Uncategorized

1. Which of the following is generally viewed as the first Internet worm to have caused significant damage and to have “brought the Internet down”? A. Melissa B. The “Love Bug” C. The Morris worm D. Code Red 2. Which of the following individuals was convicted of various computer crimes and was known for his ability to conduct successful social engineering attacks? A. Kevin Mitnick B. Vladimir Levin C. Timothy Lloyd D. David Smith 3. Which virus/worm was credited with reaching global proportions in less than ten minutes? A. Code Red B. The Morris worm C. Melissa D. Slammer 4. An attacker who feels that using animals to make fur coats is unethical and thus defaces the web site of a company that sells fur coats is an example of: A. Information warfare B. Hacktivisim C. Cyber crusading D. Elite hacking 5. What is the most common form of authentication used? A. Smart card B. Tokens C. Username/password D. Retinal scan 6. The Components of CIA triangle are A. Corporate secrecy, Integrity, and Availability B. Confidentiality, Integrity, and Access C. Confidentiality, Integrity, and Availability D. Confidentiality, Information Security, and Availability 7. Which of the following concepts requires users and system processes to use the minimal amount of permission necessary to function? A. Layer defense B. Diversified defense C. Simple Security Rule D. Least privilege 8. The Bell-LaPadula security model is an example of a security model that is based on: A. The integrity of the data B. The availability of the data C. The confidentiality of the data D. The authenticity of the data 9. The term used to describe the requirement that different portions of a critical process must be performed by different people is: A. Least privilege B. Defense in depth C. Separation of duties D. Job rotation 10. Hiding information to prevent disclosure is an example of: A. Security through obscurity B. Certificate-based security C. Discretionary data security D. D. Defense in depth 11. The concept of blocking an action unless it is specifically authorized is: A. Implicit deny B. Least privilege C. Simple Security Rule D. D. Hierarchical defense model 12. Which of the following correctly defines qualitative risk management? A. The process of objectively determining the impact of an event that affects a project,program, or business. B. The process of subjectively determining the impact of an event that affects a project,program, or business. C. The loss that results when a vulnerability is exploited by a threat. D. To reduce the likelihood of a threat occurring. 13. Which of the following correctly defines risk? A. The risks still remaining after an iteration of risk management. B. The loss that results when a vulnerability is exploited by a threat. C. Any circumstance or event with the potential to cause harm to an asset. D. The possibility of suffering harm or loss. 14. Single loss expectancy (SLE) can best be defined by which of the following equations? A. SLE = annualized loss expectancy * annualized rate of occurrence B. SLE = asset value * exposure factor C. SLE = asset value * annualized rate of occurrence D. SLE = annualized loss expectancy * exposure factor 15. Which of the following correctly defines a Gantt chart? A. A method of identifying items that are related and then identifying the principle that ties them together into a group B. A management tool for diagramming schedules, events, and activity duration C. A single-page form used to document new risks as they occur D. A diagram depicting interdependencies between project activities, showing the sequence and duration of each activity 16. Which of the following correctly defines residual risk? A. The risks still remaining after an iteration of risk management B. The possibility of suffering a loss C. The result of a vulnerability being exploited by a threat that results in a loss D. D. Characteristics of an asset that can be exploited by a threat to cause harm 17. Which of the following statements about risk is true? A. A manager can accept the risk, which will reduce the risk. B. The risk itself doesn’t really change. However, actions can be taken to reduce the impact of the risk. C. A manager can transfer the risk, which will reduce the risk. D. A manager can take steps to increase the risk.

  • Posted by author-avatar
18 Sep

1. Which of the following is generally viewed as the first Internet worm to have caused significant damage and to have “brought the Internet down”?

A. Melissa

B. The “Love Bug”

C. The Morris worm

D. Code Red

2. Which of the following individuals was convicted of various computer crimes and was known for his ability to conduct successful social engineering attacks?

A. Kevin Mitnick

B. Vladimir Levin

C. Timothy Lloyd

D. David Smith

3. Which virus/worm was credited with reaching global proportions in less than ten minutes?

A. Code Red

B. The Morris worm

C. Melissa

D. Slammer

4. An attacker who feels that using animals to make fur coats is unethical and thus defaces the web site of a company that sells fur coats is an example of:

A. Information warfare

B. Hacktivisim

C. Cyber crusading

D. Elite hacking

5. What is the most common form of authentication used?

A. Smart card

B. Tokens

C. Username/password

D. Retinal scan

6. The Components of CIA triangle are

A. Corporate secrecy, Integrity, and Availability

B. Confidentiality, Integrity, and Access

C. Confidentiality, Integrity, and Availability

D. Confidentiality, Information Security, and Availability

7. Which of the following concepts requires users and system processes to use the minimal amount of permission necessary to function?

A. Layer defense

B. Diversified defense

C. Simple Security Rule

D. Least privilege

8. The Bell-LaPadula security model is an example of a security model that is based on:

A. The integrity of the data

B. The availability of the data

C. The confidentiality of the data

D. The authenticity of the data

9. The term used to describe the requirement that different portions of a critical process must be performed by different people is:

A. Least privilege

B. Defense in depth

C. Separation of duties

D. Job rotation

10. Hiding information to prevent disclosure is an example of:

A. Security through obscurity

B. Certificate-based security

C. Discretionary data security

D. D. Defense in depth

11. The concept of blocking an action unless it is specifically authorized is:

A. Implicit deny

B. Least privilege

C. Simple Security Rule

D. D. Hierarchical defense model

12. Which of the following correctly defines qualitative risk management?

A. The process of objectively determining the impact of an event that affects a project,program, or business.

B. The process of subjectively determining the impact of an event that affects a project,program, or business.

C. The loss that results when a vulnerability is exploited by a threat.

D. To reduce the likelihood of a threat occurring.

13. Which of the following correctly defines risk?

A. The risks still remaining after an iteration of risk management.

B. The loss that results when a vulnerability is exploited by a threat.

C. Any circumstance or event with the potential to cause harm to an asset.

D. The possibility of suffering harm or loss.

14. Single loss expectancy (SLE) can best be defined by which of the following equations?

A. SLE = annualized loss expectancy * annualized rate of occurrence

B. SLE = asset value * exposure factor

C. SLE = asset value * annualized rate of occurrence

D. SLE = annualized loss expectancy * exposure factor

15. Which of the following correctly defines a Gantt chart?

A. A method of identifying items that are related and then identifying the principle that ties them together into a group

B. A management tool for diagramming schedules, events, and activity duration

C. A single-page form used to document new risks as they occur

D. A diagram depicting interdependencies between project activities, showing the sequence and duration of each activity

16. Which of the following correctly defines residual risk?

A. The risks still remaining after an iteration of risk management

B. The possibility of suffering a loss

C. The result of a vulnerability being exploited by a threat that results in a loss

D. D. Characteristics of an asset that can be exploited by a threat to cause harm

17. Which of the following statements about risk is true?

A. A manager can accept the risk, which will reduce the risk.

B. The risk itself doesn’t really change. However, actions can be taken to reduce the impact of the risk.

C. A manager can transfer the risk, which will reduce the risk.

D. A manager can take steps to increase the risk.

Newer Pick a business task you would like to computerize. How could you use the steps of the information systems development cycle, that has been discussed throughout this course?
Back to list
Older AirAsia X Case Instructions and Questions A good approach to analyzing cases is found in the “Analyzing Cases Appendix” on page 343. Additionally, I have included a series of questions for your review. The purpose of these questions is to help focus and guide your thoughts while analyzing the case. You want to address these questions; however, don’t stop there. That approach will earn you, at best, a B for the assignment. Use the questions to spur even further analysis and recommendations. You will be more successful if your write-up takes the perspective of executives who must arrive at a definite conclusion and specific recommendations. Your recommendations should be based on information & resources available at the time of the case. Don’t base recommendations on technological breakthroughs or developments that have happened since the time of the case. Your final write-up should take the form of a business report that includes an executive summary, analysis section, alternative(s) identification, and recommendation(s). Your executive summary should be no more than 2 pages and the analysis, alternatives and recommendation sections should not exceed 8 pages. The maximum length of your write-up is 10 pages, not including a cover page and illustrations. You may add as many charts, graphs or illustrations as you need to reinforce your analysis. 1. Please use a font size of 11 or 12 and single space your paper. 2. You must submit your case in the appropriate drop box class on the day it is due. Not having a case to turn by the due date in will result in the team receiving a zero (0) for the assignment. Guiding Questions to Consider 1. How would you describe the AirAsia X model? What elements of its business model are the same or different from a traditional airline? What elements are the same or different from a traditional airline? 2. What is your assessment of the strengths and weaknesses of the X model? 3. What are the greatest threats to X? Where are its best opportunities? 4. What strategic recommendations would you make to X’s executive team? 5. How does X manage to achieve a cost structure that is less than one-fourth the cost per mile of a U.S. budget airline? How are they really different from other budget airlines? 6. Think about what drives their cost advantage. Cost drivers mentioned in our text were economies of scale, diseconomies of scale, learning curve economies, technological hardware, policy choices, differential access to low-cost inputs and technological software. 7. What are risks of an ultra-lean model? 8. How sustainable are X’s advantages? In other words, how easy will it be for other airlines to imitate what X is doing?