(a) In federated identity management, do firms query one another's identity management

databases? (b) What do they do instead? (c) What risk does this method avoid for the firm
sending the security assertion? (d)How are risks to Firm B reduced? (e) What is a security
assertion? (f) What three things may it contain

(a) What standard do most central authentication servers follow? (b) How are EAP and RADIUS
related in terms of functionality? (c) What authentication method does RADIUS use?

What do relay servers do in a Tor network?

(a) In public key authentication, what must the sender know that an impostor should not be able
to learn? (b) For what type of authentication is a digital signature used-initial authentication or
message-by-message authentication? (c) How does the supplicant create a message digest? (d)
How does the supplicant cr

See Full Question And Answer at solutionrank.com

(a) Does the use of spread spectrum transmission in 802.11 create security? (b) What are SSIDs?
(c) Does turning off SSID broadcasting offer real security? Explain. (d) What are MAC access
control lists? (e) Do they offer real security? Explain.

(a) What two cryptographic protections does an HMAC provide? (b) Do HMACs use symmetric
key encryption, public key encryption, or hashing? (c) What is the benefit of HMACs over
digital signatures?

(a) How does a P2P attack work? (b) How does a reflected attack work? (c) What is a DRDoS
attack, and how does it work? (d) What is a Smurf flood? (e) What type of packet is sent in a
Smurf flood? Why? (f) How could a malformed packet cause a host to crash?

How could Bloomberg use encryption to calm trader's fears?

Why is cryptography not an automatic protection?

See Full Question And Answer at solutionrank.com

(a) What is the strongest form of authentication? (b) List the functions of a PKI. (c) Can a firm
be its own certificate authority? (d) What is the advantage of doing so? (e) Who creates a
computer's private key/public key pair? (f) How do CAs distribute public keys? (g) What is
provisioning? (h) What is the pri

(a) Why is it impossible to extend 802.1X operation using EAP directly to WLANs? (b) What
standard did the 802.3 Working Group create to extend 802.1X operation to WLANs with
security for EAP? (c) For 802.11i, distinguish between outer and inner authentication. (d) What
authentication method or methods does outer
What are channels? Would one be better than another?

(a) What is the purpose of a wireless IDS? (b) How do wireless IDSs get their data? (c) What is a
rogue access point? (d) What are the two alternatives to using a centralized wireless IDS? (e)
Why are they not attractive?

(a) Why do hosts use ARP? (b) Can ARP poisoning be used outside the LAN? Why not? (c)
Why do hosts send ARP requests? (d) What is ARP spoofing? (e) How could an attacker use
ARP spoofing to manipulate host ARP tables?

See Full Question And Answer at solutionrank.com

Pretty Good Privacy (PGP) uses public key encryption and symmetric key encryption to encrypt
long documents. How might this be possible?

(a) What is biometric authentication? (b) On what two things about you is biometric
authentication based? (c) What is the major promise of biometrics?

(a) Why is the word symmetric used in symmetric key encryption? (b) When two parties
communicate with each other using symmetric key encryption, how many keys are used in total?
(c) What type of encryption cipher is almost always used in encryption for confidentiality?

(a) Why are authorizations needed after a person is authenticated? (b) What is another name for
authorizations? (c) What is the principle of least permissions? (d) Why is it a good way to assign
initial permissions? (e) What is bad about assigning all permissions and then taking away the
permissions a user does

(a) What is black holing? (b) Is black holing an effective defense against DoS attacks? Why? (c)
How can the effects of SYN floods be mitigated? (d) What is a false opening? (e) Why is rate
limiting a good way to reduce the damage of some DoS attacks? (f) Why is it limited in
effectiveness? (g) Why is DoS protect

See Full Question And Answer at solutionrank.com

(a) What is auditing? (b) Why is it necessary? (c) Why is log reading important? (d) What are the
three types of actions that should be taken on log files? (e) Why are automatic alerts desirable?

(a) What is the main access threat to Ethernet LANs? (b) What is the main access threat to
wireless LANs? (c) Why is the access threat to wireless LANs more severe? (d) Is eavesdropping
usually a concern for wired LANs, wireless LANs, or both?

(a) Besides authentication, what security benefit does a digital signature provide? (b) Explain
what this benefit means. (c) Do most message-by-message authentication methods provide
message integrity as a by-product?
(a) Distinguish between transport and tunnel modes in IPsec in terms of packet protection. (b)
What are the attractions of each? (c) What are the problematic issues of each?

Given the weakness of commercial WAN security, why do you think companies continue to use
WAN technology without added cryptographic protections?

See Full Question And Answer at solutionrank.com

(a) What are the two most critical fields in the digital certificate? (b) What field in a digital
certificate allows the receiver of a certificate to determine if the certificate has been altered? (c)
What three things must the receiver of a digital certificate check to ensure that a digital
certificate is valid?

How are digital certificates and drivers' licenses similar, and how are they different?

Why would state-sponsored APTs be worrisome?

Identify potential security threats associated with authentication via digital signatures and digital
certificates. Explain each and describe how you would address each threat.

(a) What is the main drawback to public key encryption? (b) What is the most popular public key
encryption cipher? (c) What is the other commonly used public key encryption cipher? (d)
Which need to be longer-symmetric keys or public keys? Justify your answer (e) How long are
strong RSA keys? (f) How long are

See Full Question And Answer at solutionrank.com

(a) Distinguish between magnetic stripe cards and smart cards. (b) What are one-time-password
tokens? (c) What are USB tokens? (d) What is the advantage of USB tokens compared to cards?
(e) What is the attraction of proximity tokens?

(a) Why can't HMACs provide nonrepudiation? (b) Why is it usually not a problem that HMACs
fail to provide nonrepudiation?

Why is confidentiality important in a business-to-business relationship?

(a) What man-in-the-middle attack is a danger for 802.11 WLANs? (b) Physically, what is an
evil twin access point? (c) What happens when the legitimate supplicant sends credentials to the
legitimate access point? (d) In what two types of attacks can the evil twin engage? (e) Are evil
twin attacks frequent? (f) W

Describe the entries in the second row of Figure 3-9. Comment on the strengths of the choices it
uses. Uses public key authentication (RSA) for initial authentication. Only export-grade
authentication, so not strong initial authentication. The same for digital signatures. For
symmetric key encryption, uses RC4 with
See Full Question And Answer at solutionrank.com

(a) Contrast the key the sender uses for encryption in public key encryption for confidentiality
and public key encryption for authentication. (b) Contrast the key the receiver uses for
decryption in public key encryption for confidentiality and public key encryption for
authentication.

Why would it be desirable to protect all of a corporation's IP traffic by IPsec? Give multiple
reasons.

(a) What is a replay attack? (b) Can the attacker read the contents of the replayed message? (c)
Why are replay attacks attempted? (d) What are the three ways to thwart replay attacks? (e) How
do time stamps thwart replay attacks? (f) How do sequence numbers thwart replay attacks? (g)
How do nonces thwart r

(a) In public key encryption for authentication, which key does the supplicant use to encrypt? (b)
Does the verifier decrypt the ciphertext with the supplicant's public key? (If not, explain what
key it does use.) (c) Who is the true party? (d) What does the sender attempt to prove it knows
that only the true par

(a) How can ARP poisoning be used as a DoS attack? (b) How can static IP and ARP tables be
used to prevent ARP poisoning? (c) Can static IP and ARP tables be effectively used in large
networks? Why not? (d) Why would limiting local access prevent DoS attacks?

See Full Question And Answer at solutionrank.com

(a) For watch lists of criminals, what is a false acceptance? (b) For watch lists of criminals,
which is worse from a security viewpoint, a false acceptance or a false rejection? Explain. (c) For
watch lists of people who should be allowed to enter a room, which is worse from a security
viewpoint, a false acceptance

(a) Why is it important to disable lost or stolen access devices? (b) What is a PIN? (d) Why can
PINs be short-only four to six digits-while passwords must be much longer?

In practice, public key authentication is used heavily for initial authentication but rarely for
message-by-message authentication. Given the intense processing power required for public key
authentication and the fact that public key authentication gives the strongest authentication,
explain these two usage patterns.

The 802.1X standard today is being applied primarily to wireless LANs rather than to wired
LANs. Why do you think that is?

How do Tor networks provide anonymity?

See Full Question And Answer at solutionrank.com

(a) What is the advantage of fingerprint recognition? (b) What are the disadvantages? (c) For
what type of use is fingerprint recognition sufficient? (d) What is the advantage of iris
recognition? (e) What are the disadvantages? (f) Does iris scanning shoot light into your eye?

(a) What is the best way to thwart exhaustive searches by cryptanalysts? (b) If a key is 43 bits
long, how much longer will it take to crack it by exhaustive search if it is extended to 45 bits? (c)
If it is extended to 50 bits? (d) If a key is 40 bits long, how many keys must be tried, on average,
to crack it?

Even if you encrypted a file with AxCrypt, wouldn't someone be able to recover a previous
version of the file with a file recovery program?

(a) What is the definition of a VPN? (b) Why do companies transmit over the Internet? (c) Why
do they transmit over untrusted wireless networks? (d) Distinguish between the three types of
VPNs. (e) What does a VPN gateway do for a remote access VPN? (f) What does a VPN
gateway do for a site-to-site VPN? (g) Wh

(a) Distinguish between error rates and deception in biometrics. (b) Why may fingerprint
scanning, which is often deceived, be acceptable for entry into a supplies cabinet? (c) When may
it not be sufficient?

See Full Question And Answer at solutionrank.com

(a) Describe the three scanner actions in the enrollment process. (b) What are key features? (c)
Why are they necessary? (d) What does the server do with the key features created by the
enrollment scan? (e) What is a template? (f) What is user access data? (g) What are match
indices, and how are they relate

(a) What is a denial-of-service attack? (b) Other than a DoS attack, what could cause a
company's webserver crash? (c) What are the main goals of DoS attacks? (d) Is a slow
degradation of service worse than a total stoppage? Why?

(a) What does an SA specify? (Do not just spell SA out.) (b) When two parties want to
communicate in both directions with security, how many IPsec SAs are necessary? (c) May there
be different SAs in the two directions? (d) What is the advantage of this? (e) Why do companies
wish to create policies for SAs? (f) C

(a) What is the difference between a direct and indirect DoS attack? (b) What is backscatter? (c)
What types of packets can be sent as part of a DoS attack? (d) Describe a SYN flood. (e) How
does a DDoS attack work? (f) What does a handler do?

The chapter described how public key authentication is used for message-by-message
authentication in digital signatures. However, public key authentication is widely used for initial
authentication. Describe the processes that the supplicant and verifier would use if public key
encryption were used in initial challenge

See Full Question And Answer at solutionrank.com

(a) In Kerberos, distinguish between the ticket granting ticket and the service ticket. (b) What
information does the service ticket give the verifier? (c) How does the supplicant get the
symmetric session key? (d) Is the verifier notified explicitly that the supplicant has been
authenticated? Explain.

(a) What is quantum key distribution? (b) What are the two advantages of quantum key
distribution?

Why would someone want to use a Tor network?

What wireless LAN security threats do 802.11i and WPA not address?

(a) Distinguish between SSL and TLS. (b) For what type of VPN was SSL/TLS developed? (c)
For what type of VPN is SSL/TLS increasingly being used?

See Full Question And Answer at solutionrank.com

If a supplicant gives you a digital certificate, should you accept it? Explain. (Think about this
carefully. The answer is not obvious.)

Why would a nation engage in cyber espionage?

(a) Why is having a single point of building entry important? (b) Why are emergency exits
important? (c) What should be done about them? (d) List the four elements of entry authorization
in CobiT. (e) Why is loading dock security important? (f) What access control rules should be
applied to loading docks? (

(a) Why is 802.1X mode unsuitable for homes and small offices? (b) What mode was created for
homes or very small businesses with a single access point? (c) How do users in this mode
authenticate themselves to the access point? (d) Why is using a shared initial key not dangerous?
(e) How are PSK/personal keys genera

A Virginia-based mail-order company sends out approximately 25 million catalogs each year,
using a customer table with 10 million names. Although the primary key of the customer table is
customer identification number, the table also contains an index of customer last names. Most
people who call to place orders remembe

See Full Question And Answer at solutionrank.com

Pretend that you are building a Web-based system for the admissions office at your university.
The system will be used to accept electronic applications from students. All the data for the
system will be stored in a variety of files. QUESTION: Give an example using the preceding
system for each of the following file t

(a) Explain ARP poisoning? (b) Why does the attacker have to send a continuous stream of
unrequested ARP replies? (c) Do switches record IP addresses? Why not? (d) Does the attacker
have to poison the gateway's ARP tables too? Why? (e) Why does all network traffic go through
the attacker after poisoning the network

(a) At what layer does SSL/TLS operate? (b) What types of applications can SSL/TLS protect?
(c) What are the two commonly SSL/TLS-aware applications? (d) Why is SSL/TLS popular?

What are the costs and benefits of a nation engaging in cyber espionage?

What is the difference between an end-user database and an enterprise database? Provide an
example of each one.

See Full Question And Answer at solutionrank.com

Discuss the role user’s play in testing.

List and discuss three ways to ensure the overall quality of a structure chart.

Distinguish between a control module, subordinate module, and library module on a structure
chart. Can a particular module be all three? Why or why not?

Why should you consider the storage formats that already exist in an organization when deciding
on a storage format for a new system?

Draw a physical level 0 DFD for the following system and compare it with the logical model that
you created in Chapter 5. A Video Store (AVS) runs a series of fairly standard video stores.
Before a video can be put on the shelf, it must be catalogued and entered into the video database.
To rent a video, every customer

See Full Question And Answer at solutionrank.com

Describe the primary deliverable produced during program design. What does it include and how
is it used?

Identify whether the following structures are transaction or transform and explain the reasoning
behind your answers. (a) (b)

What is meant by the characteristic of module coupling? What is its role in structure chart
quality?

Describe the metadata associated with the physical ERD.

Distinguish between these types of user documentation: reference documents, procedures
manuals, and tutorials.

See Full Question And Answer at solutionrank.com

Why is it important to understand the initial and projected size of a database during the design
phase?

Pretend that you are a project manager for a bank developing software for automated teller
machines (ATMs). Develop a unit test plan for the user interface component of the ATM.

What symbols would you use to depict the following situations on a structure chart? • A
function occurs multiple times before the next module is invoked. • A function is continued on
the bottom of the page of the structure chart. • A customer record is passed from one part of
the program to another. • The progr

Describe three situations that can be good candidates for denormalization.

How are the test cases developed for integration tests?

See Full Question And Answer at solutionrank.com

Describe what should be considered when estimating the size of a database.

Discuss the issues the project manager must consider when assigning programming tasks to the
programmers.

How are a file and a database different from each other?

What is the biggest strength of the object database? Describe two of its weaknesses.

What is meant by the characteristics of fan-in and fan-out? What are their roles in structure chart
quality?

See Full Question And Answer at solutionrank.com

What is the primary goal of unit testing?

Where does the analyst find the information needed to create a structure chart?

What is meant by change control? How is it helpful to the programming effort?

What are the reasons underlying the popularity of online documentation?

List the seven types of cohesion. Why do the various types of cohesion range from good to bad?
Give an example of good coupling and an example of bad coupling.

See Full Question And Answer at solutionrank.com

What is referential integrity, and how is it implemented in a relational database?

Describe several techniques that can improve performance of a database.

Describe the purpose of the primary and foreign keys.

A consulting project involved a credit card “bottom feeder” (let’s call it Credit
Wonder). This company bought credit card accounts that were written off as uncollectable debts
by major banks. Credit Wonder would buy the write-off accounts for 1 or 2 percent of their value
and then would call the owners of the wr

Draw a physical process model (just the processes and data stores) for the following
CRUDmatrix:

See Full Question And Answer at solutionrank.com

Critique the structure chart shown, which depicts a guest making a hotel reservation. Describe
the chart in terms of fan-in, fan-out, coupling, and cohesion. Redraw the chart to improve
thedesign.

Name three ways that null values in a database can be interpreted. Why is this problematic?

What are the two dimensions in which to optimize a relational database?

Are there any limitations to online documentation? Explain.

In the new system for Holiday Travel Vehicles, the system users follow a two-stage process to
record complete information on all of the vehicles sold. When an RV or trailer first arrives at the
company from the manufacturer, a clerk from the inventory department creates a new vehicle
record for it in the computer syste

See Full Question And Answer at solutionrank.com

What is the purpose of normalization?

What do you think are three common mistakes made by novice systems analysts during
programming and testing?

Create several guidelines for developing good documentation.

In our experience, documentation is left to the very end of most projects. Why do you think this
happens? How could it be avoided?

How does the multidimensional database store data?

See Full Question And Answer at solutionrank.com

Explain how a test case relates to a test plan.

Create a physical level 0 DFD for the following, and compare it with the logical model that you
created in Chapter 5: A Real Estate Inc. (AREI) sells houses. People who want to sell their
houses sign a contract with AREI and provide information on the house. This information is kept
in a database by AREI, and a subset

Visit a commercial Web site (e.g., CDnow, Amazon. com). If files were being used to store the
data supporting the application, what types of files would be needed? What data would they
contain?

Describe how you would denormalize the model that you created in question E. Draw the new
physical model on the basis of your suggested changes. How would performance be affected by
your suggestions?

Describe the two steps to data storage design.

See Full Question And Answer at solutionrank.com

You have been given a file that contains fields relating to CD information. Using the steps of
normalization, create a logical data model that represents this file in third normal form. The
fields include the following: • Musical group name • Musicians in group • Date group
was formed • Group's agent • CD tit

Explain the difference between user documentation and system documentation.

Jim Smith's dealership sells Fords, Hondas, and Toyotas. The dealership keeps information about
each car manufacturer with whom it deals so that employees can get in touch with manufacturers
easily. The dealership staff also keeps information about the models of cars that the dealership
carries from each manufacturer.

Name two types of legacy databases and the main problems associated with each type.

What is the purpose of the structure chart in program design?

See Full Question And Answer at solutionrank.com

Systems integration across platforms and companies grows more complex with time. In a case
study from Florida in 2008, an electrical company realtime system detected a minor problem in
the power grid and shut down the entire system, plunging over two million people into the dark.
The system experts placed the blame on

What is an index, and how can it improve the performance of a system?

Pretend that you are a project manager for a bank, developing software for automated teller
machines. Develop an online help system.
Examine the physical data model that you created in question F. Develop a clustering and
indexing strategy for this model. Describe how your strategy will improve the performance of
the database.

Create pseudocode for the program specification that you wrote in Exercise K.

See Full Question And Answer at solutionrank.com

Describe the five types of documentation navigation controls.

What are the commonly used sources of documentation topics? Which is the most important?
Why?

It is preferable for a control couple to flow in one particular direction on the structure chart.
Which direction is preferred, and why?

In Chapter 6, you were asked to create a logical entity relationship diagram (ERD) for a charter
company that owns boats that are used to charter trips to the islands ("Your Turn 6-8"). The
company has created a computer system to track the boats it owns, including each boat's ID
number, name, and seating capacity. The

Describe the differences in the meanings between the two structure charts shown. How have the
symbols changed themeanings?

See Full Question And Answer at solutionrank.com

What do you think are three common mistakes made by novice systems analysts in preparing
user documentation?

Describe the four approaches to integration testing.

Compare and contrast system testing and acceptance testing.

How are test cases developed for unit tests?

What is the most popular kind of database today? Provide three examples of products that are
based on this technology.

See Full Question And Answer at solutionrank.com

What are the key issues in deciding between using perfectly normalized databases and
denormalized databases?

Draw a physical level 0 data flow diagram (DFD) for the following dentist office system, and
compare it with the logical model that you created in Chapter 5: Whenever new patients are seen
for the first time, they complete a patient information form that asks their name, address, phone
number, and brief medical history

Describe the purpose of program specifications.

What is the difference between alpha testing and beta testing?

In our experience, few organizations perform as thorough testing as they should. Why do you
think this happens? How could it be avoided?

See Full Question And Answer at solutionrank.com

What is the difference between a transaction structure and a transform structure? Can a module
be a part of both types of structures? Why or why not?

Is program design more or less important when using event-driven languages such as Visual
Basic?

In the new system under development for Holiday Travel Vehicles, seven tables will be
implemented in the new relational database. These tables are New Vehicle, Trade-in Vehicle,
Sales Invoice, Customer, Salesperson, Installed Option, and Option. The expected average record
size for these tables and the initial record c

Calculate the size of the database that you created in question F. Provide size estimates for the
initial size of the database as well as for the database in one year's time. Assume that the
dealership sells 10 models of cars from each manufacturer to approximately 20,000 customers a
year. The system will be set up ini

A major public university graduates approximately 10,000 students per year, and its development
office has decided to build a Web-based system that solicits and tracks donations from the
university's large alumni body. Ultimately, the development officers hope to use the information
in the system to better understand t

See Full Question And Answer at solutionrank.com

What are the differences between the logical and physical ERDS?

What are the five types of coupling? Give an example of good coupling and an example of bad
coupling.

Create a program specification for module 1.2.3.4 on the structure chart inFigure.

What does a data couple depict on a structure chart? A control couple?

What is meant by the characteristic of module cohesion? What is its role in structure chart
quality?
See Full Question And Answer at solutionrank.com

My first programming job in 1977 was to convert a set of application systems from one version
of COBOL to another version of COBOL for the government of Prince Edward Island. The
testing approach was to first run a set of test data through the old system and then run it through
the new system to ensure that the results

Create pseudocode for the program specification that you wrote in Exercise L.

What is the difference between structured programming and event-driven programming?

Create a program specification for module 1.1.3.1 on the structure chart inFigure.

Identify the kinds of coupling that are represented in the followingsituations:

See Full Question And Answer at solutionrank.com

Describe the typical way that project managers organize the programmers' work storage areas.
Why is this approach useful?

What are the two most important factors in determining the type of data storage format that
should be adopted for a system? Why are these factors so important?

What is the primary goal of integration testing?

Compare and contrast black-box testing and whitebox testing.

Describe the five approaches to systems testing.

See Full Question And Answer at solutionrank.com

If the project manager feels that programming is falling behind schedule, should more
programmers be assigned to the project? Why or why not?

Name five types of files, and describe the primary purpose of each type.

What is the difference between interfile and intrafile clustering? Why are they used?

Discuss why testing is so essential to the development of the new system.

Develop a program specification for Module 4.2.5 (Calculate Dealer Cost) in minicase 1.

See Full Question And Answer at solutionrank.com

Create a structure chart based on the data flow diagrams (DFDs) that you created for the
following exercises in Chapter 5: • Question D • Question E • Question F • Question
G • Question H
In “Your Turn 14-3” you were asked to draw a use case diagram for the campus housing
system. Select one of the use cases from the diagram and create a sequence diagram that
represents the interaction among objects in the use case.

In our experience, change management planning often receives less attention than conversion
planning. Why do you think this happens?

What are the three key roles in any change management initiative?

Compare and contrast the online help resources at two different Web sites that enable you to
perform the same function (e.g., make travel reservations, order books).

See Full Question And Answer at solutionrank.com

What are the commonly used sources of documentation navigation controls? Which is the most
important? Why?

Explain the trade-offs among selecting between the types of conversion in Questions 3, 4, and 5.

How is the object approach different from the data and process approaches to systems
development?

Consider the video store described in question I. Draw a behavioral state machine diagram that
describes the various states that a video goes through from the time it is placed on the shelf
through the rental and return processes.

Are states always depicted by rounded rectangles on a behavioral state machine diagram?
Explain.

See Full Question And Answer at solutionrank.com

Consider a process called validate credit history, which is used to validate the credit history for
customers who want to take out a loan. Explain how it can be an example of an includes
association on a use case diagram. Describe how it is an example of an extends association. As
an analyst, how would you know which i

Create a use case diagram that would illustrate the use cases for the following online university
registration system: The system should enable the staff members of each academic department to
examine the courses offered by their department, add and remove courses, and change the
information about courses (e.g., the ma

Think about sending a first-class letter to an international pen pal. Describe the process that the
letter goes through to get from your initial creation of the letter to being read by your friend,
from the letter’s perspective. Draw a behavioral state machine diagram that depicts the states
that the letter moves thr
How would you motivate adoption if you were the developer of a new executive information
system designed to provide your organization’s top executives with key performance
measures and economic trend information?

What is the Unified Modeling Language (UML)? How does it support the object approach to
systems development?

See Full Question And Answer at solutionrank.com

Throughout the 1960s, 1970s, and 1980s, the U.S. Army automated its installations ("army
bases," in civilian terms). Automation was usually a local effort at each of the more than 100
bases. Although some bases had developed software together (or borrowed software developed
at other bases), each base often had software

Develop a unit test plan for the calculator program in Windows (or a similar program for the
Mac or UNIX).

Describe the main building blocks for the sequence diagram and how they are represented on the
model.

Prepare a plan to motivate the adoption of the system described in Exercise E.

How is project team review different from system review?

See Full Question And Answer at solutionrank.com

Sky View Aerial Photography offers a wide range of aerial photographic, video, and infrared
imaging services. The company has grown from its early days of snapping pictures of client
houses to its current status as a full-service aerial image specialist. Sky View now maintains
numerous contracts with various government

As a great analyst, you've planned, analyzed, and designed a good solution. Now you need to
implement it. As part of implementation, do you think that training is just a wasted expense?
Stress is common in a help-desk call center. Users of computing services call to get access to
locked accounts, get help when technolo

What are the major sources of change requests?

Why do people resist change? Explain the basic model for understanding why people accept or
resist change.

Describe the way in which the RUP is implemented on a systems project.

See Full Question And Answer at solutionrank.com

Suppose that you are the project leader for the development of a new airline reservation system
that will be used by the airline's in-house reservation agents. The system will replace the current
command driven system designed in the 1970s that uses terminals. The new system uses PCs
with a Web-based interface. Develop

What three kinds of events can lead to state transitions on a behavioral state machine diagram?

Examine and prepare a report on the online help system for the calculator program in Windows
(or a similar program for the Mac or Unix). (You may be surprised at the amount of help that is
available for such a simple program).

Create a use case diagram for the system described next: Owners of apartments fill in
information forms about the rental units they have available (e.g., location, number of bedrooms,
monthly rent), which are entered into a database. Students can search through this database via
the Web to find apartments that meet th

Suppose that you are the project leader for the scenario described in Exercise J. Develop a
migration plan (including both conversion and change management) for the independent travel
agencies who use your system.

See Full Question And Answer at solutionrank.com

What do you think are three common mistakes that novice analysts make in using UML
techniques?

â– Develop the combination of conversion strategy dimensions that produces the least risk; the
most risk. â– Develop the combination of conversion strategy dimensions that produces the least
cost; the most cost. â– Develop the combination of conversion strategy dimensions that requires
the least time; the most ti

What are the three basic steps in managing organizational change?

Identify the model(s) that contains each of the following components: • Aggregation
association • Class • Derived attributes • Extends association • Execution occurrence
• Guard condition • Initial state • Links • Message • Multiplicity • Specialized
actor • System boundary • Update method

Nancy is the IS department head at MOTO Inc., a human resources management firm. The IS
staff at MOTO Inc. completed work on a new client management software system about a month
ago. Nancy was impressed with the performance of her staff on this project because the firm had
not previously undertaken a project of this s

See Full Question And Answer at solutionrank.com

Create class diagrams that describe the classes and relationships depicted in the following
scenarios: • Researchers are placed into a database that is maintained by the state of Georgia.
Information of interest includes researcher name, title, position, date began current position,
number of years at current positio

Investigate the Object Management Group (OMG). Write a brief memo describing what it is, its
purpose, and its influence on UML and the object approach to systems development.

How can you employ the use case report to develop a use case diagram?

You have been working with the system for the campus housing service that helps students find
apartments. One of the dynamic classes in this system likely is the apartment class. Draw a
behavioral state machine diagram to show the various states that an apartment class transitions to
throughout its lifetime. Can you th

Create a sequence diagram for each of the following scenario descriptions for a video store
system: A Video Store (AVS) runs a series of fairly standard video stores: • Every customer
must have a valid AVS customer card in order to rent a video. Customers rent videos for three
days at a time. Every time a customer re

See Full Question And Answer at solutionrank.com

Describe how the object approach supports the program design concepts of cohesion and
coupling that were presented in Chapter 10.

Some experts argue that object-oriented techniques are simpler for novices to understand and use
than are DFDs and ERDs. Do you agree? Why or why not?

Why is project assessment important?

Investigate the Web site for Rational Software (www-306.ibm.com/software/rational/) and its
repository of information about Unified Modeling Language (UML). Write a paragraph news
brief on the current state of UML (the current version and when it will be released, future
improvements, etc.).

What are the major components of a migration plan?

See Full Question And Answer at solutionrank.com

The systems analysts are developing the test plan for the user interface for the Holiday Travel
Vehicles system. As the salespeople are entering a sales invoice into the system, they will be able
to either enter an option code into a text box or select an option code from a drop-down list. A
combo box was used to imple

What is the role of the operations group in the systems development life cycle (SDLC)?
Do you think that UML will become more popular than the traditional structured techniques
discussed previously? Why or why not?

Explain the three categories of adopters you are likely to encounter in any change management
initiative.

What are the two kinds of labels that a class diagram can have for each association? When is
each kind of label used?

See Full Question And Answer at solutionrank.com

How can the object approach improve the systems development process?

How is a class diagram different from an ERD?

Compare and contrast two major ways to provide system support.

Create a use case diagram that would illustrate the use cases for the following system: A Real
Estate Inc. (AREI) sells houses. People who want to sell their houses sign a contract with AREI
and provide information on their house. This information is kept in a database by AREI, and a
subset of this information is sent

Do lifelines always continue down the entire page of a sequence diagram? Explain.

See Full Question And Answer at solutionrank.com

Suppose that you are installing a new room reservation system for your university that tracks
which courses are assigned to which rooms. Assume that all the rooms in each building are
"owned" by one college or department and only one person in that college or department has
permission to assign them. What conversion st

Describe the type of class that is best represented by a behavioral state machine diagram. Give
two examples of classes that would be good candidates for behavioral state machine diagrams.

Compare and contrast three basic approaches to training.

The awful truth is that every operating system and application system is defective. System
complexity, the competitive pressure to hurry applications to market, and simple incompetence
contribute to the problem. Will software ever be bug free? Not likely. Microsoft Windows Group
General Manager Chris Jones believes tha

Identify and explain three standard operating procedures for the course in which you are using
this book. Discuss whether they are formal or informal.

See Full Question And Answer at solutionrank.com

The use case diagram for the Digital Music Download system does not include special use case
relationships (e.g., extends or includes) or specialized actors. See whether you can come up with
one example for each of these special cases that may be helpful for Tune Source to add to the use
case diagram. Describe how the

Compare and contrast direct conversion and parallel conversion.

When the European Union decided to introduce the euro, the European Central Bank had to
develop a new computer system (called Target) to provide a currency settlement system for use
by investment banks and brokerages. The euro opened at an exchange rate of U.S. $1.167.
However, a rumor that the Target system malfunctio

Suppose that you are leading the installation of a new decision support system to help admissions
officers manage the admissions process at your university. Develop a change management plan
(i.e., organizational aspects only).

How is a problem report different from a change request?

See Full Question And Answer at solutionrank.com

How is the use case diagram similar to the context and level 0 data flow diagrams (DFDs)? How
is it different?

A new systems development project is Pete's first experience as a project manager, and he has
led his team successfully to the programming phase of the project. The project has not always
gone smoothly, and Pete has made a few mistakes, but he is generally pleased with the progress
of his team and the quality of the sy

Compare and contrast the rational unified process (RUP) with UML.

Draw the associations that are described by the business rules that follow. Include the
multiplicities for each relationship. • A patient must be assigned to only one doctor, and a
doctor can have one or many patients. • An employee has one phone extension, and a unique
phone extension is assigned to an employee. â

Suppose you are installing a new payroll system in a very large multinational corporation. What
conversion strategy would you use? Develop a conversion plan (i.e., technical aspects only).

See Full Question And Answer at solutionrank.com

Give two examples of the extends associations on a use case diagram. Give two examples for the
includes association.

Identify the operations that follow as constructor, query, or update. Which operations would not
need to be shown in the class rectangle? • Calculate employee raise (raise percent) • Insert
employee () • Insert spouse () • Calculate sick days () • Locate employee name () •
Find employee address () • Incre

When the European Union decided to introduce the euro, the European Central Bank had to
develop a new computer system (called Target) to provide a currency settlement system for use
by investment banks and brokerages. Prior to the introduction of the euro, settlement was
performed between the central banks of the count

Why is an association class used for a class diagram? Give an example of an association class
that may be found in a class diagram that captures students and the courses that they have taken.

Suppose that you are installing a new accounting package in your small business. What
conversion strategy would you use? Develop a conversion plan (i.e., technical aspects only).

See Full Question And Answer at solutionrank.com

Prepare a training plan that includes both what you would train and how the training would be
delivered for the system described in Exercise E.

Create a use case diagram that would illustrate the use cases for the following dentist office
system: Whenever new patients are seen for the first time, they complete a patient information
form that asks their name, address, phone number, and brief medical history, which is stored in
the patient information file. When

What do you think are three common mistakes that novice analysts make in migrating from the
as-is to the to-be system?

Investigate computer-aided software engineering (CASE) tools that support UML (e.g., Rational
Software’s Rational Rose, Microsoft’s VISIO) and describe how well they support the
language. What CASE tool would you recommend for a project team about to embark on a
project by using the object approach? Why?

Suppose that you are the project manager for a new library system for your university. The
system will improve the way in which students, faculty, and staff can search for books by
enabling them to search over the Web, rather than using only the current textbased system
available on the computer terminals in the librar

See Full Question And Answer at solutionrank.com

Give examples of a static model and a dynamic model in UML. How are the two kinds of models
different?

Some experts argue that change management is more important than any other part of the SDLC.
Do you agree or not? Explain.
Draw a behavioral state machine diagram that describes the various states that a travel
authorization can have through its approval process. A travel authorization form is used in most
companies to approve travel expenses for employees. Typically, an employee fills out a blank
form and sends it to his or her boss for a

Give three examples of derived attributes that may exist on a class diagram. How would they be
denoted on the model?

Develop a unit test plan for a Web site that enables you to perform some function (e.g., make
travel reservations, order books).

See Full Question And Answer at solutionrank.com

Shamrock Foods is a major food distributor centered in Tralee, Ireland. Originally a dairy
cooperative, Shamrock branched into various food components (dried milk, cheese solids,
flavorings [or flavourings, as the Irish would spell it]) and has had substantial growth in the past
10 years, most of which came by way of a

Compare and contrast pilot conversion, phased conversion, and simultaneous conversion.

Describe the steps used to create a sequence diagram.

Which of the following could be an actor found on a use case diagram? Why? • Ms. Mary
Smith • Supplier • Customer • Internet customer • Mr. John Seals • Data-entry clerk
• Database administrator

Suppose that you are leading the conversion from one word processor to another at your
university. Develop a conversion strategy. You have also been asked to develop a conversion
strategy for the university’s new Web-based course registration system. How would the
second conversion strategy be similar to or different

See Full Question And Answer at solutionrank.com

How should you decide what items to include in your training plan?

Suppose that you are the project leader for the development of a new Web-based course
registration system for your university that replaces an old system in which students had to go to
the coliseum at certain times and stand in line to get permission slips for each course they wanted
to take. Develop a migration plan (

In “Your Turn 14-2,” you created a use case diagram for the campus housing service that
helps students find apartments. From the use cases and the use case diagram, create a class
diagram for the campus housing service. See whether you can identify at least one potential
derived attribute, aggregation association,
Create a sequence diagram for each of the following scenario descriptions for a health club
membership system: • When members join the health club, they pay a fee for a certain length
of time. The club wants to mail out reminder letters to members, asking them to renew their
memberships one month before their members

Compare and contrast modular conversion and whole-system conversion.

See Full Question And Answer at solutionrank.com

What are the three major elements of management policies that must be considered when
implementing a new system?

Compare and contrast an information change management strategy with a political change
management strategy. Is one better than the other?

Contrast the items in the following sets of terms: • Object; class; instance; entity relationship
diagram (ERD) entity • Property; method; attribute • State; behavior • Superclass;
subclass • Concrete class; abstract class • Method; message • Encapsulation; inheritance;
polymorphism • Static binding; dy

Consider a system that is used to run a small clothing store. Its main functionality is maintaining
inventory of stock, selling items to customers, and producing sales reports for management. List
examples for each of the following items that may be found on a use case diagram that models
such a system: use case; exten

Give two examples of aggregation associations and generalization associations. How is each type
of association depicted on a class diagram?

See Full Question And Answer at solutionrank.com

Describe the steps in creating a use case diagram.

Investigate the rational unified process (RUP). Describe the major benefits of RUP and the steps
that it contains. Compare the methodology with one of the other methodologies described in
Chapter 2.

What is master data management? What does it have to do with high-quality data?

Identify and describe the six steps in the knowledge management system cycle.

What is knowledge management?

See Full Question And Answer at solutionrank.com

If you were a government official, how would you protect your citizens who registered for the
database?
What types of problems did the cell phone database experience? Why did it experience these
problems?

What are spamming, permission marketing, and viral marketing?

Differentiate between authentication and authorization. Which one of these processes is always
performed first?

Discuss the major legal issues of EC.

See Full Question And Answer at solutionrank.com

List and explain some ethical issues in EC.

Access www.mint.com. Identify its revenue model. What are the risks of giving this Web site
your credit and debit card numbers, as well as your bank account number?

Compare and contrast risk management and risk analysis.

Define data governance.

In some cases, individuals engage in cyber squatting so that they can sell the domain names to
companies expensively. In other cases, companies engage in cyber squatting by registering
domain names that are very similar to their competitors' domain names in order to generate
traffic from people who misspell Web address

See Full Question And Answer at solutionrank.com

Describe the characteristics of a data warehouse.

Conduct a study on selling diamonds and gems online. Access such sites as www.bluenile.com,
www.diamond.com, www.thaigem.com, www.tiffany.com, and www.jewelryexchange.com. a.
What features are used in these sites to educate buyers about gemstones? b. How do these sites
attract buyers? c. How do these sites increase

Describe several reasons why it is difficult to protect information resources.

Identify the parts of an Internet address.

Describe the difference between the Internet and the World Wide Web.

See Full Question And Answer at solutionrank.com

Describe the various technologies that enable users to send high-volume data over any network.

What are the benefits of data dictionaries?

Differentiate among B2C, B2B, C2C, and B2E electronic commerce.

What are the implications of BitTorrent for the music industry, for the motion picture industry?

Why is cross-border cyber-crime expanding rapidly? Discuss possible solutions.

See Full Question And Answer at solutionrank.com

Why are the skills needed to be a hacker decreasing?

Compare and contrast Quora to an organization's knowledge management system. Could a

Quora-type knowledge management system be used inside an organization? Why or why not?
Support your answer.

Draw the entity-relationship diagram for this patient appointment system. The business rules of
this system are the following: A doctor can be scheduled for many appointments, but may not
have any appointments scheduled at all. Each appointment is scheduled with exactly one doctor.
A patient can schedule one or more

Describe the various ways that you can connect to the Internet.

Compare and contrast Google Sites (www.google.com/sites) and Microsoft Office Live
(www.liveoffice.com). Which site would you use to create your own Web site? Explain your
choice.

See Full Question And Answer at solutionrank.com

Access various travel sites such as www.travelocity.com, www.orbitz.com, www.expedia.com,

www.sidestep.com, and www.pinpoint.com. Compare these Web sites for ease of use and
usefulness. Note differences among the sites. If you ask each site for the itinerary, which one
gives you the best information and the best deals?

What is a primary key? A secondary key?

Discuss the network applications that you studied in this section and the tools and technologies
that support each one.

Distinguish between business-to-business forward auctions and buyers' bids for RFQs.

Access this article from The Atlantic: "Is Google Making Us Stupid?"
(www.theatlantic.com/doc/200807/google). Is Google making us stupid? Support your answer.

See Full Question And Answer at solutionrank.com

Define e-commerce, and distinguish it from e-business.

Apply your thoughts in Question 1 to college education by discussing the advantages and
disadvantages of taking college courses online. Extend your answer here to completing entire
degree programs online.

What are the features provided by online luxury retailers that overcome the problems you
mentioned in Question #1? In Question 1 Provide two specific examples of luxury shoppers'
requirements that a Web site could not provide.

Compare and contrast master data and transactional data, and provide an example of each one.

Visit Web sites of companies that manufacture telepresence products for the Internet. Prepare a
report. Differentiate between telepresence products and videoconferencing products.

See Full Question And Answer at solutionrank.com

List the various electronic payment mechanisms. Which of these mechanisms are most often
used for B2B payments?

Describe virtual universities.

Differentiate between e-learning and distance learning.

Provide two examples of how the technology added to the vending machines gives Treat
America a competitive advantage.

Describe the advantages of Qwiki over conventional search and metasearch engines.

See Full Question And Answer at solutionrank.com

Discuss the major limitations of e-commerce. Which of these limitations are likely to disappear?
Why?

Briefly differentiate among vertical exchanges, horizontal exchanges, and functional exchanges.

What were the reasons that delayed the city's implementation of Google Apps? What was the
CIO's response to these issues?

Differentiate between data warehouses and data marts.

Describe the major reasons that helped the CIO of Los Angeles to decide to use Google Apps
rather than upgrade the city's existing Microsoft system.

See Full Question And Answer at solutionrank.com

Why did Crabby Bill's develop multiple databases for their data? Are there any advantages in
this approach? Support your answer.
Why are federal authorities so worried about SCADA attacks?

What is a SCADA system?

Describe the variety of benefits that The Isle realized from its data warehouse.

Describe the Ethernet and TCP/IP protocols.

See Full Question And Answer at solutionrank.com

Discuss the pros and cons of P2P networks.

Differentiate among a threat, an exposure, and vulnerability.

A critical problem is assessing how far a company is legally obligated to go in order to secure
personal data. Because there is no such thing as perfect security (i.e., there is always more that
you can do), resolving this question can significantly affect cost. a. When are security measures
that a company implements

What actions should the University now perform to prevent future attacks?

What are the major benefits of G2C electronic commerce?

See Full Question And Answer at solutionrank.com

Define alien software, and explain why it is a serious problem.

Explain why it is important to capture and manage knowledge.

Identify and explain the major difficulties involved in managing data.

Each team will pick one of the following: Your Street, Platial, Topix, or Google Earth. Compare
and contrast these products as to features and ease-of-use. Present each product to the class. Each
group will collaborate on writing a report on its product using Google Docs.

Access www.nacha.org. What is NACHA? What is its role? What is the ACH? Who are the key
participants in an ACH e-payment? Describe the "pilot" projects currently underway at ACH.

See Full Question And Answer at solutionrank.com

What is telecommuting? Do you think you would like to telecommute? Why or why not?

Identify the major issues relating to e-tailing.

Describe the implications of the precisely targeted nature of the Stuxnet attack.

Briefly differentiate between the sell-side marketplace and the buy-side marketplace.
Identify the business conditions that have made videoconferencing more important.

See Full Question And Answer at solutionrank.com

Discuss forward and reverse auctions.

What are the three types of software attacks?

Compare and contrast the three wire line communications channels.

Should the Internet be regulated, if so, by whom?

Provide two specific examples of potential disadvantages that Person might encounter by using
electronic commerce.

See Full Question And Answer at solutionrank.com

Identify and discuss the disadvantages of taking online AP classes. Provide specific examples of
disadvantages that are not mentioned in the case.

Draw an entity-relationship diagram for a small retail store. You wish to keep track of the
product name, description, unit price, and number of items of that product sold to each customer.
You also wish to record customer name, mailing address, and billing address. You must track
each transaction (sale), date, product

Describe the problems in the commercial real estate market that led to Andrew Florance
founding the CoStar Group.

Describe buyer protection and seller protection in EC.

What are disadvantages to the multiple database approach (other than the disadvantages
mentioned in this case?)

See Full Question And Answer at solutionrank.com

Discuss the reasons for EC failures.

Why was it necessary for The Isle of Capri Casinos to develop a data warehouse?

Explain how the Internet works. Assume you are talking with someone who has no knowledge of
information technology (in other words, keep it very simple).

Discuss online advertising, its methods, and its benefits.

Compare and contrast white listing and blacklisting.

See Full Question And Answer at solutionrank.com

What other actions could the University have taken to prevent the attack?

Compare and contrast tacit knowledge and explicit knowledge.

In some cases, individuals engage in cyber squatting so that they can sell the domain names to
companies expensively. In other cases, companies engage in cyber squatting by registering
domain names that are very similar to their competitors' domain names in order to generate
traffic from people who misspell Web address

Does Qwiki have a competitive advantage over conventional search and metasearch engines?
Why or why not? Provide examples to support your answer.

Identify some benefits and limitations of e-commerce.

See Full Question And Answer at solutionrank.com

Discuss the pros and cons of delivering this book over the Internet.

Compare and contrast tacit knowledge and explicit knowledge, and provide examples of each
type.

After you answer Questions 1 and 2, speculate on the future of online universities.

Define e-government.

Describe electronic storefronts and malls.

See Full Question And Answer at solutionrank.com

It is possible to find many Web sites that provide demographic information. Access several of
these sites and see what they offer. Do the sites differ in the types of demographic information
they offer? How? Do the sites require a fee for the information they offer? Would demographic
information be useful to you if you

How is the network applications of communication and collaboration related? Do

communication tools also support collaboration? Give examples.

What is the purpose of a disaster recovery plan?

Have each team download a free copy of Groove from www.groove.net. Install the software on
the members' PCs and arrange collaborative sessions. What can the free software do for you?
What are its limitations?

Access the Web site of the Recording Industry Association of America (www.riaa.com). Discuss
what you find there regarding copyright infringement (that is, downloading music files). How do
you feel about the RIAA's efforts to stop music downloads? Debate this issue from your point of
view and from the RIAA's point of v

See Full Question And Answer at solutionrank.com

What is the difference between LANs and WANs?

Differentiate between client/server computing and peer-to-peer processing.

What does a flat world mean to you in your choice of a major? In your choice of a career? Will
you have to be a lifelong learner? Why or why not?

What might the impact of a flat world be on your standard of living?

Describe the robotic revolution, and consider its possible implications for humans.

See Full Question And Answer at solutionrank.com

Explain how information systems provide support for knowledge workers.

Describe supply chain management (SCM) and its role in supporting business operations.

What is a computer-based information system?

Describe Porter's value chain model. Differentiate between Porter's competitive forces model and
his value chain model.

The market for optical copiers is shrinking rapidly. It is expected that by 2010 as much as 90
percent of all duplicated documents will be done on computer printers. Can a company such as
Xerox Corporation survive?

See Full Question And Answer at solutionrank.com

Provide specific examples of problems that could occur at Progressive and Zappos if the firms'
business strategy and information technology are not aligned.

1. Was the move from 20-year-old legacy systems at Stanford necessarily a good idea? Why or
why not? 2. In your opinion, did Stanford spend too much time consulting the ERP vendors
(Oracle and PeopleSoft) and not enough time consulting their own staff? 3. Can ERP systems
work in universities or colleges?

Describe the business purpose of a content management system, a workflow management system
and groupware.

1. Define e-government. What purpose does e-government serve? 2. What are the different types
of e-governments? 3. Identify and discuss briefly the types of e-governments initiatives
supported in the case study. 4. What are the benefits of e-procurement? What issues are being
addressed by e-procurement?

Why should employees in all functional areas become knowledgeable about IT?

See Full Question And Answer at solutionrank.com

Investigate the Sony Playstation Network hack that occurred in April 2011. a. What type of
attack was it? b. Was the success of the attack due to technology problems at Sony, management
problems at Sony, or a combination of both? Provide specific examples to support your answer.
c. Which Sony controls failed? d.

Apply Porter's value chain model to Costco (www.costco.com). What is Costco's competitive
strategy? Who are Costco's major competitors? Describe Costco's business model. Describe the
tasks that Costco must accomplish for each primary value chain activity. How would Costco's
information systems contribute to Costco's co

Describe the fundamental tenets of ethics.

1. What reason would a bank have for not wanting to adopt an online transfer delay policy? 2.
What are the two primary lines of security defence, and why are they important to financial
institutions? 3. Explain the differences between the types of security offered by the banks in the
examples above. Which bank woul

An information security manager routinely monitored the Web surfing among her company's
employees. She discovered that many employees were visiting the "sinful six" Web sites. She
then prepared a list of the employees and their surfing histories and gave the list to management.
Some managers punished their employees. S

See Full Question And Answer at solutionrank.com

Make the argument against the privacy policy changes that Face book instituted in December
2009.

1. Determine whether an entry in Wikipedia is an example of transactional information or

analytical information. 2. What is the impact to Wikipedia if the information contained in its
database is of low quality? 3. Review the five common characteristics of high-quality
information and rank them in order of importanc

Consider the student registration business process at your university:

Describe enterprise resource planning and its role in supporting business operations

Frank Abagnale, the criminal played by Leonardo DiCaprio in the motion picture Catch Me If
You Can, ended up in prison. However, when he left prison, he went to work as a consultant to