Review-1 - Management Information System | Trường Đại học Quốc tế, Đại học Quốc gia Thành phố HCM

1.Which of the following traditional solutions enables manufacturers to deal with uncertainties in the supply chain? A) Safety stock D) Demand planning B) Continuous replenishment E) Perfect information C) Just-in-time strategies
2. A distortion of information about the demand for a product as it passes from one entity to the
next across the supply chain is called the ________ effect. A) network D) whirlpool B) bullwhip E) diffraction C) ripple
3.What event marked the beginning of e-commerce?
A) The first product sold online
D) The first paid advertisements placed on a
B) The first domain name registered website C) The first e-mail sent
E) The first product advertised online
4.A marketplace extended beyond traditional boundaries and removed from a temporal and
geographic location is called a(n): A) exchange. D) e-hub. B) marketspace. E) net marketplace. C) online marketplace. 5.When did e-commerce begin? A) 1965 B) 1983 C) 1995 D) 1999 E) 2000
6.All of the following are specific security challenges that threaten the communications lines in
a client/server environment except: A) phishing D) radiation. B) tapping. E) sniffing. C) theft and fraud.
7.All of the following are specific security challenges that threaten corporate servers in a
client/server environment except: A) hacking. B) malware. C) denial-of-service attacks. D) sniffing. E) vandalism.
8.Which of the following refers to policies, procedures, and technical measures used to prevent
unauthorized access, alteration, theft, or physical damage to information systems? A) Security D) Algorithms B) Controls E) Identity management C) Benchmarking
9.Which of the following refers to all of the methods, policies, and organizational procedures
that ensure the safety of the organization's assets, the accuracy and reliability of its accounting
records, and operational adherence to management standards? Legacy systems D) Security policy B) SSID standards E) Controls C) Vulnerabilities
10.Most computer viruses deliver a: A) worm. D) keylogger. B) Trojan horse. E) payload. C) driveby download.
11.Which of the following statements about wireless security is not true?
A) SSIDs are broadcast multiple times and
can be picked up fairly easily by sniffer
D) Intruders can force a user's NIC to programs.
associate with a rogue access point.
B) Radio frequency bands are easy to scan.
E) Bluetooth is the only wireless technology
C) An intruder who has associated with an
that is not susceptible to hacking by
access point by using the correct SSID is eavesdroppers.
capable of accessing other resources on the network.
12.Which type of decision is calculating gross pay for hourly workers? A) Semi-structured D) Unstructured B) Procedural E) Ad hoc C) Structured
13.Which type of decision is deciding whether to introduce a new product line? A) Structured D) Nonrecurring B) Unstructured E) Predictive C) Recurring
14.Which of the following is not one of the Simon's four stages of decision making? A) Implementation D) Choice B) Intelligence E) Design C) Prediction 2
15.Which of the following is not one of the five classical functions of managers? A) New product creator D) Organizing B) Deciding E) Controlling C) Planning
16.Which of the following BI tools or abilities has been driving the movement toward "smart cities"? A) OLAP D) Data mining B) Chi-square analysis E) Big data analytics C) Predictive analytics
integrating, and analyzing business data
17.Which of the following statements best
D) Information systems involved in business
describes the term business intelligence? decision making
A) Software developed exclusively for
E) Enterprise systems used to make business business management decisions
B) The tools and techniques used to analyze and understand business data D) Business analysts C)
The infrastructure for collecting, E) Senior executives
18.BI that is designed to determine the most likely effects of changes in the business environment is called: A) statistical modeling. D) big data analytics. B) environmental analytics. E) parameterized report C) predictive analytics.
19.All of the following are specific security challenges that threaten corporate systems in a
client/server environment except: A) theft of data. D) radiation. B) copying of data. E) hardware failure. C) alteration of data.
20.CryptoLocker is an example of which of the following? A) Worm D) Evil twin B) SQL injection attack E) Ransomware C) Sniffer
21.Which of the following statements about Internet security is not true?
A) The use of P2P networks can expose a corporate computer to outsiders.
B) A corporate network without access to the Internet is more secure than one that provides access.
C) Wi-Fi networks are not vulnerable to security breaches.
D) Instant messaging can provide hackers access to an otherwise secure network.
E) Smartphones have the same security weaknesses as other Internet devices. 22. A Trojan horse:
A) is software that appears to be benign but does something other than expected.
B) is a virus installed as a drive-by download.
C) is malware named for a breed of fast-moving Near-Eastern horses.
D) installs spyware on users' computers.
E) is a type of sniffer used to infiltrate corporate networks.
23.Which of the following provides a suite of integrated software modules for finance and
accounting, human resources, manufacturing and production, and sales and marketing that allows
data to be used by multiple functions and business processes? A) Process management software D) CRM software B) ERP systems
E) Supply chain management systems C) Groupware
24.Enterprise software is built around thousands of predefined business processes that reflect: A) government regulations.
D) cutting edge workflow analyses. B) industry benchmarks. E) the firm's culture. C) best practices.
25.Which of the following enables a company to tailor a particular aspect of enterprise software
to the way a company does business? A) Configuration tables D) Middleware B) Web services E) Groupware C) Data dictionaries
26.A network of organizations and business processes for procuring raw materials,transforming
these materials into intermediate and finished products, and distributing the finished products to customers is called a(n): A) distribution channel. D) marketing channel. B) supply chain. E) information system. C) value chain.
27.In the supply chain, components or parts are referred to as:
A) upstream materials, organizations, and C) secondary products. processes. D) intermediate products. B) raw materials.
E) downstream organizations and processes.
28.Which of the following refers to a company's suppliers, the suppliers' suppliers, and the
processes for managing relationships with them?
A) Supplier's internal supply chain
D) Upstream portion of the supply chain B) Logistics supply chain
E) On Contract supplier's chain
C) Downstream portion of the supply chain
29.Distribution and delivery of products to retailers is part of the:
A) downstream portion of the supply chain. B) external supply chain.
C) upstream portion of the supply chain.
E) midstream portion of the supply chain.
D) supplier's internal supply chain.
30.Uncertainties in the supply chain often lead to: A) declines in production. D) the bull whip effect.
B) increases in inventory across all tiers.
E) a reduction in safety stocks.
C) strategic changes in production plans.
31.What standards are referred to when discussing universal standards as a unique feature of e- commerce?
A) Internet technology standards
D) Universal advertising and media format
B) Common spoken and written languages standards
C) Universal measuring standards E) EDI standards
32.All of the following are unique features of e-commerce technology, except:
A) personalization/customization. D) richness. B) interactivity. E) global reach. C) price discrimination.
33.Which of the following dimensions of e-commerce technology involves engaging consumers
in a dialogue that dynamically adjusts the experience to the individual? A) Ubiquity D) Interactivity
B) Personalization/customization E) Information density C) Richness
34.The effort required to locate a suitable product is called: A) price discrimination. D) shopping costs. B) search costs. E) location costs. C) menu costs.
35.Information density refers to the:
A) richness–complexity and content–of a message.
B) total amount and quantity of information delivered to consumers by merchants.
C) total amount and quantity of information available to all market participants.
D) amount of information available to reduce price transparency.
E) amount of physical storage space needed to store data about a specific entity, such as a product or consumer.
36.Selling the same goods to different targeted groups at different prices is called: A) cost customization. D) cost personalization. B) cost optimization. E) price discrimination. C) price gouging.
37.Compared to traditional goods, digital goods have:
A) low marginal costs of production. D) higher inventory costs. B) higher delivery costs. E) higher marginal costs.
C) lower initial production costs.
38.Which of the following is the first step in the knowledge management value chain? A) Feedback D) Store B) Acquire E) Apply C) Disseminate
39.Which of the following is not one of the six main analytic functionalities of BI systems for
helping decision makers understand information and take action? A) Production reports
D) Forecasts, scenarios, and models B) Parameterized reports E) Drill down C) Business case archives
40.Which of the following are most likely to rely primarily on the drill-down functionality of BI
for their decision-making needs? A) IT developers B) Middle managers C) Operational employees
41.Which of the following statements best describes the relationship between collaboration and knowledge management?
A) Collaboration is impossible without knowledge.
B) Knowledge is impossible without collaboration.
C) Knowledge is useful only when shared with others.
D) As knowledge improves, so does collaboration.
E) Knowledge is the result of collaboration.
42.The text defines ________ as the flow of events or transactions captured by an organization's system. A) information D) knowledge B) data E) experience C) wisdom
43.Changing organizational behavior by sensing and responding to new experience and knowledge is called: A) change management. D) organizational learning. B) knowledge leveraging. E) knowledge management. C) the knowledge value chain.
44.What is the last value-adding step in the knowledge business value chain? A) Acquire D) Disseminate
B) Data and information acquisition E) Apply C) Store
45.The set of business processes, culture, and behavior required to obtain value from
investments in information systems is one type of: A) knowledge culture. D) organizational routine. B) knowledge discovery. E) knowledge.
C) organizational and management capital.
46.Specialized systems built for knowledge workers charged with discovering and creating new
knowledge for a company are called:
A) Knowledge Work Systems (KWS). D) COPs.
B) Learning Management Systems (LMS).
E) enterprise-wide knowledge management C) wikis. systems.
47.Apple's Siri application is an example of: A) neural networks. D) intelligent agents. B) augmented reality. E) machine learning. C) AI.
48.Which of the following techniques is used for knowledge acquisition? A) Decision support systems D) Data mining
B) Transaction processing systems E) Content management system C) CAD
49.Which of the following is a computer-based system that attempts to emulate how humans think and act? A) Virtual reality systems D) Genetic algorithms B) Neural networks E) LMS C) AI technology
50.When there is no well-understood or agreed-on procedure for making a decision, it is said to be: A) undocumented. B) unstructured. C) documented. D) semi-structured. E) random
Case Study: Is the Equifax Hack the Worst Ever – and Why?
1. Identify and describe the security and control weaknesses discussed in this case.
On September 7, 2017 Equifax reported that from mid-May through July 2017 hackers gained
access to some of its systems and potentially the personal information of about 143 million U.S.
consumers, including Social Security numbers and driver’s license numbers. Credit card
numbers for 209,000 consumers and personal information used in disputes for 182,000 people were also compromised.
Equifax reported the breach to law enforcement and also hired a cybersecurity firm to
investigate. The size of the breach, importance, and quantity of personal information
compromised by this breach are considered unprecedented.
The Equifax breach was especially damaging because of the amount of sensitive personal and
financial data stored by Equifax that was stolen, and the role such data play in securing
consumers’ bank accounts, medical histories, and access to financing. In one swoop the hackers
gained access to several essential pieces of personal information that could help attackers commit fraud.
Analyses earlier in 2017 performed by four companies that rank the security status of companies
based on publicly available information showed that Equifax was behind on basic maintenance
of web sites that could have been involved in transmitting sensitive consumer information.
Cyberrisk analysis firm Cyence rated the danger of a data breach at Equifax during the next 12
months at 50 percent. It also found the company performed poorly when compared with other
financial-services companies. The other analyses gave Equifax a higher overall ranking, but the
company fared poorly in overall web-services security, application security, and software patching.
A security analysis by Fair Isaac Corporation (FICO), a data analytics company focusing on
credit scoring services, found that by July 14 public-facing web sites run by Equifax had expired
certificates, errors in the chain of certificates, or other web-security issues.
2 What management, organization, and technology factors contributed to these problems?
Management: Competitors privately observed that Equifax did not upgrade its technological
capabilities to keep pace with its aggressive growth. Equifax appeared to be more focused on
growing data it could commercialize.
The findings of the outside security analyses appear to conflict with public declarations by
Equifax executives that cybersecurity was a top priority. Senior executives had previously said
cybersecurity was one of the fastest-growing areas of expense for the company. Equifax
executives touted Equifax’s focus on security in an investor presentation that took place weeks
after the company had discovered the attack.
Organization: Equifax bought companies with databases housing information about consumers’
employment histories, savings, and salaries, and expanded internationally. The company bought
and sold pieces of data that enabled lenders, landlords, and insurance companies to make
decisions about granting credit, hiring job seekers, and renting an apartment.
The data breach exposed Equifax to legal and financial challenges, although the regulatory
environment is likely to become more lenient under the current presidential administration. It
already is too lenient. Credit reporting bureaus such as Equifax are very lightly regulated. Given
the scale of the data compromised, the punishment for breaches is close to nonexistent.
Technology: The hack involved a known vulnerability in Apache Struts, a type of open-source
software Equifax and other companies use to build web sites. This software vulnerability was
publicly identified in March 2017, and a patch to fix it was released at that time. That means
Equifax had the information to eliminate this vulnerability two months before the breach occurred. It did nothing.
Weaknesses in Equifax security systems were evident well before the big hack. A hacker was
able to access credit-report data between April 2013 and January 2014. The company discovered
that it mistakenly exposed consumer data as a result of a “technical error” that occurred during a
2015 software change. Breaches in 2016 and 2017 compromised information on consumers’ W-2
forms that were stored by Equifax units. Additionally, Equifax disclosed in February 2017 that a
“technical issue” compromised credit information of some consumers who used identity-theft
protection services from LifeLock.
3 Discuss the impact of the Equifax hack?
Hackers gained access to Equifax systems containing customer names, Social Security numbers,
birth dates, and addresses. These four pieces of data are generally required for individuals to
apply for various types of consumer credit, including credit cards and personal loans. Criminals
who have access to such data could use it to obtain approval for credit using other people’s
names. Credit specialist and former Equifax manager John Ulzheimer calls this is a “nightmare
scenario” because all four critical pieces of information for identity theft are in one place.
Stolen personal data will be available to hackers on the Dark Web for years to come.
Governments involved in state-sponsored cyberwarfare are able to use the data to populate
databases of detailed personal and medical information that can be used for blackmail or future attacks.
4 How can future data breaches like this one be prevented? Explain your answer.
There will be hacks—and afterward, there will be more. Companies need to be even more
diligent about incorporating security into every aspect of their IT infrastructure and systems
development activities. To prevent data breaches such as Equifax’s, organizations need many
layers of security controls. They need to assume that prevention methods are going to fail.
As data breaches rise in significance and frequency, the government is proposing new legislation
that would require firms to report data breaches within specific time frames and set standards for data security.
There are other measures every organization, public and private can and should take to secure
their systems and information. Section 8.4, What are the most important tools and technologies
for safeguarding information resources, of this chapter provides a list:
Use appropriate identity management and authentication procedures and processes.
Use adequate firewalls, intrusion detection systems, and antivirus software. Secure wireless networks.
Use adequate encryption and public key infrastructures—this alone would have saved Sony a lot of grief and money.
Control Network Traffic with Deep Packet Inspection technology.
Many security experts believe that U.S. cybersecurity is not well-organized. The FBI and
Department of Homeland Security released a “cyber alert” memo describing lessons learned
from other hacks. The memo lists generally recommended security practices for companies to
adopt, including encrypting data, activating a personal firewall at agency workstations,
monitoring users’ online habits, and blocking potentially malicious sites.
Case Study: Clemens Food Group Delivers with New Enterprise Applications
1 Why would supply chain management be so important for Clemens Food Group?
Clemons Food is a vertically coordinated company that includes antibiotic-free hog farming,
food production, logistical services, and transportation. Using a responsive pork production
system, the company focuses on supplying the highest-quality products to its partners as well as
advanced solutions that simplify partners’ operations.
The Clemens Food Group raises and processes about five million hogs per year, managing
procurement, production, and logistics services from birth to finished food products. Clemens has 3,350 employees.
For a company in the perishable goods industry such as Clemens Food to be profitable, it must
have a firm grasp on the timeliness and accuracy of orders and very precise information about
the status of its products and warehouse activities throughout its network of farms and
production facilities. Accuracy in determining yields, costs, and prices in a wildly fluctuating
market can make a difference of millions of dollars.
2 What problem was the company facing. What management, organization, and technology
factors contributed to these problems?
Management: Clemens Food’s legacy systems were no longer able to keep up with production
and support future growth. Management realized the company needed a new platform to provide