype, a popular instant messaging application, is based on a freemium model, where users can call phones, access Wi-Fi, and send texts. Skype users can pay as they go or buy a subscription. 26. eBlock, an internet security giant, plans to release its latest version of antivirus software to two categories of users—home users and corporate users. eBlock has decided to release the software to its home users without charge and to its corporate users at $299 per year. Which of the following business models does this illustrate? a. The freemium model b. The dual licensing model c. The direct-bounty model d. The reverse-bounty model ANS: A RATIONALE: The freemium model is a business model in which the core product is given away free of charge to a large group of users while the premium version of the product is sold to a smaller fraction of the overall user base. Skype, a popular instant messaging application, is based on a freemium model where users can call phones, access Wi-Fi, and send texts. Skype users can pay as they go or buy a subscription. 27. A _____ is a digital media file distributed over the Internet using syndication feeds for playback on mobile devices and personal computers. a. podcast b. Webcast c. Webinar
d. PhpWiki ANS: A RATIONALE: A podcast is a digital media file distributed over the Internet using syndication feeds for playback on mobile devices and personal computers. Users simply download a podcast to their computer and then transfer it to a device for listening at their convenience. 28. _____ is a family of data formats that helps people automatically receive feeds anytime there are new postings to their favorite blog sites, updates in the news headlines, new job listings, or new information posted at specified Web sites. a. Onstream media b. Online project management c. Really Simple Syndication d. Electronic bulletin board ANS: C RATIONALE: Really Simple Syndication (RSS) is a family of data formats that helps people automatically receive feeds anytime there are new postings to their favorite blog sites, updates in the news headlines, new job listings, or new information posted at specified Web sites. The RSS reader is programmed to automatically check all subscribed feeds on a regular basis to look for new content and download any updates that it finds. 29. Which among the following is a collaboration tool that allows users to stay updated on topics of interest? a. Desktop sharing b. Really Simple Syndication c. A browser cookie d. An electronic bulletin board ANS: B RATIONALE: Really Simple Syndication (RSS) is a family of data formats that helps people automatically receive feeds anytime there are new postings to their favorite blog sites, updates in the news headlines, new job listings, or new information posted at specified Web sites. The RSS reader is programmed to automatically check all subscribed feeds on a regular basis to look for new content and download any updates that it finds. This process allows users to stay current on topics of interest. 30. Identify an application that creates a common channel for company-wide announcements. a. Desktop sharing b. Wiki feeds c. Really Simple Syndication feeds d. Office Web App ANS: C RATIONALE: The capabilities of Really Simple Syndication (RSS) feeds and aggregators make them attractive to business managers who want to stay informed. An application of RSS feeds is to create a common channel for company-wide announcements. 31. Which of the following is true of the Really Simple Syndication (RSS) reader? a. The RSS reader is programmed to automatically check for and download new content from all subscribed feeds.
b. The RSS reader is a telecommunications application that enables video chat and voice calls from computers, tablets, and mobile devices via the Internet to other devices. c. The RSS reader is less formal than email and is used primarily in a synchronous communications mode, with both parties sending and receiving messages in real time. d. The RSS reader is a Web-based application that requires attendees to enter an online address to join a conference. ANS: A RATIONALE: Really Simple Syndication (RSS) is a family of data formats that helps people automatically receive feeds anytime there are new postings to their favorite blog sites, updates in the news headlines, new job listings, or new information posted at specified Web sites. The RSS reader is programmed to automatically check all subscribed feeds on a regular basis to look for new content and download any updates that it finds. 32. A _____ is an area hosted by a Web server in which project members and colleagues can share documents, models, photos, and other forms of information to keep each other current on the status of projects or topics of common interest. a. blog b. podcast c. shared workspace d. Really Simple Syndication ANS: C RATIONALE: A shared workspace is an area hosted by a Web server in which project members and colleagues can share documents, models, photos, and other forms of information to keep each other current on the status of projects or topics of common interest. Box, eXo Platform, Producteev, and SharePoint are a few of the software products that provide this capability. 33. Kokssys, a software giant, has decided to create a common area on its Web server to facilitate the sharing of official data among its employees. Identify the collaboration tool that must be used by the organization to facilitate this. a. A shared workspace b. Desktop sharing c. Really Simple Syndication d. A presence information tool ANS: A RATIONALE: A shared workspace is an area hosted by a Web server in which project members and colleagues can share documents, models, photos, and other forms of information to keep each other current on the status of projects or topics of common interest. Before an organization begins using shared workspace software, it needs to plan for how groups and project teams can best use it. 34. Which of the following is true of a shared workspace? a. It acts as a one-stop resource for a project including all documents and other types of information. b. It is less formal than email and is used primarily in a synchronous communications mode, with both parties sending and receiving messages in real time. c. It includes a number of technologies and products that allows remote access and remote collaboration on a person’s computer. d. It allows people to capture and record scheduled meetings and events. ANS: A
RATIONALE: A shared workspace is an area hosted by a Web server in which project members and colleagues can share documents, models, photos, and other forms of information to keep each other current on the status of projects or topics of common interest. Box, eXo Platform, Producteev, and SharePoint are a few of the software products that provide this capability. 35. Which collaboration tool allows project managers to create a shared workspace that becomes the one-stop resource for a project, including information on project status and tools? a. An electronic bulletin board b. An online project management tool c. A podcast d. Presence information ANS: B RATIONALE: Online project management tools enable project managers to create a shared workspace that becomes the one-stop resource for a project, including information on project status and tools such as document libraries, collaboration tools, calendars, address books, wikis, forums, and project surveys. This tool enables real-time collaboration on project documents by team members and other stakeholders by using versioning, document locking, audit trails, commenting, and change notifications. 36. Ann, a project manager, needs to create a shared workspace for her team members to store and access data. This workspace must be usable by all the members of her team at a given time. Which of the following collaboration tools will help Ann to create this common area? a. Desktop sharing b. Online project management c. Instant messaging d. Really Simple Syndication ANS: B RATIONALE: Online project management tools enable project managers to create a shared workspace that becomes the one-stop resource for a project, including information on project status and tools such as document libraries, collaboration tools, calendars, address books, wikis, forums, and project surveys. This tool enables real-time collaboration on project documents by team members and other stakeholders by using versioning, document locking, audit trails, commenting, and change notifications. 37. Which of the following is true of online project management tools? a. They are programmed to automatically check and download new contents from all subscribed feeds. b. They allow consumers to send messages from their computers, tablets, and smartphones to other devices without paying for wireless phone calls or texts. c. They are a family of data formats that help people automatically receive updates from subscribed feeds in the news. d. They enable real-time collaboration on project documents by team members and other stakeholders. ANS: D RATIONALE: Online project management tools enable project managers to create a shared workspace that becomes the one-stop resource for a project, including information on project status and tools such as document libraries, collaboration tools, calendars, address books, wikis, forums, and project surveys. These tools enable real-time collaboration on project documents by team
members and other stakeholders by using versioning, document locking, audit trails, commenting, and change notifications. 38. Web conferencing and desktop sharing are examples of _____ tools. a. information b. scission c. collaboration d. collateral ANS: C RATIONALE: Collaboration tools, including instant messaging, Web conferencing, and desktop sharing, continue to help team members stay connected and work collaboratively and productively. Web conferencing is used to conduct collaborative meetings and live presentations over the Internet. 39. _____ is a way to conduct collaborative live meetings or presentations over the Internet, where each participant sits at his or her own computer and is connected to other participants via the Internet. a. Really Simple Syndication b. A shared workspace c. Desktop sharing d. Web conferencing ANS: D RATIONALE: Web conferencing is a way to conduct collaborative live meetings or presentations over the Internet, where each participant sits at his or her own computer and is connected to other participants via the Internet. Web conferencing is possible using either a downloaded application on each of the attendees’ computers or a Web-based application that requires attendees to enter an online address to join the conference. 40. Which of the following is true of Web conferencing? a. Web conferencing distributes a digital media file over the Internet using syndication feeds. b. Web conferencing is sold as a service that is hosted on a Web server and controlled by a vendor. c. Web conferencing is a business model in which the core product is given away free of charge to users. d. Web conferencing automatically delivers updated posts to subscribers from their favorite blogs. ANS: B RATIONALE: Web conferencing is possible using either a downloaded application on each of the attendees’ computers or a Web-based application that requires attendees to enter an online address to join the conference. Web conferencing is sold as a service that is hosted on a Web server and controlled by a vendor. 41. Which of the following is a feature of Web conferencing? a. Automatic data and subscription feeds update b. Limited one-way communication c. Interactive multimedia presentation d. Limited application sharing ANS: C
RATIONALE: Web conferencing is a way to conduct collaborative live meetings or presentations over the Internet, where each participant sits at his or her own computer and is connected to other participants via the Internet. Interactive multimedia presentation is a feature of web conferencing. 42. Identify the collaboration tool that would be most appropriate for a poll or survey, where the presenter poses questions with multiple-choice answers to the audience. a. Presence information b. Really Simple Syndication c. Web conferencing d. Desktop sharing ANS: C RATIONALE: Web conferencing is a way to conduct collaborative live meetings or presentations over the Internet, where each participant sits at his or her own computer and is connected to other participants via the Internet. Web conferencing would be the most appropriate collaboration tool for a poll or survey, where the presenter poses questions with multiple-choice answers to the audience. 43. Which of the following collaboration tools provides a whiteboard with annotation, which allows participants in a live meeting to highlight or mark items on a slide presentation? a. Web conferencing b. Podcast c. Instant messaging d. Desktop sharing ANS: A RATIONALE: Web conferencing is a way to conduct collaborative live meetings or presentations over the Internet, where each participant sits at his or her own computer and is connected to other participants via the Internet. It provides a whiteboard with annotation that allows participants in a live meeting to highlight or mark items on a slide presentation. 44. The ability of one person to share a document or spreadsheet on his desktop and pass the control of the application to someone else in the meeting is a feature of _____. a. Web conferencing b. podcasts c. Really Simple Syndication feeds d. wikis ANS: A RATIONALE: Web conferencing is a way to conduct collaborative live meetings or presentations over the Internet. The ability of one person to share a document or spreadsheet on his desktop and pass the control of the application to someone else in the meeting is a feature of Web conferencing. 45. A _____ is a form of Web conferencing that uses streaming media technologies to broadcast video and/or audio over the Internet from a single content source to many listeners or viewers simultaneously. a. Webmail b. Webcast c. WebWork d. Weblog ANS: B
RATIONALE: A Webcast is a form of Web conferencing that uses streaming media technologies to broadcast video and/or audio over the Internet from a single content source to many listeners or viewers simultaneously. A Webcast may be distributed either live or on demand. 46. Which of the following is true of Webcast? a. It allows limited one-way communication. b. It supports interactive multimedia presentations. c. It provides active application sharing. d. It enables interactive video chat and voice calls. ANS: A RATIONALE: A Webcast is a form of Web conferencing that uses streaming media technologies to broadcast video and/or audio over the Internet from a single content source to many listeners or viewers simultaneously. It allows limited one-way communication. 47. A _____ is a form of Web conferencing that is essentially a meeting delivered over the Web. a. WebWork b. Weblog c. Webinar d. Webmail ANS: C RATIONALE: A Webinar is a form of Web conferencing that is essentially a seminar delivered over the Web. In most cases, a Webinar has a presenter (or multiple presenters) and provides some level of limited interaction between the presenter and the participants—such as questions that are directed to the presenter—although this capability may be turned off. 48. Which of the following is true of a Webinar? a. It enables highly interactive video chat and voice calls. b. It allows limited one-way communication and is highly collaborative. c. It automatically retrieves news feed updates. d. It supports some level of limited interaction and is less collaborative. ANS: D RATIONALE: A Webinar is a form of Web conferencing that is essentially a seminar delivered over the Web. It has a presenter (or multiple presenters) and provides some level of limited interaction between the presenter and the participants. 49. How do Webcasts differ from Webinars? a. Webcasts are led by a presenter, whereas Webinars broadcast audio or video. b. Webcasts allow limited one-way communication, whereas Webinars allow some level of two-way communication. c. Webcasts allow users to create and edit Web page content, whereas Webinars limit users to the browsing of Web pages. d. Webcasts allow questions to be directed to the presenter, whereas Webinars allow questions to be emailed or faxed to the presenter. ANS: B RATIONALE: A Webcast is a form of Web conferencing that uses streaming media technologies to broadcast video and/or audio over the Internet from a single content source to many listeners or viewers simultaneously. Essentially, Webcasting allows for a limited one-way communication; so it is
like “broadcasting” over the Internet. A Webinar is essentially a seminar delivered over the Web. In most cases, a Webinar has a presenter (or multiple presenters) and provides some level of limited interaction between the presenter and the participants. 50. How do Web conferences differ from Webinars? a. Web conferences are less collaborative, whereas Webinars are highly collaborative. b. Web conferences do not support interactive communications, whereas Webinars are highly interactive. c. Web conferences are highly collaborative, whereas Webinars are less collaborative. d. Web conferences allow users to create and edit Web page content freely using any Web browser, whereas Webinars do not support this. ANS: C RATIONALE: Web conferences are highly collaborative in nature and usually involve smaller groups of individuals working together to develop a plan, whereas Webinars are led by a presenter, are less collaborative, and have a goal of educating the participants. Webinars may involve question and answer sessions, but usually don’t involve more two-way communication beyond that. 51. How do Web conferences differ from Webcasts? a. Web conferences support interactive multimedia presentation, whereas Webcasts support only limited one-way communication. b. Web conferences allow limited one-way communication, whereas Webcasts provide some level of interaction between the presenter and the participants. c. Web conferences limit users to browsing Web page content, whereas Webcasts allow users to create and edit Web page content. d. Web conferences allow limited application sharing between the participants, whereas Webcasts allow active application sharing. ANS: A RATIONALE: Web conferencing is a way to conduct collaborative live meetings or presentations over the Internet, where each participant sits at his or her own computer and is connected to other participants via the Internet and it supports interactive multimedia presentations. A Webcast is a form of Web conferencing that uses streaming media technologies to broadcast video and/or audio over the Internet from a single content source to many listeners or viewers simultaneously. Essentially, Webcasting allows for a limited one-way communication; so it is like “broadcasting” over the Internet. 52. Xonex is a teleservices organization. It has branches all over Canada and a few across the United States. It hosts a company-wide seminar on employee rights, payroll processing, and tax issues in Ontario. All the branches of Xonex have around thousand employees, each. Which of the following collaboration tools will be most appropriate for Xonex to use for the seminar? a. Presence information b. Instant messaging c. A podcast d. A Webcast ANS: D RATIONALE: A Webcast is a form of Web conferencing that uses streaming media technologies to broadcast video and/or audio over the Internet from a single content source to many listeners or viewers simultaneously. A Webcast may be distributed either live or on demand.
53. A _____ is a collaborative Web site that allows users to create and edit Web page content freely using any Web browser. a. cache b. wiki c. cookie d. domain ANS: B RATIONALE: A wiki is a collaborative Web site that allows users to create and edit Web page content freely using any Web browser. A wiki supports hyperlinks and has simple text syntax for creating new pages and cross-links between internal pages. 54. Which of the following is true of a wiki? a. It supports hyperlinks and has simple text syntax. b. It provides interactive multimedia presentations. c. It is a messaging system with very strong encryption. d. It allows people to capture and record scheduled meetings and events. ANS: A RATIONALE: A wiki is a collaborative Web site that allows users to create and edit Web page content freely using any Web browser. A wiki supports hyperlinks and has simple text syntax for creating new pages and cross-links between internal pages. 55. Which of the following is a benefit of a corporate wiki? a. It reduces the amount of email traffic within a company. b. It separates a physical computing device into one or more virtual devices. c. It provides users with access to software remotely as a Web-based service. d. It provides users with the ability to see a colleague’s availability status. ANS: A RATIONALE: A wiki is a collaborative Web site that allows users to create and edit Web page content freely using any Web browser. The use of corporate wikis reduces the amount of email traffic within a company. 56. A software firm has decided to build a tool that defines acronyms in common use within the firm. Identify the tool used by the firm. a. A podcast b. A Webcast c. A Really Simple Syndication feed d. A wiki ANS: D RATIONALE: Wikis allow users to build and organize useful new sources of data for a variety of projects, issues, and ideas. For example, one can build a wiki that defines acronyms in common use within one’s firm. 57. Which of the following is true of corporate wikis? a. They are a form of Web conferencing that uses streaming media to broadcast video over the Internet. b. They are easy to link to useful corporate information systems such as phone books. c. They provide corporate users with the ability to see a colleague’s availability status.
d. They are a set of cloud-based software and services that provides office applications and collaboration capabilities to subscribers. ANS: B RATIONALE: A wiki is a collaborative Web site that allows users to create and edit Web page content freely using any Web browser. Corporate wikis are easy to link to useful corporate information systems such as phone books. 58. In an organization, _____ reduce the use of lengthy distribution lists that burden recipients with excessive and irrelevant messages. a. wikis b. blogs c. podcasts d. electronic bulletin boards ANS: A RATIONALE: The use of corporate wikis reduces the amount of email traffic within a company by enabling all relevant information to be shared by people working on a given project. In addition, wikis reduce the use of lengthy distribution lists that burden recipients with excessive and irrelevant messages. 59. Identify the collaboration tool that enables people to express their views on specific topics and helps in building consensus. a. A Webex b. A wiki c. A Webcast d. A Webinar ANS: B RATIONALE: A wiki is a collaborative Web site that allows users to create and edit Web page content freely using any Web browser. Wikis provide a tool for building consensus, as they enable people to express their views on specific topics. 60. A _____ is a software that enables users to create and collaboratively edit Web pages via a browser. a. logic bomb b. cookie c. cache d. wiki engine ANS: D RATIONALE: A wiki engine is a software that enables users to create and collaboratively edit Web pages via a browser. 61. _____ provides users with the ability to see a colleague’s availability status, whether the person is out-of-office, busy, or available. a. A shared workspace b. Desktop sharing c. Presence information d. Calendaring software
ANS: C RATIONALE: Presence information provides users with the ability to see a colleague’s availability status, whether out-of-office, busy, or available. DoKuWiKi, MediaWiki, MoinMoin, MojoMojo, PhpWiki, XWiki, and MediaWiki are popular wiki engines. 62. Joshe is a project leader in Tiran technologies. 75 developers and analysts work under his supervision on several projects. These employees are scattered in small groups in the organization, depending on the project they are working on. Which collaboration tool would be most appropriate for Joshe to keep track whether his developers and analysts are out-of-office, busy, or available? a. Desktop sharing b. Presence information c. Web conferencing d. Instant messaging ANS: B RATIONALE: Presence information provides users with the ability to see a colleague’s availability status, whether the person is out-of-office, busy, or available. Knowing whether coworkers are available provides several time-saving benefits for an organization. 63. Adoption of a _____ solution eliminates the need for multiple communications systems and vendors, which leads to simpler communication processes. a. peripheral communications b. unified communications c. split communications d. fringe communications ANS: B RATIONALE: Adoption of a unified communications (UC) solution eliminates the need for multiple communications systems and vendors, which leads to simpler communication processes and, in many cases, also substantially reduces telecommunications, hardware, software, and support costs. Conversion to UC can also make it easier to outsource the organization’s communications system to a third-party service provider. 64. _____ is a communications system that fully integrates data, text, voice, and video into a single solution that includes instant messaging, calendaring, presence information, and video conferencing. a. External communications b. Core communications c. Unified communications d. Peripheral communications ANS: C RATIONALE: Unified communications is a communications system that fully integrates data, text, voice, and video into a single solution that includes instant messaging, calendaring, presence information, and video conferencing. Adoption of a UC solution eliminates the need for multiple communications systems and vendors, which leads to simpler communication processes and, in many cases, also substantially reduces telecommunications, hardware, software, and support costs. 65. Which of the following is true of unified communications? a. They eliminate the need for multiple communications systems and vendors. b. They make it difficult to outsource the organization’s communications system to a third-party service provider.
c. They record all financial transactions in the general ledger accounts and generate financial statements for external reporting. d. They plan and schedule production and record actual production activities in an organization. ANS: A RATIONALE: Unified communications is a communications system that fully integrates data, text, voice, and video into a single solution that includes instant messaging, calendaring, presence information, and video conferencing. They eliminate the need for multiple communications systems and vendors. TRUE/FALSE 1. Calendaring software allows users to create automatic event reminders, including mobile phone notifications. ANS: True RATIONALE: Calendaring software allows people to capture and record scheduled meetings and events. The software enables one to check the electronic calendar of team members for open time slots and to send email notifications and reminders to meeting and event participants. One can also create automatic event reminders, including mobile phone notifications. 2. Important features in desktop sharing applications for a business setting include strong encryption of messages and the ability to set up and make conference calls from within the application. ANS: False RATIONALE: Important features in instant messaging applications for a business setting include strong encryption of messages and the ability to set up and make conference calls from within the application. 3. Use of Web-based instant messaging curbs the unintended release of private or sensitive information. ANS: False RATIONALE: Instant messaging (IM) is a one-to-one conversation in which one computer communicates with another for the purpose of exchanging text, images, and more. Use of Webbased IM raises the issue of unintended release of private or sensitive information. 4. Podcasters create audio programs, usually in the form of MP3 files, which they upload to Web sites. ANS: True RATIONALE: A podcast is a digital media file distributed over the Internet using syndication feeds for playback on mobile devices and personal computers. Podcasters create audio programs, usually in the form of MP3 files, which they upload to Web sites. Anyone with a computer and a microphone can create a podcast. 5. Instant messaging is a family of data formats that helps people automatically receive feeds anytime there are new postings to their favorite blog. ANS: False
RATIONALE: Really Simple Syndication (RSS) is a family of data formats that helps people automatically receive feeds anytime there are new postings to their favorite blog sites, updates in the news headlines, new job listings, or new information posted at specified Web sites. RSS content is read using software called an RSS reader. 6. Web conferencing is possible using a Web-based application that requires attendees to enter an online address to join the conference. ANS: True RATIONALE: Web conferencing is a way to conduct collaborative live meetings or presentations over the Internet. Web conferencing is possible using either a downloaded application on each of the attendees’ computers or a Web-based application that requires attendees to enter an online address to join the conference. 7. Wiki allows users to determine the relevancy of content rather than depending on a central document control group. ANS: True RATIONALE: Wikis allow users to determine the relevancy of content rather than depending on a central document control group. A wiki software typically comes with built-in version control so that every change to a wiki document includes a record of who made the change. If necessary, it is relatively easy to revert to an earlier version of the wiki. 8. United communications (UC) vendors can operate in the cloud. ANS: True RATIONALE: Adoption of a unified communications (UC) solution eliminates the need for multiple communications systems and vendors, which leads to simpler communication processes. Some UC vendors install their equipment and software on an organization’s premises and some operate in the cloud. 9. Instant messaging (IM) is more formal than email. ANS: False RATIONALE: Instant messaging (IM) is a one-to-one conversation in which one computer communicates with another for the purpose of exchanging text, images, and more. IM is less formal than email and is used primarily in a synchronous communications mode, with both parties sending and receiving messages in real time. 10. Executives write corporate blogs with the goal of improving a firm’s public image and promoting its products and services. ANS: True RATIONALE: Organizations are using corporate blogs externally for branding, marketing, or public relations purposes. Executives or public relations people write corporate blogs with the goal of improving a firm’s public image and promoting its products and services. Corporate blogging can be a good way for a corporation to make itself appear more personable and appealing. ESSAY 1. Describe corporate blogging.
ANSWER: Organizations use corporate blogs externally for branding, marketing, or public relations purposes. Corporate blogging can be a good way for a corporation to make itself appear more personable and appealing. The key to a successful corporate blog is to ensure that it allows for discussions about issues that are important and relevant to readers, including topics that are potentially problematic for the organization. Failure to be open and objective can cause a company to appear biased and self-serving, thus weakening the firm’s image. Corporate bloggers must recognize that people who respond to a blog posting have a strong need to feel that someone is listening to them, and some commenters are immediately discouraged by any response they consider dismissive or insensitive. 2. What are the features supported by Web conferencing services? ANSWER: Web conferencing is a way to conduct collaborative live meetings or presentations over the Internet. Most Web conferencing services provide support for the following features: Live video via Webcam or digital video camera Panoramic video Active speaker indicator Public events page Personal recordings Virtual breakout rooms 3. How can Wikis be created? ANSWER: Wikis can be created and delivered via wiki engine software that is managed by the organization or via a hosted software as a service (SaaS) subscription where the service provider stores all the data on its servers. A wiki engine is software that enables users to create and collaboratively edit Web pages via a browser. DoKuWiKi, MediaWiki, MoinMoin, MojoMojo, PhpWiki, XWiki, and MediaWiki are popular wiki engines. 4. Describe the benefits of unified communications. ANSWER: Unified communications (UC) is a communications system that fully integrates data, text, voice, and video into a single solution that includes instant messaging, calendaring, presence information, and video conferencing. Adoption of a UC solution eliminates the need for multiple communications systems and vendors, which leads to simpler communication processes. It substantially reduces telecommunications, hardware, software, and support costs. UC also makes it easier to outsource the organization’s communications system to a third-party service provider.
CHAPTER 7— E-COMMERCE MULTIPLE CHOICE 1. _____ involves the exchange of money for goods and services over electronic networks. a. E-mail b. E-meeting c. E-commerce d. E-governance ANS: C RATIONALE: E-commerce involves the exchange of money for goods and services over electronic networks. 2. Which of the following was a reason for the failure of dot-com companies during the late 1990s? a. Generating revenues in excess of costs b. Increasing the market share with equal importance given for bottom-line profits c. Too much focus on bottom-line profits with little regard for market share d. Increasing the market share with little regard for bottom-line profits ANS: D RATIONALE: During the late 1990s, many poor ideas for Web-related businesses were proposed and funded in a wave of "irrational exuberance" for all things associated with the dot-com economy. In many cases, these new businesses ignored traditional business models built on delivering fundamental value for customers, achieving operational excellence, and generating revenues in excess of costs. Instead many companies placed an unhealthy emphasis on increasing market share with little regard for bottomline profits. With their focus on the wrong things, it really was not a surprise when hundreds of the dotcom companies failed. 3. _____ are private stores that offer additional customer services beyond simply placing an order. a. Customer portals b. Private company marketplaces c. Industry consortia-sponsored marketplaces d. Omnichannel portals ANS: A RATIONALE: Customer portals are private stores that offer additional customer services beyond simply placing an order. 4. Which of the following is a type of Business-to-business (B2B) Web site? a. Omnichannel retailing b. The long tail c. A private company marketplace d. Multichannel retailing
ANS: C RATIONALE: Business-to-business (B2B) Web sites in operation today take a variety of forms, including private stores, customer portals, private company marketplaces, and industry consortia–sponsored marketplaces. 5. Buyers need to enter a company's identification code and password to make a purchase from a selection of products at a prenegotiated price in: a. private stores. b. omnichannel retailing. c. e-governance. d. e-procurement software. ANS: A RATIONALE: Access to a private store requires that the buyer enter a company identification code and password to make a purchase from a selection of products at prenegotiated prices typically based on an established annual minimum purchase quantity. 6. A high percentage of Business-to-business (B2B) transactions take place between companies called: a. original equipment buyers. b. original equipment suppliers. c. original equipment manufacturers. d. original equipment dealers. ANS: C RATIONALE: A high percentage of B2B transactions take place between companies called original equipment manufacturers (OEMs) that supply parts and components and the companies that sell the final product. 7. Often, large manufacturers manage their purchasing functions using a(n): a. omnichannel portal. b. customer portal. c. industry consortia–sponsored marketplace. d. private company marketplace. ANS: D RATIONALE: Often, large manufacturers that purchase goods and services from many small suppliers build a private company marketplace to manage their purchasing functions through a Web site. 8. When companies do not have sufficient purchasing power, they create a(n): a. private company marketplace. b. industry consortia–sponsored marketplace. c. customer portal. d. private store. ANS: B
RATIONALE: In many cases, companies are not large enough or do not have sufficient purchasing power to require suppliers to deal with them through a private company marketplace. In such a situation, several companies in a particular industry may join forces to create an industry consortia–sponsored marketplace to gain the advantages of the private company marketplace for all members of the consortia. 9. Which of the following allows a company to create an electronic catalog with search capability? a. Omnichannel software b. Private company marketplace software c. Industry consortia–sponsored marketplace software d. E-procurement software ANS: D RATIONALE: E-procurement software allows a company to create an electronic catalog with search capability. 10. Creating, reviewing, and approving purchase orders are features of: a. private company market places. b. e-procurement softwares. c. customer portals. d. private stores. ANS: B RATIONALE: E-procurement software can automate key functions of the purchasing process, including creating, reviewing, and approving purchase orders and transmitting these purchase orders electronically to the supplier. 11. Which of the following models of e-commerce should focus on retaining the customers to capture additional future sales? a. Business-to-consumer (B2C) b. Business-to-business (B2B) c. Consumer-to-consumer (C2C) d. Government-to-consumer (G2C) ANS: A RATIONALE: Business-to-consumer (B2C) Web sites must focus on attracting prospects, converting them into customers, and retaining them to capture additional future sales. 12. _____ retailing is the application of the same business strategy across all marketing channels. a. Multichannel b. Long tail c. Omnichannel d. Convenience ANS: C
RATIONALE: Omnichannel retailing is the application of the same business strategy cross all marketing channels (e.g., mobile Internet devices, computers, brick-and-mortar stores, television, radio, direct mail, and catalog), with each channel using the same database of customer information, products, prices, promotions, and so on. 13. Consumer-to-consumer (C2C) e-commerce is the exchange of goods and services between: a. business organizations and individual consumers. b. individuals facilitated by a third party. c. businesses via computer networks. d. the government and businesses. ANS: B RATIONALE: Consumer-to-consumer (C2C) e-commerce is the exchange of goods and services among individuals, typically facilitated by a third party. 14. Which of the following technologies is used by e-government (e-gov) commerce? a. Assistive technology b. Banking technology c. Nanotechnology d. Information technology ANS: D RATIONALE: E-government (e-gov) commerce involves the use of information technology (such as Wide Area Networks, the Internet, and mobile computing) by government agencies to transform relations between the government and citizens (G2C), the government and businesses (G2B), and among various branches of the government (G2G). 15. An online shopping and ordering system that provides access to thousands of contractors and millions of products and services is called: a. eBuy. b. GSA Advantage. c. GSA eLibrary. d. eMod. ANS: B RATIONALE: GSA Advantage! is an online shopping and ordering system that provides access to thousands of contractors and millions of products and services. 16. An online tool designed to facilitate the submission of requests for quotations for a wide range of commercial products and services is _____. a. eMod b. GSA Advantage! c. GSA eLibrary d. eBuy ANS: D
RATIONALE: eBuy is an online Request for Quotation (RFQ) tool designed to facilitate the submission of requests for quotations for a wide range of commercial products and services. 17. Which of the following is an online source that contains the latest contract award information? a. GSA eLibrary b. GSA eOffer c. GSA eMod d. GSA eBuy ANS: A RATIONALE: GSA eLibrary is an online source for the latest contract award information. 18. _____ is a Web-based application that allows vendors to prepare and submit their GSA contract offers and contract modification requests electronically. a. GSA Advantage! b. GSA eLibrary c. eOffer d. eBuy ANS: C RATIONALE: eOffer/eMod is a Web-based application that allows vendors to prepare and submit their GSA contract offers and contract modification requests electronically. 19. The buying and selling of goods and services using a mobile device is called: a. mobile computing. b. m-commerce. c. e-commerce. d. cloud computing. ANS: B RATIONALE: Mobile commerce (m-commerce) is the buying and selling of goods and/or services using a mobile device, such as a tablet, smartphone, or other portable devices. 20. Which of the following is a top-level domain that provides fast and efficient internet access to mobile devices? a. .Link b. .Net c. .Info d. .Mobi ANS: D RATIONALE: .Mobi is a top-level domain approved by the International Corporation of Assigned Names and Numbers (ICANN) and managed by the mTLD global registry. Its goal is to deliver the Internet to mobile devices. 21. Identify a major drawback of browsing Web pages on mobile devices.
a. Size of the screen b. Speed of the internet c. Bandwidth of the internet d. Voice quality of the network ANS: A RATIONALE: Worldwide, there are more digital mobile phones than personal computers and TVs combined. Most mobile phones now have full Internet capabilities. However, these mobile phones have a number of limitations that make it difficult to view standard Web pages. The main limitation of course, is the size of the viewing screen. 22. The technology to obtain and validate tickets from mobile devices is called: a. eTicketing. b. iTicketing. c. mobile ticketing. d. integrated ticketing. ANS: C RATIONALE: Mobile ticketing is a means to order, pay for, obtain, and validate tickets from mobile devices. The tickets are sent to the mobile device as a text message with a special bar code or alphanumeric code, and users present their phones to ticket collectors at the venue to gain entrance. 23. In mobile ticketing, the tickets are sent to mobile devices as a text message with a(n): a. morse code. b. alphanumeric code. c. genetic code. d. cipher code. ANS: B RATIONALE: The tickets are sent to the mobile device as a text message with a special bar code or alphanumeric code, and users present their phones to ticket collectors at the venue to gain entrance. 24. Which of the following services is used to track the whereabouts of an individual? a. Location-based service b. Card-based service c. Long tail d. Web 2.0 ANS: A RATIONALE: A location-based service is a computer program that uses location data to control its features and the information it provides. Some location-based services are query based, allowing a user to request local maps and directions to points of interest, local traffic and weather information, or even information on the whereabouts of a friend or coworker. 25. Which of the following is a technology through which customers use a mobile device to perform banking operations?
a. Net banking b. Mobile banking c. Branch banking d. E-mail banking ANS: B RATIONALE: With mobile banking, customers can use a mobile device to access balance information, pay bills, transfer funds, and find nearby ATMs or banking centers. 26. Identify the term that describes the change in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. a. Podcast b. Mashup c. Forum d. Web 2.0 ANS: D RATIONALE: Web 2.0 is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. 27. One of the key decisions in running an e-commerce Web site is to decide: a. who will operate the host site. b. where to create a backup. c. how to make it user-friendly. d. how to allow guest users to buy a product. ANS: A RATIONALE: Two key decisions that must be made in establishing and running an e-commerce Web site are who will build the site and who will operate (host) the site. 28. Identify the feature that involves the storing, serving, and creating backup of files for one or more Web sites. a. Web server hosting b. Web site hosting c. Web browser hosting d. Proxy server hosting ANS: B RATIONALE: Web site hosting involves the storing, serving, and creating backup of files for one or more Web sites. 29. Dedicated hardware and virtual private servers are the services that are offered by: a. cloud computing. b. Web 2.0. c. mobile commerce. d. Web hosting.
ANS: D RATIONALE: Web hosting services may offer dedicated hardware or virtual private servers in which multiple organizations share hardware and Internet connections but otherwise have isolated, virtualized software. 30. Which of the following is an advantage of a shared server environment over dedicated servers? a. Security b. Performance c. Cost effectiveness d. Reliability ANS: C RATIONALE: A shared server environment is less expensive than dedicated servers. 31. Identify the drawback of a dedicated server when compared to a shared server environment. a. Expensive b. Reduced performance c. Low reliability d. Insecure ANS: A RATIONALE: A shared server environment is less expensive than dedicated servers; however, it may not provide the desired level of security, performance, and reliability. 32. The effective use of a _____ is critical to attracting prospects to a Web site. a. newsletter b. forum c. browser cookie d. search engine ANS: D RATIONALE: The effective use of a search engine is critical to attracting prospects to a Web site. 33. A search engine uses the _____ of Web pages to quickly display the URLs of those pages that "best match" the user's search term. a. contents b. popularity c. index d. bandwidth ANS: C RATIONALE: A search engine is a software that maintains an index of billions of Web pages and uses that index to quickly display the URLs of those pages that "best match" the user's search term. 34. Which of the following is a tool used by search engines to score Web sites?
a. Parser b. Crawler c. Cookie d. Sticker ANS: B RATIONALE: To perform the matching process, many search engines such as Google, Yahoo!, and Bing use software called crawlers to score Web sites. 35. The _____ of a Web site depends on link popularity, density, and frequency of keywords in the page content. a. score b. rank c. average d. median ANS: A RATIONALE: The score of a site is based on how relevant the site is to the search term, based on criteria such as link popularity, density, frequency of keywords in the page content, number of other Web sites referencing the site, and numerous other factors. 36. Which of the following is a type of search engine result that provides users with a list of potential Web sites based on the keyword relevancy? a. Paid list b. Organic list c. Social list d. Local list ANS: B RATIONALE: An organic list is a type of search engine result in which users are given a listing of potential Web sites based on their content and keyword relevancy. 37. Identify the technique that uses graphics with a hyperlink to direct customers to a Web site. a. Search engine optimization b. Paid listings c. Banner advertising d. Organic list ANS: C RATIONALE: An organization can attract potential customers to its site through the use of Web page banner ads that display a graphic and include a hyperlink to the advertisers' Web site. 38. The _____ network acts as a broker between Web sites and advertisers. a. paid listing b. banner advertising c. organic listing
d. search engine optimization ANS: B RATIONALE: The banner advertising network acts as a broker between Web sites and advertisers. 39. Web sites provide a simple search tool that returns search results with thumbnails of actual products. This is a strategy to provide a(n): a. easy and safe payment method. b. efficient order fulfillment. c. smooth return policy. d. good customer online experience. ANS: D RATIONALE: The ultimate goals of most Web sites are to increase sales as well as to improve customer satisfaction and loyalty to an organization. To accomplish these goals, a company must create a Web site that will compel customers to return repeatedly. A few of the key steps include designing the home page to be informative and visually appealing to your target customer, ensuring that the navigation is highly intuitive, and providing a simple search tool that returns search results with thumbnails of actual products. 40. Identify a feature that makes an e-commerce Web site successful. a. Selling products at a lower price b. Getting back old customers c. Special focus on the Web site design d. Popularity of the Web site ANS: B RATIONALE: Successful e-commerce Web sites are able to get their customers to return time and time again. Indeed getting customers to come back is what separates a prosperous business from a failed one. 41. Which of the following features of a website ensures that visitors return to the site? a. Sticky b. Navigation c. Bookmark d. Cookie ANS: A RATIONALE: A key tactic to make visitors return to your Web site is to design it to be a sticky Web site, so that visitors engage with your site and want to spend time there. 42. A way of drawing customers to a Web site is by: a. generating a referral link for them. b. making the return process easier. c. asking them to review a recently purchased item. d. thanking them for the recently purchased item.
ANS: C RATIONALE: Asking customers to review a recently purchased item can also draw customers back to your site and provides another opportunity to show related products or other items in which the customer may be interested. 43. Which of the following steps needs to be considered to ensure efficient order fulfillment? a. Send a confirmation mail following the placement of an order. b. Ask the customers to review a recently purchased item. c. Allow the usage of credit cards and debit cards for payment. d. Secure adequate storage for inventory. ANS: D RATIONALE: A number of components and processes must be considered when designing a timely, efficient order-fulfillment system. Adequate storage must be secured for inventory. Items must be stored safely and accessed easily for fast order fulfillment. Systems and processes must be capable of receiving fast and accurate deliveries from suppliers. 44. Identify a factor that enables management to minimize inventory levels and provide a high rate of order fulfillment. a. Sales forecasting b. Customer review c. Web site popularity d. Easy payment method ANS: A RATIONALE: Accurate inventory counts and the ability to do sales forecasting with some degree of accuracy are also critical. This enables management to minimize inventory levels (and the associated costs) while still providing a high rate of order fulfillment. 45. Distribution processes must be capable of meeting customer expectations for a product's: a. quality. b. cost. c. popularity. d. availability. ANS: B RATIONALE: Distribution processes must be capable of meeting customer expectations for delivery times and costs. 46. Which of the following is a strategy that should be adopted by Web sites to increase sales and repeat business? a. A variety of easy and secure payment modes should be offered. b. Systems and processes must be capable of receiving fast and accurate deliveries from suppliers. c. Incentives should be provided for cash payments. d. Only one type of payment mode must be accepted.
ANS: A RATIONALE: Web sites need to accept a variety of easy and secure payment methods to increase sales and encourage repeat business. 47. Identify the technique used by secure Web sites to protect the confidentiality of online transactions. a. Encryption and authorization b. Decryption and authentication c. Encryption and authentication d. Decryption and authorization ANS: C RATIONALE: A secure Web site uses encryption and authentication to protect the confidentiality of online transactions. 48. Which of the following computer applications alert users while entering or leaving a secure site? a. Web server b. Antivirus c. Operating system d. Web browser ANS: D RATIONALE: By default, the most commonly used computer Web browsers (including Chrome, Internet Explorer, Firefox, Safari, and Opera) will inform you when you are entering or leaving a secure site. 49. Which of the following protocols verifies the Web site to which a user is connected? a. Inter-Switch Link b. Internet Protocol Control Protocol c. Tool Command Language d. Secure Sockets Layer ANS: D RATIONALE: The most commonly used protocol for Web security is the Secure Sockets Layer (SSL), which can be used to verify that the Web site to which a user is connected is what it purports to be. 50. Which of the following is a multifaceted security standard that requires retailers to implement a set of security management policies, network architecture, and other critical protective measures to safeguard cardholder data? a. PDI Data Security Standard b. PCI Data Security Standard c. PDA Data Security Standard d. PCA Data Security Standard ANS: B RATIONALE: Payment Card Industry (PCI) Data Security Standard is a multifaceted security standard that requires retailers to implement a set of security management policies, procedures, network architecture, software design, and other critical protective measures to safeguard cardholder data.
51. Identify the duration set by the Payment Card Industry (PCI) Data Security Standard to store a user's card data in the event of dispute with the card holder. a. 6 months b. 12 months c. 18 months d. 24 months ANS: C RATIONALE: Payment Card Industry (PCI) Data Security Standard is a multifaceted security standard that requires retailers to implement a set of security management policies, procedures, network architecture, software design, and other critical protective measures to safeguard cardholder data. It also requires retailers to store certain card data for up to 18 months in the event of a dispute with the cardholder. 52. Identify the component present in a smart card that can process instructions and store data for use in various applications. a. Macrochip b. Microchip c. Magnetic tape d. Magnetic stripe ANS: B RATIONALE: A smart card resembles a credit card in size and shape, but it contains an embedded microchip that can process instructions and store data for use in various applications such as electronic cash payments, storage of patient information, and providing access to secure areas. 53. A microchip in a smart card stores the same data as the _____ on a payment card. a. magnetic tape b. magnetic recorder c. magnetic coil d. magnetic stripe ANS: D RATIONALE: The microchip can store the same data as the magnetic stripe on a payment card and more. 54. Which of the following components enables a contactless card to connect wirelessly with a contactless card reader? a. Microchip b. Macrochip c. Embedded circuit d. Embedded magnetic stripe ANS: C RATIONALE: Contactless smart cards do not have a contact area, but rather have an embedded circuit, which allows them to connect with a contactless card reader wirelessly.
55. Which of the following methods of financial transactions is considered the most secure? a. Europay MasterCard Visa transaction b. Magnetic stripe transaction c. Near Field Communication transaction d. payWave transaction ANS: A RATIONALE: Europay MasterCard Visa (EMV) financial transactions are considered more secure than traditional credit card payments due to the use of advanced encryption algorithms to provide authentication of the card. Unfortunately, smart card processing takes longer than an equivalent magnetic stripe transaction, partly due to the additional processing to decrypt messages. 56. Which of the following is used by Europay MasterCard Visa (EMV) transactions to confirm the identity of a card holder? a. Signature b. Photo c. Telephone number d. Personal identification number ANS: D RATIONALE: Europay MasterCard Visa (EMV) financial transactions are considered more secure than traditional credit card payments due to the use of advanced encryption algorithms to provide authentication of the card. Unfortunately, smart card processing takes longer than an equivalent magnetic stripe transaction, partly due to the additional processing to decrypt messages. Furthermore, many implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a Personal Identification Number (PIN) rather than signing a paper receipt. 57. Identify the technology that measures and analyzes human physical characteristics such as eye retinas, fingerprints, or voice patterns for security purposes. a. Cryptography b. Biometrics c. Phishing d. Steganography ANS: B RATIONALE: In the United States, many banks and financial services companies have been reluctant to impose additional requirements for authentication because they don't want to add additional steps (and time) to the checkout process. In the future, systems may be upgraded to use biometrics (technology that measures and analyzes human physical characteristics such as eye retinas, fingerprints, or voice patterns for security purposes). 58. Identify a drawback of biometrics. a. Requires a very high initial investment. b. Does not provide a high degree of confidence in user identity. c. Requires the user to remember complex numeric passwords.
d. Increases password administration costs. ANS: A RATIONALE: In the United States, many banks and financial services companies have been reluctant to impose additional requirements for authentication because they don't want to add additional steps (and time) to the checkout process. In the future, systems may be upgraded to use biometrics (technology that measures and analyzes human physical characteristics such as eye retinas, fingerprints, or voice patterns for security purposes); however, this approach is not currently considered economical for retail applications. 59. Each time a payment is made through a credit card, the retailer has to pay a certain amount called _____ to the card company. a. one time fees b. value added tax c. swipe fees d. additional tax ANS: C RATIONALE: A coalition of retailers known as the Merchant Customer Exchange (MCX) and including retailers such as Best Buy, CVS, Dunkin' Donuts, Lowe's, Rite-Aid, and Walmart plan to launch a competing payment network called CurrentC, which will draw money directly from a consumer's bank account or store-funded credit card instead of charging a bank credit card like Apple Pay does. This would allow retailers to avoid payments to credit card companies—called "swipe fees"—each time a consumer pays with a credit card. 60. Which of the following strategies contributes to the increase in product sales and eliminates returns? a. Giving a short description of the products b. Highlighting only the advantages of the products c. Displaying low resolution snapshots or small photos of the products d. Displaying customer-written product reviews ANS: D RATIONALE: Well-written product descriptions, thumbnail (or larger) photos, and customer-written product reviews can not only increase product sales but can also go a long way toward eliminating returns. 61. Strict handling of returns results in: a. permanent savings. b. short-term customer loyalty. c. the expansion of future sales. d. high product quality. ANS: B RATIONALE: Strict handling of returns can result in temporary savings but at the expense of long-term customer loyalty and future sales.
62. Companies that sell products from both physical locations and e-commerce Web sites are known as: a. click-and-mortar retailers. b. brick-and-mortar retailers. c. click-and-pack retailers. d. brick-and-pack retailers. ANS: A RATIONALE: Click-and-mortar retailers are those who sell products from both physical locations and ecommerce Web sites. 63. The benefits of e-commerce are due to the: a. excess time and cost associated with selling. b. excess time and cost associated with purchasing. c. global exposure of products sold on the Web. d. global exposure of products sold offline. ANS: C RATIONALE: Many advantages result from the use of e-commerce. Interestingly, these advantages are not one-sided; some advantages accrue to the seller, some to the buyer, and some to society as a whole. Most of these benefits are possible because of the global exposure of products sold on the Web and the ability of e-commerce to reduce the time and costs associated with both selling and purchasing. 64. Customers fear the misuse of their personal data due to the: a. nature of the payment gateway. b. sticky Web site. c. global exposure of products sold on the web. d. publicity of consumer data breaches. ANS: D RATIONALE: Consumers have long had concerns about whether online data is secured from access by unauthorized users or hackers. These concerns are rising based on the widespread publicity of recent consumer data breaches. 65. Which of the following is an approach followed by Web sites to overcome cultural and linguistic obstacles? a. Think globally, act locally b. Think locally, act globally c. Think locally, act locally d. Think globally, act globally ANS: A RATIONALE: Web site designers must avoid creating cultural and linguistic obstacles that make a site less attractive or effective for any subgroup of potential users. Potential customers will feel more comfortable buying your products and services if you speak to them in their own language. Thus, Web sites increasingly offer visitors the option to select their home country on an initial home page; this choice prompts the site to display a version designed to accommodate people from that country, with correct
language or regional dialect, print characters, and culture-appropriate graphics and photos. This design approach is often called "think globally, act locally." TRUE/FALSE 1. E-commerce reduces operating efficiencies. ANS: False RATIONALE: E-commerce enables organizations and individuals to build new revenue streams, to create and enhance relationships with customers and business partners, and to improve operating efficiencies. 2. Dot-com companies failed due to the emphasis on bottom-line profits. ANS: False RATIONALE: During the late 1990s, many poor ideas for Web-related businesses were proposed and funded in a wave of "irrational exuberance" for all things associated with the dot-com economy. In many cases, these new businesses ignored traditional business models built on delivering fundamental value for customers, achieving operational excellence, and generating revenues in excess of costs. Instead many companies placed an unhealthy emphasis on increasing market share with little regard for bottomline profits. With their focus on the wrong things, it really was not a surprise when hundreds of the dotcom companies failed. 3. Multichannel retailing is the application of different strategies for an individual channel. ANS: False RATIONALE: Multichannel retailing is the application of different strategies for different channels. 4. Mobile ticketing helps to reduce the number of unsold tickets. ANS: True RATIONALE: Mobile ticketing increases the revenue for event promoters and ticket vendors who can sell tickets up until the last minute—they can even sell unclaimed tickets at the last second. 5. Web 2.0 allows visitors to share their opinions about a retail organization and its products and services. ANS: True RATIONALE: Web 2.0 capabilities require a retailer to relinquish control and allow visitors to have their say—good, bad, or indifferent—about the retail organization and its products and services. 6. Visitors will return to a Web site if its contents are always static. ANS: False RATIONALE: Visitors will want to return to a Web site if it always includes fresh, interesting, and useful content such as that provided by an effective blog or a forum, which can build up a community around your brand and encourage positive feelings from your visitors for your product.
7. Creating a social networking profile will hamper the popularity of a Web site. ANS: False RATIONALE: Creating a Facebook page for your Web site enables customers who are engaged with your brand to like your page and encourages people to return to your Web site. 8. Hackers find it tougher to intrude a smart card than a credit card. ANS: True RATIONALE: A smart card resembles a credit card in size and shape, but it contains an embedded microchip that can process instructions and store data for use in various applications such as electronic cash payments, storage of patient information, and providing access to secure areas. The microchip can store the same data as the magnetic stripe on a payment card and more. Thus, no name or card number need appear on the smart card, making it more difficult for thieves to use. 9. Contact smart cards have a contact area on the rear side of the card to interface with a payment terminal. ANS: False RATIONALE: Contact smart cards have a contact area on the front face of the card to interface with a payment terminal. 10. A successful business organization should provide customer service for a fixed duration in a day. ANS: False RATIONALE: Because a Web site is open 24 hours a day, many online customers expect to be able to receive customer service at any time of the day or night. If an organization cannot provide some level of customer service 24 hours a day, it may lose business to competitors. ESSAY 1. List out the E-commerce initiatives that are considered risky and challenging. Answer: E-commerce initiatives can be risky and extremely challenging due to a variety of factors, including an organization's lack of e-business skills, uncertainty in regard to how business processes and policies must be changed to facilitate e-commerce, and the need to make new investments in IT-related hardware and software. Before embarking on such a risky journey, an organization must consider carefully how each potential e-commerce initiative fits into its overall business strategy. 2. A police officer who went on a rescue operation in a village is missing. How would you find the whereabouts of the policeman using the technological advances in mobile commerce? Answer: The location of the policeman is tracked by a location-based service. A location-based service is a computer program that uses location data to control its features and the information it provides. Some location-based services are query based, allowing a user to request local maps and directions to points
of interest, local traffic and weather information, or even information on the whereabouts of a friend or coworker. 3. Describe the process of Web site hosting. Answer: Web site hosting involves the storing, serving, and creating backup of files for one or more Web sites. Web hosting services store an organization's Web site files on Internet-connected Web server computers. When users type in the URL, they are connected to the Web server holding the files for the site; the server then transfers that data back to the user's computer, allowing the user to view the pages of the site. Web site hosting responsibilities typically include anything related to managing the Web servers and Internet connections—their software, security, support, reliability, speed, maintenance, and disaster recovery. 4. Describe the structure and working of a smart card. Answer: A smart card resembles a credit card in size and shape, but it contains an embedded microchip that can process instructions and store data for use in various applications such as electronic cash payments, storage of patient information, and providing access to secure areas. The microchip can store the same data as the magnetic stripe on a payment card and more. Thus, no name or card number need appear on the smart card, making it more difficult for thieves to use.
CHAPTER 8— ENTERPRISE SYSTEMS MULTIPLE CHOICE 1. _____ is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. a. An enterprise system b. Aggregate planning c. Crisis management d. A justification document ANS: A RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. It is a set of integrated programs that manage a company’s vital business operations. 2. Which of the following is true about an enterprise system? a. It integrates data, text, voice, and video into a single solution that includes instant messaging, calendaring, presence information, and video conferencing. b. It employs a dynamic method of solving different parts of a problem and then combining the solutions of the sub problems to reach an overall solution. c. It employs a database of key operational and planning data that can be shared with authorized users across the organization. d. It provides users with a computing platform, including an operating system, a programming language execution environment, and a Web server. ANS: C RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. It employs a database of key operational and planning data that can be shared with authorized users across the organization and even with business partners outside the organization. 3. _____ eliminates the problems of missing and inconsistent information caused by multiple transaction processing systems that support only one business function or one department in an organization. a. Dynamic programming b. An enterprise system c. The Hawthorne effect d. Execution fulfillment ANS: B RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. It employs a database of key operational and planning data that can be shared with authorized users across the organization and even with business partners outside the organization. It eliminates the problems of missing and inconsistent information caused by multiple transaction processing systems that support only one business function or one department in an organization. 4. Identify the goal of an enterprise resource planning (ERP) system.
a. To conduct collaborative live meetings or presentations over the Internet b. To evaluate and select appropriate activities and projects for outsourcing c. To define the customer’s right to audit the provider’s compliance with industry standards d. To enable easy access to business data and create efficient, streamlined work processes ANS: D RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. The goal of an enterprise resource planning (ERP) system is to enable easy access to business data and create efficient, streamlined work processes. 5. How does an enterprise resource planning (ERP) system achieve its goal of enabling easy access to business data and creating efficient, streamlined work processes? a. By building several databases that are accessed by a single software module b. By building a single database that is accessed by multiple software modules c. By conducting collaborative live meetings or presentations over the Internet d. By broadcasting video and audio using streaming media and Webcasts ANS: B RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. The goal of an enterprise resource planning system is to enable easy access to business data and create efficient, streamlined work processes. This is achieved by building one single database that is accessed by multiple software modules, which provide support for key business functions for different areas of an organization. 6. Heims is an automobile manufacturing company. When the sales team in the company gets an order, the information reaches all associated departments. The employees in those departments are then given selective access to the records that have to be updated. Identify the system that is used in this scenario. a. Enterprise resource planning system b. Customer relationship management system c. Risk and threat management system d. Environment and disaster management system ANS: A RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. The goal of an enterprise resource planning system is to enable easy access to business data and create efficient, streamlined work processes. This is achieved by building one single database that is accessed by multiple software modules, which provide support for key business functions for different areas of an organization. An effective enterprise resource planning system enables people in various organizational units to access and update the same information based on permission levels assigned within the system. 7. Which of the following is true of an enterprise resource planning (ERP) system? a. It allows users to connect to their office computer while they are away from the office and minimizes downtime. b. It checks the electronic calendars of team members for open time slots and sends email notifications and reminders to the meeting or event participants.
c. It offers integrated software from a single vendor to meet global competition by helping executives manage product flow while controlling cost and handling customer interactions. d. It delivers increasing amounts of computing, network, and storage capacity on demand and without requiring any capital investment from a cloud user. ANS: C RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. An enterprise resource planning system offers integrated software from a single vendor to meet global competition by helping executives manage product flow while controlling cost and handling customer interactions. 8. Which of the following provides improved access to quality data for operational decision making, elimination of costly and inflexible legacy systems, and simplified consolidation of financial data? a. An enterprise resource planning system b. A customer relationship management system c. A risk and threat management system d. A disaster and safety management system ANS: A RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. The primary benefits of implementing an enterprise resource planning system include improved access to quality data for operational decision making, improvement of work processes, elimination of costly and inflexible legacy systems, an opportunity to upgrade and standardize technology, and simplified consolidation of financial data. 9. A(n) _____ operates via an integrated database, using one set of data to support all business functions. a. enterprise resource system b. customer relationship management system c. threat detection system d. equipment management system ANS: A RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. An enterprise resource system operates via an integrated database, using one set of data to support all business functions. 10. Which of the following is a benefit of an enterprise resource planning (ERP) system? a. It broadcasts video and/or audio over the Internet from a single source to multiple people simultaneously. b. It enables technicians to access users’ computers distantly to perform setup, training, diagnostics, and repair. c. It addresses the issue of unintended release of private or sensitive information of an organization. d. It provides an opportunity to upgrade and standardize the technology used in an organization. ANS: D RATIONALE: The primary benefits of implementing an enterprise resource planning (ERP) include improved access to quality data for operational decision making, improvement of work processes,
elimination of costly and inflexible legacy systems, an opportunity to upgrade and standardize technology, and simplified consolidation of financial data. The goal of an ERP system is to enable easy access to business data and create efficient, streamlined work processes. 11. Which of the following enables rapid consolidation of financial data across multiple organizational units and countries? a. A well-designed disaster management system b. A life cycle management system c. A well-implemented enterprise resource planning system d. A risk management system ANS: C RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. A well-implemented enterprise resource planning system enables rapid consolidation of financial data across multiple organizational units and countries because every business unit is using the same system and same database. 12. _____ are designed to deal with differences in currencies and fluctuating currency exchange rates, which can cause additional problems in consolidating financial data. a. Enterprise resource planning systems b. Life cycle management systems c. Catastrophe management systems d. Quality assurance planning systems ANS: A RATIONALE: An enterprise system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. A well-implemented enterprise resource planning (ERP) system enables rapid consolidation of financial data across multiple organizational units and countries because every business unit is using the same system and same database. In addition, ERP systems are designed to deal with differences in currencies and fluctuating currency exchange rates, which can cause additional problems in consolidating financial data. 13. Lois & Loic Inc., a multinational company, has 56 offices all over North America with more than 800 employees. The organization’s accounting, purchases, sales, and employee payrolls are generated on separate systems. The organization finds it difficult to obtain the financial statements for tax purposes and the reports for shareholders at the end of a given fiscal period. Also, the employee incentives are not processed as the financial data is scattered on different systems. Which of the following will help the organization in acquiring accurate, consistent, detailed, and up-to-date financial data? a. A product life cycle management system b. An enterprise resource planning system c. A customer relationship management system d. An emergency and safety management system ANS: B RATIONALE: An enterprise resource system is used to ensure that business transactions are processed efficiently and accurately and that the resulting information can be accessed by end users and managers in all business areas. Accurate, consistent, detailed, and up-to-date financial data is of the utmost importance in today’s fast moving business environment. A well-implemented enterprise
resource planning system enables rapid consolidation of financial data across multiple organizational units and countries because every business unit is using the same system and same database. 14. A large multinational firm with facilities in the United States and Mexico City has an annual revenue of $3 billion. This firm will be targeted by _____ enterprise resource planning (ERP) vendors. a. tier IV b. tier III c. tier II d. tier I ANS: D RATIONALE: Enterprise resource planning (ERP) systems are commonly used in manufacturing companies, colleges and universities, professional service organizations, retailers, and healthcare organizations. The business needs for each of these types of organizations vary greatly. ERP vendors are classified as tier I, II, or III according to the type of customers they target. Tier I vendors target large multinational firms with multiple locations and annual revenue in excess of $1 billion. Tier I ERP system solutions are highly complex and expensive to implement and support; implementation across multiple locations can take years. 15. Ezibay is a medium-sized firm with an annual revenue of $75 million. This firm will be targeted by _____ enterprise resource planning (ERP) vendors. a. tier I b. tier II c. tier III d. tier IV ANS: B RATIONALE: Tier II vendors target medium-sized firms with annual revenue in the $50 million to $1 billion range operating out of one or more locations. Tier II solutions are much less complex and less expensive to implement and support than tier I solutions. 16. In the context of enterprise resource planning (ERP) vendor classification, _____ vendors target medium-sized firms with annual revenue in the $50 million to $1 billion range operating out of one or more locations. a. tier I b. tier II c. tier III d. tier IV ANS: B RATIONALE: Enterprise resource planning (ERP) systems are commonly used in manufacturing companies, colleges and universities, professional service organizations, retailers, and healthcare organizations. The business needs for each of these types of organizations vary greatly. ERP vendors are classified as tier I, II, or III according to the type of customers they target. Tier II vendors target medium-sized firms with annual revenue in the $50 million to $1 billion range operating out of one or more locations. Tier II solutions are much less complex and less expensive to implement and support than tier I solutions. 17. An organization has an annual revenue of $30 million and it has several branches in Arizona. Which of the following enterprise resource planning (ERP) vendors will target this organization? a. Tier I
b. Tier II c. Tier III d. Tier IV ANS: C RATIONALE: Enterprise resource planning (ERP) systems are commonly used in manufacturing companies, colleges and universities, professional service organizations, retailers, and healthcare organizations. The business needs for each of these types of organizations vary greatly. ERP vendors are classified as tier I, II, or III according to the type of customers they target. Tier III vendors target smaller firms with annual revenue in the $10 million to $50 million range that typically operate out of a single location. When compared to tier I and tier II solutions, tier III solutions are comparatively easy and inexpensive to implement and support. 18. _____ enterprise resource planning system solutions are highly complex. a. Tier I b. Tier II c. Tier III d. Tier IV ANS: A RATIONALE: Tier I vendors target large multinational firms with multiple locations and annual revenue in excess of $1 billion. Tier I enterprise resource planning system solutions are highly complex. 19. Which of the following enterprise resource planning system solutions is the most expensive to implement and support? a. Tier I b. Tier II c. Tier III d. Tier IV ANS: A RATIONALE: Tier I vendors target large multinational firms with multiple locations and annual revenue in excess of $1 billion. Tier I enterprise resource planning system solutions are highly complex and expensive to implement and support. 20. Which of the following enterprise resource planning system solutions is the least expensive to implement and support? a. Tier I b. Tier II c. Tier III d. Tier IV ANS: C RATIONALE: Tier III vendors target smaller firms with annual revenue in the $10 million to $50 million range that typically operate out of a single location. Tier III solutions are comparatively easy and inexpensive to implement and support. 21. Which classification of enterprise resource planning vendors can take years for implementation across multiple locations? a. Tier I
b. Tier II c. Tier III d. Tier IV ANS: A RATIONALE: Tier I vendors target large multinational firms with multiple locations and annual revenue in excess of $1 billion. Tier I enterprise resource planning system solutions are highly complex and expensive to implement and support; implementation across multiple locations can take years. 22. Which of the following is true of tier I enterprise resource planning vendors? a. They target large multinational firms with facilities in multiple locations. b. They target medium-sized firms based out of a single location. c. They target small-sized firms with facilities in multiple locations. d. They target medium-sized firms with facilities in multiple locations. ANS: A RATIONALE: Tier I vendors target large multinational firms with multiple locations and annual revenue in excess of $1 billion. Tier I ERP system solutions are highly complex and expensive to implement and support. 23. Which of the following is true about open-source enterprise resource planning (ERP) system software? a. An open-source ERP system software’s source code can be modified easily. b. An open-source ERP system software’s source code is not flexible enough to adapt it for changing business needs. c. An open-source ERP system software’s source code is too complex to be modified. d. An open-source ERP system software’s source code is not visible to users. ANS: A RATIONALE: Enterprise resource planning (ERP) systems are commonly used in manufacturing companies, colleges and universities, professional service organizations, retailers, and healthcare organizations. As an alternative to contracting with service organizations to customize an ERP system, many organizations elect to implement open-source ERP systems from vendors. With open-source software, organizations can see and modify the source code to customize it to meet their needs. Such systems are much less costly to acquire and are relatively easy to modify to meet changing business needs. 24. _____ includes the planning, execution, and control of all activities involved in raw material sourcing and procurement, conversion of raw materials to finished products, and the warehousing and delivery of finished products to customers. a. Risk factor management b. Supply chain management c. Operations management d. Customer relationship management ANS: B RATIONALE: Supply chain management (SCM) includes the planning, execution, and control of all activities involved in raw material sourcing and procurement, conversion of raw materials to finished products, and the warehousing and delivery of finished products to customers. The goal of SCM is to
decrease costs and improve customer service, while at the same time reducing the overall investment in inventory in the supply chain. 25. Which of the following is the goal of supply chain management? a. To reduce the risk of disasters caused by human error, deliberate destruction, and building or equipment failures b. To introduce emergency preparedness and response in development programs for disaster-prone regions c. To acquire accurate, consistent, detailed, and up-to-date financial data at the end of an accounting period d. To reduce the overall investment in inventory, decrease costs, and improve customer service ANS: D RATIONALE: Supply chain management (SCM) includes the planning, execution, and control of all activities involved in raw material sourcing and procurement, conversion of raw materials to finished products, and the warehousing and delivery of finished products to customers. The goal of SCM is to decrease costs and improve customer service, while at the same time reducing the overall investment in inventory in the supply chain. 26. Which of the following manages materials, information, and financial resources during the transition from manufacturer to wholesaler to retailer to consumer? a. Risk and hazard management b. Enterprise resource management c. Supply chain management d. Disaster and safety management ANS: C RATIONALE: Supply chain management includes the planning, execution, and control of all activities involved in raw material sourcing and procurement, conversion of raw materials to finished products, and the warehousing and delivery of finished products to customers. It manages materials, information, and financial resources during the transition from supplier to manufacturer to wholesaler to retailer to consumer. 27. Which of the following is a process that is part of supply chain management that determines the market for a company’s products by taking into account all the factors that can affect consumer choices, including pricing, promotions, and advertising activities? a. Demand planning b. Asset management c. Cooperative marketing d. Contingency forecasting ANS: A RATIONALE: Demand planning determines the demand for a company’s products by taking into account all the factors that can affect demand, including pricing, promotions, and advertising activities; general economic conditions; actions by competitors and regulatory agencies; holidays; and the weather. Some organizations have implemented a collaborative forecasting, planning, and replenishment process. 28. Dove, a famous book publisher has decided to publish a new book in the international market. He needs to determine the interest readers may have in his new book, and he needs to determine the
pricing and advertising strategies accordingly. Which process of supply chain management can help the publisher determine the number of books to print? a. Customer service d. Demand planning c. Sourcing d. Logistics ANS: B RATIONALE: Demand planning determines the demand for a company’s products by taking into account all the factors that can affect demand, including pricing, promotions, and advertising activities; general economic conditions; actions by competitors and regulatory agencies; holidays; and the weather. Some organizations have implemented a collaborative forecasting, planning, and replenishment process. 29. Which of the following is a process of supply chain management that chooses suppliers and establishes contract terms to provide the raw material needed to create a product? a. Stocktaking b. Sourcing c. Advertising d. Marketing ANS: B RATIONALE: Supply chain management includes the planning, execution, and control of all activities involved in raw material sourcing and procurement, conversion of raw materials to finished products, and the warehousing and delivery of finished products to customers. Sourcing chooses suppliers and establishes contract terms to provide the raw material needed to create a product. 30. Identify the supply chain management process that produces, tests, packages, and prepares products for delivery. a. Advertising b. Forecasting c. Sourcing d. Manufacturing ANS: D RATIONALE: Supply chain management includes the planning, execution, and control of all activities involved in raw material sourcing and procurement, conversion of raw materials to finished products, and the warehousing and delivery of finished products to customers. Manufacturing produces, tests, packages, and prepares products for delivery. 31. _____, a supply chain process, establishes a network of warehouses for storing products, chooses carriers to deliver products to customers, and schedules carrier pickups so that products are delivered to the customers or warehouses on a timely basis. a. Logistics b. Schedule c. Channeling d. Retail ANS: A RATIONALE: Supply chain management includes the planning, execution, and control of all activities involved in raw material sourcing and procurement, conversion of raw materials to finished products,
and the warehousing and delivery of finished products to customers. The logistics process of a supply chain establishes a network of warehouses for storing products, chooses carriers to deliver products to customers, and schedules carrier pickups so that products are delivered to the customers or warehouses on a timely basis. 32. A(n) _____ software automates and integrates the functions of sales, marketing, and service in an organization. a. decision support system b. customer relationship management c. search engine optimization d. executive resource planning ANS: B RATIONALE: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. CRM software automates and integrates the functions of sales, marketing, and service in an organization. 33. Which of the following is the objective of customer relationship management (CRM) software? a. To capture data about every contact a company has with a customer through every channel and to store it in the system b. To attract potential customers to the company’s Web site through the use of Web page banner ads that display graphics and include a hyperlink to the advertisers’ Web site c. To rate customers according to their loyalty toward the company and provide incentives to them d. To implement build-to-order processes that enable inexpensive customization of products and services to precisely meet the needs of individual customers ANS: A RATIONALE: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. CRM software automates and integrates the functions of sales, marketing, and service in an organization. The objective of the software is to capture data about every contact a company has with a customer through every channel and to store it in the CRM system. 34. _____ is a key feature of a customer relationship management (CRM) system that provides the ability to track data on individual customers and sales leads and then access that data from any part of the organization. a. Desktop sharing b. Asset management c. Contact management d. Unified communication ANS: C RATIONALE: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. CRM software automates and integrates the functions of sales, marketing, and service in an organization. Contact management is a key feature of the CRM system that provides the ability to track data on individual customers and sales leads and then access that data from any part of the organization.
35. _____, a key feature of a customer relationship management system, is the ability to organize data about customers and sales leads, prioritize potential sales opportunities, and identify appropriate next steps. a. Sales forecasting b. Sales dynamics c. Sales budgeting d. Sales management ANS: D RATIONALE: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. CRM software automates and integrates the functions of sales, marketing, and service in an organization. Sales management is the ability to organize data about customers and sales leads, prioritize potential sales opportunities, and identify appropriate next steps. 36. _____, a key feature of a customer relationship management system, is the ability to aid customer service representatives so that they can quickly, thoroughly, and appropriately address customer requests and resolve customer issues while collecting and storing data about those interactions. a. Customer support b. Marketing automation c. Customer analysis d. Contact management ANS: A RATIONALE: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. CRM software automates and integrates the functions of sales, marketing, and service in an organization. Customer support is the ability to aid customer service representatives so that they can quickly, thoroughly, and appropriately address customer requests and resolve customer issues while collecting and storing data about those interactions. 37. _____, a key feature of a customer relationship management (CRM) system, has the ability to capture and analyze all customer interactions, generate appropriate responses, and gather data to create and build effective and efficient marketing campaigns. a. Contact management b. Sales forecasting c. Marketing automation d. Customer attrition ANS: C RATIONALE: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. CRM software automates and integrates the functions of sales, marketing, and service in an organization. Marketing automation, a key feature of a customer relationship management (CRM) system, is the ability to capture and analyze all customer interactions, generate appropriate responses, and gather data to create and build effective and efficient marketing campaigns. 38. Which of the following key features of a customer relationship management (CRM) system has the ability to evaluate customer data to identify ways to increase revenue and decrease costs and identify the firm’s “best customers”?
a. Contact management b. Analysis c. Automation d. Sales management ANS: B RATIONALE: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. CRM software automates and integrates the functions of sales, marketing, and service in an organization. Analysis has the ability to evaluate customer data to identify ways to increase revenue and decrease costs and identify the firm’s “best customers.” 39. _____ is an enterprise business strategy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information. a. Supply chain management b. Risk management c. Product life cycle management d. Accounting management ANS: C RATIONALE: Product life cycle management is an enterprise business strategy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information. A product lifecycle management software provides a means for managing the data and processes associated with the various phases of the product life cycle. 40. Which of the following generates design and process documents, bill of material definitions, product attributes, product formulations, and documents needed for FDA and environmental compliance? a. Product life cycle management software b. Architectural plan and design software c. Product sustenance and support software d. Enterprise resource planning software ANS: A RATIONALE: Product life cycle management (PLM) is an enterprise business strategy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information. PLM generates design and process documents, bill of material definitions, product attributes, product formulations, and documents needed for FDA and environmental compliance. 41. _____ software provides support for the key functions of configuration management, document management, engineering change management, release management, and collaboration with suppliers and original equipment manufacturers (OEMs). a. Design support system b. Planning and design management c. Enterprise resource planning d. Product life cycle management ANS: D
RATIONALE: Product life cycle management (PLM) is an enterprise business strategy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information. PLM software provides support for the key functions of configuration management, document management, engineering change management, release management, and collaboration with suppliers and original equipment manufacturers (OEMs). 42. _____ is the use of software to assist in the creation, analysis, and modification of the design of a component or product. a. Computer-aided evaluation b. Computer-aided design c. Computer-aided engineering d. Computer-aided manufacturing ANS: B RATIONALE: Computer-aided design (CAD) is the use of software to assist in the creation, analysis, and modification of the design of a component or product. Its use can increase the productivity of the designer, improve the quality of design, and create a database that describes the item. 43. A space shuttle manufacturing firm was awarded a contract to build a spaceship for NASA. The firm required a programming environment to assist in the creation, analysis, and modification of the construction and layout of the spaceship. They also wanted to create a database that would describe the space shuttle. Which of the following tools would have been most useful to the firm in this scenario? a. A computer-aided design software b. An electronic bulletin board c. The Nielsen design system d. The Dennis design system ANS: A RATIONALE: Computer-aided design (CAD) is the use of software to assist in the creation, analysis, and modification of the design of a component or product. Its use can increase the productivity of a designer, improve the quality of design, and create a database that describes a product. In this scenario, the firm could use a computer-aided design software for the process. 44. Which of the following can increase the productivity of a designer, improve the quality of design, and create a database that describes a product? a. Tacit-aided design b. An electronic bulletin board c. Web site hosting d. Computer-aided design ANS: D RATIONALE: Computer-aided design (CAD) is the use of software to assist in the creation, analysis, and modification of the design of a component or product. Its use can increase the productivity of a designer, improve the quality of design, and create a database that describes a product. 45. _____ is the use of software to analyze the robustness and performance of components and assemblies. a. Web site hosting b. Computer-aided engineering
c. Computer-aided manufacturing d. E-commerce ANS: B RATIONALE: Computer-aided engineering (CAE) is the use of software to analyze the robustness and performance of components and assemblies. CAE software supports the simulation, validation, and optimization of products and manufacturing tools. 46. A space shuttle manufacturing firm was awarded a contract to build a spaceship for NASA. The firm used various tools to build the spaceship. It required a software to analyze the robustness and performance of the shuttle. It also required a software to simulate the spaceship’s performance. Which of the following tools would have helped the firm with its requirements? a. The Nielsen rating system b. An electronic bulletin board c. Computer-aided design d. Computer-aided engineering ANS: D RATIONALE: Computer-aided engineering (CAE) is the use of software to analyze the robustness and performance of components and assemblies. CAE software supports the simulation, validation, and optimization of products and manufacturing tools. 47. _____ software supports the simulation, validation, and optimization of products and manufacturing tools. a. E-procurement b. Computer-aided manufacturing c. Computer-aided engineering d. Enterprise application integration ANS: C RATIONALE: Computer-aided engineering (CAE) is the use of software to analyze the robustness and performance of components and assemblies. CAE software supports the simulation, validation, and optimization of products and manufacturing tools. 48. _____ is the use of software to control machine tools and related machinery in the production of components and products. a. Product line pricing b. Export factoring c. Computer-aided engineering d. Computer-aided manufacturing ANS: D RATIONALE: Computer-aided manufacturing (CAM) is the use of software to control machine tools and related machinery in the production of components and products. The model generated in computer-aided design (CAD) and verified in computer-aided engineering (CAE) can be input into CAM software, which then controls the machine tool. 49. A robot manufacturing company in Southeast Asia undertakes a government project to produce multi-utility robots. It requires a software to control the machine tools and processes needed to manufacture robots. Identify which of the following can help the company in this scenario. a. Product line pricing
b. Computer-aided manufacturing c. Enterprise application integration d. Product portfolio designing ANS: B RATIONALE: Computer-aided manufacturing (CAM) is the use of software to control machine tools and related machinery in the production of components and products. Computer-aided manufacturing is the use of software to control machine tools and related machinery in the production of components and products. The model generated in computer-aided design (CAD) and verified in computer-aided engineering (CAE) can be input into CAM software, which then controls the machine tool. 50. An automobile manufacturing firm employs product life cycle management (PLM) software to develop a new automobile chassis. It uses computer-aided design (CAD), computer-aided engineering (CAE), and computer-aided manufacturing (CAM) to help produce and analyze the performance of the chassis. Identify a true statement about this scenario. a. The model of the chassis is generated using CAE and its performance is verified using CAD. b. The model of the chassis is generated using CAM and manufactured using CAE. c. The model of the chassis is generated using CAD and its performance is verified using CAE. d. The model of the chassis is generated using CAE and manufactured using CAM. ANS: C RATIONALE: Computer-aided engineering (CAE) is the use of software to analyze the robustness and performance of components and assemblies. Computer-aided manufacturing (CAM) is the use of software to control machine tools and related machinery in the production of components and products. Computer-aided design (CAD) is the use of software to assist in the creation, analysis, and modification of the design of a component or product. 51. Which of the following enables global organizations to work as a single team to design, produce, support, and retire products, while capturing best practices learned along the way? a. An effective yield management system b. An effective product life cycle management system c. An enterprise resource planning system d. A risk and threat management system ANS: B RATIONALE: Product life cycle management is an enterprise business strategy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information. The use of an effective PLM system enables global organizations to work as a single team to design, produce, support, and retire products, while capturing best practices and lessons learned along the way. 52. How is the benefit of reduced time to market achieved in a product life cycle management system? a. By reducing scrap and rework through improved processes b. By reducing the number of product components through standardization c. By improving collaboration among the organization and its suppliers, contract manufacturers, and other equipment manufacturers d. By providing a secure repository, tracking and audit trails, change and document management controls, workflow and communications, and improved security
ANS: A RATIONALE: The benefit of reduced time to market is achieved by improving collaboration among the organization and its suppliers, contract manufacturers, and other equipment manufacturers in a product life cycle management system. It can also be achieved by connecting design, research and development, procurement, manufacturing, and customer service seamlessly through a flexible collaboration environment. 53. How is the benefit of reduced costs achieved in a product life cycle management system? a. By connecting design, research and development, procurement, manufacturing, and customer service seamlessly through a flexible collaboration environment b. By improving collaboration among the organization and its suppliers, contract manufacturers, and other equipment manufacturers c. By providing a secure repository, tracking and audit trails, change and document management controls, workflow and communications, and improved security d. By limiting the number of product components through standardization ANS: D RATIONALE: The benefit of reduced costs is achieved by limiting the number of product components through standardization in a product life cycle management system. It can also be achieved by reducing scrap and rework through improved processes. 54. _____ is the production of distinct items that can be decomposed back into their basic components. a. Discrete manufacturing b. Export factoring c. Import factoring d. Process manufacturing ANS: A RATIONALE: Discrete manufacturing is the production of distinct items that can be decomposed back into their basic components. Automobiles, airplanes, furniture, and toys are examples of discrete manufacturing products. 55. _____ is the production of goods that are the result of a chemical process and cannot be easily decomposed back into their basic components. a. Discrete manufacturing b. Horizontal integration c. Vertical integration d. Process manufacturing ANS: D RATIONALE: Process manufacturing is the production of products that are the result of a chemical process and cannot be easily decomposed back into their basic components. Soda, laundry detergent, gasoline, and pharmaceutical drugs are examples of process manufacturing products. 56. Which of the following organizations is a discrete manufacturer? a. A pharmaceutical company in Arizona that manufactures skin creams b. A detergent and soap manufacturing company in Mexico City c. A glass manufacturing company in Canada that manufactures windshields for buses d. A plane turbine manufacturing company in South Africa
ANS: D RATIONALE: Discrete manufacturing is the production of distinct items that can be decomposed back into their basic components. Automobiles, airplanes, furniture, and toys are examples of discrete manufacturing products. 57. Soyan Inc., an armored-vehicle manufacturer based in Arizona, manufactures light to semi-light utility vehicles with armors that are used in war zones, disaster-struck areas, and harsh terrains. The company is a _____. a. discrete manufacturer b. vertical manufacturer c. horizontal manufacturer d. process manufacturer ANS: A RATIONALE: Discrete manufacturing is the production of distinct items that can be decomposed back into their basic components. Automobiles, airplanes, furniture, and toys are examples of discrete manufacturing products. 58. Which of the following is an example of process manufacturing? a. Ted & Bonny is an automobile manufacturing company that specializes in building luxury buses. b. Star-Gate LLC. specializes in designer furniture and home décor. c. Koing Inc. is a soda manufacturing firm based in Beijing. d. Pancy & Perk is a company in Mexico City that manufactures toys. ANS: C RATIONALE: Process manufacturing is the production of products that are the result of a chemical process and cannot be easily decomposed back into their basic components. Soda, laundry detergent, gasoline, and pharmaceutical drugs are examples of process manufacturing products. 59. Juan refineries is a subsidiary of Seashell oil in California. It produces petroleum jelly, fertilizers, pesticides, and other petroleum-related products. This is an example of _____. a. discrete manufacturing b. vertical manufacturing c. horizontal manufacturing d. process manufacturing ANS: D RATIONALE: Process manufacturing is the production of products that are the result of a chemical process and cannot be easily decomposed back into their basic components. Soda, laundry detergent, gasoline, and pharmaceutical drugs are examples of process manufacturing products. 60. Zona pharmaceuticals is a global pharmaceutical firm based out of Texas. It employs 3200 people who work all over the United States. The firm decides to implement an enterprise resource planning management system to support product innovation and to reduce the time to market of a set of new products. Which of the following suggestions should be followed by the firm to avoid any cause for a failed enterprise system implementation? a. Define metrics to assess project progress and identify project-related risks. b. Assign a part-time executive to manage the project. c. Appoint a fresher to provide project oversight and to verify and validate system performance. d. Deliver project value only after the project is completed and ready to be launched.
ANS: A RATIONALE: Implementing an enterprise system is extremely challenging and requires tremendous amounts of resources, the best information technology and businesspeople, and plenty of management support. Even with all of the right resources deployed, many enterprise system implementations fail, and problems with an enterprise system implementation can require expensive solutions. In the given scenario, Zona pharmaceuticals can avoid a failed enterprise system implementation by defining metrics to assess project progress and by identifying project-related risks. 61. How are small and medium-sized enterprises (SMEs) benefited by the hosted software model? a. SMEs can give away their core products for free to a large group of customers. b. SMEs can experiment with powerful software capabilities without making a major financial investment. c. SMEs can create a digital media file and distribute it over the Internet using syndication feeds. d. SMEs can create and edit Web page content freely using any Web browser. ANS: B RATIONALE: Many enterprise software vendors are pushing the use of the hosted software model for small and medium-sized enterprises (SMEs) with fewer than 250 employees. This pay-as-you-go approach is appealing to SMEs because they can experiment with powerful software capabilities without making a major financial investment. 62. Which of the following is true about small and medium-sized enterprises (SMEs) that use the hosted software model? a. SMEs will have to buy the software from the vendor to use it. b. SMEs will have to invest heavily to use the software hosted by the vendor. c. SMEs will have to pay the software vendor if the software fails to provide value. d. SMEs will have to dispose of the software without large investments if it misses expectations. ANS: D RATIONALE: Many enterprise software vendors are pushing the use of the hosted software model for small and medium-sized enterprises (SMEs) with fewer than 250 employees. SMEs can experiment with powerful software capabilities without making a major financial investment. They can dispose of the software without large investments if it fails to provide value or otherwise misses expectations. 63. Which of the following is true of the hosted software model? a. It aims to help customers benefit from new technology while avoiding much of the associated complexity and high start-up costs. b. It defines metrics to assess project progress and to identify project-related risks. c. It keeps the scope of a project well defined and restricted to essential business processes. d. It is applicable only to multinational corporations (MNCs) and not to small and medium-sized enterprises (SMEs). ANS: A RATIONALE: Many enterprise software vendors are pushing the use of the hosted software model for small and medium-sized enterprises (SMEs) with fewer than 250 employees. The goal is to help customers acquire, use, and benefit from the new technology while avoiding much of the associated complexity and high start-up costs. 64. Which of the following is an advantage of the hosted software model?
a. Decreased total cost of ownership b. Increased efforts to manage the vendor c. Free usage of vendor’s software d. Highly customizable nature of the source code ANS: A RATIONALE: Many enterprise software vendors are pushing the use of the hosted software model for small and medium-sized enterprises (SMEs) with fewer than 250 employees. The advantages of a hosted software model are decreased total cost of ownership, faster system start-up, lower implementation risk, and the management of systems can be outsourced to experts. 65. Identify a disadvantage of the hosted software model. a. Decreased total cost of ownership b. Potential availability and reliability issues c. Lower implementation risk d. Management of systems outsourced to experts ANS: B RATIONALE: Many enterprise software vendors are pushing the use of the hosted software model for small and medium-sized enterprises (SMEs) with fewer than 250 employees. The disadvantages of a hosted software model are potential availability and reliability issues, potential data security issues, potential problems integrating the hosted products of different vendors, and potential increased effort to manage vendor. TRUE/FALSE 1. An enterprise resource planning system is a set of integrated programs that manages a company’s vital business operations. ANS: True RATIONALE: An enterprise resource planning (ERP) system is a set of integrated programs that manages a company’s vital business operations. The goal of an ERP system is to enable easy access to business data and create efficient, streamlined work processes. 2. A business process is a set of coordinated and related activities that takes one or more types of input and creates an output of value to the customer. ANS: True RATIONALE: An enterprise resource planning (ERP) system is a set of integrated programs that manages a company’s vital business operations. The goal of an ERP system is to enable easy access to business data and create efficient, streamlined work processes. In this context, a business process is a set of coordinated and related activities that takes one or more types of input and creates an output of value to the customer of that process. 3. A customer relationship management (CRM) system helps match the capabilities of an organization’s information systems to its business needs. ANS: False RATIONALE: An enterprise resource planning (ERP) system is a set of integrated programs that manages a company’s vital business operations. It helps match the capabilities of an organization’s information systems to its business needs.
4. Financial statements for tax purposes and reports for shareholders can be created once the organization’s books are closed for an accounting period. ANS: True RATIONALE: Every company keeps revenue, expense, and income summary reports (often referred to collectively as “its books”) to gauge its general performance and track exactly how much money is going in and out of the business. Financial statements for tax purposes and reports for shareholders can be created once the organization’s books are closed for an accounting period. 5. In supply chain management, demand planning improves the customer experience and increases customer satisfaction. ANS: False RATIONALE: In supply chain management, customer service improves the customer experience and increases customer satisfaction. 6. Enterprise resource planning (ERP) systems work directly with manufacturing machines on the production floor. ANS: False RATIONALE: Enterprise resource planning (ERP) systems do not work directly with manufacturing machines on the production floor. They need a way to capture information about what is being produced. Production data must be passed to the ERP accounting modules to keep an accurate count of finished product inventory. 7. Product life cycle management improves productivity by connecting people across product development and manufacturing organizations with the product and process knowledge they need to succeed. ANS: True RATIONALE: Product life cycle management powers innovation and improves productivity by connecting people across product development and manufacturing organizations with the product and process knowledge they need to succeed. 8. Some enterprise software vendors are providing the hosted software model for small and medium-sized enterprises (SMEs) to help customers acquire, use, and benefit from the new technology. ANS: True RATIONALE: Some enterprise software vendors are providing the hosted software model for small and medium-sized enterprises (SMEs). The goal is to help customers acquire, use, and benefit from the new technology while avoiding much of the associated complexity and high start-up costs. 9. Small and medium-sized enterprises (SMEs) face high implementation risks when they use the hosted software model. ANS: False RATIONALE: Some enterprise software vendors are providing the hosted software model for small and medium-sized enterprises (SMEs). The goal is to help customers acquire, use, and benefit from
the new technology while avoiding much of the associated complexity and high start-up costs. SMEs face low implementation risks when they use the hosted software model. 10. Small and medium-sized enterprises (SMEs) may face potential problems in integrating the hosted products of different vendors in a hosted software model. ANS: True RATIONALE: Certain enterprise software vendors host software model for small and medium-sized enterprises (SMEs). The goal is to help customers acquire, use, and benefit from the new technology while avoiding much of the associated complexity and high start-up costs. SMEs may face potential problems in integrating the hosted products of different vendors in a hosted software model. ESSAY 1. Describe a customer relationship management system. ANSWER: A customer relationship management (CRM) system helps a company manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. The goal of CRM is to understand and anticipate the needs of current and potential customers to increase customer retention and loyalty while optimizing the way products and services are sold. CRM is used primarily by people in the sales, marketing, distribution, accounting, and service organizations to capture and view data about customers and to improve communications. 2. List the services provided by a product life cycle management (PLM) software. ANSWER: A product life cycle management (PLM) software provides a means for managing the data and processes associated with the various phases of the product life cycle, including sales and marketing, research and development, concept development, product design, prototyping and testing, manufacturing process design, production and assembly, delivery and product installation, service and support, and product retirement and replacement. As products advance through these stages, product data is generated and distributed to various groups both within and outside the manufacturing firm. 3. What are the challenges faced during the implementation of an enterprise system? ANSWER: Implementing an enterprise system is extremely challenging and requires tremendous amounts of resources, the best information technology and businesspeople, and plenty of management support, especially in a large organization. The most significant challenges to successful implementation of an enterprise system include the cost and disruption of upgrades, long implementation lead times, difficulty in managing change, the complexity of software customization, and high turnover rates for key project personnel. 4. List a few tips to avoid a failed implementation of an enterprise system. ANSWER: Implementing an enterprise system is extremely challenging and requires tremendous amounts of resources, the best information technology and businesspeople, and plenty of management. The following list provides tips for avoiding common causes for failed enterprise system implementations: Assign a full-time executive to manage the project. Involve users throughout the project and act on their feedback.
Appoint an experienced, independent resource to provide project oversight and to verify and validate system performance. Allow sufficient time for transition from the old way of doing things to the new system and new processes. Define metrics to assess project progress and identify project-related risks. Keep the scope of the project well defined and contained to essential business processes.
5. How does a product life cycle management (PLM) system achieve reduced time to market for its products? ANSWER: A product life cycle management (PLM) system is an enterprise business strategy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information. It achieves reduced time to market by connecting design, research and development, procurement, manufacturing, and customer service seamlessly through a flexible collaboration environment and by improving collaboration among the organization and its suppliers, contract manufacturers, and original equipment manufacturers (OEMs).
CHAPTER 9— BUSINESS INTELLIGENCE AND BIG DATA MULTIPLE CHOICE 1. _____ includes a wide range of applications, practices, and technologies for the extraction, transformation, integration, analysis, interpretation, and presentation of data to support improved decision making. a. Business intelligence b. Artificial intelligence c. Prescriptive analytics d. Artificial analytics ANS: A RATIONALE: Business intelligence (BI) includes a wide range of applications, practices, and technologies for the extraction, transformation, integration, analysis, interpretation, and presentation of data to support improved decision making. The data used in BI is often pulled from multiple sources and may be internally or externally generated. 2. _____ tools frequently operate on data stored in a data warehouse or data mart. a. Business intelligence b. Hadoop c. Prescriptive analytic d. Ransomware ANS: A RATIONALE: Business intelligence (BI) tools frequently operate on data stored in a data warehouse or data mart. The data used in BI is often pulled from multiple sources and may be internally or externally generated. 3. A _____ is a database that stores large amounts of historical data in a form that readily supports analysis and management decision making in an organization. a. data structure b. data warehouse c. data profile d. data guard ANS: B RATIONALE: A data warehouse is a database that stores large amounts of historical data in a form that readily supports analysis and management decision making. Many organizations employ data warehouses to hold the data they need to make key business decisions. 4. A(n) _____ is used to pull data from disparate data sources to populate and maintain a data warehouse. a. extract-transform-load (ETL) process b. hadoop process
c. online analytical process d. drill-down process ANS: A RATIONALE: An extract-transform-load (ETL) process is used to pull data from disparate data sources to populate and maintain a data warehouse. An effective ETL process is essential to ensure data warehouse success. 5. Which of the following best describes an extract-transform-load (ETL) process? a. It is a smaller version of a data warehouse—scaled down to meet the specific needs of a business unit. b. It contains data collections that are enormous and complex. c. It is a simple but highly useful way to organize structured data into collections of two-dimensional tables. d. It is used to pull data from disparate data sources to populate and maintain the data warehouse. ANS: D RATIONALE: An extract-transform-load (ETL) process is used to pull data from disparate data sources to populate and maintain the data warehouse. An effective ETL process is essential to ensure data warehouse success. 6. The effectiveness of a(n) _____ process is essential to ensure the success of a data warehouse. a. visual basic b. extract-transform-load c. chamfering d. actuating ANS: B RATIONALE: An extract-transform-load (ETL) process is used to pull data from disparate data sources to populate and maintain the data warehouse. An effective extract-transform-load (ETL) process is essential to ensure data warehouse success. 7. Which of the following steps in an extract-transform-load (ETL) process draws desired data from various data sources to update a data warehouse? a. Extract b. Autorun c. Load d. Transform ANS: A RATIONALE: The extract step in an extract-transform-load (ETL) process is designed to access the various sources of data and pull from each source the data desired to update a data warehouse. During the extract step, the data is also screened for unwanted or erroneous values; data that fails to pass the edits is rejected.
8. In an extract-transform-load (ETL) process, the mined data used to update a data warehouse is converted to a different format in the _____ step. a. extract b. autorun c. load d. transform ANS: D RATIONALE: In the transform step in an extract-transform-load (ETL) process, the data that will be used to update a data warehouse is edited and, if necessary, converted to a different format. For example, a store identifier present in a detailed transaction record may be converted to a less specific identifier that enables a useful aggregation of the data. 9. Which of the following steps in an extract-transform-load (ETL) process updates an existing data warehouse with the data obtained from the extract and transform steps? a. Transform b. Compress c. Load d. Extract ANS: C RATIONALE: The load step in an extract-transform-load (ETL) process updates an existing data warehouse with the data that have passed through the extract and transform steps. This creates a new, updated version of the data warehouse. 10. PHQ, a graphics firm, decides to filter its employees according to their dates of joining. Which of the following steps in the extract-transform-load (ETL) process should be taken by the firm to accomplish the task? a. Extract b. Autorun c. Load d. Transform ANS: A RATIONALE: The extract step in an extract-transform-load (ETL) process is designed to access the various sources of data and pull from each source the data desired to update a data warehouse. For example, the extract process may be designed to pull only a certain subset of orders from the Orders database— such as only those orders shipped after a certain date. 11. Zomi, a fashion outlet, wishes to delete the details of orders that cost less than $30. Which of the following steps in the extract-transform-load (ETL) process is used to accomplish this task? a. Load b. Extract c. Autorun d. Transform
ANS: B RATIONALE: During the extract step of an extract-transform-load (ETL) process, the data is screened for unwanted or erroneous values. The data that fails to pass the edits is rejected. 12. Which of the following steps in an extract-transform-load (ETL) process creates an updated version of a data warehouse? a. Transform b. Extract c. Autorun d. Load ANS: D RATIONALE: The load step in an ETL process updates an existing data warehouse with the data that have passed through the extract and transform steps. This creates a new, updated version of the data warehouse. 13. Which of the following is true of a data mart? a. It is an extended version of a data warehouse. b. It is an extended version of big data. c. It is a smaller version of a data warehouse. d. It is a smaller version of a hadoop. ANS: C RATIONALE: A data mart is a smaller version of a data warehouse—scaled down to meet the specific needs of a business unit. Some organizations have multiple data marts, each designed to meet the needs of a different part of the organization. 14. Which of the following is a minor version of a data warehouse that is scaled down to meet the specific needs of a business unit? a. Data cart b. Data mart c. Data wallet d. Data set ANS: B RATIONALE: A data mart is a smaller version of a data warehouse—scaled down to meet the specific needs of a business unit. Some organizations have multiple data marts, each designed to meet the needs of a different part of the organization. 15. Which of the following is a term used to describe data collections that are so enormous and complex that traditional data management software and analysis processes are incapable of dealing with them? a. Big data b. Data mart c. Data warehouse
d. Big cell ANS: A RATIONALE: Big data is a term used to describe data collections that are so enormous (think petabytes or larger) and complex (from sensor data to social media data) that traditional data management software, hardware, and analysis processes are incapable of dealing with them. To provide perspective on just how much data a petabyte is, consider that one petabyte of storage could contain 50 years’ worth of highquality video. 16. Which of the following represents an entity in a relational database model? a. A column b. A row c. An attribute d. A degree ANS: B RATIONALE: The relational database model is a simple but highly useful way to organize structured data into collections of two-dimensional tables called relations. Each row in a table represents an entity (person, place, or thing) in a database. 17. Which of the following represents the attribute of an entity in a relational database model? a. A column b. A row c. A Cardinality d. A tuple ANS: A RATIONALE: The relational database model is a simple but highly useful way to organize structured data into collections of two-dimensional tables called relations. Each row in a table represents an entity (person, place, or thing), and each column represents an attribute of that entity. 18. Which of the following best describes the relational database model? a. It helps organize unstructured data into collections of three-dimensional tables. b. It helps organize unstructured data into collections of two-dimensional tables. c. It helps organize structured data into collections of three-dimensional tables. d. It helps organize structured data into collections of two-dimensional tables. ANS: D RATIONALE: The relational database model is a simple but highly useful way to organize structured data into collections of two-dimensional tables called relations. Each row in a table represents an entity (person, place, or thing), and each column represents an attribute of that entity. 19. Which of the following is a special-purpose programming language used for accessing and manipulating data stored in a relational database? a. SQL
b. FORTRAN c. JAVA d. COBOL ANS: A RATIONALE: SQL is a special-purpose programming language for accessing and manipulating data stored in a relational database. SQL databases conform to ACID properties (atomicity, consistency, isolation, and durability) that guarantee database transactions are processed reliably and ensure the integrity of data in the database. 20. The ACID (atomicity, consistency, isolation, and durability) properties of SQL databases ensure _____. a. data severance b. data integrity c. data security d. data cogency ANS: B RATIONALE: SQL databases conform to ACID properties (atomicity, consistency, isolation, and durability) that guarantee database transactions are processed reliably and ensure the integrity of data in the database. ACID properties ensure that any updates to the database generated by a transaction are completed in their entirety. 21. The columns in a relational database model such as customer name and address represent _____. a. attributes b. entities c. keys d. tuples ANS: A RATIONALE: The relational database model is a simple but highly useful way to organize structured data into collections of two-dimensional tables called relations. Each row in the table represents an entity (person, place, or thing), and each column represents an attribute of that entity. 22. Identify the technique through which an SQL database ensures that other transactions do not modify a database until the first transaction succeeds or fails. a. Redundancy control b. Access control c. Concurrency control d. Integrity control ANS: C RATIONALE: SQL databases rely upon concurrency control by locking database records to ensure that other transactions do not modify a database until the first transaction succeeds or fails. As a result, 100 percent ACID (atomicity, consistency, isolation, and durability)-compliant SQL databases can suffer from slow performance.
23. Data that does not fit nicely into relational databases is known as _____. a. ultra-structured data b. unstructured data c. highlighter data d. structured data ANS: B RATIONALE: Data that is not organized in any predefined manner and does not fit nicely into relational databases is known as unstructured data. Many organizations are interested in analyzing unstructured data, often combining it with structured data to make business decisions. 24. Which of the following is true of unstructured data? a. It fits nicely into traditional databases. b. It ensures that any updates to a database generated by a transaction are completed in their entirety. c. It relies upon concurrency control by locking database records to ensure that other transactions do not modify a database until the first transaction succeeds or fails. d. It can add a depth to data analysis, with the right tools, that could not be achieved otherwise. ANS: D RATIONALE: Many organizations are interested in analyzing unstructured data, often combining it with structured data to make business decisions. Unstructured data can provide rich and fascinating insights. With the right tools, unstructured data can add a depth to data analysis that could not be achieved otherwise. 25. Which of the following databases is designed to store and retrieve data without rigidly implementing the ACID (atomicity, consistency, isolation, and durability) conditions associated with the relational database model? a. NoSQL b. Hadoop c. COBOL d. Flash ANS: A RATIONALE: A NoSQL database is designed to store and retrieve data in a manner that does not rigidly enforce the ACID (atomicity, consistency, isolation, and durability) conditions associated with the relational database model. The goal of a NoSQL database is to provide very fast performance even as the amount of data that must be processed continues to grow. 26. Which of the following is true of a NoSQL database? a. It possesses high data consistency. b. It stores data in a contemporary five-column table. c. It stores data in a simple three-column table. d. It is highly scalable.
ANS: D RATIONALE: A NoSQL database is highly scalable, meaning that a large database may be distributed across hundreds, thousands, or even tens of thousands of servers running the same NoSQL database management system. It is designed to store and retrieve data in a manner that does not rigidly enforce the ACID (atomicity, consistency, isolation, and durability) conditions associated with the relational database model. 27. The ability to ensure that an update to data in one part of a database is immediately propagated to all other parts of the database is known as _____. a. data integrity b. data deduplication c. data authenticity d. data consistency ANS: D RATIONALE: The ability to ensure that an update to data in one part of a database is immediately propagated to all other parts of the database is known as data consistency. NoSQL databases lack strong data consistency. 28. Identify a drawback of a NoSQL database. a. It lacks strong data consistency. b. It deteriorates the system uptime. c. It is less scalable. d. It is not efficient in dealing with extremely large databases. ANS: A RATIONALE: NoSQL databases lack strong data consistency—the ability to ensure that an update to data in one part of the database is immediately propagated to all other parts of the database. It stores data as highly optimized key-value pairs with the data stored in a simple two-column table, one column reserved for a unique record identifier (e.g., customer id) and the other for the data value. 29. A NoSQL database stores data as highly optimized key-value pairs with the data stored in a _____ table. a. simple two-column b. contemporary four-column c. simple three-column d. contemporary nine-column ANS: A RATIONALE: A NoSQL database stores data as highly optimized key-value pairs with the data stored in a simple two-column table, one column reserved for a unique record identifier (e.g., customer id) and the other for the data value. It is highly scalable, meaning that a large database may be distributed across hundreds, thousands, or even tens of thousands of servers running the same NoSQL database management system.
30. Identify the feature of a NoSQL database that allows a large database to be distributed across thousands of servers running the same NoSQL database management system. a. Deduplication b. Scalability c. Integrity d. Authenticity ANS: B RATIONALE: A NoSQL database is highly scalable, meaning that a large database may be distributed across hundreds, thousands, or even tens of thousands of servers running the same NoSQL database management system. This distribution of the database improves system uptime as the database can still process almost all transactions even if a couple of servers are down. 31. Identify the system feature that is improved due to the highly scalable nature of NoSQL databases. a. System memory b. System security c. System uptime d. System boot-time ANS: C RATIONALE: A NoSQL database is highly scalable, meaning that a large database may be distributed across hundreds, thousands, or even tens of thousands of servers running the same NoSQL database management system. This distribution of the database improves system uptime as the database can still process almost all transactions even if a couple of servers are down. 32. Which of the following databases should be used by a company that has over 50,000 employees in several locations to efficiently manage its database even when a couple of servers are down? a. Hadoop b. SQL c. COBOL d. NoSQL ANS: D RATIONALE: A NoSQL database is highly scalable, meaning that a large database may be distributed across hundreds, thousands, or even tens of thousands of servers running the same NoSQL database management system. This distribution of the database improves system uptime as the database can still process almost all transactions even if a couple of servers are down. 33. Which of the following is true of Hadoop? a. It is designed to store and retrieve data in a manner that does not rigidly enforce the atomicity, consistency, isolation, and durability (ACID) conditions associated with the relational database model. b. It is an open-source software framework designed for processing large volumes of data by dividing the work into a set of independent tasks. c. It is a simple but highly useful way to organize structured data into collections of two-dimensional tables called relations.
d. It is a method to analyze multidimensional data from many different perspectives. ANS: B RATIONALE: Hadoop is an open-source software framework designed for processing large volumes of data by dividing the work into a set of independent tasks that are executed in parallel on a large number of servers. The servers run independently of one another but under the direction of another processor that distributes the work to the various processors and collects their results. 34. Which of the following best describes the application layer of Hadoop? a. It enables applications such as internally developed programming languages or purchased third-party business intelligence tools to interact with Hadoop. b. It handles the scheduling and initiation of jobs and balances the required work among the various resources available. c. It handles inevitable job failures and interruptions. d. It is responsible for the storage of big data. ANS: A RATIONALE: Hadoop, an open-source software framework, can be thought of as consisting of three layers—the application layer, the workload layer, and the Hadoop Distributed File System (HDFS). The application layer of Hadoop enables applications (internally developed using Java, Pig, or Hive programming languages or purchased third-party business intelligence tools) to interact with Hadoop. 35. Which of the following layers of Hadoop handles job failures and interruptions? a. The application layer b. The Hadoop memory layer (HML) c. The workload management layer d. The Hadoop Distributed File System layer (HDFS) ANS: C RATIONALE: Hadoop, an open-source software framework, can be thought of as consisting of three layers—the application layer, the workload layer, and the Hadoop Distributed File System. The workload management layer of Hadoop handles the scheduling and initiation of jobs, balances the required work among the various resources available, and handles the inevitable job failures and interruptions. 36. Which layer of Hadoop is responsible for data storage? a. The application layer b. The Hadoop Distributed File system layer (HDFS) c. The workload management layer d. The Hadoop resource layer (HRL) ANS: B RATIONALE: Hadoop, an open-source software framework, can be thought of as consisting of three layers—the application layer, the workload layer, and the Hadoop Distributed File System. The Hadoop Distributed File System (HDFS) layer is responsible for storage of data in a data warehouse.
37. The Hadoop Distributed File System layer (HDFS) stores data in blocks of _____ or more. a. 128 MB b. 64 MB c. 16 MB d. 32 MB ANS: A RATIONALE: The Hadoop Distributed File System (HDFS) is responsible for data storage. Data is stored in blocks of 128 MB or more, and each block of data is replicated to achieve high reliability. 38. _____ enables the analysis of big data and other challenging data-processing applications. a. In-memory database (IMDB) b. Hadoop Distributed File System layer (HDFS) c. Hadoop memory system (HMS) d. iSQL ANS: A RATIONALE: An in-memory database (IMDB) is a database management system that stores an entire database in random access memory (RAM). It enables the analysis of big data and other challenging data-processing applications. 39. Which of the following is the storage medium of an in-memory database (IMDB)? a. Read-only memory (ROM) b. Virtual drive c. Magnetic tape d. Random access memory (RAM) ANS: D RATIONALE: An in-memory database (IMDB) is a database management system that stores an entire database in random access memory (RAM). This approach provides access to data at rates thousands of times faster than storing data on some form of secondary storage (e.g., a hard drive or flash drive), as is done with traditional database management systems. 40. A(n) _____ is a database management system that stores an entire database in random access memory (RAM). a. Hadoop Distributed File System layer (HDFS) b. in-memory database (IMDB) c. iSQL database d. Hadoop memory system (HMS) ANS: B RATIONALE: An in-memory database (IMDB) is a database management system that stores an entire database in random access memory (RAM). This approach provides access to data at rates thousands of times faster than storing data on some form of secondary storage (e.g., a hard drive or flash drive), as is done with traditional database management systems.
41. In-memory databases (IMDBs) have become feasible because of the decrease in _____ capacities. a. random access memory (RAM) b. read-only memory (ROM) c. random access memory (RAM) d. read-only memory (ROM) ANS: C RATIONALE: In-memory databases (IMDBs) have become feasible because of the increase in random access memory (RAM) capacities and a corresponding decrease in RAM costs. In addition, in-memory databases perform best on multiple multicore processors (which have become more common and affordable) that can process parallel requests to the data, further speeding access to and processing of large amounts of data. 42. Which of the following business intelligence tools performs operations on data based on formulas created by the end user? a. Spreadsheet b. Drill-down analysis c. Online analytical processing d. Data mining ANS: A RATIONALE: Business managers often import data into a spreadsheet program, which then can perform operations on the data based on formulas created by the end user. Spreadsheets are also used to create useful reports and graphs based on that data. 43. Which of the following tools in a spreadsheet performs “what if” analysis? a. Excel Solver b. Excel filter manager c. Excel chart d. Excel scenario manager ANS: D RATIONALE: Spreadsheets can be used to create useful reports and graphs based on given data. End users can even employ tools such as the Excel scenario manager to perform “what if” analysis to evaluate various alternatives. 44. Identify the spreadsheet tool that is used to determine the optimal solution to a problem with multiple constraints. a. Excel scenario manager b. Excel Solver c. Excel filter d. Excel chart ANS: B
RATIONALE: Spreadsheets can be used to create useful reports and graphs based on given data. End users can employ Excel Solver to find the optimal solution to a problem with multiple constraints. 45. _____ can be used to create useful reports and graphs based on given data. a. Spreadsheets b. Hadoop c. Business rule management system d. Enterprise search software ANS: A RATIONALE: Business managers often import data into a spreadsheet program, which then can perform operations on the data based on formulas created by the end user. Spreadsheets are also used to create useful reports and graphs based on that data. 46. Which of the following best describes reporting and querying tools? a. They perform operations on the data based on formulas created by the end user. b. They consist of data cubes that contain numeric facts called measures, which are categorized by dimensions such as time and geography. c. They match a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. d. They present data in a simplified form of graphs and charts, making it easier to understand. ANS: D RATIONALE: Most organizations have invested in some reporting tools to help their employees get the data they need to solve a problem or identify an opportunity. Reporting and querying tools can present that data in an easy to understand fashion—via formatted data, graphs, and charts. 47. Which of the following enables end users to make their own data requests and format the results without the need for additional help from the information technology organization? a. Online analytical processing (OLAP) b. Reporting and querying tools c. Spreadsheets d. Drill-down analysis ANS: B RATIONALE: Reporting and querying tools can present data in an easy to understand fashion—via formatted data, graphs, and charts. It enables end users to make their own data requests and format the results without the need for additional help from the information technology organization. 48. _____ enables users to identify issues and opportunities as well as perform trend analysis by analyzing multidimensional data from many different perspectives. a. Online analytical processing (OLAP) b. Drill-down analysis c. Excel scenario manager d. Excel Solver
ANS: A RATIONALE: Online analytical processing (OLAP) is a method to analyze multidimensional data from many different perspectives. It enables users to identify issues and opportunities as well as perform trend analysis. 49. Which of the following is a method to analyze multidimensional data from different perspectives? a. Spreadsheet reporting b. Data mining c. Online analytical processing (OLAP) d. Drill-down analysis ANS: C RATIONALE: Online analytical processing (OLAP) is a method to analyze multidimensional data from many different perspectives. It enables users to identify issues and opportunities as well as perform trend analysis. 50. Databases built to support online analytical processing (OLAP) consist of _____. a. data cubes b. data hubs c. data cards d. data marts ANS: A RATIONALE: Databases built to support online analytical processing (OLAP) consist of data cubes that contain numeric facts called measures. A simple example would be a data cube that contains the unit sales of a specific product as a measure. 51. Which of the following is the reason behind the quick responsiveness of online analytical processing (OLAP)? a. Matching a user’s query to many sources of information b. The pre-aggregation of detailed data into useful data summaries c. Performing operations on data based on user defined formulas d. An Interactive examination of high-level summary data ANS: B RATIONALE: The key to the quick responsiveness of online analytical processing (OLAP) processing is the pre-aggregation of detailed data into useful data summaries in anticipation of questions that might be raised. For example, data cubes can be built to summarize unit sales of a specific item on a specific day for a specific store. 52. PindCart, a garment retailer, is not sure of the demand for its products during the festive seasons and ends up with very little profit. Which of the following business intelligence tools can help PindCart to predict the demand and maximize its sales? a. Drill-down analysis
b. Online analytical processing c. Spreadsheets d. Dashboards ANS: B RATIONALE: PindCart can use online analytical processing (OLAP) to predict the demand and maximize its sales. In the retail industry, online analytical processing (OLAP) is used to help firms predict customer demand and maximize sales. For example, Starbucks employs some 149,000 workers in 10,000 retail stores in the United States. The firm built a data warehouse to hold 70 terabytes of point-of-sale and customer loyalty data. This data is compressed into data cubes of summarized data to enable users to perform OLAP analysis of store-level sales and operational data. 53. _____ is a powerful tool that enables decision makers to gain insight into the details of business data to better understand why something happened. a. Stingray b. Data mining c. Online analytical processing (OLAP) d. Drill-down analysis ANS: D RATIONALE: Drill-down analysis is a powerful tool that enables decision makers to gain insight into the details of business data to better understand why something happened. It involves the interactive examination of high-level summary data in increasing detail to gain insight into certain elements. 54. SoulTree, a software giant, has adopted a business strategy, already employed by its competitor, to market its products. Unfortunately, the adopted strategy does not work for SoulTree although it has been successful for its competitor. Which of the following business intelligence tools can help SoulTree to understand why the adopted strategy failed? a. Drill-down analysis b. Online analytical processing c. Spreadsheets d. Data mining ANS: A RATIONALE: SoulTree can implement drill-down analysis to understand the failure of its business strategy. Drill-down analysis is a powerful tool that enables decision makers to gain insight into the details of business data to better understand why something happened. It involves the interactive examination of high-level summary data in increasing detail to gain insight into certain elements. 55. Identify a true statement about drill-down analysis. a. It involves the interactive examination of high-level summary data in increasing detail to gain insight into certain elements. b. It involves pre-aggregation of detailed data into useful data summaries in anticipation of questions that might be raised. c. It performs operation on data based on user-defined formulas.
d. It is used to explore large amounts of data for hidden patterns to predict future trends and behaviors for use in decision making. ANS: A RATIONALE: Drill-down analysis is a powerful tool that enables decision makers to gain insight into the details of business data to better understand why something happened. It involves the interactive examination of high-level summary data in increasing detail to gain insight into certain elements. 56. _____ is a business intelligence (BI) tool used to explore large amounts of data for hidden patterns to predict future trends and behaviors for use in decision making. a. Online analytical processing (OLAP) b. Data governance c. Data mining d. Drill-down analysis ANS: C RATIONALE: Data mining is a business intelligence (BI) tool used to explore large amounts of data for hidden patterns to predict future trends and behaviors for use in decision making. Used appropriately, data mining tools enable organizations to make predictions about what will happen so that managers can be proactive in capitalizing on opportunities or avoiding potential problems. 57. Which of the following data mining techniques uses a specialized set of algorithms that sorts through data and forms statistical rules about relationships among the items? a. Neural computing b. Association analysis c. Case-based reasoning d. Drill-down analysis ANS: B RATIONALE: Association analysis uses a specialized set of algorithms that sorts through data and forms statistical rules about relationships among the items. Association analysis is one of the most commonly used data mining techniques. 58. Which of the following is true of the neural computing technique in data mining? a. Historical data is examined for patterns that are then used to make predictions. b. A set of algorithms sorts through data and forms statistical rules about relationships among the items. c. Historical if-then-else cases are used to recognize patterns. d. Operations are performed on given data based on formulas created by the end user. ANS: A RATIONALE: In neural computing, historical data is examined for patterns that are then used to make predictions. Used appropriately, data mining tools enable organizations to make predictions about what will happen so that managers can be proactive in capitalizing on opportunities or avoiding potential problems.
59. Which of the following business intelligence tools will help an organization to make business predictions? a. Data mining tools b. Online analytical processing tools c. Drill-down analysis tools d. Spreadsheet tools ANS: A RATIONALE: An organization can use data mining tools to make business predictions. Data mining tools enable organizations to make predictions about what will happen so that managers can be proactive in capitalizing on opportunities or avoiding potential problems. 60. Metrics that consist of a direction, measure, target, and time frame are known as _____. a. online analytical processors b. key association indicators c. drill-down analysis indicators d. key performance indicators ANS: D RATIONALE: Measures are metrics that track progress in executing chosen strategies to attain organizational objectives and goals. These metrics are also called key performance indicators (KPIs) and consist of a direction, measure, target, and time frame. 61. _____ present a set of key performance indicators about the state of a process at a specific point in time. a. Spreadsheets b. Dashboards c. Timesheets d. Worksheets ANS: B RATIONALE: Dashboards present a set of key performance indicators about the state of a process at a specific point in time. Dashboards provide rapid access to information, in an easy-to-interpret and concise manner, which helps organizations run more effectively and efficiently. 62. Which of the following is true of dashboards? a. They provide rapid access to information in an easy-to-interpret manner. b. They provide rapid access to information in a verbose manner. c. They match a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. d. They index documents from a variety of sources such as corporate databases, departmental files, email, corporate wikis, and document repositories. ANS: A
RATIONALE: Dashboards present a set of key performance indicators about the state of a process at a specific point in time. Dashboards provide rapid access to information, in an easy-to-interpret and concise manner, which helps organizations run more effectively and efficiently. 63. _____ are designed to draw data in real time from various sources, including corporate databases and spreadsheets, so decision makers can make use of up-to-the-minute data. a. Tactical dashboards b. Operational dashboards c. Strategic dashboards d. Analytical dashboards ANS: B RATIONALE: Dashboards provide users at every level of the organization the information they need to make improved decisions. Operational dashboards can be designed to draw data in real time from various sources, including corporate databases and spreadsheets, so decision makers can make use of up-to-the-minute data. 64. _____ involves the overall management of the availability, usability, integrity, and security of the data used in an organization. a. Data endorsement b. Data authorization c. Data authentication d. Data governance ANS: D RATIONALE: Data governance involves the overall management of the availability, usability, integrity, and security of the data used in an organization. It includes the establishment of a data governance body and the definition of roles, processes, standards, measures, and controls and audit procedures all aimed at ensuring the effective and efficient use of data to enable the organization to achieve its goals. 65. Identify the industry that implements data governance. a. Insurance industry b. Agricultural industry c. Construction industry d. Automobile industry ANS: A RATIONALE: Data governance programs are typically put in place to meet regulatory and compliance requirements. It is common for companies in the financial services and healthcare industries to implement such programs. TRUE/FALSE 1. Organizations employ data warehouses to store junk data.
ANS: False RATIONALE: Data warehouses frequently hold a huge amount of data—often containing five years or more of data. Many organizations employ data warehouses to hold the data they need to make key business decisions. 2. Unstructured data comes from a single source. ANS: False RATIONALE: Unstructured data exists in huge quantities and comes from many sources such as text documents, electronic sensors and meters, audio files, email, video clips, surveillance video, phone messages, text messages, instant messages, postings on social media, medical records, x-rays and CRT scans, photos, and illustrations. 3. An SQL database stops abruptly when it encounters an error in the update process. ANS: False RATIONALE: SQL databases conform to ACID properties (atomicity, consistency, isolation, and durability) that guarantee database transactions are processed reliably and ensure the integrity of data in a database. If for any reason an error occurs and the transaction is unable to complete all steps in the update process, the database is returned to the state it was in before the transaction began to be processed. 4. The goal of a NoSQL database is to provide very fast performance even as the amount of data that must be processed continues to grow. ANS: True RATIONALE: A NoSQL database is designed to store and retrieve data in a manner that does not rigidly enforce the ACID (atomicity, consistency, isolation, and durability) conditions associated with the relational database model. The goal of a NoSQL database is to provide very fast performance even as the amount of data that must be processed continues to grow. 5. Hadoop is designed for processing large volumes of data by dividing the work into a set of independent tasks that are executed in parallel on a large number of servers. ANS: True RATIONALE: Hadoop is an open-source software framework designed for processing large volumes of data by dividing the work into a set of independent tasks that are executed in parallel on a large number of servers. The servers run independently of one another but under the direction of another processor that distributes the work to the various processors and collects their results. This approach creates a very robust computing environment that allows the application to continue running even if individual servers fail. 6. An in-memory database (IMDB) is a database management system that stores an entire database in read-only memory (ROM).
ANS: False RATIONALE: An in-memory database (IMDB) is a database management system that stores an entire database in random access memory (RAM). This approach provides access to data at rates thousands of times faster than storing data on some form of secondary storage (e.g., a hard drive or flash drive), as is done with traditional database management systems. 7. In spreadsheets programs, Excel Solver can be used by the end users to perform “what if” analysis for the evaluation of various alternatives. ANS: False RATIONALE: Business managers often import data into a spreadsheet program, which then can perform operations on the data based on formulas created by the end user. Spreadsheets are also used to create useful reports and graphs based on that data. End users can even employ tools such as the Excel scenario manager to perform “what if” analysis to evaluate various alternatives or Excel Solver to find the optimal solution to a problem with multiple constraints (e.g., determine a production plan that will maximize profit subject to certain limitations on raw materials). 8. Online analytical processing (OLAP) enables users to identify issues and opportunities as well as perform trend analysis. ANS: True RATIONALE: Online analytical processing (OLAP) is a method to analyze multidimensional data from many different perspectives. It enables users to identify issues and opportunities as well as perform trend analysis. 9. Online analytical processing (OLAP) involves the interactive examination of high-level summary data in increasing detail. ANS: False RATIONALE: Drill-down analysis involves the interactive examination of high-level summary data in increasing detail to gain insight into certain elements—sort of like slowly peeling off the layers of an onion. 10. Case-based reasoning technique of data mining contains a specialized set of algorithms that sorts through data and forms statistical rules about relationships among the items. ANS: False RATIONALE: Case-based reasoning involves the usage of historical if-then-else cases to recognize patterns. ESSAY 1. Brief on the relational database model. ANSWER: The relational database model is a simple but highly useful way to organize structured data into collections of two-dimensional tables called relations. Each row in the table represents an entity
(person, place, or thing), and each column represents an attribute of that entity. As long as they share at least one common element, relations from different tables can be linked to output useful information. 2. How is data stored in a NoSQL database? ANSWER: A NoSQL database stores data as highly optimized key-value pairs with the data stored in a simple two-column table, one column reserved for a unique record identifier (e.g., customer id) and the other for the data value. A NoSQL database is highly scalable, meaning that a large database may be distributed across hundreds, thousands, or even tens of thousands of servers running the same NoSQL database management system. This distribution of the database improves system uptime as the database can still process almost all transactions even if a couple of servers are down. 3. What is data mining? ANSWER: Data mining is a business intelligence tool used to explore large amounts of data for hidden patterns to predict future trends and behaviors for use in decision making. Used appropriately, data mining tools enable organizations to make predictions about what will happen so that managers can be proactive in capitalizing on opportunities or avoiding potential problems. 4. Elaborate the process of data mining. ANSWER: The process of data mining involves several steps: Selection of the data to be used from multiple sources Preprocessing of the data to remove erroneous, incomplete, or inconsistent data Transformation of the data to create an appropriate set of data to support the data mining technique to be used The actual data mining process Evaluation of the results 5. Explain the objective of data governance. ANSWER: Data governance involves the overall management of the availability, usability, integrity, and security of the data used in an organization. It includes the establishment of a data governance body and the definition of roles, processes, standards, measures, and controls and audit procedures all aimed at ensuring the effective and efficient use of data to enable the organization to achieve its goals. Data governance programs are typically put in place to meet regulatory and compliance requirements. It is common for companies in the financial services and healthcare industries to implement such programs. Leading companies in many other industries are also seeing the wisdom of implementing a data governance program.
CHAPTER 10— KNOWLEDGE MANAGEMENT MULTIPLE CHOICE 1. _____ comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights of individuals, teams, or entire organizations. a. Knowledge management b. Sales management c. Resource management d. Disaster management ANS: A RATIONALE: Knowledge management (KM) comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. It is used by organizations to enable individuals, teams, and entire organizations to collectively and systematically create, share, and apply knowledge in order to achieve their objectives. 2. Which of the following has caused organizations to establish knowledge management programs in their information technology (IT) or human resource management departments? a. Normalization b. Globalization c. Amortization d. Personalization ANS: B RATIONALE: Knowledge management (KM) comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. Globalization, the expansion of the services sector, and the emergence of new information technologies have caused many organizations to establish KM programs in their information technology or human resource management departments. 3. Identify the goal of knowledge management. a. To enable easy access to business data and create efficient, streamlined work processes b. To provide comparable performance of systems even as the volume of data handled increases c. To decrease costs and improve customer service while reducing the overall investment in inventory at the same time d. To improve the creation, retention, sharing, and reuse of an individual’s or a team’s knowledge ANS: D RATIONALE: Knowledge management (KM) comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. The goal of KM is to improve the creation, retention, sharing, and reuse of knowledge. 4. _____ is knowledge that is documented, stored, and codified —such as standard procedures, product formulas, customer contact lists, market research results, and patents. a. Tacit knowledge b. Explicit knowledge c. Rootkit knowledge d. Persistent knowledge
ANS: B RATIONALE: An organization’s knowledge assets often are classified as either explicit or tacit. Explicit knowledge is knowledge that is documented, stored, and codified, such as standard procedures, product formulas, customer contact lists, market research results, and patents. 5. Which of the following is an example of explicit knowledge? a. Juan learned to drive a car at the age of 16, and now he is a professional racer. b. Shiera started playing the piano at the age of 7, and now she is a professional pianist. c. Jordan, an executive chef in a five-star restaurant, uses a secret recipe book owned by the restaurant to prepare exotic dishes. d. Tomm, a doctor, diagnoses a rare illness and prescribes a course of action to cure it. ANS: C RATIONALE: An organization’s knowledge assets often are classified as either explicit or tacit. Explicit knowledge is the knowledge that is documented, stored, and codified, such as standard procedures, product formulas, customer contact lists, market research results, and patents. Since Jordan uses the secret recipe book to cook exotic dishes, this is an example of explicit knowledge. 6. Kaia, a chemical engineering graduate, has documented all titration procedures in her project report. She refers to this report while performing titrations in her laboratory. This is an example of _____. a. muted knowledge b. implied knowledge c. tacit knowledge d. explicit knowledge ANS: D RATIONALE: An organization’s knowledge assets often are classified as either explicit or tacit. Explicit knowledge is the knowledge that is documented, stored, and codified, such as standard procedures, product formulas, customer contact lists, market research results, and patents. Since Kaia has documented the titration procedures, this is an example of explicit knowledge. 7. _____ knowledge is the know-how that someone has developed as a result of personal experience and it involves intangible factors such as beliefs, perspective, and a value system. a. Tacit knowledge b. Explicit knowledge c. Rootkit knowledge d. Lucent knowledge ANS: A RATIONALE: An organization’s knowledge assets often are classified as either explicit or tacit. Tacit knowledge is the know-how that someone has developed as a result of personal experience and it involves intangible factors such as beliefs, perspective, and a value system. 8. Which of the following is an example of tacit knowledge? a. A teacher dictating the process of photosynthesis from a book to her students b. The contacts of the logistics and network service providers of an organization c. The list of electrical and electronics patents of scientists from South America. d. An engineer drawing on past experience to simplify a piece of code ANS: D
RATIONALE: An organization’s knowledge assets often are classified as either explicit or tacit. Tacit knowledge is the know-how that someone has developed as a result of personal experience and it involves intangible factors such as beliefs, perspective, and a value system. 9. Bella, an expert violinist, attended violin classes from the age of five. The knowledge that Bella possesses is an example of _____. a. rootkit knowledge b. lucent knowledge c. tacit knowledge d. explicit knowledge ANS: C RATIONALE: An organization’s knowledge assets often are classified as either explicit or tacit. Tacit knowledge is the know-how that someone has developed as a result of personal experience. It involves intangible factors such as beliefs, perspective, and a value system. 10. Which of the following statements is true of tacit knowledge? a. It is difficult for others to copy. b. It can be documented easily. c. It is based on an existing theory. d. It can be shared with others easily. ANS: A RATIONALE: Tacit knowledge is the know-how that someone has developed as a result of personal experience. Tacit knowledge is key to high performance and competitive advantage because it’s valuable and difficult for others to copy. 11. Which of the following statements is true of explicit knowledge? a. It is documented, stored, and codified. b. It cannot be shared with others easily. c. It is difficult for others to copy. d. It is developed as a result of personal experience. ANS: A RATIONALE: Explicit knowledge is knowledge that is documented, stored, and codified. Standard procedures, product formulas, customer contact lists, market research results, and patents are examples of explicit knowledge. 12. _____ involves a novice observing an expert executing his or her job to learn how he or she performs. a. Joint problem solving b. Shadowing c. Overriding d. Social network analysis ANS: B RATIONALE: Shadowing involves a novice observing an expert executing his or her job to learn how he or she performs. This technique often is used in the medical field to help young interns learn from experienced physicians. 13. Which of the following is an example of shadowing?
a. Two new recruits working on an automobile’s rear axle b. Three young interns practicing under the guidance of an experienced surgeon c. A novice and an expert working side-by-side on a new project d. Four novice employees working on a client-specific application software ANS: B RATIONALE: A major goal of knowledge management is to somehow capture and document the valuable work-related tacit knowledge of others and to turn it into explicit knowledge that can be shared with others. Shadowing involves a novice observing an expert executing his or her job to learn how he or she performs. 14. Bob, a medical graduate, works as an apprentice under a chief orthopedist and gains knowledge on various orthopedic disorders and the ways to cure them. This is an example of _____. a. shadowing b. overriding c. mirroring d. outsourcing ANS: A RATIONALE: A major goal of knowledge management is to somehow capture and document the valuable work-related tacit knowledge of others and to turn it into explicit knowledge that can be shared with others. Shadowing involves a novice observing an expert executing his or her job to learn how he or she performs. 15. _____ is a process in which a novice and an expert work side-by-side to solve a problem so that the expert’s approach is slowly revealed to the observant novice. a. Proportionate problem solving b. Outsourcing c. Shadowing d. Joint problem solving ANS: D RATIONALE: A major goal of knowledge management is to somehow capture and document the valuable work-related tacit knowledge of others and to turn it into explicit knowledge that can be shared with others. Joint problem solving is a process in which a novice and an expert work side-byside to solve a problem so that the expert’s approach is slowly revealed to the observant novice. 16. Which of the following is an example of joint problem solving? a. Three young interns practicing under the guidance of an experienced dentist b. A novice and an expert working side-by-side on a new project c. Five new employees working on a Web-based project d. A novice carpenter working under the supervision of a senior carpenter ANS: B RATIONALE: A major goal of knowledge management is to somehow capture and document the valuable work-related tacit knowledge of others and to turn it into explicit knowledge that can be shared with others. Joint problem solving is a process in which a novice and an expert work side-byside to solve a problem so that the expert’s approach is slowly revealed to the observant novice. 17. Inessa works as a software engineer in Everett Corp., which develops cloud-based applications. She is an expert in coding and debugging. Cecilia, who recently joined the firm, is assigned to work
side-by-side with Inessa on a debugging project so that she can observe and learn Inessa’s approaches and methods. This is an example of _____. a. offshoring b. outsourcing c. joint problem solving d. shadowing ANS: C RATIONALE: A major goal of knowledge management is to somehow capture and document the valuable work-related tacit knowledge of others and to turn it into explicit knowledge that can be shared with others. Joint problem solving is a process in which a novice and an expert work side-byside to solve a problem so that the expert’s approach is slowly revealed to the observant novice. 18. Which of the following processes can be used to capture tacit knowledge? a. Proportionate problem solving b. Offshoring c. Shadowing d. Outsourcing ANS: C RATIONALE: A major goal of knowledge management is to somehow capture and document the valuable work-related tacit knowledge of others and to turn it into explicit knowledge that can be shared with others. Two processes are frequently used to capture tacit knowledge —shadowing and joint problem solving. Shadowing involves a novice observing an expert executing his job to learn how he performs. Joint problem solving is a process in which a novice and an expert work side-byside to solve a problem so that the expert’s approach is slowly revealed to the observant novice. 19. Which of the following is true of knowledge management? a. Organizations implement knowledge management projects to foster innovation by encouraging the free flow of ideas. b. Knowledge management enables users to gain administrator-level access to a computer without the end user’s consent or knowledge. c. Knowledge management prevents computers from being controlled from one or more remote locations by hackers, without the knowledge or consent of their owners. d. Organizations implement knowledge management to prevent fraudulent activities associated with computers and networks. ANS: A RATIONALE: Knowledge management (KM) comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. Organizations implement knowledge management projects to foster innovation by encouraging the free flow of ideas. Organizations must continuously innovate to evolve, grow, and prosper. Organizations that fail to innovate will soon fall behind their competition. 20. Which of the following can result in effective knowledge management? a. Developing separate processes for each employee that is structured to their knowledge and specific skills b. Enabling employees to share and build on one another’s experience and expertise so that mistakes are not repeated c. Using software to assist in the creation, analysis, and modification of the design of a component or product
d. Applying strict access controls, file and directory permissions, to protect data from disclosure or destruction ANS: B RATIONALE: Knowledge management (KM) comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. It is critical that an organization enable its employees to share and build on one another’s experience and expertise. 21. In order to evolve, grow, and prosper, an organization must _____. a. foster innovation by encouraging the free flow of ideas b. refrain from employing young people c. adhere to time-tested methods and concepts d. avoid collaboration with contractors during the planning stage ANS: A RATIONALE: Organizations implement knowledge management projects to foster innovation by encouraging the free flow of ideas. Organizations must continuously innovate to evolve, grow, and prosper. Organizations that fail to innovate will soon fall behind their competition. 22. Leveraging the expertise of people across an organization can help _____. a. prevent new employees from innovating b. prevent new employees from repeating some of the mistakes of others c. avoid collaborations with contractors and suppliers d. avoid the dissemination of tacit knowledge ANS: B RATIONALE: Leveraging the expertise of people across an organization can help prevent new employees from repeating some of the mistakes of others. Workers can share thoughts and experiences about what works well and what does not and new employees or employees moving into new positions are able to get up to speed more quickly. 23. Which of the following enables employees to deliver valuable results more quickly, improve their productivity, and get products and new ideas to market faster? a. Adhering to time-tested methods and concepts b. Preventing the dissemination of explicit knowledge c. Avoiding collaboration among contractors, suppliers, and other business partners d. Sharing experience and expertise of employees across an organization ANS: D RATIONALE: It is critical that an organization enable its employees to share and build on one another’s experience and expertise. Workers can share thoughts and experiences about what works well and what does not and new employees or employees moving into new positions are able to get up to speed more quickly. This enables employees to deliver valuable results more quickly, improve their productivity, and get products and new ideas to market faster. 24. Encouraging the free flow of ideas among employees, contractors, suppliers, and other business partners can lead to a(n) _____. a. increase in revenue b. decrease in revenue c. increase in production costs
d. decrease in employee innovation ANS: A RATIONALE: Organizations must continuously innovate to evolve, grow, and prosper. Organizations that fail to innovate will soon fall behind their competition. Many organizations implement knowledge management projects to foster innovation by encouraging the free flow of ideas among employees, contractors, suppliers, and other business partners. Such collaboration can lead to the discovery of a wealth of new opportunities, which, after evaluation and testing, may lead to an increase in revenue, a decrease in costs, or the creation of new products and services. 25. Which of the following can result in a significant damage to productivity and a decrease in the quality of service in an organization? a. Fostering innovation by encouraging the free flow of ideas b. Collaborating with contractors during the planning stage c. Permanent loss of expertise related to core operations d. Leveraging the expertise of people across the organization ANS: C RATIONALE: Many organizations use knowledge management to capture the valuable expertise of their key individuals before it is lost forever. The permanent loss of expertise related to the core operations of an organization can result in a significant loss of productivity and a decrease in the quality of service. 26. Portical Inc., a leading electrical appliance manufacturing firm based in Canada, faced a severe financial crisis as 15 percent of its vital employees moved to different firms and 21 percent of its employees retired. It faced severe deficit in customer satisfaction, production rate, sales, and customer relationship. The new employees tried their best to overcome the deficit but were successful only to a small extent. Which of the following can be a reason for the issues faced by the firm? a. Permanent loss of expertise of key individuals b. Collaboration among contractors, suppliers, and other business partners c. Leveraging the expertise of employees across the firm d. Fostering innovation by encouraging the free flow of ideas ANS: A RATIONALE: Many organizations use knowledge management to capture the valuable expertise of their key individuals before it is lost forever. The permanent loss of expertise related to the core operations of an organization can result in a significant loss of productivity and a decrease in the quality of service. 27. Defining how a knowledge management effort will support specific organizational goals and objectives will help a person _____. a. prevent the permanent loss of expertise related to core operations b. avoid leveraging the expertise of people across an organization c. sell a project to others and elicit their support and enthusiasm d. follow time-tested methods and concepts ANS: C RATIONALE: When starting a knowledge management (KM) effort, with any project, one must clearly define how that effort will support specific organizational goals and objectives, such as increasing revenue, reducing costs, improving customer service, or speeding up the time to bring a product to
market. Doing so will help sell the project to others and elicit their support and enthusiasm and will determine if the project is worthwhile before the organization commits resources to it. 28. Which of the following is true of defining the efforts of knowledge management to support specific organizational goals and objectives? a. It prevents the permanent loss of expertise related to core operations. b. It determines whether a project is worthwhile before an organization commits resources to it. c. It avoids leveraging the expertise of people across an organization. d. It fosters individual innovation by encouraging the free flow of ideas. ANS: B RATIONALE: When starting a knowledge management (KM) effort, with any project, one must clearly define how that effort will support specific organizational goals and objectives, such as increasing revenue, reducing costs, improving customer service, or speeding up the time to bring a product to market. Doing so will help sell the project to others and elicit their support and enthusiasm and will determine if the project is worthwhile before the organization commits resources to it. 29. A group of people, who have been informed about the knowledge management involved in an upcoming project, is enthusiastic about the project’s potential. Which of the following can improve the odds of the project’s success? a. Defining a pilot project to address the business needs b. Following time-tested methods and concepts c. Preventing the dissemination of explicit knowledge d. Avoiding collaboration among contractors, suppliers, and other business partners ANS: A RATIONALE: Defining a pilot project to address the business needs of a group of people who are informed about its knowledge management (KM) and are enthusiastic about its potential can improve its odds of success. Targeting such a group of users reduces the problem of trying to overcome skepticism and unwillingness to change. 30. Within the scope of an initial pilot project, an organization should _____. a. sell the project to internal customers and elicit their support and enthusiasm b. avoid leveraging the expertise of its people c. encourage the dissemination of explicit knowledge d. identify and prioritize tacit knowledge ANS: D RATIONALE: Not all tacit knowledge is equally valuable, and priorities must be set in terms of what knowledge individuals should go after. The intent of a knowledge management (KM) program is to identify, capture, and disseminate knowledge gems from a sea of information. Within the scope of the initial pilot project, an organization should identify and prioritize the tacit knowledge it wants to include in its KM system. 31. A(n) _____ is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. a. zero-based budgeting committee b. through-the-line team c. community of practice d. above-the-line team
ANS: C RATIONALE: A community of practice (CoP) is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. A CoP develops around topics that are important to its members. 32. Which of the following is true of a community of practice (CoP)? a. It develops around topics that are important to its members. b. It integrates programs that manage a company’s vital business operations. c. It plans and schedules production for a company and records actual production activities. d. It manages fixed asset purchases and the depreciation of the assets. ANS: A RATIONALE: A community of practice (CoP) is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. A CoP develops around topics that are important to its members. 33. Participation in a _____ is a means of developing new knowledge, stimulating innovation, or sharing existing tacit knowledge within an organization. a. zero-based budgeting practice b. meta-analysis c. social network analysis d. community of practice ANS: D RATIONALE: A community of practice (CoP) is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. A CoP develops around topics that are important to its members. Participation in a CoP is a means of developing new knowledge, stimulating innovation, or sharing existing tacit knowledge within an organization. 34. Identify a true statement about an informal community of practice. a. It’s members meet with little advanced planning. b. It’s members meet on a regularly scheduled basis. c. It’s members have a planned agenda. d. It’s members have identified speakers. ANS: A RATIONALE: A community of practice (CoP) is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. A CoP develops around topics that are important to its members. Members of an informal community of practice meet with little advanced planning or formality. 35. Which of the following is a technique to document and measure flows of information among individuals, workgroups, organizations, computers, Web sites, and other information sources? a. Decision consequence analysis b. Horizontal integration c. Social network analysis d. Vertical integration ANS: C
RATIONALE: Social network analysis (SNA) is a technique to document and measure flows of information among individuals, workgroups, organizations, computers, Web sites, and other information sources. In analyzing social media communications from sources such as text, video, and chat as well as “likes” and “shares,” many experts agree that the most significant data isn’t the content itself, but rather the metadata that connects various pieces of content to form a complete picture. 36. The properties of a message and of its author on Facebook are examples of _____. a. metadata b. shadowing c. tacit knowledge d. metaheuristics ANS: A RATIONALE: Metadata is data that describes other data. For instance, metadata about social media use could relate to properties of the message (e.g., whether the message is comical, sarcastic, genuine, or phony) and of the author (e.g., sex, age, interests, political viewpoint, ideological beliefs, and degree of influence on the audience). 37. In analyzing social media communications from sources such as text, video, and chat, which of the following is considered the most significant data? a. The content itself b. Metadata c. Schema d. Macrodata ANS: B RATIONALE: Metadata is data that describes other data. In analyzing social media communications from sources such as text, video, and chat as well as “likes” and “shares,” many experts agree that the most significant data isn’t the content itself, but rather the metadata that connects various pieces of content to form a complete picture. 38. _____ connects various pieces of content to form a complete picture. a. Metadata b. Schema c. Microdata d. Macrodata ANS: A RATIONALE: Metadata is data that describes other data. In analyzing social media communications from sources such as text, video, and chat as well as “likes” and “shares,” many experts agree that the most significant data isn’t the content itself, but rather the metadata that connects various pieces of content to form a complete picture. 39. Which of the following is true of metadata? a. Metadata enables analysts to make judgments about how to interpret and value the content of a message. b. Metadata plans quality control activities such as product inspections and material certifications. c. Metadata contains records of all financial transactions in the general ledger accounts of a company and generates financial statements for external reporting. d. Metadata schedules production and monitors actual production activities.
ANS: A RATIONALE: Metadata is data that describes other data. In analyzing social media communications from sources such as text, video, and chat as well as “likes” and “shares,” many experts agree that the most significant data isn’t the content itself, but rather the metadata that connects various pieces of content to form a complete picture. Metadata enables analysts to make judgments about how to interpret and value the content of a message. 40. _____ enables analysts to make judgments about how to interpret and value the content of a message. a. Metadata b. Microdata c. Macrodata d. Inlinedata ANS: A RATIONALE: Metadata is data that describes other data. In analyzing social media communications from sources such as text, video, and chat as well as “likes” and “shares,” many experts agree that the most significant data isn’t the content itself, but rather the metadata that connects various pieces of content to form a complete picture. Metadata enables analysts to make judgments about how to interpret and value the content of a message. 41. Which of the following is true of social network analysis (SNA)? a. SNA provides the quality control objectives to be achieved by several organizational units. b. SNA provides a clear picture of how geographically dispersed employees and organizational units collaborate. c. SNA provides the accounts of a company and generates financial statements for external reporting. d. SNA provides plans for changes in new government and industry rules and regulations. ANS: B RATIONALE: Social network analysis (SNA) is a technique to document and measure flows of information among individuals, workgroups, organizations, computers, Web sites, and other information sources. SNA provides a clear picture of how geographically dispersed employees and organizational units collaborate. 42. Which of the following is a reason for organizations to employ social network analysis (SNA)? a. To plan and record quality control activities such as product inspections, asset purchases, and material certifications b. To enable an organization to collect, document, assess, remediate, and attest to internal control processes and safeguards c. To identify subject experts and set up mechanisms to facilitate the passing of knowledge from experts to colleagues d. To decrease costs and improve customer service and reduce the overall investment in inventory in a supply chain ANS: C RATIONALE: Social network analysis (SNA) is a technique to document and measure flows of information among individuals, workgroups, organizations, computers, Web sites, and other information sources. Organizations frequently employ SNA to identify subject experts and then set up mechanisms to facilitate the passing of knowledge from those experts to colleagues.
43. _____ has many knowledge management applications, ranging from mapping knowledge flows and identifying knowledge gaps within organizations to helping establish collaborative networks. a. Social network analysis (SNA) b. Branching router-based multicast routing (BRM) c. Online analytical processing (OLAP) d. Drill-down analysis (DDA) ANS: A RATIONALE: Social network analysis (SNA) has many knowledge management applications, ranging from mapping knowledge flows and identifying knowledge gaps within organizations to helping establish collaborative networks. SNA provides a clear picture of how geographically dispersed employees and organizational units collaborate (or don’t collaborate). 44. _____ is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. a. Web 500 b. Web 1.0 c. Web 2.0 d. Web 600 ANS: C RATIONALE: Web 2.0 is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. Many organizations use Web 2.0 technologies such as podcasts and wikis to capture the knowledge of longtime employees, provide answers to cover frequently asked questions, and save time and effort in training new hires. 45. Burtex Inc. is an application development organization. Twenty five of its knowledgeable employees are retiring in the upcoming months. Burtex Inc. wants to capture the knowledge of its longtime employees to provide answers to frequently asked questions and save time and effort in training new hires. Identify the technology that would help the organization achieve its goal. a. Web 1.0 b. Web 600 c. Wen 2.0 d. Web 500 ANS: C RATIONALE: Web 2.0 is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. Many organizations use Web 2.0 technologies such as podcasts and wikis to capture the knowledge of longtime employees, provide answers to cover frequently asked questions, and save time and effort in training new hires. 46. The _____ of an operational system that supports an organization includes policies, requirements, and conditional statements that govern how the system works. a. compensation logic b. decision logic c. escape clause d. cash flow ANS: B RATIONALE: The decision logic of an operational system that supports an organization includes policies, requirements, and conditional statements that govern how the system works. It includes
systems such as order processing, pricing, inventory control, and customer relationship management. The traditional method of modifying the decision logic of information systems involves heavy interaction between business users and information technology (IT) analysts. 47. A _____ is a software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. a. product life cycle management system b. database management system c. supply chain management system d. business rule management system ANS: D RATIONALE: A business rule management system (BRMS) is a software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. A BRMS enables business users to define, deploy, monitor, and maintain organizational policies and the decisions flowing from those policies. 48. Which of the following is true of a business rule management system (BRMS)? a. A BRMS establishes a network of warehouses for storing products and delivering them to customers. b. A BRMS avoids potential bottlenecks and lengthy delays in implementing organizational and process changes. c. A BRMS provides users with the ability to see a colleague’s availability status and schedule meetings. d. A BRMS allows users to create and edit Web page content freely using any browser or wiki software. ANS: B RATIONALE: A business rule management system (BRMS) is a software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. A BRMS enables business users to define, deploy, monitor, and maintain organizational policies and the decisions flowing from those policies. This process avoids a potential bottleneck and lengthy delays in implementing changes and improves the accuracy of the changes. 49. The use of a(n) _____ leads to faster and more accurate implementation of necessary changes to an organization’s policies and procedures. a. enterprise resource planning system b. risk and disaster management system c. business rule management system d. supply chain management system ANS: C RATIONALE: A business rule management system (BRMS) is a software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. The use of BRMS leads to faster and more accurate implementation of necessary changes to an organizations’ policies and procedures. 50. Which of the following is used to manage the changes in decision logic in applications that support credit applications, underwriting, complex order processing, and difficult scheduling? a. A business rule management system b. A risk and hazard management system
c. A customer relationship management system d. An enterprise resource planning system ANS: A RATIONALE: A business rule management system (BRMS) is a software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. A BRMS is used to manage the changes in decision logic in applications that support credit applications, underwriting, complex order processing, and difficult scheduling. 51. A(n) _____ can become a repository of important knowledge and decision-making processes that includes the learnings and experiences of experts in a field. a. enterprise resource planning system b. risk and hazard management system c. customer relationship management system d. business rule management system ANS: D RATIONALE: Business rule management system (BRMS) components include a business rule engine that determines which rules need to be executed and in what order. Other BRMS components include an enterprise rules repository for storing all rules, software to manage the various versions of rules as they are modified, and additional software for reporting and multiplatform deployment. Thus, a BRMS can become a repository of important knowledge and decision-making processes that includes the learnings and experiences of experts in a field. 52. Seisms Inc., a locomotive engine manufacturing company, has forty-two branches across North America. The company’s manpower exceeds 1800 and it plans to expand the geographic distribution of its sales force and product lines to Asia. Maintaining the rules needed for effective and efficient territory assignment and sales-lead distribution is a significant challenge for the company. Which of the following would be the best solution for Seisms to undertake faster implementation of the changes to its sales division? a. Using an enterprise resource planning system b. Using a business rule management system c. Using a supply chain management system d. Using a customer relationship management system ANS: B RATIONALE: A business rule management system (BRMS) is a software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. The use of BRMS leads to faster and more accurate implementation of necessary changes to an organization’s policies and procedures. 53. Apex Healthcare, a Malaysian health insurance service provider for Demitri Care and Facilities, checks and verifies the insurance coverage of the patients who visit the healthcare. The patient data is provided to Apex Healthcare via invoices such as contract type, service submitted, insured party, and billing amount. The company has planned to replace manual processes with automatic reconciliation. Automation of its manual processes will allow Apex Healthcare to maintain its level of service with no increase in staff even though the number of its customers has tripled over a course of three years. Identify the system that will help the company achieve its goal. a. Risk and hazard management system b. Product life cycle management system c. Business rule management system
d. Enterprise resource planning system ANS: C RATIONALE: The use of business rule management system (BRMS) leads to faster and more accurate implementation of necessary changes to organizations’ policies and procedures. BRMS helps to automate the manual processes that will allow Apex Healthcare to maintain its level of service with no increase in staff even though its number of customers has tripled over a course of three years. 54. _____ is the application of search technology to find information within an organization. a. Core search b. Enterprise search c. Binary search d. Domain search ANS: B RATIONALE: Enterprise search is the application of search technology to find information within an organization. Enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. 55. Rosseta Technologies, an information technology service provider to a company based out of Germany, allows its employees to work from home twice a month. Its major concern is the leakage of confidential data from the laptops or an employee making copies of sensitive files on his personal laptop. Which of the following would help the firm enforce access controls and storage guidelines on its laptops? a. An enterprise search software b. A binary search tool c. A perceptive software pack d. A Domain search engine ANS: A RATIONALE: Enterprise search is the application of search technology to find information within an organization. Members of information technology (IT) and human resources organizations may use enterprise search software to enforce corporate guidelines on the storage of confidential data on laptops that leave the office, and governance officials may use it to ensure that all guidelines for the storage of information are being followed. 56. _____ indexes documents from a variety of sources such as corporate databases, departmental files, email, corporate wikis, and document repositories. a. An enterprise search software b. A business rule management system c. Social network analysis d. Shadowing ANS: A RATIONALE: Enterprise search software indexes documents from a variety of sources such as corporate databases, departmental files, email, corporate wikis, and document repositories. When a search is executed, the software uses the index to present a list of relevance-ranked documents from these various sources. 57. A federal organization maintains a record of missing people since 1975. The data on missing people is sorted and documented manually by their age. The organization wants to automate its
manual processes. It has to ensure that all guidelines for the storage of information is followed, that data is not lost or copied to unsolicited locations while the automation is in process, and that the record of missing people is in order so as to facilitate easy sorting. Which of the following could help the federal organization achieve these goals? a. A fixed term contract b. An arcade clearing software c. A domain search engine d. An enterprise search software ANS: D RATIONALE: Enterprise search is the application of search technology to find information within an organization. Enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. Members of information technology (IT) and human resources organizations may use enterprise search software to enforce corporate guidelines on the storage of confidential data on laptops that leave the office, and governance officials may use it to ensure that all guidelines for the storage of information are being followed. 58. Which of the following can be used by employees to find information in various document repositories or to find mislaid documents? a. A perceptive software pack b. A binary search tool c. An enterprise search software d. An enterprise outsourcing tool ANS: C RATIONALE: Enterprise search is the application of search technology to find information within an organization. Enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. 59. Which of the following is true of an enterprise search software? a. It matches a user’s query to many sources of information. b. It maintains the decision logic used by operational systems. c. It populates and maintains a data warehouse. d. It enables the analysis of big data and other challenging data-processing applications. ANS: A RATIONALE: Enterprise search is the application of search technology to find information within an organization. Enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. 60. _____ refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. a. Electronic discovery b. Electronic banking c. Electronic packaging d. Electronic trading ANS: A RATIONALE: Electronic discovery (e-discovery) is an important application of enterprise search software. Electronic discovery refers to any process in which electronic data is sought, located,
secured, and searched with the intent of using it as evidence in a civil or criminal legal case. The Federal Rules of Civil Procedures governs the processes and requirements of parties in federal civil suits and sets the rules regarding e-discovery. TRUE/FALSE 1. Product life cycle management is used by organizations to enable individuals, teams, and entire organizations to collectively and systematically create, share, and apply knowledge in order to achieve their objectives. ANS: False RATIONALE: Knowledge management (KM) comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. It is used by organizations to enable individuals, teams, and entire organizations to collectively and systematically create, share, and apply knowledge in order to achieve their objectives. 2. A knowledge management system is an organized collection of people, procedures, software, databases, and devices that creates, captures, refines, stores, manages, and disseminates knowledge. ANS: True RATIONALE: Knowledge management comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. A knowledge management system is an organized collection of people, procedures, software, databases, and devices that creates, captures, refines, stores, manages, and disseminates knowledge. 3. Employees facing new challenges can get help from coworkers in other parts of an organization whom they have never met to avoid time-consuming “reinvention of the wheel.” ANS: True RATIONALE: It is critical that an organization enable its employees to share and build on one another’s experience and expertise. Workers can share thoughts and experiences about what works well and what does not, thus preventing new employees from repeating some of the mistakes of others. Employees facing new challenges can get help from coworkers in other parts of the organization whom they have never even met to avoid a costly and time-consuming “reinvention of the wheel.” 4. Zero-based budgeting develops models, tools, documents, processes, and terminology that represent the accumulated knowledge of a community. ANS: False RATIONALE: A community of practice (CoP) is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. CoP develops models, tools, documents, processes, and terminology that represent the accumulated knowledge of a community. 5. Members of an informal community of practice meet on a regular basis with a well-planned agenda and identified speakers. ANS: False
RATIONALE: A community of practice (CoP) is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. Members of an informal CoP meet with little advanced planning or formality to discuss problems of interest, share ideas, and provide advice and counsel to one another. 6. Metadata is data that describes other data. ANS: True RATIONALE: Metadata is data that describes other data. Metadata enables analysts to make judgments about how to interpret and value the content of a message. 7. E-discovery is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. ANS: False RATIONALE: Web 2.0 is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. 8. A business rule management system enables business users to define, deploy, monitor, and maintain organizational policies and the decisions flowing from the policies. ANS: True RATIONALE: A business rule management system (BRMS) is software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. A BRMS enables business users to define, deploy, monitor, and maintain organizational policies and the decisions flowing from the policies. 9. Enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. ANS: True RATIONALE: Enterprise search is the application of search technology to find information within an organization. Enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. 10. The use of a business rule management system leads to a less accurate implementation of necessary changes to an organization’s policies and procedures. ANS: False RATIONALE: A business rule management system (BRMS) is software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. The use of BRMS leads to faster and more accurate implementation of necessary changes to organizations’ policies and procedures. 11. Containing the scope of a project to impact only a small part of an organization is more risky than trying to take on a project very large in scope. ANS: False RATIONALE: Containing the scope of a project to impact only a small part of an organization is less risky than trying to take on a project very large in scope. With a small-scale project, individuals have
more control over the outcome, and if the outcome is not successful, the organization will not be seriously impacted. 12. Metadata matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. ANS: False RATIONALE: Enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. 13. Business rule management system (BRMS) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. ANS: False RATIONALE: Electronic discovery (e-discovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. ESSAY 1. What can be learnt from small-scale projects taken by an organization? ANSWER: An organization taking on small-scale projects has more control over the outcome, and if the outcome is not successful, the organization will not be seriously impacted. Failure on a small scale can be considered a learning experience on which to build future knowledge management efforts. Obtaining the resources for a series of small, successful projects is typically much easier than getting large amounts of resources for a major organization-wide project. 2. What is a community of practice? ANSWER: A community of practice (CoP) is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. A CoP develops around topics that are important to its members. Over time, a CoP typically develops resources such as models, tools, documents, processes, and terminology that represent the accumulated knowledge of the community. It is not uncommon for a CoP to include members from many different organizations. CoP has become associated with knowledge management because participation in a CoP is one means of developing new knowledge, stimulating innovation, or sharing existing tacit knowledge within an organization. 3. What is social network analysis? ANSWER: Social network analysis (SNA) is a technique to document and measure flows of information among individuals, workgroups, organizations, computers, Web sites, and other information sources. SNA provides a clear picture of how geographically dispersed employees and organizational units collaborate. Organizations frequently employ SNA to identify subject experts and then set up mechanisms to facilitate the passing of knowledge from those experts to colleagues. 4. What is Web 2.0?
ANSWER: Web 2.0 is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. Major corporations such as McDonald’s, General Motors, The New York Times Company, Northwestern Mutual, and Procter & Gamble have integrated Web 2.0 technologies such as blogs, forums, mashups, podcasts, RSS newsfeeds, and wikis to support knowledge management to improve collaboration, encourage knowledge sharing, and build a corporate memory. 5. Describe the components of a business rule management system. ANSWER: A business rule management system (BRMS) is software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run an organization. BRMS components include a business rule engine and an enterprise rules repository. The business rule engine determines which rules need to be executed and in what order. The enterprise rules repository for storing all rules, software to manage the various versions of rules as they are modified, and additional software for reporting and multiplatform deployment. 6. How does an enterprise search software solve a user’s query? ANSWER: An enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and relevant source. It indexes documents from a variety of sources such as corporate databases, departmental files, email, corporate wikis, and document repositories. When a search is executed, the software uses the index to present a list of relevance-ranked documents from the various sources. The software must be capable of implementing access controls so users are restricted to viewing only documents to which they are granted access. 7. Describe the working of an effective electronic discovery (e-discovery) software solution. ANSWER: Electronic discovery refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. An effective e-discovery software solution preserves and destroys data based on approved organizational policies through processes that cannot be altered by unauthorized users. The software must allow users to locate all of the information pertinent to a lawsuit quickly, with a minimum amount of manual effort. The solution must work for all data types across dissimilar data sources and systems, and it must operate at a reasonable cost.
CHAPTER 11— CYBERCRIME AND IT SECURITY MULTIPLE CHOICE 1. Identify a true statement about the bring your own device (BYOD) business policy. a. It can improve employee productivity. b. It can provide data security. c. It creates a bug-free environment. d. It enhances employee interaction. ANS: A RATIONALE: Bring your own device (BYOD) is a business policy that permits, and in some cases encourages, employees to use their own mobile devices to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet. Proponents of BYOD say it improves employee productivity by allowing workers to use devices with which they are already familiar—while also helping to create an image of a company as a flexible and progressive employer. 2. Which of the following is a drawback of the bring your own device (BYOD) business policy? a. It affects the productivity of the employees of a company. b. It inhibits the privacy of the employees of a company. c. It exposes a company’s data to malware. d. It creates the image of a company as not being flexible. ANS: C RATIONALE: Most companies have found they cannot entirely prevent employees from using their own devices to perform work functions. However, this practice raises many potential security issues as it is highly likely that such devices are also used for nonwork activity (browsing Web sites, blogging, shopping, visiting social networks, etc.) that exposes them to malware much more frequently than a device used strictly for business purposes. 3. In computing, a(n) _____ is an attack on an information system that takes advantage of a particular system vulnerability. a. exit door b. glitch c. bot d. exploit ANS: D RATIONALE: In computing, an exploit is an attack on an information system that takes advantage of a particular system vulnerability. Often this attack is due to poor system design or implementation. Once the vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem. 4. Which of the following is created and issued by software engineers to remove a system vulnerability?
a. A patch b. A key c. A license d. A constraint ANS: A RATIONALE: Once a vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem. Users of the system or application are responsible for obtaining and installing the patch, which they can usually download from the Web. 5. The attack that takes place before a software developer knows about the vulnerability is known as a(n) _____. a. unidentified attack b. zero-day attack c. exploit d. threat ANS: B RATIONALE: It is difficult to keep up with all the required patches to fix vulnerabilities. Of special concern is a zero-day attack that takes place before the security community or software developer knows about the vulnerability or has been able to repair it. 6. Which perpetrator violates computer or Internet security maliciously for illegal personal gain? a. A red hat hacker b. A gray hat hacker c. A white hat hacker d. A black hat hacker ANS: D RATIONALE: A black hat hacker is someone who violates computer or Internet security maliciously or for illegal personal gain (in contrast to a white hat hacker who is someone who has been hired by an organization to test the security of its information systems). He breaks into secure networks to destroy, modify, or steal data. 7. Which of the following best describes malicious insiders? a. They hack computers in an attempt to promote a political ideology. b. They disrupt a company’s information systems and business operations. c. They are hired by an organization to test the security of its information systems. d. They are hired by an organization to test the security of another organization’s information systems. ANS: B RATIONALE: A malicious insider is an employee or contractor who attempts to gain financially and/or disrupt a company’s information systems and business operations. He or she has inside information concerning the organization's security practices, data, or computer systems.
8. Those who capture trade secrets and attempt to gain an unfair competitive advantage are known as _____. a. white hat hackers b. hacktivists c. industrial spies d. black hat hackers ANS: C RATIONALE: Industrial spies are individuals who capture trade secrets and attempt to gain an unfair competitive advantage. They are usually hired by organizations or individuals to illegally gain data and access to other organization’s trade secrets. 9. Which of the following is true of white hat hackers? a. They are hired by an organization to test the security of its information systems. b. They disrupt a company’s information systems and business operations. c. They capture trade secrets and attempt to gain an unfair competitive advantage in a company. d. They destroy the infrastructure components of governments, financial institutions, and emergency response units. ANS: A RATIONALE: White hat hackers are people who have been hired by an organization to test the security of its information systems. They use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them. 10. In the context of computer crimes, those who cause problems, steal data, and corrupt systems are known as _____. a. black hat hackers b. white hat hackers c. hacktivists d. crackers ANS: D RATIONALE: A cracker is an individual who causes problems, steals data, and corrupts systems. He or she possesses a high level of skill and knowledge with computers that enables him or her to interfere with the confidentiality of any information or security system. 11. Which of the following best describes a cybercriminal? a. An individual who attacks a computer system or network for financial gain b. An individual who hacks computers or Web sites in an attempt to promote a political ideology c. An individual who attempts to destroy the infrastructure components of governments and financial institutions d. An individual who is hired by an organization to test the security of its information systems ANS: A
RATIONALE: A cybercriminal is someone who attacks a computer system or network for financial gain. He or she attacks other people's computers to perform malicious activities, such as spreading viruses, data theft, identity theft, etc. 12. Which of the following best describes a hacktivist? a. An individual who attempts to destroy the infrastructure components of governments, financial institutions, utilities, and emergency response units b. An individual who hacks computers or Web sites in an attempt to promote a political ideology c. An employee or contractor who attempts to gain financially and/or disrupt a company’s information systems and business operations d. An individual who captures trade secrets and attempts to gain an unfair competitive advantage ANS: B RATIONALE: A hacktivist is an individual who hacks computers or Web sites in an attempt to promote a political ideology. Hacktivism is defined as hacking or breaking into an information or security system for a political or socially motivated purpose. The tools used by a hacktivist are similar to the ones used by a hacker, only the purpose and agenda vary. 13. In the context of computer crimes, those who attempt to destroy the infrastructure components of governments and financial institutions are known as _____. a. hacktivists b. white hat hackers c. black hat hackers d. cyberterrorists ANS: D RATIONALE: A cyberterrorist is someone who attempts to destroy the infrastructure components of governments, financial institutions, utilities, and emergency response units. Cyberterrorism uses the Internet to spread terrorist activities, which generally revolve around political, social or religious agendas. 14. Which of the following exploits when downloaded onto a smartphone takes control of the device and its data until the owner agrees to pay a sum of money to the attacker? a. Camware b. Spyware c. Scareware d. Ransomware ANS: D RATIONALE: Ransomware is a malware, which when downloaded onto a smartphone (or another device), takes control of the device and its data until the owner agrees to pay a ransom to the attacker. The users get limited or no access to their devices once a ransomware is uploaded. It is not guaranteed that paying the ransom will grant users uninterrupted access to their device. 15. Which of the following is a technical description of a virus?
a. It is a harmful program that involves the use of Short Message Service to get personal details from victims. b. It is the act of fraudulently using email to try to get the recipient to reveal personal data. c. It is a piece of code that causes a computer to behave in an unexpected and usually undesirable manner. d. It is the abuse of email systems to send unsolicited email to large numbers of people. ANS: C RATIONALE: Computer virus has become an umbrella term for many types of malicious code. Technically, a virus is a piece of programming code, usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable manner. 16. Which of the following is true of a macro virus? a. It propagates without human intervention, often sending copies of itself to other computers by email. b. It allows hackers to destroy hard drives, corrupt files, and steal passwords by recording keystrokes and transmitting them to a server operated by a third party. c. It inserts unwanted words, numbers, or phrases into documents or alters command functions in an infected document. d. It abuses email systems to send unsolicited email to large numbers of people. ANS: C RATIONALE: Macro viruses can insert unwanted words, numbers, or phrases into documents or alter command functions in an infected document. After a macro virus infects a user’s application, it can embed itself in all future documents created with the application. 17. A _____ is a harmful program that resides in the active memory of a computer and duplicates itself. a. scareware b. worm c. virus d. logic bomb ANS: B RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. A worm can propagate without human intervention, often sending copies of themselves to other computers by email. 18. Which of the following statements is true about worms? a. They abuse email systems to send unsolicited email to large numbers of people. b. They allow hackers to destroy hard drives, corrupt files, and steal passwords by recording keystrokes and transmitting them to a server operated by a third party. c. They insert unwanted words, numbers, or phrases into documents or alter command functions in an infected document. d. They propagate without human intervention, often sending copies of themselves to other computers by email.
ANS: D RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email. 19. How does a worm negatively impact an organization? a. It steals passwords and Social Security numbers. b. It generates and grades tests that humans can pass but all but the most sophisticated computer programs cannot. c. It causes productivity losses due to workers being unable to use their computers. d. It fraudulently uses third-party emails to try to get the recipient to reveal personal data. ANS: C RATIONALE: The negative impact of a worm attack on an organization’s computers can be considerable— lost data and programs, lost productivity due to workers being unable to use their computers, additional lost productivity as workers attempt to recover data and programs, and lots of effort for IT workers to clean up the mess and restore everything to as close to normal as possible. 20. _____ is a program in which malicious code is hidden inside a seemingly harmless program. a. A Trojan horse b. A distributed denial-of-service attack c. A spam d. A smish ANS: A RATIONALE: A Trojan horse is a program in which malicious code is hidden inside a seemingly harmless program. The program’s harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting them to a server operated by a third party. 21. Identify a true statement about Trojan horses. a. They lead consumers to counterfeit Web sites designed to trick them into divulging personal data. b. They are used by organizations to test the security of information systems. c. They involve the use of Short Message Service (SMS) texting for phishing. d. They spy on users by recording keystrokes and transmitting them to a server operated by a third party. ANS: D RATIONALE: A Trojan horse is a program in which malicious code is hidden inside a seemingly harmless program. The program’s harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting them to a server operated by a third party.
22. David, a software engineer, was creating a report using Microsoft Word. After completing 15 pages in the file, he noticed that whenever he copied something using the keyboard, the contents were modified with unwanted numbers and phrases. Which of the following could have caused this problem? a. A worm b. Smishing c. A logic bomb d. Phishing ANS: C RATIONALE: Another type of Trojan horse is a logic bomb, which executes when it is triggered by a specific event. For example, logic bombs can be triggered by a change in a particular file, by typing a specific series of keystrokes, or at a specific time or date. 23. _____ is the abuse of email systems to send unsolicited email to large numbers of people. a. Cyberespionage b. Spam c. Phishing d. Smishing ANS: B RATIONALE: Email spam is the abuse of email systems to send unsolicited email to large numbers of people. Most spam is a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock. 24. Which of the following is true of spam? a. Spam is a type of attack with which a hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. b. Spam is a program in which malicious code is hidden inside a seemingly harmless program. c. Spam is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. d. Spam is an extremely inexpensive method of marketing used by many legitimate organizations. ANS: D RATIONALE: Most spam is a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock. Spam is also an extremely inexpensive method of marketing used by many legitimate organizations. 25. Which of the following statements is true of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act? a. It legalizes spamming with certain restrictions. b. It provides a solution to tackle a Trojan horse. c. It identifies distributed denial-of-service attacks. d. It prevents worms by eliminating their ability to replicate.
ANS: A RATIONALE: The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act went into effect in January 2004. The act says that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings. 26. Which of the following is used to ensure that only humans obtain free email accounts? a. Atomicity, consistency, isolation, and durability (ACID) b. Microprocessor without Interlocked Pipeline Stages (MIPS) c. Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) d. Document Style Semantics and Specification Language (DSSSL) ANS: C RATIONALE: Spammers can defeat the registration process of free email services by launching a coordinated bot attack that can sign up for thousands of email accounts. These accounts are then used by the spammers to send thousands of untraceable email messages for free. A partial solution to this problem is the use of CAPTCHA to ensure that only humans obtain free accounts. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) software generates and grades tests that humans can pass but all but the most sophisticated computer programs cannot. 27. Identify the attack in which a malicious hacker floods a target site with demands for data and other small tasks. a. Distributed denial-of-service b. Smishing c. Logic bomb d. Phishing ANS: A RATIONALE: In a distributed denial-of-service (DDoS) attack, a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in. 28. Which of the following terms is used to describe a large group of computers controlled from one or more remote locations by hackers without the knowledge of their owners? a. Spear-phishing b. Botnet c. Cyberespionage d. Smishing ANS: B RATIONALE: In a distributed denial-of-service (DDoS) attack, a tiny program is downloaded surreptitiously from the attacker’s computer to dozens, hundreds, or even thousands of computers all over the world.
The term botnet is used to describe a large group of such computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners. 29. Botnet computers are also called _____. a. zombies b. daemons c. narutus d. konohas ANS: A RATIONALE: The term botnet is used to describe a large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners. Based on a command by the attacker or at a preset time, the botnet computers (also called zombies) go into action, each sending a simple request for access to the target site again and again—dozens of times per second. 30. Which of the following defines a rootkit? a. It is the act of fraudulently using email to try to get the recipient to reveal personal data by sending legitimate-looking emails urging the recipient to take action to avoid a negative consequence or to receive a reward. b. It is the unintended release of sensitive data by unauthorized individuals. c. It is the abuse of email systems to send unsolicited email to large numbers of people. d. It is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. ANS: D RATIONALE: A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure the presence of the rootkit from legitimate system administrators. 31. A _____ is used by attackers to execute files, access logs, monitor user activity, and change a computer’s configuration. a. scareware b. patch c. rootkit d. worm ANS: C RATIONALE: A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure the presence of the rootkit from legitimate system administrators. Attackers can use the rootkit to execute files, access logs, monitor user activity, and change the computer’s configuration.
32. Andrew, a writer, noticed that his blog was filled with repetitive advertisements and surveys that prevented him from accessing his blog and editing an article. Which of the following has caused this problem? a. A rootkit b. A distributed denial-of-service attack c. A logic bomb attack d. A cyberespionage incident ANS: B RATIONALE: A distributed denial-of-service (DDoS) attack is one in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get through to the target computer. 33. The _____ code of a rootkit gets the rootkit installation started and can be activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file. a. dropper b. loader c. linker d. adapter ANS: A RATIONALE: Rootkits are one part of a blended threat, consisting of a dropper, a loader, and a rootkit. The dropper code gets the rootkit installation started and can be activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file. The dropper launches the loader program and then deletes itself. 34. Jack was shocked to witness the sudden drop in performance of his laptop. He also found that the screen saver constant changed and that the taskbar had disappeared. The given problems are symptoms of _____ infections. a. rootkit b. smishing c. phishing d. bootkit ANS: A RATIONALE: A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. The following are some symptoms of rootkit infections: The computer locks up or fails to respond to input from the keyboard or mouse. The screen saver changes without any action on the part of the user. The taskbar disappears. Network activities function extremely slowly.
35. _____ is the act of fraudulently using email to try to get the recipient to reveal personal data. a. Spoofing b. Vishing c. Phishing d. Smishing ANS: C RATIONALE: Phishing is the act of fraudulently using email to try to get the recipient to reveal personal data. In a phishing scam, con artists send legitimate-looking emails urging the recipient to take action to avoid a negative consequence or to receive a reward. The requested action may involve clicking on a link to a Web site or opening an email attachment. 36. Which of the following best describes spear-phishing? a. The phisher sends a survey to the employees of several organizations to obtain details of the configuration of their computing devices. b. The phisher sends a voice mail message to a number of people to call a phone number or access a Web site. c. The phisher sends legitimate-looking text messages through his or her phone to advertise a certain organization. d. The phisher sends fraudulent emails to a certain organization’s employees disguising them as mails from high-level executives from within the organization. ANS: D RATIONALE: Spear-phishing is a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees. It is known as spear-phishing because the attack is much more precise and narrow, like the tip of a spear. 37. Identify the mode of message transmission used in smishing. a. Multimedia Messaging Service b. Short Message Service c. Email d. Voice mail ANS: B RATIONALE: Smishing (also called SMS phishing and SMiShing) is another variation of phishing that involves the use of Short Message Service (SMS) texting. In a smishing scam, people receive a legitimatelooking text message on their phone telling them to call a specific phone number or to log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention. 38. Identify a true statement about smishing. a. The phisher sends legitimate-looking messages through phone to acquire personal information. b. The phisher sends a survey email to obtain the configuration of an unsuspecting user’s computing device.
c. The phisher sends a voice mail message to an unsuspecting user to call a phone number or access a Web site. d. The phisher sends fraudulent emails to a certain organization’s employees. ANS: A RATIONALE: In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention. 39. Identify the mode of message transmission used in vishing. a. Multimedia Messaging Service b. Short Message Service c. Email d. Voice mail ANS: D RATIONALE: Vishing is similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site. Financial institutions, credit card companies, and other organizations whose customers may be targeted by criminals in this manner should be on the alert for phishing, smishing, and vishing scams. They must be prepared to act quickly and decisively without alarming their customers if such a scam is detected. 40. A(n) _____ is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data. a. advanced persistent threat b. vishing scam c. identity threat d. data breach ANS: A RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. Attackers in an APT must continuously rewrite code and employ sophisticated evasion techniques to avoid discovery. APT attacks target organizations with high-value information, such as banks and financial institutions, government agencies, and insurance companies. 41. Which phase of an advanced persistent threat enables an intruder to gain useful information about the target? a. The discovery phase b. The capture phase c. The reconnaissance phase d. The incursion phase ANS: C
RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.). 42. Identify a true statement about the incursion phase in an advanced persistent threat. a. An intruder gains useful information about the target. b. An intruder establishes a means of accessing a computer program that bypasses security mechanisms. c. An intruder gathers valid user credentials and installs backdoors for distributing malware. d. An intruder is ready to access compromised systems and capture information. ANS: B RATIONALE: In the incursion phase of an advanced persistent threat, an attacker gains incursion to the network at a low level to avoid setting off any alarms or suspicion. Some form of spear-fishing may be employed in this phase. Once incursion to the target has been gained, the attacker establishes a back door, or a means of accessing a computer program that bypasses security mechanisms. 43. Which of the following statements is true of the discovery phase of an advanced persistent threat? a. An intruder gains useful information about the target. b. An intruder establishes a computer program that bypasses security mechanisms. c. An intruder is ready to access compromised systems and capture information. d. An intruder gathers valid user credentials and installs backdoors for distributing malware. ANS: D RATIONALE: In the discovery phase of an advanced persistent threat, an intruder begins a discovery process to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. These back doors enable the attacker to install bogus utilities for distributing malware that remains hidden in plain sight. 44. In the context of an advanced persistent threat, identify the phase during which an intruder is ready to access unprotected or compromised systems. a. The reconnaissance phase b. The discovery phase c. The capture phase d. The export phase ANS: C RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. In the capture phase of the advanced persistent threat, the attacker is ready to access unprotected or compromised systems and capture information over a long period of time. 45. Which of the following statements best describes the export phase of an advanced persistent threat? a. The data captured by an attacker is sent to the attacker’s home base for analysis.
b. An attacker establishes a computer program that bypasses security mechanisms. c. An attacker is ready to access compromised systems and capture information. d. The valid user credentials gathered by an attacker is used to install backdoors for distributing malware. ANS: A RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. In the export phase, the captured data is exported back to the attacker’s home base for analysis and/or used to commit fraud and other crimes. 46. _____ occurs when the personal information of an individual is stolen and used. a. Trustworthy computing b. Cyberespionage c. Cyberterrorism d. Identity theft ANS: D RATIONALE: Identity theft occurs when someone steals a person’s personal information and uses it without his or her permission. Often, stolen personal identification information, such as names, Social Security numbers, or credit card numbers, are used to commit fraud or other crimes. 47. _____ is the unintended access of sensitive data by unauthorized individuals. a. A risk exportation b. A data breach c. Cyberterrorism d. Rifting ANS: B RATIONALE: A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. An unauthorized individual can get access to sensitive, protected, or confidential data that can be copied, transmitted, viewed, or stolen. 48. Ricky, an employee of Gycl Inc., has unknowingly shared his company’s tender details and appraisal structure with the market competitor. This is an example of _____. a. smishing b. phishing c. data breach d. identity theft ANS: C RATIONALE: A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. An unauthorized individual can get access to sensitive, protected, or confidential data that can be copied, transmitted, viewed, or stolen.
49. To reduce the potential for online credit card fraud, most e-commerce Web sites use some form of _____ technology to protect information as it comes in from the consumer. a. encryption b. authentication c. authorization d. indexing ANS: A RATIONALE: To reduce the potential for online credit card fraud, most e-commerce Web sites use some form of encryption technology to protect information as it comes in from the consumer. Some also verify the address submitted online against the one the issuing bank has on file, although the merchant may inadvertently throw out legitimate orders as a result. 50. _____ is a three-digit number above the signature panel on the back of a credit card. a. Personal identification number b. Card verification value c. Automated teller machine d. Know your customer digits ANS: B RATIONALE: Card verification value is a three-digit number above the signature panel on the back of a credit card. This technique makes it impossible to make purchases with a credit card number stolen online. 51. The additional security option, used for credit card transactions, that keeps track of a customer’s historical shopping patterns and notes deviations from the norm is _____. a. transaction incognito mode b. transaction identification code c. transaction-spam control software d. transaction-risk scoring software ANS: D RATIONALE: Card verification value is a three-digit number above the signature panel on the back of a credit card. This technique makes it impossible to make purchases with a credit card number stolen online. An additional security option is transaction-risk scoring software, which keeps track of a customer’s historical shopping patterns and notes deviations from the norm. 52. _____ involves the deployment of malware that secretly steals data in the computer systems of organizations. a. Cyberterrorism b. Smishing c. Cyberespionage d. Vishing ANS: C
RATIONALE: Cyberespionage involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms. The type of data most frequently targeted includes data that can provide an unfair competitive advantage to the perpetrator. 53. Which of the following statements best defines cyberterrorism? a. It involves the deployment of malware that secretly steals data in the computer systems of organizations. b. It is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. c. It is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data over a long period of time. d. It is the intimidation of a government by using information technology to disable critical national infrastructure to achieve ideological goals. ANS: D RATIONALE: Cyberterrorism is the intimidation of a government or a civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals. Cyberterrorism is an increasing concern for countries and organizations around the globe. 54. _____ serves as a clearinghouse for information on new viruses, worms, and other computer security topics. a. United States Computer Emergency Readiness Team (US-CERT) b. United States Computer Query Emergency Team (US-CQET) c. United States Computer Emergency Encryption Team (US-CEET) d. United States Computer Emergency Authority Team (US-CEAT) ANS: A RATIONALE: Cyberterrorism is the intimidation of a government or a civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals. Established in 2003 to protect the nation’s Internet infrastructure against cyberattacks, United States Computer Emergency Readiness Team serves as a clearinghouse for information on new viruses, worms, and other computer security topics (over 500 new viruses and worms are developed each month). 55. Identify the industry that is considered as a high-value target for cyberterrorists. a. Automobile industry b. Logistics industry c. Gas industry d. Health industry ANS: C
RATIONALE: Companies in the oil and gas industry are seen as high-value targets for cyberterrorists. Some cyberterrorists are interested in taking control over the flow of oil and natural gas in computercontrolled refineries and the movement of oil through pipelines. 56. _____ is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices. a. Cloud computing b. Trustworthy computing c. Mobile computing d. Cluster computing ANS: B RATIONALE: Trustworthy computing is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices—which is what organizations worldwide are demanding today. Software and hardware manufacturers, consultants, and programmers all understand that this is a priority for their customers. 57. In the context of general security risk assessment, which of the following is true of the concept of reasonable assurance? a. It decides whether or not to implement a particular countermeasure against attacks. b. It recognizes that managers must use their judgment to ensure that the cost of control does not exceed a system’s benefits. c. It recognizes the loss events or the risks or threats that could occur, such as a distributed denial-ofservice attack or insider fraud. d. It determines the impact of each threat occurrence. ANS: B RATIONALE: No amount of resources can guarantee a perfect security system, so organizations must balance the risk of a security breach with the cost of preventing one. The concept of reasonable assurance recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved. 58. Identify the primary security threat for mobile devices. a. Distributed denial-of-service attack b. Cyberterrorism c. Cyberespionage d. Theft of device ANS: D RATIONALE: Mobile devices such as smartphones can be susceptible to viruses and worms. However, the primary security threat for mobile devices continues to be loss or theft of the device. 59. Which of the following uses encryption to provide secure access to a remote computer over the Internet? a. Virtual private network (VPN)
b. File transfer protocol (FTP) c. Indexing d. Data warehousing ANS: A RATIONALE: Wary companies have begun to include special security requirements for mobile devices as part of their security policies. In some cases, users of laptops and mobile devices must use a virtual private network (a method employing encryption to provide secure access to a remote computer over the Internet) to gain access to their corporate network. 60. Which of the following limits network access based on an organization’s access policy? a. An antivirus software b. The concept of Reasonable assurance c. A firewall d. A browser ANS: C RATIONALE: Installation of a corporate firewall is the most common security precaution taken by businesses. A firewall stands guard between an organization’s internal network and the Internet, and it limits network access based on the organization’s access policy. 61. Which of the following statements defines an intrusion detection system (IDS)? a. An IDS is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices. b. An IDS evaluates an organization’s security policy. c. An IDS indicates the presence of a specific virus. d. An IDS is software and/or hardware that monitors system and network resources for breaches. ANS: D RATIONALE: An intrusion detection system (IDS) is software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment. Such activities usually signal an attempt to breach the integrity of the system or to limit the availability of network resources. 62. Which intrusion detection system (IDS) contains information about specific attacks and system vulnerabilities? a. Knowledge-based IDS b. Behavior-based IDS c. Threat-based IDS d. Risk-based IDS ANS: A RATIONALE: Knowledge-based approaches and behavior-based approaches are two fundamentally different approaches to intrusion detection. Knowledge-based intrusion detection systems contain
information about specific attacks and system vulnerabilities and watch for attempts to exploit these vulnerabilities, such as repeated failed login attempts or recurring attempts to download a program to a server. When such an attempt is detected, an alarm is triggered. 63. Which of the following is true of a virus signature? a. It quarantines the virus present in a system. b. It indicates the presence of a specific virus in a system. c. It temporarily stops the activities of a detected virus. d. It deletes a detected virus completely. ANS: B RATIONALE: Antivirus software should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses. Antivirus software scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus. 64. A thorough _____ should test system safeguards to ensure that they are operating as intended. a. internet audit b. cost audit c. software audit d. security audit ANS: D RATIONALE: A security audit evaluates whether an organization has a well-considered security policy in place and if it is being followed. A thorough security audit should also test system safeguards to ensure that they are operating as intended. 65. Which of the following defines computer forensics? a. It is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices. b. It evaluates an organization’s security policy. c. It detects viruses in a computer system and quarantines them. d. It is the software and/or hardware that monitors system and network resources and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment. ANS: A RATIONALE: Computer forensics is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law. A computer forensics investigation may be opened in response to a criminal investigation or civil litigation. TRUE/FALSE 1. An industrial spy hacks computers or Web sites in an attempt to promote a political ideology.
ANS: False RATIONALE: Industrial spies capture trade secrets and attempt to gain an unfair competitive advantage. They are usually hired by organizations or individuals to illegally gain data and access to other organizations’ trade secrets. 2. Macros can insert unwanted words, numbers, or phrases into documents or alter command functions. ANS: True RATIONALE: Macros can insert unwanted words, numbers, or phrases into documents or alter command functions. After a macro virus infects a user’s application, it can embed itself in all future documents created with the application. 3. Worms propagate without human intervention and send copies of themselves to other computers via email. ANS: True RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email. 4. A Trojan horse abuses email systems to send unsolicited email to large numbers of people. ANS: False RATIONALE: A Trojan horse is a program in which malicious code is hidden inside a seemingly harmless program. The program’s harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting them to a server operated by a third party. 5. A distributed denial-of-service attack involves infiltration of target systems. ANS: False RATIONALE: A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in—the Internet equivalent of dialing a telephone number repeatedly so that all other callers hear a busy signal. 6. A rootkit can be disinfected without formatting the hard disk or reinstalling the operating system. ANS: False RATIONALE: When it is determined that a computer has been infected with a rootkit, there is little to do but reformat the disk; reinstall the operating system and all applications; and reconfigure the user’s
settings, such as mapped drives. This can take hours, and the user may be left with a basic working machine, but all locally held data and settings may be lost. 7. In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site. ANS: True RATIONALE: In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention. 8. In an advanced persistent threat, the intruder gains useful information about the target in the incursion stage. ANS: False RATIONALE: In an advanced persistent threat, the intruder gains useful information about the target in the reconnaissance stage. The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.). 9. In the context of an information technology risk assessment, assets refer to hardware components only. ANS: False RATIONALE: Risk assessment is the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats. In the context of an information technology risk assessment, an asset is any hardware, software, information system, network, or database that is used by the organization to achieve its business objectives. 10. Firewalls are used to block access to certain Web sites. ANS: True RATIONALE: Firewalls can be established through the use of software, hardware, or a combination of both. Any Internet traffic that is not explicitly permitted into the internal network is denied entry. Similarly, most firewalls can be configured so that internal network users can be blocked from gaining access to certain Web sites based on such content as sex and violence. ESSAY 1. What are the steps that can be taken by organizations to safeguard people from phishing, smishing, and vishing scams? ANSWER: Financial institutions, credit card companies, and other organizations whose customers are targeted by criminals through short message service or voice mail should be on the alert for phishing, smishing, and vishing scams. They must be prepared to act quickly and decisively without alarming their
customers if such a scam is detected. Recommended action steps for institutions and organizations include the following: Companies should educate their customers about the dangers of phishing, smishing, and vishing through letters, recorded messages for those calling into the company’s call center, and articles on the company’s Web site. Call center service employees should be trained to detect customer complaints that indicate a scam is being perpetrated. They should attempt to capture key pieces of information, such as the callback number the customer was directed to use, details of the phone message or text message, and the type of information requested. Customers should be notified immediately if a scam occurs. This can be done via a recorded message for customers phoning the call center, working with local media to place a news article in papers serving the area of the attack, placing a banner on the institution’s Web page, and even displaying posters in bank drive-through and lobby areas. If it is determined that the calls are originating from within the United States, companies should report the scam to the Federal Bureau of Investigation. Institutions can also try to notify the telecommunications carrier for the particular numbers to request that they shut down the phone numbers victims are requested to call. 2. Explain the different phases of an advanced persistent threat (APT). ANSWER: An advanced persistent threat (APT) attack advances through the following five phases: Reconnaissance: The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.) Incursion: The attacker next gains incursion to the network at a low level to avoid setting off any alarms or suspicion. Some form of spear-fishing may be employed in this phase. Once incursion to the target has been gained, the attacker establishes a back door, or a means of accessing a computer program that bypasses security mechanisms. Discovery: The intruder now begins a discovery process to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. These back doors enable the attacker to install bogus utilities for distributing malware that remains hidden in plain sight. Capture: The attacker is now ready to access unprotected or compromised systems and capture information over a long period of time. Export: Captured data is then exported back to the attacker’s home base for analysis and/or used to commit fraud and other crimes 3. What are the steps involved in a general security risk assessment process? ANSWER: The steps in a general security risk assessment process are as follows: Step1—Identify the set of IT assets about which the organization is most concerned. Priority is typically given to those assets that support the organization’s mission and the meeting of its primary business goals. Step 2—Identify the loss events or the risks or threats that could occur, such as a distributed denialof-service attack or insider fraud.
Step 3—Assess the frequency of events or the likelihood of each potential threat; some threats, such as insider fraud, are more likely to occur than others. Step 4—Determine the impact of each threat occurring. Step 5—Determine how each threat can be mitigated so that it becomes much less likely to occur or, if it does occur, has less of an impact on the organization. Step 6—Assess the feasibility of implementing the mitigation options. Step 7—Perform a cost-benefit analysis to ensure that your efforts will be cost effective. Step 8—Make the decision on whether or not to implement a particular countermeasure.
4. What are the characteristics of a good antivirus software? ANSWER: A good antivirus software checks vital system files when the system is booted up, monitors the system continuously for virus-like activity, scans disks, scans memory when a program is run, checks programs when they are downloaded, and scans email attachments before they are opened. Two of the most widely used antivirus software products are Norton AntiVirus from Symantec and Personal Firewall from McAfee. 5. Explain the need for a security audit in an organization. ANSWER: A security audit evaluates whether an organization has a well-considered security policy in place and if it is being followed. One result of a good audit is a list of items that needs to be addressed in order to ensure that the security policy is being met. A thorough security audit should also test system safeguards to ensure that they are operating as intended. Such tests might include trying the default system passwords that are active when software is first received from the vendor. The goal of such a test is to ensure that all such known passwords have been changed.
CHAPTER 12— ETHICAL, LEGAL, AND SOCIAL ISSUES OF INFORMATION TECHNOLOGY MULTIPLE CHOICE 1. _____ is a set of beliefs about right and wrong behavior. a. Moral b. Law c. Ethics d. Value ANS: C RATIONALE: Ethics is a set of beliefs about right and wrong behavior. Ethical behavior conforms to generally accepted social norms—many of which are almost universally accepted. Doing what is ethical can be difficult in certain situations. For example, although nearly everyone would agree that lying and cheating are unethical, some people might consider it acceptable to tell a lie to protect someone’s feelings or to keep a friend from getting into trouble. 2. Which of the following best describes morals? a. They are an individual’s beliefs about right and wrong. b. They are a set of beliefs about right and wrong behavior that are universally accepted. c. They consist of principles and core values that are essential to behavior. d. They are a system of rules enforced by a set of institutions that states what a person can and cannot do. ANS: A RATIONALE: Morals are one’s personal beliefs about right and wrong, whereas the term ethics describes standards or codes of behavior expected of an individual by a group (nation, organization, and profession) to which an individual belongs. Moral acts conform to what an individual believes to be the right thing to do. 3. Which of the following defines law? a. It is an individual’s beliefs about right and wrong. b. It is a set of beliefs about right and wrong behavior that are universally accepted. c. It is a set of principles and core values that are essential to ethical work and governs a practitioner’s behavior. d. It is a system of rules enforced by a set of institutions that states what a person can and cannot do. ANS: D RATIONALE: Law is a system of rules that tells us what we can and cannot do. Laws are enforced by a set of institutions (the police, courts, law-making bodies). Legal acts are acts that conform to the law. 4. Which of the following is true of a code of ethics? a. It is an individual’s beliefs about right and wrong. b. It is a set of beliefs about right and wrong behavior that are universally accepted.
c. It states the principles and core values that are essential to any professional’s work and that govern their behavior. d. It is a system of rules enforced by a set of institutions that states what a person can and cannot do . ANS: C RATIONALE: Laws do not provide a complete guide to ethical behavior. Just because an activity is defined as legal does not mean that it is ethical. As a result, practitioners in many professions subscribe to a code of ethics that states the principles and core values that are essential to their work and, therefore, govern their behavior. 5. Which of the following acts as a reference point to determine what is legal and what is ethical? a. Code of laws b. Code of ethics c. Code of conduct d. Code of practice ANS: B RATIONALE: Laws do not provide a complete guide to ethical behavior. Just because an activity is defined as legal does not mean that it is ethical. As a result, practitioners in many professions subscribe to a code of ethics that states the principles and core values that are essential to their work and, therefore, govern their behavior. The code can become a reference point for determining what is legal and what is ethical. 6. John, a lawyer, defends his client, who is accused of murder, to the best of his ability while conforming to the _____ of his profession. a. ethics b. morals c. laws d. values ANS: A RATIONALE: Ethics is a set of beliefs about right and wrong behavior. Ethical behavior conforms to generally accepted social norms—many of which are almost universally accepted. Doing what is ethical can be difficult in certain situations. For example, although nearly everyone would agree that lying and cheating are unethical, some people might consider it acceptable to tell a lie to protect someone’s feelings or to keep a friend from getting into trouble. 7. Which of the following is true of the First Amendment to the U.S. Constitution? a. It was adopted to protect Americans from unreasonable searches and seizures of properties. b. It was adopted to prohibit people from excessive bail as well as cruel and unusual punishment. c. It was adopted to guarantee fair trial and other rights of the accused. d. It was adopted to guarantee Americans’ rights to freedom of religion, freedom of expression, and freedom to assemble. ANS: D
RATIONALE: The First Amendment to the U.S. Constitution was adopted to guarantee Americans’ rights to freedom of religion, freedom of expression, and freedom to assemble. It reads as follows: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances. 8. Which of the following amendments to the U.S. Constitution comes into play in privacy issues if it appears that data is being gathered to track the movement of groups of people, as this could threaten their right to assemble or gather peacefully? a. The First Amendment b. The Second Amendment c. The Third Amendment d. The Fourth Amendment ANS: A RATIONALE: The First Amendment to the U.S. Constitution was adopted to guarantee Americans’ rights to freedom of religion, freedom of expression, and freedom to assemble. The First Amendment comes into play in privacy issues if it appears that data is being gathered to track the movement of groups of people, as this could threaten their right to assemble or gather peacefully. 9. The Fourth Amendment to the U.S. Constitution was adopted to _____. a. guarantee fair trial and other rights of an accused b. prohibit excessive bail as well as cruel and unusual punishment c. protect people from unreasonable searches and seizures of properties d. guarantee the rights to freedom of religion, freedom of expression, and freedom to assemble ANS: C RATIONALE: The Fourth Amendment was adopted to protect people from unreasonable searches and seizures of properties and reads as follows: The amendment states that the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. 10. The Supreme Court has ruled that American citizens are protected by the _____ when there is a “reasonable expectation of privacy.” a. First Amendment b. Second Amendment c. Third Amendment d. Fourth Amendment ANS: D RATIONALE: The Fourth Amendment was adopted to protect people from unreasonable searches and seizures of properties. The Supreme Court has ruled that American citizens are protected by the Fourth Amendment when there is a “reasonable expectation of privacy.”
11. Identify the system implemented by organizations to collect and store key data from every interaction they have with a customer. a. Customer relationship management b. Business intelligence management c. Access information management d. Enterprise resource management ANS: A RATIONALE: Organizations need basic information about existing customers to serve them better. It is hard to imagine an organization having a relationship with its customers without having data about them. Thus, many organizations implement customer relationship management (CRM) systems that collect and store key data from every interaction they have with a customer. 12. Which of the following systems is used by law enforcement agencies to snap photos and document the location of vehicles? a. Dashboard recognizer b. Stingray c. Automatic license plate reader d. Secure flight program ANS: C RATIONALE: Automatic license plate readers (ALPRs) snap photos and document the location of vehicles; some systems can also photograph drivers and passengers. ALPRs are used to snag red-light runners and to identify motorists with outstanding arrest warrants, overdue parking tickets, and delinquent tax bills. 13. _____ identify and reference people in photos and videos posted on Facebook. a. Facebook shares b. Facebook notifications c. Facebook messages d. Facebook tags ANS: D RATIONALE: Facebook tags identify and reference people in photos and videos posted on Facebook by its more than 1 billion users. Whenever such tags are created, the concerned people are notified about this. 14. Which of the following is true of a cookie? a. It saves shortcuts to Web sites and navigates to them within a few seconds. b. It helps users to browse incognito by hiding their browsing data. c. It passes the session identification number to a web server every time a browser makes a hypertext transfer protocol request. d. It captures browsing history for Web site customization and personalization purposes. ANS: D RATIONALE: Cookies capture browsing history for Web site customization and personalization purposes and for targeted marketing purposes. Many organizations that operate a Web site place a cookie—a
small file containing a string of characters that uniquely identifies a customer’s browser—on the computer hard drive of visitors to the organization’s site. 15. Which of the following is a national security agency surveillance program that collects Internet data including search histories? a. Stingray b. PRISM c. Secure flight program d. Backscatter imaging scanners ANS: B RATIONALE: PRISM is an NSA surveillance program that collects Internet data including search histories; photos; the contents of email, file transfers, and voice and video chats; and other Internet communication data. PRISM also gathers data related to telephone calls, including the numbers of both parties on a call and the location, date, time, and duration of the call. 16. Which of the following is true of stingray? a. It supports operations that require aerial surveillance. b. It is a national security agency surveillance program that collects Internet data including search histories. c. It impersonates a cell tower and forces all mobile phones within range to connect to it. d. It is an airline passenger prescreening program that checks travelers’ personal information. ANS: C RATIONALE: Stingray is a type of hardware device used to impersonate a cell tower, forcing all mobile phones within range to connect to it. The device can then capture information that can be used to identify and locate users and the phone numbers they call or text. 17. _____ create profiles on people based on aggregated data from public records such as business directories and social media networks. a. Data brokers b. Yellow pagers c. Data miners d. Drill-down analysts ANS: A RATIONALE: Data brokers are companies that create profiles on people based on aggregated data from arrest records, business directories, phone directories, social media networks, Web sites (including browsing histories), online product registration forms, credit card purchases, and other public records. Some data brokers have detailed profiles on tens of millions of consumers, which they then sell to each other, to advertisers, to the government, and even to individuals—typically without our direct knowledge.
18. ZoomMe is a company that accumulates data on people from various sources such as online product registration forms, credit card purchases, and other public records. It then uses these data to create profiles on people and sell them to advertisers. ZoomMe comes under the category of _____. a. data brokers b. data miners c. privacy analysts d. privacy brokers ANS: A RATIONALE: Data brokers are companies that create profiles on people based on aggregated data from arrest records, business directories, phone directories, social media networks, Web sites, online product registration forms, credit card purchases, and other public records. Some data brokers have detailed profiles on tens of millions of consumers, which they then sell to each other, to advertisers, to the government, and even to individuals. 19. David collects pieces of information about individuals garnered from data brokers. He then uses this information to threaten the individuals to publicly uncover their personal details until a monetary ransom is paid to him. Identify the tactic used by David to gather the information. a. Doxing b. Spamming c. Hacking d. Cracking ANS: A RATIONALE: Some bad characters use a tactic called doxing where they gather tidbits of information about an individual using information gleaned from data brokers and threaten to publicly expose their victims’ personal details unless some form of ransom (monetary or other) is paid. In other cases, doxing is used to publicize personal details about someone purely for the purpose of encouraging others to engage in harassment (online and in the real world) of the victim. 20. Identify the tactic through which an individual obtains information about an individual from data brokers and threatens to expose the victim’s personal details unless a ransom is paid. a. Hacking b. Spamming c. Doxing d. Cracking ANS: C RATIONALE: Bad characters use a tactic called doxing where they gather tidbits of information about an individual using information gleaned from data brokers and threaten to publicly expose their victims’ personal details unless some form of ransom (monetary or other) is paid. In other cases, doxing is used to publicize personal details about someone purely for the purpose of encouraging others to engage in harassment (online and in the real world) of the victim.
21. _____ is used to publicize personal details about someone purely for the purpose of encouraging others to engage in harassment of the victim. a. Hacking b. Doxing c. Phishing d. Distributed denial-of-service ANS: B RATIONALE: Bad characters use a tactic called doxing where they gather tidbits of information about an individual using information gleaned from data brokers and threaten to publicly expose their victims’ personal details unless some form of ransom (monetary or other) is paid. In other cases, doxing is used to publicize personal details about someone purely for the purpose of encouraging others to engage in harassment (online and in the real world) of the victim. 22. Which of the following must be adopted by a company to treat its customers’ data responsibly? a. The Code of Fair Information Practices b. The European Union Data Protection Directives c. The 1965 Organization for Data Brokering and Doxing (ODBD) privacy guidelines d. The 1957 Organization for Economic Cooperation and Development (OECD) privacy guidelines ANS: A RATIONALE: When dealing with customer data, strong measures are required to avoid customer relationship problems. One widely accepted approach to treating customer data responsibly is for a company to adopt the Code of Fair Information Practices and the 1980 Organization for Economic Cooperation and Development (OECD) privacy guidelines. 23. The _____ represent the international consensus regarding the collection and management of personal information. a. Code of Fair Information Practices b. 1980 Organization for Economic Cooperation and Development (OECD) privacy guidelines c. European Union Data Protection Directives d. 1965 Organization for Data Brokering and Doxing (ODBD) privacy guidelines ANS: B RATIONALE: When dealing with customer data, strong measures are required to avoid customer relationship problems. One widely accepted approach to treating customer data responsibly is for a company to adopt the Code of Fair Information Practices and the 1980 Organization for Economic Cooperation and Development (OECD) privacy guidelines. The 1980 Organization for Economic Cooperation and Development (OECD) privacy guidelines continue to represent the international consensus regarding the collection and management of personal information. 24. The _____ prohibits the transfer of personal data to non–European Union nations that do not meet the European adequacy standard for privacy protection. a. Code of Fair Information Practices b. European Data Transfer Act
c. Organization for Economic Cooperation and Development privacy guideline d. European Union Data Protection Directive ANS: D RATIONALE: The European Union Data Protection Directive prohibits the transfer of personal data to non–European Union nations that do not meet the European adequacy standard for privacy protection. Some of these standards require the creation of government data protection agencies, registration of databases with those agencies, and in certain cases, approval before personal data processing can begin. 25. Mapua Corp., a multinational corporation based in Germany, has decided to relocate its business to Japan. It faces difficulties in transferring the personal data of its employees from Germany to Japan. Which of the following is causing this difficulty? a. The 1980 Organization for Economic Cooperation and Development (OECD) privacy guidelines b. The European Union Data Protection Directive c. The Code of Fair Information Practices d. The Code of Fair Transportation Security ANS: B RATIONALE: The European Union Data Protection Directive prohibits the transfer of personal data to non–European Union nations that do not meet the European adequacy standard for privacy protection. Some of these standards require the creation of government data protection agencies, registration of databases with those agencies, and in certain cases, approval before personal data processing can begin. 26. A company based in Houston wants to expand its business to Rome. The human resources department will run background checks from Houston. Identify the condition that must be satisfied to make this possible. a. A “safe harbor” framework must be developed. b. The US Patriot Act must be implemented. c. A doxing framework must be developed. d. The Digital Millennium Copyright Act must be implemented. ANS: A RATIONALE: The U.S. Department of Commerce together with the European Commission developed a “safe harbor” framework to ensure that U.S. companies don’t experience interruptions in their dealings with countries in the European Union. U.S. organizations that can verify their policies and practices are compliant with the safe harbor’s requirements will be recognized as meeting the European adequate standard privacy for privacy protection. 27. Who is appointed by an organization to define, implement, and oversee a set of data privacy policies? a. A Chief Privacy Officer (CPO) b. A Chief Operations Officer (COO) c. A Database Privacy Officer (DPO) d. A Data warehouse Officer (DWO)
ANS: A RATIONALE: Many organizations appoint an executive (often called a Chief Privacy Officer [CPO]) to define, implement, and oversee a set of data privacy policies. A CPO is charged with the responsibility of ensuring that the organization does not violate state and federal government regulations. 28. A _____ is charged with the responsibility of ensuring that an organization does not violate state and federal government regulations. a. Data Security Officer (DSO) b. Chief Operations Officer (COO) c. Database Privacy Officer (DPO) d. Chief Privacy Officer (CPO) ANS: D RATIONALE: Many organizations appoint an executive (often called a Chief Privacy Officer [CPO]) to define, implement, and oversee a set of data privacy policies. A CPO is charged with the responsibility of ensuring that the organization does not violate state and federal government regulations. 29. Conducting a thorough assessment to document what sensitive information an organization is collecting, where it is stored, how long it is kept, who has access to it, and how the organization is using this data is one of the critical tasks in establishing an effective _____ program. a. data piracy b. data privacy c. data recovery d. data structuring ANS: B RATIONALE: Several tasks are critical to establishing an effective data privacy program. One of them is conducting a thorough assessment to document what sensitive information an organization is collecting, where it is stored, how long it is kept, who has access to it, and how the organization is using this data. 30. Identify the framework developed by the U.S. Department of Commerce and the European Commission to ensure that U.S. companies don’t experience interruptions in their dealings with countries in the European Union. a. Net neutrality b. Terms of Use c. Safe harbor d. Struts ANS: C RATIONALE: The U.S. Department of Commerce together with the European Commission developed a “safe harbor” framework to ensure that U.S. companies don’t experience interruptions in their dealings with countries in the European Union. U.S. organizations that can verify their policies and practices are compliant with the safe harbor’s requirements will be recognized as meeting the European adequate standard privacy for privacy protection.
31. Who should be briefed on planned and existing marketing programs as well as information systems and databases that involve the collection or dissemination of consumer data? a. Editor-in-chief b. Chief Privacy Officer c. Chief mentor d. Chief Underwriting Officer ANS: B RATIONALE: Many organizations appoint an executive (often called a Chief Privacy Officer [CPO]) to define, implement, and oversee a set of data privacy policies. This individual should be briefed on planned and existing marketing programs as well as information systems and databases that involve the collection or dissemination of consumer data. 32. Which of the following is a small file that is placed on the computer hard drive of visitors to an organization’s site? a. A wiki b. A cookie c. An antivirus d. A bookmark ANS: B RATIONALE: Many organizations that operate a Web site place a cookie—a small file containing a string of characters that uniquely identifies a customer’s browser—on the computer hard drive of visitors to the organization’s site. For each visit to the Web site, data about user preferences and activity is captured and stored under that cookie on the company’s Web server. Additional information that a customer submits, such as name, address, and credit card information, as well as information gleaned from third parties, is also associated with the cookie and added to the customer’s file on the server. 33. Which of the following statements is true of a cookie? a. A cookie can create copies of itself and spread to other networks to execute and replicate again. b. The one time password of a transaction is captured and stored under a cookie on a company’s Web server. c. A cookie pulls data from disparate data sources to populate and maintain a data warehouse. d. Data about user preferences and activity is captured and stored under a cookie on a company’s Web server. ANS: D RATIONALE: Many organizations that operate a Web site place a cookie—a small file containing a string of characters that uniquely identifies a customer’s browser—on the computer hard drive of visitors to the organization’s site. For each visit to the Web site, data about user preferences and activity is captured and stored under that cookie on the company’s Web server. Additional information that a customer submits, such as name, address, and credit card information, as well as information gleaned from third parties, is also associated with the cookie and added to the customer’s file on the server.
34. PindCart, an online retailer, places a small file on the computer hard drive of its visitors to recognize them when they revisit their Web site. The company uses this file to generate a personalized welcome message to its visitors. This small file is called a _____. a. cookie b. metadata c. data dictionary d. popup ANS: A RATIONALE: Many organizations that operate a Web site place a cookie—a small file containing a string of characters that uniquely identifies a customer’s browser—on the computer hard drive of visitors to the organization’s site. For each visit to the Web site, data about user preferences and activity is captured and stored under that cookie on the company’s Web server. 35. The _____ of a Web site states what sort of information about customers is captured and how that information may be used by the capturing organization. a. extension b. privacy policy c. browser certificate d. developer console ANS: B RATIONALE: A Web site usually has a privacy policy that states what sort of information about customers is captured and how that information may be used by the capturing organization. Data collected through the use of cookies is one of the many components of the personal profiles created by data brokers. 36. Who creates personal profiles using the data collected through the use of cookies? a. A chief privacy officer b. A data warehouse officer c. A data broker d. A public administrative broker ANS: C RATIONALE: A Web site usually has a privacy policy that states what sort of information about customers is captured and how that information may be used by the capturing organization. Data collected through the use of cookies is one of the many components of the personal profiles created by data brokers. 37. Identify the factor that has forced employers to monitor workers to ensure compliance with the corporate information technology usage policy. a. Increased legal liabilities b. Increased productivity c. Decreased leisure hours d. Increased peer discussion ANS: A
RATIONALE: Many organizations have developed a policy on the use of information technology to protect against employee abuses that reduce worker productivity or that could expose the employer to harassment lawsuits. The potential for decreased productivity, coupled with increased legal liabilities, have forced many employers to monitor workers to ensure compliance with the corporate information technology usage policy. 38. The Fourth Amendment of the U.S. Constitution _____. a. protects the privacy of intermediate school students b. protects the privacy of college students c. protects the privacy of private employees d. protects the privacy of government employees ANS: D RATIONALE: The Fourth Amendment of the Constitution protects citizens from unreasonable searches by the government and is often used to protect the privacy of government employees. The Fourth Amendment cannot be used to control how a private employer treats its employees, however, because such actions are not taken by the government. 39. Identify a drawback of the Fourth Amendment of the U.S. Constitution. a. It does not benefit government employees. b. It does not benefit private employees. c. It benefits only voluntary organizations. d. It benefits only nonprofit organizations. ANS: B RATIONALE: The Fourth Amendment cannot be used to control how a private employer treats its employees because such actions are not taken by the government. As a result, public-sector employees have far greater privacy rights than those in private industry. Although private-sector employees can seek legal protection against an invasive employer under various state statutes, the degree of protection varies widely by state. Furthermore, state privacy statutes tend to favor employers over employees. 40. A _____ organization can defeat a privacy claim simply by proving that an employee had been given explicit notice that email, Internet, and phone usage were not private and that their use might be monitored. a. public b. nonprofit c. voluntary d. private ANS: D RATIONALE: A private organization can defeat a privacy claim simply by proving that an employee had been given explicit notice that email, Internet, and phone usage were not private and that their use might be monitored. In addition, courts are far less likely to find an employer liable for violating an employee’s right to privacy if there is a valid, work-related reason for monitoring communications—for
example, previous cases of employees sending inappropriate email, which prompted the organization to begin monitoring all employees. 41. Which of the following policies should be agreed by a user before joining a social networking page? a. Terms of Use policy b. Privacy policy c. Information technology usage policy d. Profile update policy ANS: A RATIONALE: Most social networks encourage members to create a user profile consisting of name and other personal data, including photos. Many users are willing to disclose personal data, assuming that only those people in the social network who they wish to see that data will see it. However, the level of privacy offered on various social networks varies greatly and is defined in each network’s Terms of Use policy. Before someone can join a particular social network, he or she must agree to its Terms of Use policy, which often contains clauses permitting the social networking operator to collect and store data on users or even share it with third parties. 42. Which of the following policies often contains clauses that permit a social networking operator to collect and store data on users or even share it with third parties? a. Terms of Trade policy b. Terms of Use policy c. Terms of Endearment policy d. Terms of Retention policy ANS: B RATIONALE: The level of privacy offered on various social networks varies greatly and is defined in each network’s Terms of Use policy. Before someone can join a particular social network, he or she must agree to its Terms of Use policy, which often contains clauses permitting the social networking operator to collect and store data on users or even share it with third parties. 43. Social networking users are prone to _____. a. cyberethics b. advanced persistent threat c. identity theft d. cyberterrorism ANS: C RATIONALE: Criminals use social networking sites to retrieve a considerable amount of personally identifiable information about a person. Indeed, it is easy for users to become a victim of identity theft or stalking without even being aware of the risk. In addition, there has been growing concern over data breaches at some social networking services. 44. _____ is the control of the publishing of information on the Internet. a. Internet graying
b. Internet flagship c. Internet catalysis d. Internet censorship ANS: D RATIONALE: Internet censorship is the control or suppression of the publishing or accessing of information on the Internet. Censorship can take many forms—such as limiting access to certain Web sites, allowing access to only some content or modified content at certain Web sites, rejecting the use of certain key words in search engine searches, tracking and monitoring the Internet activities of individuals, and harassing or even jailing individuals for their Internet use. 45. Which of the following is a feature of Internet censorship? a. Monitoring the Internet activity of individuals b. Storing user credentials such as name and address c. Selling user data to third parties d. Pilfering credit card information from online shoppers ANS: A RATIONALE: Internet censorship is the control or suppression of the publishing or accessing of information on the Internet. Censorship can take many forms—such as limiting access to certain Web sites, allowing access to only some content or modified content at certain Web sites, rejecting the use of certain key words in search engine searches, tracking and monitoring the Internet activities of individuals, and harassing or even jailing individuals for their Internet use. 46. Linc Corp., a software firm, decides to ban social networking sites for its employees at the workplace. However, the employees are able to access other Web sites. Identify the strategy adopted by the firm. a. Cyberespionage b. Internet censorship c. Internet rootkit d. Spear phishing ANS: B RATIONALE: Internet censorship is the control or suppression of the publishing or accessing of information on the Internet. Censorship can take many forms—such as limiting access to certain Web sites, allowing access to only some content or modified content at certain Web sites, rejecting the use of certain key words in search engine searches, tracking and monitoring the Internet activities of individuals, and harassing or even jailing individuals for their Internet use. 47. When does the support for open access to Internet grow in a country? a. When only private-sector organizations gain online access b. When only government officials gain online access c. When more people gain online access d. When online access is limited to schools and colleges ANS: C
RATIONALE: Typically, as more people within a country gain online access, support for open access to the Internet, without government censorship, grows. According to a recent Pew Research Center survey of people in 24 countries with emerging and developing economies, support for Internet freedom is especially strong in countries where a high percentage of the population is online. 48. Identify the term that is used to describe the gulf between those who do and those who don’t have access to modern information and communications technology. a. The change management continuum model b. Net neutrality c. The digital divide d. Internet traffic ANS: C RATIONALE: The digital divide is a term used to describe the gulf between those who do and those who don’t have access to modern information and communications technology such as smartphones, personal computers, and the Internet. The digital divide exists not only from region to region but also from country to country and even within countries—among age groups, economic classes, and people who live in cities versus those in rural areas. 49. Consider a country with a law stating that citizens below the age of 25 must not have access to the Internet. This type of law creates a _____. a. net neutrality b. digital divide c. net equality d. social divide ANS: B RATIONALE: The digital divide is a term used to describe the gulf between those who do and those who don’t have access to modern information and communications technology such as smartphones, personal computers, and the Internet. The digital divide exists not only from region to region but also from country to country and even within countries—among age groups, economic classes, and people who live in cities versus those in rural areas. 50. The digital divide must be bridged to _____. a. solve emergency issues b. support net neutrality c. prevent online threats d. promote Internet censorship ANS: A RATIONALE: The digital divide is a term used to describe the gulf between those who do and those who don’t have access to modern information and communications technologies. Many people believe that the digital divide must be bridged for a number of reasons. Clearly, health, crime, and other emergencies could be resolved more quickly if a person in trouble had easy access to a communications network.
51. Which program was designed to eliminate the digital divide in the United States? a. The Internet traffic program b. Net neutrality program c. Workplace monitoring program d. The Education Rate program ANS: D RATIONALE: The Education Rate program was designed to help eliminate the digital divide within the United States. It was designed to increase the availability of low-cost computers and smartphones. 52. Which of the following is true of the Education Rate (E-Rate) program? a. It provides dial-up Internet services to multinational companies. b. It provides broadband Internet services to schools and libraries. c. It provides broadband Internet services to multinational companies. d. It provides dial-up Internet services to schools and libraries. ANS: B RATIONALE: The Education Rate (E-Rate) program was created through the Telecommunications Act of 1996. The full name of the program is The Schools and Libraries Program of the Universal Service Fund (USF). E-Rate helps schools and libraries obtain broadband Internet services to advance the availability of educational and informational resources. 53. Which of the following programs was created through the Telecommunications Act of 1996? a. Education Rate (E-Rate) program b. Mobile Network (M-Net) program c. Internet Mate (I-Mate) program d. Education Network (E-Net) program ANS: A RATIONALE: The Education Rate (E-Rate) program was created through the Telecommunications Act of 1996. The E-Rate program was designed to help eliminate the digital divide within the United States. 54. The _____ reimburses telecommunications, Internet access, and internal connections providers for discounts on eligible services provided to schools and libraries. a. Education Network (E-Net) program b. Mobile Network (M-Net) program c. Internet Mate (I-Mate) program d. Education Rate (E-Rate) program ANS: D RATIONALE: The Education Rate (E-Rate) program was created through the Telecommunications Act of 1996. E-Rate reimburses telecommunications, Internet access, and internal connections providers for discounts on eligible services provided to schools and libraries. 55. The Schools and Libraries Program of the Universal Service Fund (USF) is the full name of the _____.
a. Education Network (E-Net) program b. Education Rate (E-Rate) program c. Internet Mate (I-Mate) program d. Mobile Network (M-Net) program ANS: B RATIONALE: The Education Rate (E-Rate) program was created through the Telecommunications Act of 1996. The full name of the program is The Schools and Libraries Program of the Universal Service Fund (USF). E-Rate helps schools and libraries obtain broadband Internet services to advance the availability of educational and informational resources. 56. _____ is the principle that requires Internet Service providers to treat all Internet traffic from various sources in an unbiased manner. a. Net neutrality b. Internet of Things c. Cloud computing d. Cryptography ANS: A RATIONALE: Net neutrality is the principle that ISPs should be required to treat all Internet traffic running over their wired and wireless broadband networks the same—without favoring content from some sources and/or blocking or slowing (also known as throttling) content from others. The debate over net neutrality raises questions about how best to keep the Internet open and impartial while still offering ISPs sufficient incentive to expand their networks to serve more customers and to support new services. 57. What is the debate over net neutrality? a. To decrease the incentives of Internet Service Providers b. To support only the existing services and cancel the new services c. To keep the Internet open and impartial d. To reduce the network of Internet Service Providers ANS: C RATIONALE: Net neutrality is the principle that Internet Service Providers (ISPs) should be required to treat all Internet traffic running over their wired and wireless broadband networks the same—without favoring content from some sources and/or blocking or slowing (also known as throttling) content from others. The debate over net neutrality raises questions about how best to keep the Internet open and impartial while still offering ISPs sufficient incentive to expand their networks to serve more customers and to support new services. 58. Identify the objective of the Communications Act of 1934. a. To provide dial-up Internet services to schools and libraries b. To protect users from online threats such as cracking and identity theft c. To restrict the use of social networking Web sites d. To ensure broad access to affordable communications services
ANS: D RATIONALE: The rules governing net neutrality are set by the Federal Communications Commission (FCC), which was established by the Communications Act of 1934. This act consolidated a myriad of existing regulations that governed radio, telephone, and the emerging television industries. It was passed during the first term of President Franklin Roosevelt—decades before the Internet and computer were even invented. Its goal was to ensure broad access to affordable communications services. The act created the FCC to oversee all interstate and foreign communications. 59. Which of the following is true of the Communications Act of 1934? a. It created the Education Rate (E-Rate) program’s Terms of Use policy to oversee all interstate and foreign communications. b. It created the Federal Communications Commission to oversee all interstate and foreign communications. c. It created the decision support program to oversee all interstate and foreign communications. d. It created the Universal Service Fund (USF) to oversee all interstate and foreign communications. ANS: B RATIONALE: The rules governing net neutrality are set by the Federal Communications Commission (FCC), which was established by the Communications Act of 1934. This act consolidated a myriad of existing regulations that governed radio, telephone, and the emerging television industries. The act created the FCC to oversee all interstate and foreign communications. 60. In 2002, the Federal Communications Commission decided that most broadband Internet services qualified as _____ services. a. investment b. technology c. information d. commercial ANS: C RATIONALE: The Communications Act is divided into seven major sections or “Titles,” each covering different subject matter. In 2002, the Federal Communications Commission decided that most broadband Internet services qualified as “information services,” making them subject to the regulations of Title I of the Communications Act—and not Title II’s more stringent and comprehensive “common carrier” regulations. 61. _____ is a network of physical objects embedded with sensors, processors, software, and network connectivity capability to enable them to exchange data with the manufacturer, operator, and other connected devices. a. The Internet of Digital divide b. The Internet of Things c. The Internet of Data d. The Internet of Regulations ANS: B
RATIONALE: The Internet of Things (IoT) is a network of physical objects or “things” embedded with sensors, processors, software, and network connectivity capability to enable them to exchange data with the manufacturer, operator, and other connected devices. Each thing is uniquely identifiable and capable of interoperating with other “things” within the existing IoT infrastructure, often by connecting to a central hub. The IoT also includes cloud services, which enable the collection and analysis of data so people can process the data and take appropriate action via mobile apps. 62. Fly thermostat, an automatic temperature controller for homes, learns the patterns for raising and lowering the temperature in a house after a week of use. It then adjusts the temperature automatically based on the observed patterns. This is an application of _____. a. the Internet of Things b. Net neutrality c. the Education Rate (E-Rate) program d. Net censorship ANS: A RATIONALE: The Internet of Things (IoT) is a network of physical objects or “things” embedded with sensors, processors, software, and network connectivity capability to enable them to exchange data with the manufacturer, operator. The IoT also includes cloud services, which enable the collection and analysis of data so people can process the data and take appropriate action via mobile apps and other connected devices. 63. The Mishiba Huya LED bulbs enable consumers to control lighting in their homes using a smartphone or tablet. When connected to a Huya wireless bridge, the bulbs can be programmed to emit different tones of white light, from warm, yellow white to vibrant, blue white—any color on the spectrum. The bulbs can also be programmed to blink if they sense an intruder. This is an application of _____. a. Net censorship b. Net neutrality c. the Education Rate (E-Rate) program d. the Internet of Things ANS: D RATIONALE: The Internet of Things (IoT) is a network of physical objects or “things” embedded with sensors, processors, software, and network connectivity capability to enable them to exchange data with the manufacturer, operator, and other connected devices. In theory, the IoT would enable us to connect almost any device with an on/off switch to a network—automobiles, coffee makers, components of an aircraft engine, heart monitor implants, packing labels, ingestible pills, wearable devices, and even highway sensors that can warn of traffic and hazardous road conditions. The IoT also includes cloud services, which enable the collection and analysis of data so people can process the data and take appropriate action via mobile apps. 64. Which of the following encompasses machine-to-machine, people-to-people, and people-to-machine connections? a. The Internet of Things b. The Internet of Digital divide
c. The Internet of Regulations d. The Internet of Everything ANS: D RATIONALE: Until recently, the Internet of Things has been most closely associated with machine-tomachine communications, such as that employed in the manufacturing, gas, oil, and power industries. The Internet of Everything (IoE) encompasses not only machine-to-machine but also people-to-people and people-to-machine connections. 65. Which of the following is a reason for the rapid growth of the Internet of Everything? a. Limited availability of network services b. Increased availability of expensive smart devices c. Increased availability of network access d. Limited availability of inexpensive smart devices ANS: C RATIONALE: The Internet of Everything (IoE) encompasses not only machine-to-machine but also peopleto-people and people-to-machine connections. It is estimated that the total number of devices supported by the IoE will exceed 50 billion by the end of 2020. This rapid growth is being fueled by the increasing availability of network access, the creation of more inexpensive smart devices with sensors and network capabilities built into them, the rapid growth in smartphone penetration, and the creativity and innovation of people who are able to see and capitalize on the almost unlimited opportunities. TRUE/FALSE 1. Ethics is one’s personal beliefs about right and wrong. ANS: False RATIONALE: Ethics is a set of beliefs about right and wrong behavior. Ethical behavior conforms to generally accepted social norms—many of which are almost universally accepted. 2. Morals is a set of beliefs about right and wrong behavior. ANS: False RATIONALE: Morals are one’s personal beliefs about right and wrong, whereas the term ethics describes standards or codes of behavior expected of an individual by a group (nation, organization, and profession) to which an individual belongs. For example, the ethics of the law profession demand that defense attorneys defend an accused client to the best of their ability, even if they know that the client is guilty of the most heinous and morally objectionable crime one could imagine. 3. Laws are enforced by a set of institutions such as the police, courts, and law-making bodies. ANS: True RATIONALE: Law is a system of rules that tells us what we can and cannot do. Laws are enforced by a set of institutions (the police, courts, law-making bodies). Legal acts are acts that conform to the law.
4. The First Amendment to the U.S. Constitution was adopted to protect people from unreasonable searches and seizures of properties. ANS: False RATIONALE: The First Amendment to the U.S. Constitution was adopted to guarantee Americans’ rights to freedom of religion, freedom of expression, and freedom to assemble. It reads as follows: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances. 5. The Fourth Amendment to the U.S. Constitution is used to protect the privacy of private employees. ANS: False RATIONALE: The Fourth Amendment of the Constitution protects citizens from unreasonable searches by the government and is often used to protect the privacy of government employees. The Fourth Amendment cannot be used to control how a private employer treats its employees, however, because such actions are not taken by the government. 6. The state privacy statutes tend to favor private-sector employees over employers. ANS: False RATIONALE: Private-sector employees can seek legal protection against an invasive employer under various state statutes, but the degree of protection varies widely by state. Furthermore, state privacy statutes tend to favor employers over employees. 7. Internet censorship limits access to certain Web sites. ANS: True RATIONALE: Internet censorship is the control or suppression of the publishing or accessing of information on the Internet. Censorship can take many forms—such as limiting access to certain Web sites, allowing access to only some content or modified content at certain Web sites, rejecting the use of certain key words in search engine searches, tracking and monitoring the Internet activities of individuals, and harassing or even jailing individuals for their Internet use. 8. Digital divide helps schools and libraries obtain broadband Internet services to advance the availability of educational and informational resources. ANS: False RATIONALE: The digital divide is a term used to describe the gulf between those who do and those who don’t have access to modern information and communications technology such as smartphones, personal computers, and the Internet. 9. Net neutrality favors Internet traffic from some specific sources than the others.
ANS: False RATIONALE: Net neutrality is the principle that Internet Service Providers should be required to treat all Internet traffic running over their wired and wireless broadband networks the same—without favoring content from some sources and/or blocking or slowing (also known as throttling) content from others. 10. The Internet of Things enables people to connect to any device with an on/off switch to a network. ANS: True RATIONALE: In theory, the Internet of Things would enable people to connect almost any device with an on/off switch to a network—automobiles, coffee makers, components of an aircraft engine, heart monitor implants, packing labels, ingestible pills, wearable devices, and even highway sensors that can warn of traffic and hazardous road conditions. ESSAY 1. Why do practitioners in many professions subscribe to a code of ethics rather than simply following law? ANSWER: Law is a system of rules that tells what one can and cannot do. Laws do not provide a complete guide to ethical behavior. Just because an activity is defined as legal does not mean that it is ethical. As a result, practitioners in many professions subscribe to a code of ethics that states the principles and core values that are essential to their work and, therefore, govern their behavior. The code can become a reference point for determining what is legal and what is ethical. 2. What are the various tasks carried out by a Chief Privacy Officer to establish an effective data privacy program? ANSWER: Several tasks are critical to establishing an effective data privacy program, including the following: Conduct a thorough assessment to document what sensitive information your organization is collecting, where it is stored, how long it is kept, who has access to it, and how your organization is using this data. Define a comprehensive data privacy program that encompasses the development of a set of data privacy policies that meet or exceed industry and government requirements; addresses ongoing employee education and compliance; and provides for regular updates to suppliers, customers, contractors, and employees. Assign a high level executive to implement and monitor the data privacy program. Develop a data breach response plan to be implemented in the event of such an incident. Track ongoing changes to regulatory and legal requirements and make necessary changes to your data privacy program. 3. In the context of workplace monitoring, explain the requirements of privacy advocates. ANSWER: Privacy advocates want federal legislation that keeps employers from infringing upon the privacy rights of employees. Such legislation would require prior notification to all employees of the
existence and location of all electronic monitoring devices. Privacy advocates also want restrictions on the types of information collected and the extent to which an employer may use electronic monitoring. As a result, many laws are being introduced and debated at both the state and federal level. As the laws governing employee privacy and monitoring continue to evolve, business managers must stay informed to avoid enforcing outdated usage policies. 4. Explain the purpose of net neutrality. ANSWER: Net neutrality is the principle that Internet Service Providers (ISPs) should be required to treat all Internet traffic running over their wired and wireless broadband networks the same—without favoring content from some sources and/or blocking or slowing (also known as throttling) content from others. The debate over net neutrality raises questions about how best to keep the Internet open and impartial while still offering ISPs sufficient incentive to expand their networks to serve more customers and to support new services. 5. Define Internet of Everything (IoE). ANSWER: The Internet of Everything (IoE) encompasses not only machine-to-machine but also peopleto-people and people-to-machine connections. While there is great optimism concerning the future of the Internet of Things (IoT), for it to achieve its full potential, many issues must still be addressed, including standards to simplify the interconnection of devices; regulations to ensure devices receive appropriate air time; and the need for improved system reliability, security concerns, and data privacy matters.