Questions for the CITM-001 were updated on : Nov 21 ,2025
All of the following are processing modes except:
C
Explanation:
Processing modes are the ways of organizing data and operations in a computer system. Batch
processing, time-sharing, and online are all examples of processing modes, but process is not. A
process is a program or a set of instructions that is executed by the CPU. A process can run in
different processing modes, depending on the system design and the user requirements. For
example, a process can run in batch mode, which means that it is executed without user interaction
and with a set of input data. Alternatively, a process can run in time-sharing mode, which means that
it is executed in a shared environment with multiple users and with interactive input and output.
Finally, a process can run in online mode, which means that it is executed with continuous
connection to a network and with real-time input and output. Reference:
EPI-USA
, CITM Course
Outline, Module 2: IT Infrastructure, Slide 9.
GAQM
, CITM Exam Objectives, Domain 2: IT
Infrastructure, Objective 2.1: Understand the basic concepts of IT infrastructure.
Includehelp
, MCQ |
Modes of Operations in Block Cipher.
Which of the following best suits the statement below? It's the main memory of the computer
system and is volatile
A
Explanation:
RAM, or Random Access Memory, is the best fit for the statement because it is the main memory of
the computer system and is volatile. RAM is a type of computer memory that is used to store data
that is currently being used by the computer’s operating system and applications. RAM is volatile
because it loses its contents when the power supply to the computer is turned off or interrupted.
RAM is also faster and more expensive than other types of memory, such as ROM, PROM, or hard
disk, which are non-volatile and can retain data without power. RAM is divided into two types: static
RAM (SRAM) and dynamic RAM (DRAM), which differ in their speed, power consumption, and
design. Reference
https://en.wikipedia.org/wiki/Volatile_memory
https://www.bbc.co.uk/bitesize/guides/zfyyb82/revision/1
https://www.proprofs.com/quiz-school/story.php?title=information-technology-quiz_7
________________ interdependence occurs when the output of one unit is the input to another.
A
Explanation:
Sequential interdependence occurs when the output of one unit or group becomes the input for
another. This type of interdependence requires coordination and communication among the units or
groups involved, as any delay or error in one unit can affect the performance of the next unit.
An
example of sequential interdependence is an assembly line, where each stage of production depends
on the previous one12
Reference:
: 9.4 Intergroup Behavior and Performance - OpenStax
: Three Types of Interdependence in an Organizational Structure | Small Business - Chron.com
_______________ interdependence occurs when two organizations depend on each other.
B
Explanation:
Reciprocal interdependence occurs when two organizations depend on each other in a cyclical
manner, such that the output of one becomes the input of the other and vice versa. This type of
interdependence is the most complex and difficult to manage, as it requires constant coordination
and communication between the organizations. An example of reciprocal interdependence is the
relationship between a software development company and a software testing company, where each
one relies on the feedback and quality of the other’s work. Reference:
Three Types of
Interdependence in an Organizational Structure
,
Interdependence in International Organization and
Global Governance
A malicious program that records a user’s keystrokes is an example of:
A
Explanation:
A malicious program that records a user’s keystrokes is an example of a Trojan horse. A Trojan horse
is a type of malware that masquerades as a legitimate file or application, but secretly performs
malicious actions in the background. A Trojan horse can be used to install other malware, such as
keyloggers, on the victim’s device. A keylogger is a specific type of Trojan horse that captures and
sends the user’s keystrokes to a remote attacker, who can use them to steal sensitive information,
such as passwords, credit card numbers, or personal data.
The other options are not correct because:
Adware is a type of malware that displays unwanted advertisements on the user’s device, often
redirecting them to malicious websites or installing more malware. Adware does not necessarily
record the user’s keystrokes, although some adware may have keylogging capabilities.
An anti-virus program is a software that protects the user’s device from malware, such as viruses,
worms, ransomware, spyware, etc. An anti-virus program does not record the user’s keystrokes, but
rather scans and removes any malicious programs that may do so.
A performance monitor is a software that measures and displays the performance of the user’s
device, such as CPU usage, memory usage, disk space, network traffic, etc. A performance monitor
does not record the user’s keystrokes, but rather provides useful information for troubleshooting or
optimizing the device.
Reference:
CITM Study Guide, Chapter 7: IT Security Management, pp. 131-132
What Is a keylogger and how to detect keystroke logging - Norton
Keylogger: how to recover the infected pc? - Panda Security
Choose the malicious code which can distribute itself without using having to attach to a host file.
C
Explanation:
A worm is a type of malicious code that can distribute itself without using having to attach to a host
file. Unlike a virus, which needs to infect an existing program or file to spread, a worm can create
copies of itself and send them to other devices through a network. A worm can consume network
bandwidth, slow down the system performance, or deliver a payload that can damage or
compromise the security of the infected device. According to the CITM study guide, a worm is “a self-
replicating program that does not alter files but resides in active memory and duplicates itself” (p.
70). Some examples of worms are Stuxnet, Conficker, and Blaster. Reference:
CITM Study Guide, Chapter 5: Information Security, pp. 69-71
12 Types of Malware + Examples That You Should Know1
What is Malicious code?2
Cyber Awareness Challenge 2022 Malicious Code3
Malicious Code—What is it and How to Prevent it?4
Which of the following virus is a script that attaches itself to a file or template?
C
Explanation:
A macro virus is a virus that is written in a macro language, which is a programming language
embedded inside a software application, such as word processors and spreadsheet applications. A
macro virus can attach itself to a file or template and run automatically when the file is opened or
closed, without the user’s knowledge. A macro virus can infect any system that supports macros,
regardless of the operating system.
A macro virus can spread quickly by infecting other documents
and templates, and may cause damage to the computer and its applications123
Reference:
: What is a Macro Virus? | Macro Virus Definition - Kaspersky
: Macro virus - Wikipedia
: What is a macro virus and how to help prevent them - Norton™
Which term describes dormant code added to software and triggered at a predetermined time or by
a predetermined event?
A
Explanation:
A logic bomb is a type of malicious code that is inserted into a software program and remains
dormant until a specific condition or event occurs, such as a certain date, time, or user action. When
the condition is met, the logic bomb activates and executes its harmful payload, which can range
from deleting or corrupting data, to displaying unwanted messages, to crashing the system. Logic
bombs are often used by disgruntled employees or hackers to sabotage an organization’s IT
infrastructure or to extort money or information. Logic bombs are different from keyloggers, spam,
and viruses, which are explained below:
A keylogger is a software or hardware device that records every keystroke made by a user on a
computer or mobile device, usually for the purpose of stealing passwords, personal information, or
other sensitive data. Keyloggers can be installed by hackers through phishing, trojan viruses, or
physical access to the device. Keyloggers do not wait for a specific condition to activate, but rather
run continuously in the background and transmit the captured data to a remote server or storage
device.
Spam is any kind of unwanted, unsolicited, or irrelevant digital communication that is sent or posted
to a large number of recipients or places, typically for the purposes of advertising, phishing,
spreading malware, or disrupting normal operations. Spam can be delivered via email, text message,
phone call, or social media. Spam does not contain hidden code that executes a harmful action, but
rather relies on the user’s response or interaction to achieve its goal, such as clicking a link, opening
an attachment, or providing personal information.
A virus is a type of malware that infects a computer or mobile device by attaching itself to another
program or file and replicating itself when the host program or file is executed. A virus can have
various harmful effects, such as deleting or modifying data, consuming system resources, displaying
unwanted messages, or opening backdoors for hackers. A virus can spread from one device to
another through networks, removable media, or email attachments. A virus does not require a
specific condition to activate, but rather runs whenever the infected program or file is executed.
Reference:
Logic Bomb Definition & Meaning - Merriam-Webster
What is a Keylogger? How to Detect a Keylogger? - Fortinet
Spam | What is Spam? | Definition & Types of Spam
Virus | Definition, Structure, & Facts | Britannica
Data are often proprietary or confidential.
A
Explanation:
Data are often proprietary or confidential because they contain valuable information that can give a
competitive advantage to the owner or affect the privacy of the individuals or entities involved. Data
can be classified into different levels of sensitivity and protection, depending on the potential impact
of unauthorized disclosure, modification, or loss. For example, data that contain personal, financial,
or health information of customers or employees are usually considered highly confidential and
require strict security measures. Data that contain trade secrets, intellectual property, or strategic
plans are also typically proprietary and confidential, as they can affect the market position or
reputation of the owner. Data that are public or non-sensitive, such as general information about
products or services, may not require the same level of protection, but still need to be managed and
maintained properly. Reference:
CITM Course Outline
, Module 6 - Data Management, Section 6.1 -
Data Classification and Protection;
Sample Exam
, Question 72.
Middle managers can establish review committees to foster greater control.
A
Explanation:
Middle managers can establish review committees to foster greater control over the performance
and quality of their subordinates and processes. Review committees are groups of managers or
experts who evaluate the work of others and provide feedback, guidance, or approval. Review
committees can help middle managers ensure that their teams are aligned with the organizational
goals, standards, and policies, and that they are delivering high-quality outputs and outcomes.
Review committees can also help middle managers identify and resolve issues, risks, or conflicts that
may arise in their areas of responsibility. Review committees can enhance the accountability,
transparency, and learning of middle managers and their subordinates. Reference:
EPI-USA
, CITM
Course Outline, Module 4: Managing Performance and Quality, Slide 14. [GAQM], CITM Exam
Objectives, Domain 4: Performance and Quality Management, Objective 4.2: Implement
performance and quality management processes and tools.
Which management can make use of the managerial hierarchical to obtain approvals or additional
guidance?
C
Explanation:
Lower level management, also known as supervisory or operational management, is the lowest tier
of the managerial hierarchy. It consists of managers who oversee the work of employees and report
to middle level managers. Lower level managers can make use of the managerial hierarchy to obtain
approvals or additional guidance from their superiors when they face problems or challenges that
are beyond their authority or expertise. The managerial hierarchy also helps lower level managers to
communicate and coordinate with other managers and departments within the
organization. Reference:
, CITM Study Guide, Chapter 2: Organizational Structure and Design,
Section 2.1: Types of Organizational Structures, Page 18.
Managerial control and coordination are closely related.
A
Explanation:
Managerial control is the process of ensuring that the organization’s activities and outputs are
aligned with its goals and plans. Coordination is the process of integrating the efforts of different
units and individuals within the organization to achieve a common purpose. Both control and
coordination are essential functions of management that aim to improve the performance and
efficiency of the organization. They are closely related because they both involve setting standards,
measuring performance, and taking corrective actions.
They also both require communication,
feedback, and cooperation among the managers and employees12345
Reference:
: The Control Function of Management - MIT Sloan Management Review
: Managerial Control | Definition, Types & Features - Study.com
: Relationship between planning and controlling - Management Study Guide
: Question Bank - Multiple Choice Questions (MCQs) - DACC
: 4 Different Relationship between Planning and Control Expalined - Toppr
In an Integrated Global IT approach the firm must provide more consistent customer service
internationally.
A
Explanation:
An Integrated Global IT approach is a strategy that aims to align the IT functions and capabilities of a
firm with its global business objectives and needs. One of the benefits of this approach is that it
enables the firm to provide more consistent customer service internationally, by leveraging common
platforms, standards, processes, and data across different regions and markets. This can enhance
customer satisfaction, loyalty, and retention, as well as reduce costs and risks associated with IT
fragmentation and duplication. Reference:
Integrated Global IT approach customer service
,
Toward
an integrated technology operating model
,
Managing Global Customers: An Integrated
Approach
,
Five steps to an integrated customer experience
Which three are the business models that an international firm might adhere to? (Choose three)
B C D
Explanation:
According to the CITM study guide, an international firm can adopt different business models
depending on its degree of global integration and local responsiveness. The study guide identifies
four types of business models: international, multidomestic, global, and transnational. These are
similar to the typology of multinational companies proposed by Bartlett and Ghoshal (1989). The
study guide defines each business model as follows:
International: The firm operates in multiple countries but has a low degree of global integration and
local responsiveness. The firm’s subsidiaries are largely independent and follow the parent
company’s strategy and culture. The firm exploits its core competencies and capabilities across
different markets without much adaptation. This business model is also known as the international
projector or the centralized exporter.
Multidomestic: The firm operates in multiple countries and has a high degree of local responsiveness
but a low degree of global integration. The firm’s subsidiaries are highly autonomous and tailor their
products and services to the specific needs and preferences of the local markets. The firm sacrifices
efficiency and standardization for differentiation and customization. This business model is also
known as the multinational driven or the decentralized federation.
Global: The firm operates in multiple countries and has a high degree of global integration but a low
degree of local responsiveness. The firm’s subsidiaries are highly dependent on the parent company
and follow a standardized and centralized strategy and culture. The firm leverages economies of scale
and scope to achieve cost efficiency and competitiveness. This business model is also known as
the integrated global IT or the coordinated federation.
Transnational: The firm operates in multiple countries and has a high degree of both global
integration and local responsiveness. The firm’s subsidiaries are interdependent and collaborate with
each other and the parent company to share and transfer knowledge, resources, and best practices.
The firm balances efficiency and adaptation to achieve innovation and learning. This business model
is also known as the intellectual synergy or the heterarchical network.
Based on these definitions, the three business models that an international firm might adhere to are
B, C, and D. Option A is not a valid business model, but rather a characteristic of the transnational
business model. Reference:
CITM Study Guide, Chapter 4: International Business Strategy, pp. 63-66
Bartlett, C.A. and Ghoshal, S. (1989). Managing across borders: The transnational solution.
Harvard
Business School Press1
Restrictions on Internet access and efforts to censor web sites may impede development of global
information system.
A
Explanation:
Restrictions on Internet access and efforts to censor web sites may impede the development of a
global information system by limiting the availability, diversity, and quality of information that can be
accessed and shared across borders. Such restrictions may also hamper the innovation, collaboration,
and communication that are essential for the advancement of technology, science, and society.
According to the CITM study guide, a global information system is “a system that collects, processes,
stores, and disseminates information that is relevant to the needs of users in different countries” (p.
26). The benefits of a global information system include “improved decision making, enhanced
coordination, increased efficiency, reduced costs, and greater customer satisfaction” (p. 26).
However, these benefits can be undermined by various forms of internet censorship, such as:
Manipulating search results to favor certain sources or viewpoints, or to hide or distort information
that is unfavorable to the censoring authority.
Blocking access to specific sites or domains that contain information that is deemed illegal, immoral,
or politically sensitive by the censoring authority.
Shutting off internet access altogether or imposing bandwidth limitations during times of crisis,
protest, or conflict to prevent the dissemination of information that could challenge the status quo or
mobilize opposition.
Requiring users to register or obtain licenses to access certain sites or services, or to use encryption
or VPNs, which can deter or restrict internet usage and expose users to surveillance or prosecution.
Monitoring, filtering, or deleting online content or communications that are considered harmful,
offensive, or subversive by the censoring authority, or imposing self-censorship through legal or
social pressure.
These forms of internet censorship can have negative impacts on the development of a global
information system, such as:
Reducing the amount and variety of information that is available to users in different countries,
which can limit their knowledge, awareness, and understanding of global issues and perspectives.
Lowering the quality and reliability of information that is available to users in different countries,
which can impair their ability to make informed and rational decisions, or to verify and challenge the
information they receive.
Restricting the opportunities and platforms for users in different countries to exchange and share
information, ideas, opinions, and feedback, which can hinder their collaboration, innovation, and
creativity.
Violating the rights and freedoms of users in different countries to access and express information,
which can undermine their participation, representation, and empowerment in the global society.
Reference:
CITM Study Guide, Chapter 2: Global Information Systems, pp. 25-32
Internet Censorship in 2024: The Impact of Internet Restrictions1
Internet Censorship 2024: A Global Map of Internet Restrictions2
Internet Censorship: Definition, Types, & How It Can Affect You3
How Countries Censor and Control the Internet4