CISA Exam-Test 15 /30 238 Sorry, Your time is over. CISA EXAM-TEST 15 1 / 30 1. Which of the following poses the GREATEST security risk when implementing acquired application systems? Default logon IDs Lack of audit logs Password length Social engineering 2 / 30 2. Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? Program evaluation review technique (PERT) chart Function point analysis (FPA) Object-oriented system development Rapid application development A program evaluation review technique (PERT) chart will help determine project duration once all the activities and the work involved with those activities are known. 3 / 30 3. In which of the following WAN message transmission technique does two network nodes establish a dedicated communications channel through the network before the nodes may communicate? Packet switching Virtual Circuits Message Switching Circuit switching 4 / 30 4. Which of the following statement INCORRECTLY describes packet switching technique? Traffic is usually burst in nature Packet uses many different dynamic paths to get the same destination Usually carries data-oriented data Fixed delays to reach each packet to destination 5 / 30 5. By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that: predictable software processes are followed. security requirements are designed. reliable products are guaranteed. programmers' efficiency is improved. By evaluating the organization's development projects against the CMM, an IS auditor determines whether the development organization follows a stable, predictable software development process. 6 / 30 6. The most common reason for the failure of information systems to meet the needs of users is that: the growth of user requirements was forecast inaccurately. user participation in defining the system's requirements was inadequate. user needs are constantly changing. the hardware system limits the number of concurrent users. Lack of adequate user involvement, especially in the system's requirements phase, will usually result in a system that does not fully or adequately address the needs of the user. Only users can define what their needs are and, therefore, what the system should accomplish. 7 / 30 7. Which of the following is a characteristic of timebox management? Not suitable for prototyping or rapid application development (RAD) Prevents cost overruns and delivery delays Eliminates the need for a quality process Separates system and user acceptance testing Timebox management, by its nature, sets specific time and cost boundaries. It is effective in controlling costs and delivery time lines by ensuring that each segment of the project is divided into small controllable time frames. 8 / 30 8. Which of the following is the client organization's responsibility in a Software as a Service (SaaS) environment? Ensuring the data is available when needed Detecting unauthorized access Preventing insertion of malicious code Ensuring that users are properly authorized 9 / 30 9. Documentation of a business case used in an IT development project should be retained until: the project is approved. the system is in production. user acceptance of the system. the end of the system's life cycle. A business case can and should be used throughout the life cycle of the product. It serves as an anchor for new (management) personnel, helps to maintain focus and provides valuable information on estimates versus actuals. Questions such as "Why do we do that?", "What was the original intent?" and "How did we perform against the plan?" can be answered, and lessons for developing future business cases can be learned. During the development phase of a project, one should always validate the business case because it is a good management instrument. After finishing a project and entering production, the business case and all the completed research are valuable sources of information that should be kept for further reference. 10 / 30 10. Which of the following statement INCORRECTLY describes circuit switching technique? Traffic travels in a predictable and constant manner Fixed delays Connection oriented virtual links Packet uses many different dynamic paths to get the same destination 11 / 30 11. The GREATEST advantage of using web services for the exchange of information between two systems is: improved performance. enhanced documentation secure communication. efficient interfacing. Web services facilitate the interoperable exchange of information between two systems regardless of the operating system or programming language used. 12 / 30 12. Which of the following statement INCORRECTLY describes network device such as a Router? Router creates a new header for each packet Router does not forward broadcast packet Router builds a routing table based on MAC address 13 / 30 13. Which of the following observations should be of GREATEST concern to an IS auditor reviewing a large organization's virtualization environment? A rootkit was found on the host operating system Host inspection capabilities have been disabled Guest tools have been installed without sufficient access control, An unused printer has been left connected to the host system. 14 / 30 14. When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST? The length of the remaining tasks The personnel assigned to other tasks The critical path for the project The project budget Because adding resources may change the route of the critical path, the critical path must be reevaluated to ensure that additional resources will, in fact, shorten the project duration. 15 / 30 15. Change control for business application systems being developed using prototyping could be complicated by the: iterative nature of prototyping. emphasis on reports and screens. lack of integrated tools. rapid pace of modifications in requirements and design. Changes in requirements and design happen so quickly that they are seldom documented or approved. 16 / 30 16. When evaluating the controls of an electronic data interchange (EDI) application, an IS auditor should PRIMARILY be concerned with the risk of: excessive transaction turnaround time. application interface failure. nonvalidated batch totals. improper transaction authorization. Foremost among the risk associated with electronic data interchange (EDI) is improper transaction authorization. Because the interaction with the parties is electronic, there is no inherent authentication. Improper authentication would pose a serious risk of financial loss. 17 / 30 17. Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects? Policy documents Project portfolio database Program organization Project database A project portfolio database is the basis for project portfolio management. It includes project data such as owner, schedules, objectives, project type, status and cost. Project portfolio management requires specific project portfolio reports. 18 / 30 18. An IS auditor should know information about different network transmission media. Which of the following transmission media is used for short distance transmission? Copper cable Satellite Radio Link Fiber Optics 19 / 30 19. Which of the following would BEST help to prioritize project activities and determine the time line for a project? Function point analysis (FPA) Earned value analysis (EVA) Program evaluation review technique (PERT) A Gantt chart The PERT method works on the principle of obtaining project time lines based on project events for three likely scenarios (worst, best, normal). The time line is calculated by a predefined formula and identifies the critical path, which identifies the key activities that must be prioritized. 20 / 30 20. The reason for establishing a stop or freezing point on the design of a new system is to: require that changes after that point be evaluated for cost-effectiveness. indicate the point at which the design is to be completed. provide the project management team with more control over the project design. prevent further changes to a project in process. Projects often have a tendency to expand, especially during the requirements definition phase. This expansion often grows to a point where the originally anticipated cost-benefits are diminished because the cost of the project has increased. When this occurs, it is recommended that the project be stopped or frozen to allow a review of all of the cost-benefits and the payback period. 21 / 30 21. Which of the following should be a concern for an IS auditor reviewing an organization's cloud computing strategy which is based on a software as a service (SaaS) model with an external provider? Long-term software acquisition costs are higher. Incident handling procedures with the provider are not well defined Workstation upgrades must be performed. Contract with the provider does not include onsite technical support. A SaaS provider does not normally have onsite support for the organization. Therefore, incident handling procedures between the organization and its provider are critical for the detection, communication and resolution of incidents, including effective lines of communication and escalation processes. 22 / 30 22. An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is: a documented process. quantitative quality goals. continuous improvement. a process tailored to specific projects An organization would have reached the highest level of the software capability maturity model (CMM) at level 5, optimizing. 23 / 30 23. An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor's NEXT course of action? Obtain a verbal confirmation from IT for this exemption. Report this control process weakness to senior management. Review the list of end users and evaluate for authorization. Verify management's approval for this exemption. 24 / 30 24. During business process reengineering (BPR) of a bank's teller activities, an IS auditor should evaluate: BPR project plans the impact of changed business processes. continuous improvement and monitoring plans. the cost of new controls. 25 / 30 25. When identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those: whose sum of activity time is the shortest. that give the longest possible completion time. that have zero slack time. whose sum of slack time is the shortest. A critical path's activity time is longer than that for any other path through the network. This path is important because if everything goes as scheduled, its length gives the shortest possible completion time for the overall project. Activities on the critical path become candidates for crashing (i.e., for reduction in their time by payment of a premium for early completion). Activities on the critical path have zero slack time and conversely, activities with zero slack time are on a critical path. By successively relaxing activities on a critical path, a curve showing total project costs versus time can be obtained. 26 / 30 26. Which of the following is the MOST likely benefit of implementing a standardized infrastructure? Reduced need for testing future application changes Reduced level of investment in the IT infrastructure Increased security of the IT service delivery center Improved cost-effectiveness of IT service delivery and operational support A standardized IT infrastructure provides a consistent set of platforms and operating systems across the organization. This standardization reduces the time and effort required to manage a set of disparate platforms and operating systems. In addition, the implementation of enhanced operational support tools (e.g., password management tools, patch management tools and auto provisioning of user access) is simplified. These tools can help the organization reduce the cost of IT service delivery and operational support. 27 / 30 27. Who should review and approve system deliverables as they are defined and accomplished to ensure the successful completion and implementation of a new business system application? User management Senior management Quality assurance staff Project steering committee User management assumes ownership of the project and resulting system, allocates qualified representatives to the team and actively participates in system requirements definition, acceptance testing and user training. User management should review and approve system deliverables as they are defined and accomplished or implemented. 28 / 30 28. An organization has purchased a third-party application and made significant modifications. While auditing the development process for this critical, customer-facing application, the IS auditor noted that the vendor has been in business for only one year. Which of the following would help mitigate the risk relating to continued application support? A software escrow agreement A viability study on the vendor A contractual agreement for future enhancements Financial evaluation of the vendor Considering that the vendor has been in the business for only one year, the biggest concern is financial stability or viability of the vendor and the risk of the vendor going out of business. The best way that this risk can be addressed is to have a software escrow agreement for the source code of the application, which provides the entity access to the source code in the event of the vendor going out of business. 29 / 30 29. The waterfall life cycle model of software development is most appropriately used when: the project intends to apply an object-oriented design and programming approach. requirements are well understood and the project is subject to time pressures. the project will involve the use of new technology. requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate. Historically, the waterfall model has been best suited to stable conditions and well-defined requirements. 30 / 30 30. To minimize the cost of a software project, quality management techniques should be applied: mainly at project close-down to capture lessons learned that can be applied to future projects. continuously throughout the project with an emphasis on finding and fixing defects primarily through testing to maximize the defect detection rate. primarily at project start to ensure that the project is established in accordance with organizational governance standards. as close to their writing (i.e., point of origination) as possible. While it is important to properly establish a software development project, quality management should be effectively practiced throughout the project. The major source of unexpected costs on most software projects is rework. The general rule is that the earlier in the development life cycle that a defect occurs, and the longer it takes to find and fix that defect, the more effort will be needed to correct it. A well-written quality management plan is a good start, but it must also be actively applied. Simply relying on testing to identify defects is a relatively costly and less effective way of achieving software quality. For example, an error in requirements discovered in the testing phase can result in scrapping significant amounts of work. Your score is LinkedIn Facebook Twitter Exit Cotton Bags in Dubai | Cotton Bags in UAE | Cotton Bags in Sharjah