This Document Contains Chapters 6 to 8 BPI006 Information Security Multiple Choice Questions 1. What is the recommended way to implement information security lines of defense? A. People first, technology second B. Technology first, people second C. None of the above D. All of the above Answer: A. People first, technology second Rationale: An organization should implement information security lines of defense through people first and technology second. 2. Which term describes legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident? A. Hactivist B. Social engineering C. Insiders D. Virus Answer: C. Insiders Rationale: This is the definition of insiders. 3. What identifies the rules required to maintain information security? A. Information security plan B. Information security policies C. Authentication D. Biometrics Answer: B. Information security policies Rationale: This is the definition of information security policies. 4. Which of the following is not one of the five steps for creating an information security plan? A. Develop the information security policies B. Communicate the information security policies C. Revise and test the information security policies D. Test and reevaluate risks Answer: C. Revise and test the information security policies Rationale: Revise and test the information security policies is not part of the five steps for creating an information security plan. 5. What is social engineering? A. Using one's social skills to trick people into revealing access credentials or other information valuable to the attacker B. Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident C. Small electronic devices that change user passwords automatically D. A method for confirming user's identities Answer: A. Using one's social skills to trick people into revealing access credentials or other information valuable to the attacker Rationale: This is the definition of social engineering. 6. Which of the following is not one of the top 10 questions managers should ask regarding information security? A. Is there clear accountability for information security in our organization? B. How much is spent on information security and what is it being spent on? C. What is the impact on the organization of a serious security incident? D. How do we identify potential insiders? Answer: D. How do we identify potential insiders? Rationale: How do we identify potential insiders is not one of the top ten questions managers should ask. 7. Which of the following is not one of the three primary information security areas? A. Authentication and authorization B. Prevention and resistance C. Detection and resistance D. None of the above Answer: C. Detection and resistance Rationale: Detection and resistance is not one of the three primary information security areas, it should be detection and response. 8. What is a method for confirming users' identities? A. Authentication B. Prevention C. Detection D. Response Answer: A. Authentication Rationale: This is the definition of authentication. 9. What is the most secure type of authentication? A. Something the user knows such as a user ID and password B. Something the user has such as a smart card or token C. Something that is part of the user such as a fingerprint or voice signature D. Combination of all of the above Answer: D. Combination of all of the above Rationale: The most secure type of authentication involves a combination of all three. 10. What is a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing? A. Token B. Password C. Smart card D. Biometrics Answer: C. Smart card Rationale: This is the definition of smart card. 11. What is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting? A. Smart card B. Token C. Biometrics D. Content filtering Answer: C. Biometrics Rationale: This is the definition of biometrics. 12. Which of the following is not considered a type of biometrics? A. Voice B. Face C. Iris D. None of the above Answer: D. None of the above Rationale: All of the above are considered biometrics. 13. What is the most costly and intrusive form of authentication? A. Something the user knows such as a user ID and password B. Something the user has such as a smart card or token C. Something that is part of the user such as a fingerprint or voice signature D. None of the above Answer: C. Something that is part of the user such as a fingerprint or voice signature Rationale: Biometric authentication can be costly and intrusive. 14. Which of the following authentication methods is 100 percent accurate? A. Smart card B. Fingerprint authentication C. User ID D. None of the above Answer: D. None of the above Rationale: None of the above authentication methods are 100 percent accurate. 15. What are the technologies available to help prevent and build resistance to attacks? A. Content filtering, encryption, firewalls B. Content filtering, encryption, insiders C. Encryption, firewalls, insiders D. Firewalls, social engineering, encryption Answer: A. Content filtering, encryption, firewalls Rationale: Content filtering, encryption, and firewalls are technologies available to help prevent and build resistance to attacks. 16. What occurs when an organization uses software that filters content to prevent the transmission of unauthorized information? A. Biometrics B. Encryption C. Firewalls D. None of the above Answer: D. None of the above Rationale: Content filtering occurs when an organization uses software that filters content to prevent the transmission of unauthorized information. 17. What is spam? A. A type of encryption B. A type of content filtering C. A form of unsolicited email D. None of the above Answer: C. A form of unsolicited email Rationale: This is the definition of spam. 18. What is encryption? A. Occurs when an organization uses software that filters content to prevent the transmission of unauthorized information B. Scrambles information into an alternative form that requires a key or password to decrypt the information C. Hardware and/or software that guards a private network by analyzing the information leaving and entering the network D. A form of unsolicited email Answer: B. Scrambles information into an alternative form that requires a key or password to decrypt the information Rationale: This is the definition of encryption. 19. Which of the following can be completed by encryption? A. Switch the order of characters B. Replace characters with other characters C. Use a mathematical formula to convert the information into some sort of code D. All of the above Answer: D. All of the above Rationale: All of the above can be completed by encryption. 20. Where do organizations typically place firewalls? A. Between a personal computer and the server B. Between a personal computer and a printer C. Between the server and the content filtering software D. Between the server and the Internet Answer: D. Between the server and the Internet Rationale: Firewalls are typically placed between a server and the Internet. 21. Which of the following does a firewall perform? A. Examines each message that wants entrance to the network B. Blocks messages without the correct markings from entering the network C. Detects computers communicating with the Internet without approval D. All of the above Answer: D. All of the above Rationale: A firewall can perform all of the above. 22. What includes a variety of threats such as viruses, worms, and Trojan horses? A. Malicious code B. Hoaxes C. Spoofing D. Sniffer Answer: A. Malicious code Rationale: This is the definition of malicious code. 23. What is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender? A. Malicious code B. Hoaxes C. Spoofing D. Sniffer Answer: C. Spoofing Rationale: This is the definition of spoofing. 24. Which of the following is a program or device that can monitor data traveling over a network? A. Malicious code B. Hoaxes C. Spoofing D. Sniffer Answer: D. Sniffer Rationale: This is the definition of sniffer. 25. What attacks computer systems by transmitting a virus hoax, with a real virus attached? A. Malicious code B. Hoaxes C. Spoofing D. Sniffer Answer: B. Hoaxes Rationale: This is the definition of hoaxes. 26. What is the most common type of defense within detection and response technologies? A. Malicious code B. Token C. User ID D. Antivirus software Answer: D. Antivirus software Rationale: Antivirus software is the most common type of defense within detection and response technologies. 27. Who works at the request of the system owners to find system vulnerabilities and plug the holes? A. White-hat hackers B. Black-hat hackers C. Hactivists D. Script kiddies Answer: A. White-hat hackers Rationale: This is the definition of white-hat hackers. 28. Who breaks into other people's computer systems and just looks around or steals and destroys information? A. White-hat hacker B. Black-hat hacker C. Hactivists D. Script kiddies Answer: B. Black-hat hacker Rationale: This is the definition of black-hat hackers. 29. Who finds hacking code on the Internet and click-and-points their way into systems to cause damage or spread viruses? A. White-hat hacker B. Black-hat hacker C. Hactivists D. Script kiddies Answer: D. Script kiddies Rationale: This is the definition of script kiddies. 30. Who are hackers with criminal intent? A. White-hat hacker B. Black-hat hacker C. Crackers D. Cyberterrorists Answer: C. Crackers Rationale: This is the definition of crackers. 31. Who are those who seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction? A. White-hat hacker B. Black-hat hacker C. Crackers D. Cyberterrorists Answer: D. Cyberterrorists Rationale: This is the definition of cyberterrorists. 32. What is a type of virus that spreads itself, not just from file to file, but also from computer to computer? A. Computer virus B. Worm C. Denial-of-service attack D. None of the above Answer: B. Worm Rationale: This is the definition of worm. 33. What floods a website with so many requests for service that it slows down or crashes the site? A. Computer virus B. Worm C. Denial-of-service attack D. None of the above Answer: C. Denial-of-service attack Rationale: This is the definition of denial-of-service attack. 34. Which is a virus that opens a way into the network for future attacks? A. Distributed denial-of-service attack B. Worm C. Denial-of-service attack D. Backdoor programs Answer: D. Backdoor programs Rationale: This is the definition of backdoor programs. 35. If there is a security breech on your organizational information systems, which information security area is best suited to handle the breech? A. Authentication and authorization B. Prevention and resistance C. Detection and response D. Detection and resistance Answer: C. Detection and response Rationale: Detection and response technologies are used to handle security breeches. True/False Questions 36. Information security is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization. Answer: True Rationale: This is the definition of information security. 37. Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business. Answer: False Rationale: Insiders are legitimate, not illegitimate, users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident. 38. Information security policies detail how an organization will implement the information security plan. Answer: False Rationale: Information security plan details how an organization will implement the information security policies. 39. Tokens are small electronic devices that change user passwords automatically. Answer: True Rationale: This is the definition of token. 40. The Trojan-horse virus hides inside other software, usually as an attachment or a downloadable file. Answer: True Rationale: This is the definition for Trojan-horse virus. Fill in the Blank Questions 41. ____________ security is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization. Answer: Information 42. Information security ______________ identify the rules required to maintain information security. Answer: Policies 43. A(n) information security ____________ details how an organization will implement the information security policies. Answer: Plan 44. Intrusion detection software (IDS) searches out patterns in information and network traffic to indicate __________ and quickly respond to prevent any harm. Answer: Attacks 45. A(n) _________ is hardware and/or software that guards a private network by analyzing the information leaving and entering the network. Answer: Firewall 46. Develop the information security policies is the ________________ step for creating an information security plan. Answer: First 47. Obtain ___________ support is the last step for creating an information security plan. Answer: Stakeholder 48. Social engineering is using one's __________ skills to trick people into revealing access credentials or other information valuable to the attacker. Answer: Social 49. ___________ diving is a form of social engineering when a hacker looks through people's trash to find personal information. Answer: Dumpster 50. ___________ is a method for confirming users' identities. Answer: Authentication 51. Tokens are small electronic devices that change user passwords __________. Answer: Automatically 52. Smart card is a(n) ___________ that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing. Answer: Device 53. ____________ is the identification of a user based on a physical characteristic. Answer: Biometrics 54. Content filtering, _________, and firewalls are the three types of prevention and resistance technologies. Answer: Encryption 55. _________ scrambles information into an alternative form that requires a key or password to decrypt the information. Answer: Encryption 56. _________ filtering occurs when an organization uses software that filters content to prevent the transmission of unauthorized information. Answer: Content 57. The most common type of defense within detection and response technologies is _________ software. Answer: Antivirus 58. Malicious code includes a variety of threats such as ______________, worms, and Trojan horses. Answer: Viruses 59. ___________ attack computer systems by transmitting a virus hoax, with a real virus attached. Answer: Hoaxes 60. Spoofing is the forging of the _________ address on an email so teat the email message appears to come from someone other than the actual sender. Answer: Return 61. A(n) _______ is a program or device that can monitor data traveling over a network. Answer: Sniffer 62. _________ hat hackers work at the request of the system owners to find system vulnerabilities and plug the holes. Answer: White 63. ___________ hat hackers break into other people's computer systems and may just look around or may steal and destroy information. Answer: Black 64. _________ have philosophical and political reasons for breaking into systems and will often deface the website as a protest. Answer: Hactivists 65. _______________ kiddies find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses. Answer: Script 66. _______________ is a hacker with criminal intent. Answer: Cracker 67. _________ seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction. Answer: Cyberterrorist 68. _________ are people very knowledgeable about computers who use their knowledge to invade other people's computers. Answer: Hackers 69. A(n) _________ is software written with malicious intent to cause annoyance or damage. Answer: Virus 70. A(n) _________ is a type of virus that spreads itself, not only from file to file, but also from computer to computer. Answer: Worm 71. Denial-of-service attack (DoS) _______________ a website with so many requests for service that it slows down or crashes the site. Answer: Floods 72. Distributed denial-of-service attack (DDoS) attacks from multiple __________ that flood a website with so many requests for service that it slows down or crashes. Answer: Computers 73. The ____________ of Death is a common type of DDoS and occurs when thousands of computers try to access a website at the same time, overloading it and shutting it down. Answer: Ping 74. Trojan-horse virus hides inside other ________, usually as an attachment or a downloadable file. Answer: Software 75. _________ programs are viruses that open a way into the network for future attacks. Answer: Backdoor Essay Questions 76. Describe the relationship between information security policies and an information security plan. Answer: The information security plan details how the organization will implement the information security policies. Information security policies identify the rules required to maintain information security. 77. Summarize the five steps to creating an information security plan. Answer: Develop the information security policies, (2) Communicate the information security policies, (3) Identify critical information assets and risks, (4) Test and reevaluate risks, (5) Obtain stakeholder support. 78. List and describe the three primary security areas. Answer: (1) Authentication and authorization Something the user knows such as a user ID and password, something the user has such as a smart card or token, something that is part of the user such as fingerprint or voice signature, (2) Prevention and resistance-Content filtering, encryption, firewalls, (3) Detection and response-Antivirus software. 79. Describe authentication and the most secure type of authentication. Answer: Authentication is a method for confirming user's identities. The most secure type of authentication involves a combination of the following: something the user knows such as a user ID and password, something the user has such as a smart card or token, something that is part of the user such as fingerprint or voice signature. 80. Describe the relationships and differences between hackers and viruses. Answer: Hackers are people very knowledgeable about computers who use their knowledge to invade other people's computers. Viruses are software written with malicious intent to cause annoyance or damage. BPI007 Ethics Multiple Choice Questions 1. What are the principles and standards that guide our behavior toward other people? A. Ethics B. Intellectual property C. Copyright D. Privacy Answer: A. Ethics Rationale: This is the definition of ethics. 2. What is intangible creative work that is embodied in physical form? A. Ethics B. Intellectual property C. Copyright D. Confidentiality Answer: B. Intellectual property Rationale: This is the definition of intellectual property. 3. What is the legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents? A. Ethics B. Intellectual property C. Copyright D. Privacy Answer: C. Copyright Rationale: This is the definition of copyright. 4. What is the assurance that messages and information remain available only to those authorized to view them? A. Confidentiality B. Pirated software C. Counterfeit software D. Privacy Answer: A. Confidentiality Rationale: This is the definition of confidentiality. 5. What is the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent? A. Fair Use Doctrine B. Pirated software C. Counterfeit software D. Privacy Answer: D. Privacy Rationale: This is the definition of privacy. 6. What is software that is manufactured to look like the real thing and sold as such? A. Fair Use Doctrine B. Pirated software C. Counterfeit software D. Privacy Answer: C. Counterfeit software Rationale: This is the definition of counterfeit software. 7. What is the unauthorized use, duplication, distribution, or sale of copyrighted software? A. Fair Use Doctrine B. Pirated software C. Counterfeit software D. Privacy Answer: B. Pirated software Rationale: This is the definition of pirated software. 8. What are the policies and procedures that address the ethical use of computers and Internet usage in the business environment? A. Ethics B. ePolicies C. All of the above D. None of the above Answer: B. ePolicies Rationale: This is the definition of ePolicies. 9. Which of the following describes privacy? A. The assurance that messages and data are available only to those who are authorized to view them B. Policies and procedures that address the ethical use of computers and Internet usage in the business environment C. The right to be left alone when you want to be, to have control over your own personal possessions, and to not be observed without your consent D. The principles and standards that guide our behavior toward other people Answer: C. The right to be left alone when you want to be, to have control over your own personal possessions, and to not be observed without your consent Rationale: This is the definition of privacy. 10. Which of the following describes confidentiality? A. The assurance that messages and information are available only to those who are authorized to view them B. Policies and procedures that address the ethical use of computers and Internet usage in the business environment C. The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent D. The principles and standards that guide our behavior toward other people Answer: A. The assurance that messages and information are available only to those who are authorized to view them Rationale: This is the definition of confidentiality. 11. Which of the following describes ePolicies? A. The assurance that messages and data are available only to those who are authorized to view them. B. Policies and procedures that address the ethical use of computers and Internet usage in the business environment. C. The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent. D. The principles and standards that guide our behavior toward other people. Answer: B. Policies and procedures that address the ethical use of computers and Internet usage in the business environment. Rationale: This is the definition of ePolicies. 12. Which of the following is not considered an ePolicy? A. Acceptable use policy B. Internet use policy C. Ethical computer use policy D. Security badge policy Answer: D. Security badge policy Rationale: All of the above are ePolicies. 13. Which of the following is an example of acting ethically? A. Individuals copy, use, and distribute software. B. Employees search organizational databases for sensitive corporate and personal information. C. Individuals hack into computer systems to steal proprietary information. D. None of the above. Answer: D. None of the above. Rationale: None of the above are examples of acting ethically. 14. Which of the following is not included in the four quadrants of ethical and legal behavior? A. Legal behavior and ethical behavior B. Illegal behavior and ethical behavior C. Legal behavior and unethical behavior D. None of the above Answer: D. None of the above Rationale: All of the above are contained in the four quadrants of ethical and legal behavior. 15. What is the ideal type of decisions for people in an organization to make? A. Legal and ethical B. Illegal and ethical C. Legal and unethical D. Illegal and unethical Answer: A. Legal and ethical Rationale: The ideal goal for organizations is to make decisions within quadrant I that are both legal and ethical. 16. Which act prohibits the use of video rental information on customers for any purpose other than that of marketing goods and services directly to the consumer? A. Privacy act B. Bork Bill C. Freedom of Information Act D. Communications Assistance for Law Enforcement Act Answer: B. Bork Bill Rationale: The Bork Bill prohibits the use of video rental information on customers. 17. Which act allows any person to examine government records unless it would cause an invasion of privacy? A. Privacy act B. Bork Bill C. Freedom of Information Act D. Communications Assistance for Law Enforcement Act Answer: C. Freedom of Information Act Rationale: The Freedom of Information Act allows any person to examine government records unless it causes an invasion of privacy. 18. Which act restricts what information the federal government can collect? A. Privacy act B. Bork Bill C. Freedom of Information Act D. Communications Assistance for Law Enforcement Act Answer: A. Privacy act Rationale: The Privacy act restricts what information the federal government can collect. 19. Which act protects investors by improving the accuracy and reliability of corporate disclosures? A. Sarbanes-Oxley Act B. Identity Theft and Assumption Deterrence Act C. CAN-Spam Act D. None of the above Answer: A. Sarbanes-Oxley Act Rationale: Sarbanes-Oxley Act protects investors by improving the accuracy and reliability of corporate disclosures. 20. Which act strengthened criminal laws against identity theft? A. Bork Bill B. Sarbanes-Oxley Act C. Cable Communications Act D. None of the above Answer: D. None of the above Rationale: The Identity Theft and Assumption Deterrence Act strengthened criminal laws against identity theft. 21. What is the policy that contains general principles to guide computer user behavior? A. Information privacy policy B. Acceptable use policy C. Internet use policy D. None of the above Answer: D. None of the above Rationale: The ethical computer use policy contains general principles to guide computer user behavior. 22. Which policy ensures that the users know how to behave at work and that the organization has a published standard through which to deal with user infractions? A. Information privacy policy B. Acceptable use policy C. Internet use policy D. Ethical computer use policy Answer: D. Ethical computer use policy Rationale: The ethical computer use policy must ensure that the users know how to behave and how infractions are handled. 23. According to the ethical computer use policy, users should be ______________ of the rules and, by agreeing to use the system on that basis, _______________ to abide by the rules. A. Informed, collaborate B. Consent, informed C. Informed, consent D. None of the above Answer: C. Informed, consent Rationale: Users should be informed of the computer rules and, by agreeing to use the system on that basis, consent to abide by the rules. 24. If an organization were to have only one policy, which one would it want? A. Information privacy policy B. Acceptable use policy C. Internet use policy D. Ethical computer use policy Answer: D. Ethical computer use policy Rationale: The ethical computer use policy is the starting point and umbrella for any other policies that the organization might establish. 25. Which policy contains general principles regarding information privacy? A. Information privacy policy B. Acceptable use policy C. Internet use policy D. Anti-Spam policy Answer: A. Information privacy policy Rationale: This is the definition of information privacy policy. 26. Which of the following represents the classic example of unintentional information reuse? A. Phone number B. Social Security number C. Address D. Driver's license number Answer: B. Social Security number Rationale: The social security number is the classic example of unintentional information reuse. 27. What is one of the guidelines an organization can follow when creating an information privacy policy? A. Adoption and implementation of an anti-spam policy B. Notice and disclosure C. Choice and quality D. None of the above Answer: B. Notice and disclosure Rationale: Notice and disclosure is the second guideline for creating an information privacy policy. 28. What is a policy that a user must agree to follow in order to be provided access to a network or to the Internet? A. Ethical computer use policy B. Acceptable use policy C. Nonrepudiation policy D. None of the above Answer: B. Acceptable use policy Rationale: This is the definition of acceptable use policy. 29. What is a contractual stipulation that ensures that ebusiness participants do not deny their online actions? A. Copyright B. Fair use doctrine C. Nonrepudiation D. Intellectual property Answer: C. Nonrepudiation Rationale: This is the definition of nonrepudiation. 30. Which policy typically contains a nonrepudiation clause? A. Ethical computer use policy B. Anti-spam policy C. Information privacy policy D. Acceptable use policy Answer: D. Acceptable use policy Rationale: An AUP typically contains a nonrepudiation clause. 31. Which policy is it common practice for many businesses and educational facilities to require employees or students to sign before being granted a network ID? A. Information privacy policy B. Acceptable use policy C. Anti-spam policy D. Ethical computer use policy Answer: B. Acceptable use policy Rationale: It is common practice to sign an AUP before being granted a network ID. 32. What is one of the major problems with email? A. Intellectual property B. Nonrepudiation C. User's expectation of privacy D. All of the above Answer: C. User's expectation of privacy Rationale: Users typically expect to receive the same type of privacy as is found in first-class mail. 33. Which of the following is part of the acceptable use policy stipulations? A. Not using the service as part of violating any law B. Not attempting to break the security of any computer network or user C. Not posting commercial messages to groups without prior permission D. All of the above Answer: D. All of the above Rationale: All of the above are AUP stipulations. 34. Which of the following is part of the acceptable use policy stipulations? A. Using the service to violate a law B. Posting commercial messages to groups without prior permission C. Performing nonrepudiation D. Not attempting to mail bomb a site Answer: D. Not attempting to mail bomb a site Rationale: Not attempting to mail bomb a site is part of the AUP stipulations. 35. What is a mail bomb? A. Sending a massive amount of email to a specific person or system resulting in filling up the recipient's disk space B. A contractual stipulation to ensure that ebusiness participants do not deny their online actions C. Sending a few emails to a specific person or system resulting in filling up the recipient's disk space D. A contractual stipulation to ensure that ebusiness participants deny their online actions Answer: A. Sending a massive amount of email to a specific person or system resulting in filling up the recipient's disk space Rationale: This is the definition of mail bomb. 36. Which policy details the extent to which email messages may be read by others? A. Acceptable use policy B. Email privacy policy C. Internet use policy D. None of the above Answer: B. Email privacy policy Rationale: This is the definition of email privacy policy. 37. Which of the following is not a part of the email privacy policy stipulations? A. It defines who legitimate email users are B. It explains the backup procedures C. It describes the legitimate grounds for reading someone's email D. It informs people that the organization has full control over email once it is transmitted outside the organization Answer: D. It informs people that the organization has full control over email once it is transmitted outside the organization Rationale: The organization does not have any control over email once it is transmitted outside of the organization. 38. Which of the following describes information technology monitoring? A. Tracking people's activities by such measures as number of keystrokes B. Tracking people's activities by such measures as error rate C. Tracking people's activities by such measures as number of transactions processed D. All of the above Answer: D. All of the above Rationale: This is the definition of information technology monitoring. 39. What is a program, when installed on a computer, records every keystroke and mouse click? A. Key logger software B. Spyware C. Cookie D. Adware Answer: A. Key logger software Rationale: This is the definition of key logger software. 40. What is a hardware device that captures keystrokes on their journey from the keyboard to the motherboard? A. Spyware B. Hardware key logger C. Cookie D. Adware Answer: B. Hardware key logger Rationale: This is the definition of hardware key logger. 41. What is a small file deposited on a hard drive by a website containing information about customers and their web activities? A. Key logger B. Hardware key logger C. Cookie D. Adware Answer: C. Cookie Rationale: This is the definition of cookie. True/False Questions 42. Confidentiality is the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent. Answer: False Rationale: Privacy is the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent. 43. Opt-in implies that the customers will only be contacted if they agreed to receive promotions and marketing material. Answer: True Rationale: This is the definition of opt-in. 44. Ethical computer use policy contains general principles to guide computer user behavior. Answer: True Rationale: This is the definition of ethical computer use policy. 45. Employee monitoring policies explicitly state how, when, and where the company monitors its employees. Answer: True Rationale: This is the definition of employee monitoring policies. 46. Information technology monitoring tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed. Answer: True Rationale: This is the definition of information technology monitoring. Fill in the Blank Questions 47. ____________ are the principles and standards that guide our behavior toward other people. Answer: Ethics 48. _____________ is the legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents. Answer: Copyright 49. ePolicies are policies and procedures that address the ethical use of computers and Internet usage in the ___________ environment. Answer: Business 50. _________ implies that contact will be made with only the people who had agreed to receive promotions and marketing materials. Answer: Opt-in 51. The _________ act restricts what information the federal government can collect. Answer: Privacy 52. The __________ communications privacy act allows the reading of communications by a firm and says that employees have no right to privacy when using their companies' computers. Answer: Electronic 53. The ___________ bill prohibits the use of video rental information on customers for any purpose other than that of marketing goods and services directly to the customer. Answer: Bork 54. The _________ of information act allows any person to examine government records unless it would cause an invasion of privacy. Answer: Freedom 55. A(n) ____________ computer use policy contains general principles to guide computer user behavior. Answer: Ethical 56. A(n) ___________ privacy policy contains general principles regarding information privacy. Answer: Information 57. A(n) __________ use policy is a policy that a user must agree to follow in order to be provided access to a network or to the Internet. Answer: Acceptable 58. _________ is a contractual stipulation to ensure that ebusiness participants do not deny their online actions. Answer: Nonrepudiation 59. A(n) ____________ privacy policy details the extent to which email messages may be read by others. Answer: Email 60. A(n) __________ use policy contains general principles to guide the proper use of the Internet. Answer: Internet 61. _________ is unsolicited email. Answer: Spam 62. Information technology _________ is tracking people's activities by such measures as number of keystrokes, error rate, and number of transactions processed. Answer: Monitoring 63. Key logger or key trapper software is a __________ that when installed on a computer, records every keystroke and mouse click. Answer: Program 64. ________________ key logger is a hardware device that captures keystrokes on their journey from the keyboard to the motherboard. Answer: Hardware 65. _______________ is software to generate ads that installs itself on a computer when a person downloads some other program from the Internet. Answer: Adware 66. __________ is software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user know nothing about. Answer: Spyware Essay Questions 67. Describe the important ethical concepts steaming from information technology. Answer: Intellectual property-intangible creative work that is embodied in physical form. Copyright-the legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents. Fair use doctrine-it is legal to use copyrighted material in certain situations. Pirated software-the unauthorized use, duplication, distribution, or sale of copyrighted software. Counterfeit software-manufactured to look like the real thing and sold as such. 68. Explain the statement "information has no ethics." Answer: Information has no ethics. Information does not care how it is used. Information will not stop itself from sending spam, viruses, or highly-sensitive information. Information cannot delete or preserve itself. For these reasons it falls on the shoulders of those who lord over the information to develop ethical guidelines on how to mange it. 69. Identify the differences between an ethical computer use policy and an acceptable computer use policy. Answer: Ethical computer use policy-contains general principles to guide computer user behavior. The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules. Acceptable use policy (AUP)-a policy that a user must agree to follow in order to be provided access to a network or to the Internet. An AUP usually contains a nonrepudiation clause: Nonrepudiation-a contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions. 70. Describe the relationship between an email privacy policy and in Internet use policy. Answer: Organizations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy. Email privacy policy details the extent to which email message may be read by others. An Internet use policy contains general principles to guide the proper use of the Internet. The Internet use policy covers all acts taking place on the Internet, whereas the email privacy policy simply includes email. 71. Summarize the different monitoring technologies and explain the importance of an employee monitoring policy. Answer: Different monitoring technologies include (1) Key logger, or key trapper software-records keystrokes and mouse clicks, (2) Hardware key logger-capture keystrokes from the keyboard to the motherboard, (3) Cookie-small file deposited on a hard drive by a website containing information about customers and their web activities, (4) Adware-generates self installing ads, (5) Spyware-hidden software that tracks online movements, (6) web log-consists of one line of information for every visitor to a website, (7) Clickstream-records information about a customer during a web surfing session. Employee monitoring policies explicitly state how, when, and where the company monitors its employees. BPI008 Supply Chain Management Multiple Choice Questions 1. What provides control and visibility to the status of individual items maintained in inventory? A. Inventory management and control software B. Global inventory management system C. Transportation planning system D. Distribution management software Answer: A. Inventory management and control software Rationale: This is the definition of inventory management and control software. 2. What tracks and analyzes the movement of materials and products to ensure the delivery of materials and finished goods at the right time, the right place, and the lowest cost? A. Inventory management and control software B. Global inventory management system C. Transportation planning system D. Distribution management software Answer: C. Transportation planning system Rationale: This is the definition of transportation planning systems. 3. What are the four primary drivers of supply chain management? A. Facilities, inventory, transportation, ebusiness B. Facilities, investment, transportation, ebusiness C. Facilities, inventory, transportation, information D. Inventory, investment, transportation, ebusiness Answer: C. Facilities, inventory, transportation, information Rationale: Facilities, inventory, transportation, and information are the four drivers of SCM. 4. Which of the following can an organization's supply chain focus on? A. Efficiency B. Effectiveness C. Efficiency or effectiveness D. None of the above Answer: C. Efficiency or effectiveness Rationale: An organization's supply chain can focus on either efficiency or effectiveness. 5. What strategy does Toyota stress in its supply chain facilities strategy? A. Efficiency B. Effectiveness C. Inventory D. None of the above Answer: B. Effectiveness Rationale: Toyota uses an effectiveness facilities strategy. 6. What are the three primary components an organization should consider when determining its facilities strategy? A. Location, inventory, transportation B. Location, capacity, operational design C. Capacity, operational design, information D. Capacity, operational design, transportation Answer: B. Location, capacity, operational design Rationale: Location, capacity, and operational design determine an organization facilities strategy. 7. Which of the following would an organization choose if it wanted to pursue an efficiency strategy for its location driver? A. Centralize the location to gain economies of scale B. Decentralize the locations to be closer to the customers C. All of the above D. None of the above Answer: A. Centralize the location to gain economies of scale Rationale: An efficiency location is centralized. 8. Which of the following would an organization choose if it wanted to pursue an effectiveness strategy for its location driver? A. Centralize the location to gain economies of scale B. Decentralize the locations to be closer to the customers C. All of the above D. None of the above Answer: B. Decentralize the locations to be closer to the customers Rationale: An effective location is decentralized. 9. Which of the following increases effectiveness for the facilities driver? A. Few facilities B. Centralized facilities C. Minimal amounts of excess capacity D. Functional focus operational design Answer: D. Functional focus operational design Rationale: A facility that has a functional focus is effective. 10. Which of the following increases efficiency for the facilities driver? A. Decentralized facilities B. Large amounts of excess capacity C. Functional focus operational design D. Product focus operational design Answer: D. Product focus operational design Rationale: A product focus operational design is efficient. 11. Which strategy is Dillard's department store following for its inventory driver? A. Efficiency B. Effectiveness C. Cycle inventory D. None of the above Answer: B. Effectiveness Rationale: Dillard's follows a highly-effective SCM strategy. 12. What is the average amount of inventory held to satisfy customer demands between inventory deliveries? A. Safety inventory B. Cycle inventory C. Performance inventory D. Capacity inventory Answer: B. Cycle inventory Rationale: This is the definition of cycle inventory. 13. What is extra inventory held in the event demand exceeds supply? A. Safety inventory B. Cycle inventory C. Performance inventory D. Capacity inventory Answer: A. Safety inventory Rationale: This is the definition of safety inventory. 14. What is it called if a toy store holds extra inventory for the Christmas season? A. Safety inventory B. Cycle inventory C. Performance inventory D. Capacity inventory Answer: A. Safety inventory Rationale: Holding extra inventory for high fluctuations in demand is safety inventory. 15. How will an organization use its transportation driver if it focuses on a highly effective supply chain? A. Increase the price of its products by using slower, less expensive transportation methods B. Decrease the price of its products by using slower, less expensive transportation methods C. Increase the price of its products by using faster, more costly transportation methods D. Decrease the price of its products by using faster, more costly transportation methods Answer: C. Increase the price of its products by using faster, more costly transportation methods Rationale: Effective methods of transportation are expensive and speedy. 16. How will an organization use its transportation driver if it focuses on a highly efficient supply chain? A. Increase the price of its products by using slower, less expensive transportation methods B. Decrease the price of its products by using slower, less expensive transportation methods C. Increase the price of its products by using faster, more costly transportation methods D. Decrease the price of its products by using faster, more costly transportation methods Answer: B. Decrease the price of its products by using slower, less expensive transportation methods Rationale: Efficient methods of transportation are inexpensive and slow. 17. What are the transportation components that an organization should consider when determining its transportation strategy? A. Method of transportation, transportation effectiveness B. Transportation route, method of transportation C. Transportation route by air, truck, or ship D. Method of transportation by air, truck, or ship Answer: B. Transportation route, method of transportation Rationale: Method of transportation and transportation route are the two components of the transportation driver. 18. What would an organization choose that focuses on transportation efficiency? A. Ship its products directly to its customers B. Ship its products to a distributor that ships the products to customers C. Ship its products to a distributor by air only D. Ship its products to its customers by boat Answer: B. Ship its products to a distributor that ships the products to customers Rationale: An efficient transportation route ships goods to a distributor who ships the goods to the customers. 19. Which of the following would an organization choose if it wanted to focus on transportation effectiveness? A. Ship its products directly to its customers B. Ship its products to a distributor that ships the products to customers C. Ship its products to a distributor by air only D. Ship its products to a distributor by boat only Answer: A. Ship its products directly to its customers Rationale: An effective transportation route ships goods directly to its customers. 20. Which of the following would an organization choose if it wanted to focus on information efficiency? A. Freely share lots of information B. Share only selected information C. Charge others for access to its information D. All of the above Answer: A. Freely share lots of information Rationale: An efficient information strategy freely shares lots of information. 21. Which of the following would an organization choose if it wanted to focus on information effectiveness? A. Freely share lots of information B. Share only selected information C. Charge others for access to its information D. All of the above Answer: B. Share only selected information Rationale: An effective information sharing strategy shares only selected information. 22. What happens to an organization that operates using a push technology environment? A. The organization receives information B. The organization gets information C. The organization sends information D. The organization requests information Answer: C. The organization sends information Rationale: A push environment sends information. 23. What does Wal-Mart's supply chain facilities driver focuses on? A. Efficiency B. Effectiveness C. All of the above D. None of the above Answer: A. Efficiency Rationale: Wal-Mart's facilities driver focus on efficiency. 24. What does Wal-Mart's inventory driver focus on? A. Efficiency B. Effectiveness C. All of the above D. None of the above Answer: A. Efficiency Rationale: Wal-Mart's inventory driver focuses on efficiency. 25. What does Wal-Mart's transportation driver focus on? A. Efficiency B. Effectiveness C. All of the above D. None of the above Answer: B. Effectiveness Rationale: Wal-Mart's transportation driver focuses on effectiveness. 26. What does Wal-Mart's information driver focus on? A. Efficiency B. Effectiveness C. All of the above D. None of the above Answer: A. Efficiency Rationale: Wal-Mart's information driver focuses on efficiency. 27. What enables an organization to react more quickly to resolve supply chain issues? A. Supply chain event management B. Selling chain management C. Collaborative engineering D. Collaborative demand planning Answer: A. Supply chain event management Rationale: This is the definition of SCEM. 28. What applies technology to the activities in the order life cycle from inquiry to sale? A. Supply chain event management B. Selling chain management C. Collaborative engineering D. Collaborative demand planning Answer: B. Selling chain management Rationale: This is the definition of selling chain management. 29. What helps organizations reduce their investment in inventory, while improving customer satisfaction through product availability? A. Supply chain event management B. Selling chain management C. Collaborative engineering D. Collaborative demand planning Answer: D. Collaborative demand planning Rationale: This is the definition of collaborative demand planning. 30. What allows an organization to reduce the cost and time required during the design process of a product? A. Supply chain event management B. Selling chain management C. Collaborative engineering D. Collaborative demand planning Answer: C. Collaborative engineering Rationale: This is the definition of collaborative engineering. True/False Questions 31. Distribution management software coordinates the process of transporting materials from a manufacturer to distribution centers to the final customer. Answer: True Rationale: This is the definition of distribution management software. 32. An organization's supply chain strategy can focus on efficiency or effectiveness, but not both. Answer: False Rationale: An organization's supply chain strategy can focus on efficiency and effectiveness, such as the example with Wal-Mart. 33. The facilities driver includes three primary components: (1) Location, (2) Push vs. Pull, (3) Operational design. Answer: False Rationale: The facilities driver includes three primary components: (1) Location, (2) Capacity, (3) Operational design. 34. Safety inventory is the average amount of inventory held to satisfy customer demands between inventory delivers. Answer: False Rationale: Cycle inventory is the average amount of inventory held to satisfy customer demands between inventory delivers. 35. In a pull technology environment, organizations receive or request information. Answer: True Rationale: This is the definition of pull technology. Fill in the Blank Questions 36. A supply ____________ consists of all parties involved, directly or indirectly, in the procurement of a product or raw material. Answer: Chain 37. Global ______________ management system provides the ability to locate, track, and predict the movement of every component or material anywhere upstream or downstream in the supply chain. Answer: Planning 38. ____________ management and control software provides control and visibility to the status of individual items maintained in inventory. Answer: Inventory 39. Facilities, inventory, transportation, and ________________ are the four primary drivers of supply chain management. Answer: Information 40. Location, _________, and operational design are the three primary components of a facilities strategy. Answer: Capacity 41. Having a number of different facilities located closer to customers decreases an organization's __________. Answer: Efficiency 42. Having large quantities of excess inventory increases an organization's ___________. Answer: Effectiveness 43. Dillard's department store focuses its supply chain strategy on _________. Answer: Effectiveness 44. _________ inventory is the average amount of inventory held to satisfy customer demands between inventory deliveries. Answer: Cycle 45. ____________ inventory is extra inventory held in the event demand exceeds supply. Answer: Safety 46. If an organization chooses a(n) _____________ strategy it would use expensive methods of transportation to ensure speedy deliveries. Answer: Effectiveness 47. If an organization chooses an inexpensive method of transportation it is focusing on a(n) _________ strategy. Answer: Efficiency 48. If an organization chooses a(n) ____________ strategy for information sharing then it will freely share lots of information to increase the speed and decrease the costs of supply chain processing. Answer: Efficiency 49. In a(n) __________ technology environment, organizations send information. Answer: Push 50. In a(n) __________ technology environment, organizations receive or request information. Answer: Pull 51. Supply chain ________ management enables an organization to react more quickly to resolve supply chain issues. Answer: Event 52. _________ chain management applies technology to the activities in the order life cycle from inquiry to sale. Answer: Selling 53. Collaborative ______________ allows an organization to reduce the cost and time required during the design process of a product. Answer: Engineering 54. Collaborative ___________ planning helps organizations reduce their investment in inventory, while improving customer satisfaction through product availability. Answer: Demand 55. In the future, ___________ will become an effective tool for tracking and monitoring inventory movement in a real-time SCM environment. Answer: RFID Essay Questions 56. Describe the four drivers of supply chain management. Answer: Facilities-processes or transforms inventory into another product, or it stores the inventory before shipping it to the next facility. Inventory-offsets discrepancies between supply and demand. Transportation-moves inventories between the different stages in the supply chain. Information-an organization must decide how and what information it wants to share with its supply chain partners. 57. Explain supply chain management strategies focusing on efficiency. Answer: Supply chain management strategies focusing on efficiency are most concerned with using the supply chain to drive down costs. For example, an efficient SCM will use a centralized warehouse, inexpensive transportation methods, and freely share lots of information in a push strategy with its supply chain partners. 58. Explain supply chain management strategies focusing on effectiveness. Answer: Supply chain management strategies focusing on effectiveness are most concerned with using the supply chain to increase customer satisfaction. For example, an effective SCM will have many decentralized warehouses close to its customers, excess capacity at its facilities to meet wide swings in demand, use fast and expensive shipping methods, and selectively share information using a pull strategy with its supply chain partners. 59. Describe Wal-Mart's supply chain management strategy in terms of its four drivers. Answer: Wal-Mart's supply chain management strategy emphasizes efficiency, but also maintains adequate levels of effectiveness. Facilities focus-Efficiency, Maintains few warehouse. Inventory focus-Efficiency, Ships directly to its stores from the manufacturer. Transportation focus-Effectiveness, Maintains its own fleet of trucks. Information focus-Efficiency, Invests heavily in technology and the flow of information through its entire supply chain. Although Wal-Mart has spent a lot of money on its supply chain and uses a push information sharing strategy-its overall information focus is on using information to enable the company to maintain small amounts of inventory (efficiency). Wal-Mart uses its supply chain to operate its business in a just-in-time fashion. 60. Describe the fastest growing components of SCM systems. Answer: Fastest growing SCM components include Supply chain event management (SCEM)-enables an organization to react quickly to resolve supply chain issues. Selling chain management-applies technology to the activities in the order life cycle from inquiry to sale. Collaborative engineering-allows an organization to reduce the costs required during the design process of a product. Collaborative demand planning-helps organizations reduce their investment in inventory, while improving customer satisfaction through product availability. RFID is also going to change the future of supply chain. Test Bank for Business Driven Technology Paige Baltzan 9780073376844, 9781259924927, 9781260727814, 9780073376905
Close