Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo
Foundations of Information Systems

Review Questions

Foundations of Information SystemsReview Questions
1.
What is a description of Privacy by Design?
  1. a principle advocating for privacy to be intentionally embedded into the design and architecture of IT systems and business practices
  2. a principle focusing on the technical aspects of implementing data protection controls, such as encryption and anonymization
  3. a principle focusing only on data storage and management by third-party providers
  4. a principle that is reactive to data protection and is only considered after a data breach has occurred
2 .
The General Data Protection Regulation (GDPR) impacts ________.
  1. only organizations based in the EU
  2. only organizations based outside of the EU
  3. all organizations that process the data of EU citizens, regardless of the company’s location
  4. only organizations that have a physical presence in the EU
3.
The International Organization for Standardization’s (ISO) 27701 standard is an extension of ISO 27001. What does ISO 27701 provide guidance on?
  1. how to manage privacy information
  2. how to manage third-party relationships in data storage
  3. how to create new data privacy laws
  4. how to design privacy into IT systems and business practices
4 .
How did internet usage change from the 1990s to the 2020s?
  1. It decreased due to privacy concerns.
  2. It increased slightly with the growth of technology.
  3. It skyrocketed due to the rise of big data and digital lifestyle.
  4. It remained stable as internet penetration rates reached a plateau.
5.
What is the term for the practice of incorporating privacy controls into the design and development of IT, systems, networks, and business practices?
  1. Privacy by Design
  2. privacy engineering
  3. security engineering
  4. privacy network
6 .
What kind of attack exploits vulnerabilities in a web application to inject malicious scripts into websites viewed by other users?
  1. man-in-the-middle attack
  2. SQL injection
  3. cross-site scripting
  4. phishing
7.
Which attack can turn unsecured IoT devices into bots to carry out massive, distributed denial-of-service (DDoS) attacks?
  1. Mirai botnet attack
  2. SQL injection
  3. CSRF attack
  4. dictionary attack
8 .
Which international standard provides a framework for an information security management system (ISMS)?
  1. ISO 31000
  2. ISO/IEC 27001
  3. ISO 9001
  4. ISO 14001
9.
When developing web and IoT technologies, enterprises and IT professionals have the social responsibility to ________.
  1. maximize profit
  2. ensure user engagement
  3. safeguard user information and privacy
  4. minimize development costs
10 .
Which regulation enacted by the European Union focuses primarily on data protection and control?
  1. COPPA
  2. GDPR
  3. CCPA
  4. LGPD
11.
Which organization has been heavily involved in developing standards specifically for IoT?
  1. W3C
  2. IEEE
  3. ITU
  4. NIST
12 .
In the case study, what was the primary reason behind the Texas-based data center efforts to gain ISO/IEC 27001 certification?
  1. legal requirement
  2. client demands
  3. strategic business decision
  4. government grants
13.
Which type of organization would most likely require that its data centers be ISO/IEC 27001 certified?
  1. local shops
  2. Fortune 500 companies
  3. small online businesses
  4. individual clients
14 .
What is a primary focus of a gap analysis related to data security and privacy?
  1. identifying strong performance areas only
  2. assessing whether the organization’s philanthropic efforts are successful
  3. comparing current policies against industry standards to identify weaknesses
  4. measuring the CEO’s leadership skills
15.
In terms of compliance with global frameworks such as GDPR, what principle emphasizes collecting only the data strictly necessary for intended purposes?
  1. data maximization
  2. transparency
  3. data minimization
  4. data expansion
16 .
What is the main objective of conducting an audit in the context of data security and privacy?
  1. to hire new staff
  2. to align an organization’s practices with global privacy standards
  3. to redesign the company’s organizational structure
  4. to evaluate employee performance
17.
In complying with global frameworks such as GDPR, what does the term transparency primarily refer to?
  1. the organization’s revenue
  2. clarity in how user data are used and managed
  3. the physical layout of an office
  4. government operations
18 .
Which of the following would be considered a significant risk associated with gaps in data security policies?
  1. reduced employee turnover
  2. increased stock prices
  3. loss of user trust and potential regulatory fines
  4. introduction of new company products
19.
The scope of a gap analysis for data security and privacy usually includes evaluating ________.
  1. employee behavior and data sharing controls
  2. third-party data access and customer behavior
  3. evaluating areas such as user consent management, data sharing controls, and third-party data access
  4. consent management only
PreviousNext
Citation/Attribution

This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution-NonCommercial-ShareAlike License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
Citation information

© Mar 11, 2025 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.