CH-10-12 Information Systems Security – Experiencing MIS : Exam Guide

This Document Contains Chapters 10 to 12 Chapter 10 Information Systems Security 1) A(n) ___________ is a measure that individuals or organizations take to block a threat from obtaining an asset. A) denial of service B) safeguard C) information silo D) third-party cookie Answer: B 2) ___________ occurs when a threat obtains data that is supposed to be protected. A) Unauthorized data disclosure B) Incorrect data modification C) Faulty service D) Denial of service Answer: A 3) A person calls the Stark residence and pretends to represent a credit card company. He asks Mrs. Stark to confirm her credit card number. This is an example of ___________. A) hacking B) data mining C) pretexting D) sniffing Answer: C 4) A ___________ pretends to be a legitimate company and sends emails requesting confidential data. A) hacker B) phisher C) ward river D) sniffer Answer: B 5) Mark receives an email from his bank asking him to update and verify his credit card details. He replies to the mail with all the requested details. Mark later learns that the mail was not actually sent by his bank and that the information he had shared has been misused. Mark is a victim of ___________. A) hacking B) sniffing C) data mining D) phishing Answer: D 6) Which of the following is a synonym for phishing? A) pretexting B) email spoofing C) hardening D) system hacking Answer: B 7) ___________ is a technique for intercepting computer communications. A) Spoofing B) Phishing C) Pretexting D) Sniffing Answer: D 8) ___________ take computers with wireless connections through an area and search for unprotected wireless networks. A) Sniffers B) Pre texters C) Hackers D) Phishers Answer: A 9) Breaking into computers, servers, or networks to steal proprietary and confidential data is referred to as ___________. A) pretexting B) spoofing C) hacking D) phishing Answer: C 10) Which of the following occurs when millions of bogus service requests flood a Web server and prevent it from servicing legitimate requests? A) spoofing B) incorrect data modification C) usurpation D) denial of service Answer: D 11) ___________ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones. A) Usurpation B) Cyber stalking C) Spoofing D) Sniffing Answer: A 12) A(n) ___________ is a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations like governments. A) advanced persistent threat B) identity threat C) copyright theft D) network sniffer attack Answer: A 13) A threat is a person or an organization that seeks to obtain or alter data illegally, without the owner's permission or knowledge. Answer: True 14) Pretexting occurs when someone deceives by pretending to be someone else. Answer: True 15) Spoofing is a technique for intercepting computer communications. Answer: False 16) IP spoofing occurs when an intruder uses another site's IP address to masquerade as that other site. Answer: True 17) Ward rivers are those who engage in phishing to obtain unauthorized access to data. Answer: False 18) Incorrectly increasing a customer's discount is an example of incorrect data modification. Answer: True 19) Advanced persistent threats can be a means to engage in cyber warfare and cyber espionage. Answer: True 20) Explain the types of events that result in faulty service, a type of security loss. Answer: Faulty service includes problems that result because of incorrect system operation. It could include incorrect data modification. It also could include systems that work incorrectly by sending wrong goods to a customer or the ordered goods to a wrong customer, inaccurately billing customers, or sending the wrong information to employees. Humans can inadvertently cause faulty service by making procedural mistakes. System developers can write programs incorrectly or make errors during installation of hardware, software programs, and data. Usurpation is also a type of faulty service. Faulty service can also result when a service is improperly restored during recovery from natural disasters. 21) Explain the concept of denial of service (DOS) in information management. Answer: Human errors in a procedure or a lack of procedures in information management can result in denial of service (DOS). For example, humans can inadvertently shut down a Web server or corporate gateway router by starting a computationally intensive application. Denial-of-service attacks can be launched maliciously. A malicious hacker can flood a Web server, for example, with millions of bogus service requests that so occupy the server that it cannot service legitimate requests. Computer worms can infiltrate a network with so much artificial traffic that legitimate traffic cannot get through. Natural disasters may also cause systems to fail, resulting in denial of service. 22) Which of the following statements is true of the financial losses due to computer crimes? A) All studies on the costs of computer crimes are based on surveys. B) There are several set standards for tallying computer crime costs and financial losses. C) Companies are legally required to calculate their financial losses due to computer crime every month. D) Knowledge about the cost of computer crimes is restricted to large companies. Answer: A 23) Damages to security systems caused by natural disasters are minimal when compared to the damages due to human errors. Answer: False 24) There are no standards for tallying costs of computer crime. Answer: True 25) A(n) ___________ is a computer program that senses when another computer is attempting to scan a disk or access a computer. A) intrusion detection system B) adware C) packet-filtering firewall D) network security system Answer: A 26) Which of the following is considered a personal security safeguard? A) creating backup of cookies and temporary files B) removing high-value assets from computers C) using a single valid password for all accounts D) conducting transactions using http rather than https Answer: B 27) Davian, a professional hacker, tries every possible combination of characters to crack his victim's email password. Using this technique, he can crack a six-character password of either upper- or lowercase letters in about five minutes. Which of the following techniques is used by Davian to obtain access to his victim's email? A) denial-of-service attack B) brute force attack C) pretexting D) spoofing Answer: B 28) ___________ are small files that browsers store on users' computers when they visit Web sites. A) Cookies B) Honeypots C) Mashups D) Entity tags Answer: A 29) In a brute force attack, a password cracker tries every possible combination of characters. Answer: True 30) As one of the safeguards against security threats, a person should preferably use the same password for different sites so as to avoid confusion. Answer: False 31) While making online purchases, a person should buy only from vendors who support https. Answer: True 32) What are some of the recommended personal security safeguards against security threats? Answer: Following are some of the recommended personal security safeguards against security threats: 1. Create strong passwords. 2. Use multiple passwords. 3. Send no valuable data via email or IM. 4. Use https at trusted, reputable vendors. 5. Remove high-value assets from computers. 6. Clear browsing history, temporary files, and cookies. 7. Update antivirus software. 8. Demonstrate security concern to fellow workers. 9. Follow organizational security directives and guidelines. 10. Consider security for all business initiatives. 33) Which of the following is a human safeguard against security threats? A) encryption B) firewall C) physical security D) procedure design Answer: D 34) Which of the following is a technical safeguard against security threats? A) password B) encryption C) compliance D) firewall Answer: D 35) Which of the following is a data safeguard against security threats? A) application design B) accountability C) physical security D) malware protection Answer: C 36) Backup and recovery against computer security threats are ___________. A) technical safeguards B) data safeguards C) human safeguards D) hardware safeguards Answer: B 37) Risk management is a critical security function addressed by an organization's senior management. Answer: True 38) Financial institutions must invest heavily in security safeguards because they are obvious targets for theft. Answer: True 39) Malware protection is an example of a technical safeguard. Answer: True 40) Hiring, training, and educating employees in an organization is a technical safeguard. Answer: False 41) Technical safeguards include encryption and usage of passwords. Answer: False 42) What are the two critical security functions that an organization's senior management needs to address? Answer: Senior management in an organization needs to address two critical security functions: security policy and risk management. Considering the first, senior management must establish company-wide security policies. Take, for example, a data security policy that states the organization's posture regarding data it gathers about its customers, suppliers, partners, and employees. At a minimum, the policy should stipulate: what sensitive data the organization will store, how it will process that data, whether data will be shared with other organizations, how employees and others can obtain copies of data stored about them, and how employees and others can request changes to inaccurate data. The specifics of a policy depend on whether the organization is governmental or nongovernmental, on whether it is publically held or private, on the organization's industry, on the relationship of management to employees, and other factors. The second senior management security function is to manage risk. Risk cannot be eliminated, so to manage risk means to proactively balance the trade-off between risk and cost. This trade-off varies from industry to industry and from organization to organization. 43) To safeguard data against security threats, every information system today requires a user name and a password. In this case, which of the following functions is performed by the user name? A) authentication B) identification C) decryption D) encryption Answer: B 44) Every information system today should require users to sign on with a user name and a password. In this case, which of the following functions is performed by the user's password? A) authentication B) identification C) decryption D) encryption Answer: A 45) Which of the following information should be provided by users of smart cards for authentication? A) personal identification number B) permanent account number C) fingerprint D) retinal scan Answer: A 46) A ___________ is a plastic card that has a microchip loaded with identifying data. A) credit card B) biometric passport C) smart card D) flashcard Answer: C 47) Which of the following uses an individual's personal physical characteristics such as fingerprints, facial features, and retinal scans for verification purposes? A) credit card B) smart card C) biometric authentication D) symmetric encryption Answer: C 48) ___________ is the process of transforming clear text into coded, unintelligible text for secure storage or communication. A) Usurpation B) Authentication C) Malware protection D) Encryption Answer: D 49) Which of the following statements is true of symmetric encryption? A) It uses the same key for both encoding and decoding. B) It is more difficult and slower than asymmetric encryption. C) It does not require a key to encrypt or decrypt data. D) It uses a special version called public/private key on the Internet for a secure communication. Answer: A 50) Most secure communications over the Internet use a protocol called ___________. A) smtp B) ftp C) https D) nntp Answer: C 51) With https, data are encrypted using a protocol called the ___________. A) Secure Shell (SSH) B) Secure Sockets Layer (SSL) C) File Transfer Protocol (FTP) D) Post Office Protocol (POP) Answer: B 52) Which of the following types of encryption is used by the secure sockets layer protocol? A) optical encryption B) physical layer encryption C) disk encryption D) public key encryption Answer: D 53) A(n) ___________ sits outside an organizational network and is the first device that Internet traffic encounters. A) internal firewall B) perimeter firewall C) adware D) malware Answer: B 54) A(n) ___________ examines the source address, destination address, and other data of a message and determines whether to let that message pass. A) encrypted firewall B) internal malware C) packet-filtering firewall D) perimeter shareware Answer: C 55) ___________ is a broad category of software that includes viruses, worms, Trojan horses, spyware, and adware. A) Malware B) Payload C) Shareware D) Firewall Answer: A 56) ___________ are viruses that masquerade as useful programs like a computer game, an MP3 file, or some other useful innocuous program. A) Key loggers B) Trojan horses C) Worms D) Payloads Answer: B 57) Adware and spyware are similar to each other in that they both ___________. A) masquerade as useful programs B) are specifically programmed to spread C) are installed with a user's permission D) reside in the background and observe a user's behavior Answer: D 58) Technical safeguards involve both software and hardware components of an information system. Answer: True 59) A user name authenticates a user, and a password identifies that user. Answer: False 60) Smart cards are convenient to use because they do not require a personal identification number for authentication. Answer: False 61) A criticism of biometric authentication is that it provides weak authentication. Answer: False 62) With asymmetric encryption, two different keys are used for encoding and decoding a message. Answer: True 63) In the case of public key encryption, each site has a private key to encode a message and a public key to decode it. Answer: False 64) Packet-filtering firewalls cannot prohibit outsiders from starting a session with any user behind the firewall. Answer: False 65) A key is a number used with an encryption algorithm to encrypt data. Answer: True 66) Packet-filtering firewalls are the most sophisticated type of firewall. Answer: False 67) Spyware programs are installed on a user's computer without the user's knowledge. Answer: True 68) Viruses, worms, and Trojan horses are types of firewalls. Answer: False 69) A virus is a computer program that replicates itself. Answer: True 70) Malware definitions are patterns that exist in malware code. Answer: True 71) Discuss briefly the pros and cons of biometric authentication. Answer: Biometric authentication uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users. It provides a strong authentication, but the required equipment is expensive. Often, too, users resist biometric identification because they feel it is invasive. Biometric authentication is in the early stages of adoption. Because of its strength, it likely will see increased usage in the future. It is also likely that legislators will pass laws governing the use, storage, and protection requirements for biometric data. 72) Explain how secure sockets layer works when a user communicates securely with a Web site. Answer: Most secure communication over the Internet uses a protocol called https. With https, data are encrypted using a protocol called the Secure Sockets Layer (SSL), which is also known as Transport Layer Security (TLS). SSL/TLS uses a combination of public key encryption and symmetric encryption. Symmetric encryption is fast and is preferred. But the two parties, the user and a Web site, do not share a symmetric key. So, they use public key encryption to share the same symmetric key. The following are the steps involved in this secure communication: 1. A user's computer obtains the public key of a Web site to which it will connect. 2. The user's computer generates a key for symmetric encryption. 3. The user's computer encodes that key using the Web site's public key. It sends the encrypted symmetric key to the Web site. 4. The Web site then decodes the symmetric key using its private key. 5. From that point forward, the user's computer and the Web site communicate using symmetric encryption. At the end of the session, the user's computer and the secure site discard the keys. Using this strategy, the bulk of the secure communication occurs using the faster symmetric encryption. 73) Explain the functions performed by packet-filtering firewalls. Answer: A packet-filtering firewall examines each part of a message and determines whether to let that part pass. To make this decision, it examines the source address, the destination addresses, and other data. Packet-filtering firewalls can prohibit outsiders from starting a session with any user behind the firewall. They can also disallow traffic from particular sites, such as known hacker addresses. They can prohibit traffic from legitimate, but unwanted, addresses, such as competitors' computers, and filter outbound traffic as well. They can keep employees from accessing specific sites, such as competitors' sites, sites with pornographic material, or popular news sites. 74) What are the precautions to be taken when opening email attachments to avoid malwares? Answer: Users should open email attachments only from known sources. Also, even when opening attachment from known sources, users should do so with great care. With a properly configured firewall, email is the only outside-initiated traffic that can reach user computers. Most antimalware programs check email attachments for malware code. However, all users should form the habit of never opening an email attachment from an unknown source. Also, if users receive an unexpected email from a known source or an email from a known source that has a suspicious subject, odd spelling, or poor grammar, they should not open the attachment without first verifying with the known source that the attachment is legitimate. 75) Thomas is responsible for creating backup copies of information in a system. He also works along with IT personnel to ensure that the backups are valid and that effective recovery procedures exist. Thomas is involved in establishing ___________. A) human safeguards B) data safeguards C) technical safeguards D) hardware safeguards Answer: B 76) ___________ refers to an organization-wide function that is in charge of developing data policies and enforcing data standards. A) Database administration B) Data encapsulation C) Data administration D) Database encapsulation Answer: C 77) The procedure of entrusting a party with a copy of an encryption key that can be used in case the actual key is lost or destroyed is called ___________. A) key escrow B) pledged encryption C) insured encryption D) key replication Answer: A 78) The creation of backup copies of database contents makes the data more vulnerable to security threats. Answer: False 79) The loss of encryption keys by employees is referred to as key escrow. Answer: False 80) Explain the functions of the two organizational units responsible for data safeguarding. Answer: Data safeguards protect databases and other organizational data. Two organizational units are responsible for data safeguards–data administration and database administration. Data administration refers to an organization-wide function that is in charge of developing data policies and enforcing data standards. Database administration refers to a function that pertains to a particular database. ERP, CRM, and MRP databases each have a database administration function. Database administration develops procedures and practices to ensure efficient and orderly multiuser processing of the database, to control changes to the database structure, and to protect the database. Both data and database administration are involved in establishing data safeguards. First, data administration should define data policies. Then, data administration and database administrations work together to specify user data rights and responsibilities. Third, those rights are enforced by user accounts that are authenticated at least by passwords. 81) Which of the following statements is true of position sensitivity? A) It is a type of data safeguard. B) It enables security personnel to prioritize their activities in accordance with the possible risk and loss if documented. C) It refers to the specific documentation of highly sensitive jobs. D) It increases the effectiveness of user accounts by giving users the maximum possible privilege needed to perform their job. Answer: B 82) Which of the following are the three independent factors that constitute the enforcement of security procedures and policies? A) centralized reporting, preparation, and practice B) hiring, screening, and terminating C) separation of duties, provision of maximum privilege, and position sensitivity D) responsibility, accountability, and compliance Answer: D 83) In terms of password management, when an account is created, users should ___________. A) create two passwords and switch back and forth between the two B) immediately change the password they are given to a password of their own C) maintain the same password they are given for all future authentication purposes D) ensure that they do not change their passwords frequently to reduce the risk of password theft Answer: B 84) ___________ a site means to take extraordinary measures to reduce a system's vulnerability. A) Pretexting B) Hacking C) Spoofing D) Hardening Answer: D 85) ___________ are created by companies as false targets for computer criminals to attack. A) Negatives B) Honeypots C) Cookies D) Trojan horses Answer: B 86) In an organization, security sensitivity for each position should be documented. Answer: True 87) Existence of accounts that are no longer necessary does not pose a security threat. Answer: False 88) A help-desk information system has answers to questions that only a true user of an account or system would know. Answer: True 89) Explain how defining positions in an organization can safeguard against security threats. Answer: Effective human safeguards begin with definitions of job tasks and responsibilities. In general, job descriptions should provide a separation of duties and authorities. For example, no single individual should be allowed to both approve expenses and write checks. Instead, one person should approve expenses, another pay them, and a third should account for the payment. Similarly, in an inventory, no single person should be allowed to authorize an inventory withdrawal and also to remove the items from the inventory. Given appropriate job descriptions, user accounts should be defined to give users the least possible privilege needed to perform their jobs. Similarly, user accounts should prohibit users from accessing data their job description does not require. Because of the problem of semantic security, access to even seemingly innocuous data may need to be limited. Finally, security sensitivity should be documented for each position. Some jobs involve highly sensitive data. Other positions involve no sensitive data. Documenting position sensitivity enables security personnel to prioritize their activities in accordance with the possible risk and loss. 90) What human safeguards should be taken against security threats for temporary personnel, vendors, and partner personnel? Answer: Business requirements may necessitate opening information systems to nonemployee personnel – temporary personnel, vendors, partner personnel (employees of business partners), and the public. In the case of temporary, vendor, and partner personnel, a contract that governs an activity should call for security measures appropriate to the sensitivity of data and information system resources involved. Companies should require vendors and partners to perform appropriate screening and security training. The contract also should mention specific security responsibilities that are particular to the work to be performed. Companies should provide accounts and passwords with the least privilege and remove those accounts as soon as possible. Although temporary personnel can be screened, to reduce costs the screening will be abbreviated from that for employees. But in most cases, companies cannot screen either vendor or partner personnel. Public users cannot be screened at all. 91) A(n) ___________ includes how employees should react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss. A) application design B) activity log C) systems procedure D) incident-response plan Answer: D 92) Incident-response plans should provide centralized reporting of all security incidents. Answer: True 93) Describe an incident-response plan. Answer: Every organization should have an incident-response plan as part of its security program. The plan should include how employees are to respond to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss. The plan should provide centralized reporting of all security incidents that will enable an organization to determine if it is under systematic attack or whether an incident is isolated. Centralized reporting also allows the organization to learn about security threats, take consistent actions in response, and apply specialized expertise to all security problems. Viruses and worms can spread very quickly across an organization's networks, and a fast response will help to mitigate the consequences. Because of the need for speed, preparation pays. The incident-response plan should identify critical personnel and their off-hours contact information. These personnel should be trained on where to go and what to do when they get there. Finally, organizations should periodically practice incident response. Chapter 11 Information Systems Management 1) ___________ is a title given to the principal manager of an organizations IS department A) Chief executive officer B) Chief technology officer C) Chief information officer D) Chief operating officer Answer: C 2) Which of the following staff functions is at the top-most level of a typical senior-level reporting relationship? A) chief information officer (CIO) B) chief operating officer (COO) C) chief technology officer (CTO) D) chief financial officer (CFO) Answer: B 3) In an organization, the IS department's principal manager is called the ___________. A) chief information officer B) chief executive officer C) chief technology officer D) chief operating officer Answer: A 4) In organizations where primary information systems support only accounting activities, a reporting arrangement wherein the chief information officer reports to the ___________ is practical. A) chief executive officer B) chief operating officer C) chief financial officer D) chief technology officer Answer: C 5) In organizations that operate significant nonaccounting information systems, such as manufacturers, a reporting arrangement wherein the chief information officer reports to the ___________ is more common and effective. A) chief technology officer B) chief financial officer C) VP manufacturing D) chief executive officer Answer: D 6) An organization that wishes to leverage the power of social media and elastic cloud opportunities to help accomplish its goals and objectives should ideally turn to the ___________ group within its IT department for information. A) operations B) development C) technology D) data administration Answer: C 7) The ___________ evaluates new technologies, new ideas, and new capabilities and identifies those that are most relevant to the organization. A) chief financial officer B) supply chain manager C) human resource manager D) chief technology officer Answer: D 8) The ___________ group investigates new information systems and determines how the organization can benefit from them. A) outsourcing relations B) development C) technology D) operations Answer: C 9) The ___________ group manages the computing infrastructure, including individual computers, in-house server farms, networks, and communications media. A) technology B) operations C) development D) outsourcing relations Answer: B 10) The ___________ group within the information systems (IS) department manages the process of creating new information systems as well as maintaining existing information systems. A) technology B) operations C) development D) data administration Answer: C 11) Which of the following statements is true of the development group of a company's information systems (IS) department? A) The size and structure of the group depends on whether programs are developed in-house or outsourced. B) An important function of this group is to monitor user experience and respond to user problems. C) This group plays a major role in organizations that have negotiated outsourcing agreements with other companies to provide equipment, applications, or other services. D) The purpose of this group is to protect data and information assets by establishing data standards and data management practices and policies. Answer: A 12) If a company's information systems (IS) related programs are not developed in-house, then the development group of the IS department will be staffed primarily by ___________. A) test engineers B) systems analysts C) technical writers D) programmers Answer: B 13) Which of the following is true if the development group of a company's information systems (IS) department is staffed primarily by programmers, test engineers, technical writers, and other development personnel? A) The company develops programs in-house. B) The company has a separate department for data warehousing. C) The company has security issues with the department. D) The company contracts work to other companies. Answer: A 14) The ___________ group's purpose is to protect information assets by establishing standards and management practices and policies. A) outsourcing relations B) operations C) development D) data administration Answer: D 15) Which of the following is a responsibility of a systems analyst? A) advising the chief information officer on emerging technologies B) determining system requirements C) monitoring and fixing computer networks D) managing the IT department Answer: B 16) A ___________ designs and writes computer codes. A) technical writer B) systems analyst C) programmer D) business analyst Answer: C 17) A ___________ monitors, maintains, fixes, and tunes computer networks. A) technical writer B) network programmer C) PQA test engineer D) network administrator Answer: D 18) A ___________ performs a wide range of activities such as programming, testing, database design, communications and networks, project management, and is required to have an entrepreneurial attitude. A) systems analyst B) consultant C) small-scale project manager D) database administrator Answer: B 19) Which of the following is a responsibility of a small-scale project manager? A) Initiate, plan, manage, monitor, and close down projects. B) Develop test plans, design and write automated test scripts, and perform testing. C) Advise the chief information officer, executive group, and project managers on emerging technologies. D) Help users solve problems, provide training. Answer: A 20) Protection of information assets is a major function of an information systems (IS) department. Answer: True 21) The structure of an information systems (IS) department typically remains unchanged among organizations. Answer: False 22) The responsibilities of a chief information officer are the same as those of a chief technology officer. Answer: False 23) It is a chief technology officer's responsibility to identify new technologies relevant to an organization. Answer: True 24) An operations group within an IT department may include programmers, test engineers, and technical writers. Answer: False 25) An information systems (IS) department is responsible for adapting infrastructure and systems for new business goals. Answer: True 26) An important function of the development group of a company's information systems (IS) department is to monitor user experience and respond to user problems. Answer: False 27) The purpose of an outsourcing relations department is to negotiate agreements with other companies to provide equipment, applications, or other services. Answer: True 28) In the context of information systems, maintenance means fixing problems or adapting existing information systems to support new features and functions. Answer: True 29) Information technology concerns products, techniques, procedures, and designs of computer-based technology. Answer: True 30) Information technology must be placed into the structure of the information systems (IS) before an organization can use it. Answer: True 31) A technical writer writes program documentation, help-text, procedures, job descriptions, and training materials. Answer: True 32) Large-scale project managers require deeper project management knowledge than small-scale managers. Answer: True 33) A user support representative installs software and repairs computer equipment. Answer: False 34) A systems analyst monitors, fixes, and tunes computer networks. Answer: False 35) A salesperson's responsibility is to design and write computer programs. Answer: False 36) A database administrator's responsibility is to design and write automated test scripts. Answer: False 37) What are the major functions of an information systems (IS) department? Answer: The major functions of an information systems department are to: • plan the use of information systems (IS) to accomplish organizational goals and strategy • manage outsourcing relationships • protect information assets • develop, operate, and maintain the organization's computing infrastructure • develop, operate, and maintain applications 38) Compare the role of a chief information officer (CIO) and the role of a chief technology officer (CTO). Answer: A chief information officer (CIO) is generally the title of the principal manager of an organization's information systems (IS) department. Like other senior executives, the CIO reports to the chief executive officer (CEO), although sometimes these executives report to the chief operating officer (COO), who in turn reports to the CEO. In some companies, the CIO reports to the chief financial officer (CFO). The CIO has the responsibility of managing the IT department, communicating with executive staff on IT- and IS-related matters. The CIO is also a member of the executive group. A chief technology officer (CTO) often heads the technology group within the IT department. The CTO evaluates new technologies, new ideas, and new capabilities and identifies those that are most relevant to the organization. The CTO's job requires deep knowledge of information technology and the ability to envision and innovate applications for the organization. The CTO's responsibility is to advise the CIO, executive group, and project managers on emerging technologies. 39) What is the typical structure of an organization's information systems (IS) department? Answer: A typical information systems (IS) department consists of four groups and a data administration staff function. Most IS departments include a technology office that investigates new information systems technologies and determines how an organization can benefit from them. The next group, the operations group, manages the computing infrastructure, including individual computers, in-house server farms, networks, and communications media. The third group in the IS department is development. A development group manages the process of creating new information systems as well as maintaining existing information systems. The last IS department group is outsourcing relations. This group exists in organizations that have negotiated outsourcing agreements with other companies to provide equipment, applications, or other services. The data administration staff function protects data and information assets by establishing data standards and data management practices and policies. However, there are many variations in the structure of the IS department. In larger organizations, the operations group may itself consist of several different departments. Sometimes, there is a separate group for data warehousing and data marts. 40) What are the responsibilities of the technology office of a firm's information systems (IS) department? Answer: Most information systems (IS) departments include a technology office that investigates new information systems technologies and determines how the organization can benefit from them. For example, today many organizations are investigating social media and elastic cloud opportunities and planning how they can use those capabilities to best accomplish their goals and objectives. An individual called the chief technology officer (CTO) often heads the technology group. The CTO sorts through new ideas and products to identify those that are most relevant to the organization. The CTO's job requires deep knowledge of information technology and the ability to envision and innovate applications for the organization. 41) Explain the functions of the development group of a firm's information systems (IS) department. Answer: The development group of a firm's information systems (IS) department manages the process of creating new information systems as well as maintaining existing information systems. The size and structure of the development group depends on whether programs are developed in-house. If not, this department will be staffed primarily by business and systems analysts who work with users, operations, and vendors to acquire and install licensed software and to set up the system components around that software. If the organization develops programs in-house, then this department will also include programmers, test engineers, technical writers, and other development personnel. 42) Describe the responsibilities of a systems analyst, a computer technician, and a network administrator. Answer: A systems analyst works with users to determine system requirements, designs and develops job descriptions and procedures, and helps determine system test plans. A computer technician installs software and repairs computer equipment and networks. A network administrator monitors, maintains, fixes, and tunes computer networks. 43) In order to accomplish organizational goals and objectives, an organization's information systems (IS) must be aligned with its ___________. A) reporting structure B) culture C) competitive strategy D) departments Answer: C 44) Which of the following is true of the alignment between information systems and organizational strategies? A) Information systems must evolve with changes made in organizational strategies. B) The infrastructure of information systems can be easily influenced by strategic changes. C) Integrating different information systems applications with organizational strategies is inexpensive. D) Maintaining the alignment between information systems and strategies is a final process. Answer: A 45) A(n) ___________ committee is a group of senior managers from the major business functions that works with the chief information officer to set information systems (IS) priorities and decide major IS projects and alternatives. A) enforcement B) disciplinary C) administrative D) steering Answer: D 46) The purpose of an information system is to help an organization accomplish its goals and objectives. Answer: True 47) Information Systems (IS) infrastructure is known to be very malleable. Answer: False 48) New information systems must be consistent with an organization's goals and objectives. Answer: True 49) The membership of a steering committee is determined by the CEO and other members of the executive staff. Answer: True 50) What are the different functions in planning the use of information systems? Answer: The information systems (IS) planning functions are: • Align information systems with organizational strategy and maintain alignment as organization changes. • Communicate IS/IT issues to executive group. • Develop/enforce IS priorities within the IS department. • Sponsor steering committee. 51) Explain the advantages of management in outsourcing information systems. Answer: First, outsourcing can be an easy way to gain expertise. Another reason for outsourcing is to avoid management problems. Some companies choose to outsource to save management time and attention. 52) ___________ is the process of hiring another organization to perform a service. A) Insourcing B) Outsourcing C) Crowdsourcing D) Open-sourcing Answer: B 53) Which of the following is an advantage of outsourcing information systems? A) An outsourcing company is typically in complete control of the process. B) It is a cheaper short-term solution to achieve long-term benefits. C) It can be an easy way to gain expertise otherwise not known. D) The vendors can be easily and cheaply changed if performance is below par. Answer: C 54) Which of the following is a risk of outsourcing information systems? A) Vendors can gain access to critical knowledge of the outsourcing company. B) Vendors are not subject to a contractual agreement with the outsourcing company. C) The long-term costs of information systems are outweighed by their benefits. D) Organizations opting for outsourcing cannot gain economies of scale. Answer: A 55) ___________ refers to the leasing of hardware with preinstalled operating systems. A) Software as a Service (SaaS) B) Outsourcing licensed software C) Platform as a Service (PaaS) D) IaaS cloud hosting Answer: C 56) In ___________, hardware and both operating system and application software are leased. A) software as a service (SaaS) B) outsourcing licensed software C) platform as a service (PaaS) D) infrastructure as a service (IaaS) Answer: A 57) Organizations outsource projects to engage its management team in their free time. Answer: False 58) Gaining economies of scale is an advantage of outsourcing. Answer: True 59) Implementation risk is increased by outsourcing information systems (IS) services. Answer: False 60) Acquiring licensed software is a form of outsourcing. Answer: True 61) It is impossible to outsource an entire business function. Answer: False 62) Microsoft's Azure is an example of SaaS. Answer: False 63) Outsourcing has made in-house information systems (IS)/IT functions obsolete. Answer: False 64) In service-oriented outsourcing, a vendor is in the driver's seat. Answer: True 65) Each outsource vendor has its own methods and procedures for its services. Answer: True 66) An outsource vendor can choose the technology that it wants to implement, unless a contract requires otherwise. Answer: True 67) The potential loss of intellectual capital is a concern related to outsourcing. Answer: True 68) When a company outsources a system, it has complete control over prioritizing software fixes. Answer: False 69) Parting business with an outsource vendor is exceedingly risky. Answer: True 70) Which of the following is a right of a user of information systems (IS)? A) expecting hand-holding for basic operations B) making hardware modifications to your computer as you see fit C) contributing to requirements for new system features and functions D) receiving repetitive training and support for the same issues Answer: C 71) Which of the following is a responsibility of an information systems (IS) user? A) providing hand-holding for basic operations B) giving repetitive support for the same issue C) authorizing hardware modifications D) following security and backup procedures Answer: D 72) As a user of information systems (IS), an employee has a responsibility to avoid ___________. A) unauthorized hardware modifications B) changing system passwords frequently C) backup procedures D) applying software patches Answer: A 73) A user has the right to obtain necessary computing resources to perform his or her work efficiently. Answer: True 74) The rights of an information systems user depend on the purpose of a system's usage. Answer: True 75) In the context of right to reliable network and Internet services, reliable means that one can use it without problems almost all the time. Answer: True 76) Information systems (IS) users have the right to receive effective training in a format convenient to a user. Answer: True 77) It is a user's responsibility to install patches and fixes when asked to do so. Answer: True 78) The knowledge of responsibilities and duties of an information systems (IS) department helps one become a better consumer of the IS department's services. Answer: True 79) Explain the rights of information systems users. Answer: In relation to the IT department, users have a right to: • have computing resources that allow them to perform their jobs proficiently, reliable network, and Internet services; • a secure computing environment. The organization should protect user's computer and its files, and a user should not normally even need to think about security; • participate in requirements meetings for new applications; and • reliable systems development and maintenance; prompt attention to problems, concerns, and complaints about information services; properly prioritized problem fixes and resolutions; and effective training to use systems to perform their jobs. 80) Explain the responsibilities of information systems users. Answer: Information systems (IS) users have a responsibility to: • learn basic computer skills; • learn standard techniques and procedures for the applications you use; • follow security and backup procedures; • protect your password(s); • use computers and mobile devices according to your employer's computer use policy; • make no unauthorized hardware modifications; • install only authorized programs; • apply software patches and fixes when directed to do so; • when asked, devote the time required to respond carefully and completely to requests for requirements for new system features and functions; and • avoid reporting trivial problems. Chapter 12 Information Systems Development 1) The process of creating and maintaining information systems is called ___________. A) systems development B) systems acquisition C) systems definition D) systems configuration Answer: A 2) When compared to program development, systems development is ___________. A) narrower in focus B) less comprehensive C) broader in scope D) more technical Answer: C 3) Which of the following statements is true of systems development? A) It has little need for human relations skills as tasks are performed by individuals and not by groups. B) It is a technical task undertaken exclusively by programmers and hardware specialists. C) It has lesser scope than computer program development. D) It requires business knowledge and an understanding of group dynamics. Answer: D 4) Which of the following statements is true of information systems? A) They are off-the-shelf software without adaptation. B) They can be adapted to fit business needs. C) They can be purchased as off-the-shelf software. D) They cannot be tailor-made. Answer: B 5) Information systems cannot be tailor-made. Answer: False 6) Information systems involve people and procedures, so they can never be off-the-shelf. Answer: True 7) What is systems development? How is it different from program development? Answer: Systems development is the process of creating and maintaining information systems. Systems development has a broader scope than computer program development as it involves all five components: hardware, software, data, procedures, and people. Developing a computer program, on the other hand, mostly involves software programs, with some focus on data and databases. Compared to program development, systems development requires more than just programming or technical expertise. Establishing the system's goals, setting up the project, and determining requirements require business knowledge and management skill. Tasks like building computer networks and writing computer programs require technical skills. Creating data models requires the ability to interview users and understand their view of the business activities. Designing procedures, especially those involving group action, requires business knowledge and an understanding of group dynamics. Developing job descriptions, staffing, and training all require human resource and related expertise. Thus, unlike program development, systems development is not an exclusively technical task undertaken by programmers and hardware specialists. Rather, it requires coordinated teamwork of both specialists and nonspecialists with business knowledge. 8) Which of the following statements is true of systems development for bigger systems and longer projects? A) Diseconomies of scale are reduced. B) Changes in requirements are increased. C) Average contribution per worker is increased. D) Project budgeting and scheduling becomes easy. Answer: B 9) According to Brooks' Law, adding more people to a late project ___________. A) makes the project later B) decreases the overall cost C) requires decreased staff coordination D) increases the project's timeline Answer: A 10) According to Brooks' Law, which of the following is a consequence of adding more people to late projects? A) The work allocation per team member increases. B) The costs of training new people can overwhelm the benefits of their contribution. C) Beyond a workgroup of about 20 employees, economies of scale begin to take over. D) It allows the managers to extend the timeline of the project. Answer: B 11) Systems development is easy and risk-free. Answer: False 12) It is essential to estimate a system's cost to calculate its rate of return. Answer: True 13) One of the major challenges in systems development is changing technology. Answer: True 14) As development teams become larger, the average contribution per worker decreases. Answer: True 15) Brooks' Law holds true because a larger staff requires decreased coordination. Answer: False 16) Why is systems development difficult and risky? Answer: Systems development is difficult and risky because system requirements are often very difficult to determine. Even more difficult, systems development aims at a moving target. Requirements change as the system is developed, and the bigger the system and the longer the project, the more the requirements change. Systems development also faces difficulties in terms of scheduling and budgeting. It is often difficult to estimate the time taken to build a system. It is essential to determine the cost of developing a system, and if labor hours cannot be estimated, labor costs cannot be estimated. Yet another challenge is that while a project is underway, technology continues to change. Unfortunately, as development teams become larger, the average contribution per worker decreases. This is true because as staff size increases, more meetings and other coordinating activities are required to keep everyone in sync. There are economies of scale up to a point, but beyond a workgroup of, say, 20 employees, diseconomies of scale begin to take over. 17) Explain how diseconomies of scale can affect systems development. Answer: Unfortunately, as development teams become larger, the average contribution per worker decreases. This is true because as staff size increases, more meetings and other coordinating activities are required to keep everyone in sync. There are economies of scale up to a point, but beyond a workgroup of, say, 20 employees, diseconomies of scale begin to take over. Brooks' Law points out a related problem: Adding more people to a late project makes the project later. Brooks' Law is true not only because a larger staff requires increased coordination, but also because new people need training. The only people who can train the new employees are the existing team members, who are thus taken off productive tasks. The costs of training new people can overwhelm the benefit of their contribution. 18) The ___________ is the traditional process used to develop information systems. A) rapid application development (RAD) B) object-oriented design (OOD) C) systems development life cycle (SDLC) D) extreme programming (XP) Answer: C 19) Which of the following is the first phase of the systems development life cycle? A) requirements analysis B) business planning process C) implementation D) system definition Answer: D 20) In the ___________ phase of the systems development life cycle, developers use management's statement of the system needs in order to develop a new information system. A) system definition B) requirements analysis C) component design D) implementation Answer: A 21) In which of the following phases of the systems development life cycle do developers identify the particular features and functions of a new system? A) system definition B) requirements analysis C) component design D) implementation Answer: B 22) The project plan resulting from system definition is the input for requirement analysis. Answer: True 23) The goals and scope of a new information system are determined during the requirements analysis phase of the systems development life cycle. Answer: False 24) The description of fixes and new requirements is the input to a system maintenance phase of a systems development life cycle. Answer: True 25) What are the five phases of the systems development life cycle (SDLC)? Answer: The five phases of the systems development life cycle are (1) system definition, (2) requirements analysis, (3) component design, (4) implementation, and (5) system maintenance. Developers in the first SDLC phase, i.e. system definition, use management's statement of the system needs in order to begin to define the new system (for PRIDE, this statement is based on experience with the prototype). The resulting project plan is the input to the second phase, requirements analysis. Here developers identify the particular features and functions of the new system. The output of that phase is a set of approved user requirements, which become the primary input used to design system components. In phase 4, developers implement, test, and install the new system. Over time, users will find errors, mistakes, and problems. They will also develop new requirements. The description of fixes and new requirements is input into a system maintenance phase. The maintenance phase starts the process all over again, which is why the process is considered a cycle. 26) Which of the following is the first step in defining a new information system? A) Assess the feasibility of the project. B) Explain the goals and scope of the project. C) Determine the schedule and budget for the project. D) Form the project team. Answer: B 27) Which of the following steps in the systems definition process aims to eliminate obviously nonsensible projects? A) Define the system goals and scope. B) Form the project team. C) Assess the project feasibility. D) Plan the project requirements. Answer: C 28) ___________ feasibility concerns whether a new information system fits within a company's customs, culture, charter, or legal requirements. A) Technical B) Cost C) Schedule D) Organizational Answer: D 29) During requirements definition, a development team's composition will be typically heavy with ___________. A) systems analysts B) programmers C) business users D) beta testers Answer: A 30) Which of the following statements is true of the composition of a development team over the different phases of the systems development life cycle? A) During conversion, the team will be heavy with database designers. B) During requirements definition, the team will be heavy with testers and database designers. C) During integrated testing and conversion, the team will be augmented with business users. D) During design and implementation, the team will be augmented with business users. Answer: C 31) During design and implementation, a development team will be heavy with ___________. A) business analysts B) business users C) programmers D) senior managers Answer: C 32) The cost feasibility of a systems development project depends on the scope of the project. Answer: True 33) Organizational feasibility refers to estimating the time it will take to complete a project. Answer: False 34) A development team's composition changes over time. Answer: True 35) Business analysts integrate the work of the programmers, testers, and users. Answer: False 36) Explain the tasks performed during the system definition phase of the systems development life cycle. Answer: The first step is to define the goals and scope of the new information system. At this step, a development team defines the goal and purpose of the new system. A project's scope is defined by specifying the users who will be involved, or the business processes that will be involved, or the plants, offices, and factories that will be involved. The next step is to assess feasibility. This step answers the question, "Does this project make sense?" The aim here is to eliminate obviously nonsensible projects before forming a project development team and investing significant labor. Feasibility has four dimensions: cost, schedule, technical, and organizational. If the defined project is determined to be feasible, the next step is to form the project team. Typical personnel on a development team are a manager, systems analysts, business analysts, programmers, software testers, and users. The first major task for the assembled project team is to plan the project. Members of the project team specify tasks to be accomplished, assign personnel, determine task dependencies, and set schedules. 37) Define the terms cost feasibility, technical feasibility, and organizational feasibility. Answer: Cost feasibility approximates total costs and compares it to system value. Technical feasibility refers to whether existing information technology is likely to be able to meet the needs of the new system. Organizational feasibility concerns whether the new system fits within the organization's customs, culture, charter, or legal requirements. 38) Who are the members of a systems project team? Explain the roles of business analysts and systems analysts. Answer: Typical personnel on a development team are a manager (or managers for larger projects), business analysts, systems analysts, programmers, software testers, and users. Business analysts specialize in understanding business needs, strategies, and goals and helping businesses implement systems to accomplish their competitive strategies. Systems analysts are IT professionals who understand both business and technology. Systems analysts are closer to IT and are a bit more technical, though there is considerable overlap in the duties and responsibilities of business and systems analysts. Both are active throughout the systems development process and play a key role in moving a project through the systems development process. Business analysts work more with managers and executives; systems analysts integrate the work of the programmers, testers, and users. Depending on the nature of the project, the team may also include hardware and communications specialists, database designers and administrators, and other IT specialists. 39) Which of the following is the most important phase in the systems development process? A) Define the goals and scope of the new information system. B) Implement the information system. C) Determine the system's requirements. D) Adapt systems to changes in requirements. Answer: C 40) If a new system involves a new database or substantial changes to an existing database, then the development team will have to create a(n) ___________. A) data model B) replica C) archetype D) test plan Answer: A 41) The easiest and cheapest time to alter an information system is in the ___________ phase of the systems development life cycle. A) requirements analysis B) system definition C) component design D) implementation Answer: A 42) Which of the following is a typical concern for developers while using prototypes? A) comparing a system's features with requirements B) understanding a system's complete requirements C) assessing a system's technical feasibility D) developing a uniform funding solution for the system Answer: D 43) Interviews are conducted with system users in the requirements analysis phase of the systems development life cycle. Answer: True 44) The security needs of an information system are determined during the component design phase of the systems development life cycle. Answer: False 45) Mock-ups of forms and reports can generate similar benefits as a working prototype. Answer: False 46) Explain the importance of the requirements analysis phase of the systems development life cycle (SDLC). Answer: Determining the system's requirements is the most important phase in the systems development process. If the requirements are wrong, the system will be wrong. If the requirements are determined completely and correctly, then design and implementation will be easier and more likely to result in success. Examples of requirements are the contents and the format of Web pages and the functions of buttons on those pages, or the structure and content of a report, or the fields and menu choices in a data entry form. Security is another important category of requirements. The easiest and cheapest time to alter the information system is in the requirements phase. Changing a requirement at this stage is simply a matter of changing a description. Changing a requirement in the implementation phase may require weeks of reworking applications components and the database. 47) While designing ___________, a development team must produce design documentation for writing program code. A) off-the-shelf with alteration software B) custom-developed programs C) off-the-shelf software D) cloud-based programs Answer: B 48) Procedures for a business information system are designed usually by ___________. A) testers B) programmers C) systems analysts D) business analysts Answer: C 49) Normal processing procedures for operations personnel involve procedures for ___________. A) continuing operations when the system fails B) backing up data and other resources C) using the system to accomplish business tasks D) starting, stopping, and operating the system Answer: D 50) In terms of software design for custom-developed programs, a development team identifies off-the-shelf products and then determines the alterations required. Answer: False 51) Explain how the software component of an information system is designed. Answer: Software design depends on the source of the programs. For off-the-shelf software, the team must determine candidate products and evaluate them against the requirements. For off-the-shelf with alteration software, the team identifies products to be acquired off-the-shelf and then determines the alterations required. For custom-developed programs, the team produces design documentation for writing program code. For a cloud-based system, one important design decision is where application processing will occur. All can occur on mobile devices, all can occur on cloud servers, or a mixture can be used. 52) During the ___________ phase of the systems development life cycle process, developers construct, install, and test the components of the information system. A) requirements analysis B) database design C) feasibility assessment D) implementation Answer: D 53) A comprehensive test plan should ___________. A) not include incorrect actions that users take B) cause every line of program code to be executed C) cause only critical error messages to be displayed D) be constructed by only product quality assurance (PQA) personnel Answer: B 54) Which of the following personnel in a development team has the final say on whether a system is ready for use? A) managers B) systems analysts C) users D) PQA personnel Answer: C 55) ___________ testing is the process of allowing future system users to try out a new system on their own. A) Unit B) Alpha C) Integration D) Beta Answer: D 56) System ___________ refers to the process of changing business activity from an old information system to a new system. A) definition B) testing C) analysis D) conversion Answer: D 57) In a ___________ installation, an organization implements an entire system on a limited portion of the business. A) phased B) parallel C) pilot D) plunge Answer: C 58) In a ___________ installation, a new system runs alongside the old one until the new one has been tested and is fully operational. A) pilot B) parallel C) phased D) plunge Answer: B 59) Olive Inc., a chain of retail outlets, is converting its existing billing systems to a more robust online tool. In this process, the organization runs both the old and the new systems to compare their performances. In this case, the company is implementing the new system using ___________ installation. A) parallel B) pilot C) plunge D) phased Answer: A 60) Which of the following is the most expensive style of system conversion? A) pilot installation B) phased installation C) parallel installation D) plunge installation Answer: C 61) Which of the following styles of system conversion shuts off the old system and starts a new system? A) plunge installation B) parallel installation C) pilot installation D) phased installation Answer: A 62) Testing is often called product quality assurance (PQA). Answer: True 63) Beta testing is the last phase of a testing process. Answer: True 64) In pilot installation, a new system is installed in phases across an organization. Answer: False 65) Plunge installation is sometimes called direct installation. Answer: True 66) What is a test plan? Answer: Once developers have constructed and tested all of the system components, they integrate the individual components and test the system. Software and system testing are difficult, time-consuming, and complex tasks. Developers need to design and develop test plans and record the results of tests. A test plan consists of sequences of actions that users will take when using the new system. Test plans include not only the normal actions that users will take, but also incorrect actions. A comprehensive test plan should cause every line of program code to be executed. The test plan should cause every error message to be displayed. 67) What is beta testing? Answer: Beta testing is the process of allowing future system users to try out the new system on their own. Software vendors, such as Microsoft, often release beta versions of their products for users to try and to test. Such users report problems back to the vendor. Beta testing is the last stage of testing. Normally, products in the beta test phase are complete and fully functioning; they typically have few serious errors. 68) What are the four ways in which organizations can implement a system conversion? Answer: Organizations can implement a system conversion in one of four ways. In a pilot installation, an organization implements the entire system on a limited portion of the business. In a phased installation, a new system is installed in phases across the organization. With parallel installation, a new system runs in parallel with the old one until the new system is tested and fully operational. The final style of conversion is plunge installation (sometimes called direct installation). With it, an organization shuts off the old system and starts the new system. 69) Software developers group the fixes for high-priority failures into a group that can be applied to all copies of a given product called a ___________. A) service pack B) bug C) patch D) product key Answer: C 70) Which of the following statements is true of system maintenance? A) Software developers usually bundle fixes for low-priority problems into a patch. B) Information systems (IS) personnel prioritize system problems on a first-come-first-served basis. C) All commercial software products are shipped with known failures. D) Service packs are developed to fix a single problem at a time. Answer: C 71) Software vendors usually bundle fixes of low-priority problems into larger groups called ___________. A) patches B) service packs C) bugs D) product keys Answer: B 72) The maintenance phase can start another cycle of the systems development life cycle (SLDC). Answer: True 73) What are the tasks of system maintenance? Answer: The last phase of the systems development life cycle (SDLC) is maintenance. Maintenance is a misnomer; the work done during this phase is either to fix the system so that it works correctly or to adapt it to changes in requirements. First, there needs to be a means for tracking both failures and requests for enhancements to meet new requirements. For small systems, organizations can track failures and enhancements using word-processing documents. Typically, IS personnel prioritize system problems according to their severity. They fix high-priority items as soon as possible, and they fix low-priority items as time and resources become available. 74) What are patches and service packs? Answer: Patches are group fixes for high priority failures that can be applied to all copies of a given product. Software vendors supply patches to fix security and other critical problems. They usually bundle fixes of low-priority problems into larger groups called service packs. Users apply service packs in much the same way that they apply patches, except that service packs typically involve fixes to hundreds or thousands of problems. 75) Which of the following is a major concern for developers in a systems development life cycle process? A) having to work with a team of specialists B) moving through the unstructured phases of the cycle C) agreeing on the basic tasks to be performed to build a system D) performing repetitive tasks of a completed phase Answer: D 76) Projects are said to be in analysis paralysis if so much time is spent ___________. A) in the system definition phase of the systems development life cycle (SDLC) B) on project scheduling C) documenting the requirements D) designing the system components Answer: C 77) The systems development life cycle process is supposed to operate in a sequence of nonrepetitive phases. Answer: True 78) Actual systems development generally works in accordance with the waterfall nature of the systems development life cycle. Answer: False 79) Estimates of labor hours and completion dates are accurate for large, multiyear projects. Answer: False 80) Explain the problems caused due to the waterfall nature of systems development life cycle. Answer: One of the reasons for SDLC problems is due to the waterfall nature of the SDLC. Like a series of waterfalls, the process is supposed to operate in a sequence of nonrepetitive phases. For example, the team completes the requirements phase and goes over the waterfall into the design phase, and on through the process. Unfortunately, systems development seldom works so smoothly. Often, there is a need to crawl back up the waterfall, if you will, and repeat work in a prior phase. Most commonly, when design work begins and the team evaluates alternatives, they learn that some requirements statements are incomplete or missing. At that point, the team needs to do more requirements work, yet that phase is supposedly finished. On some projects, the team goes back and forth between requirements and design so many times that the project seems to be out of control. Test Bank for Experiencing MIS David Kroenke, Randall Boyle 9780133939132, 9781292107707, 9780134773636, 9780136509868, 9780136078685, 9781486019281, 9780132157940