CISA Exam-Test 15 /30 236 Sorry, Your time is over. CISA EXAM-TEST 15 1 / 30 1. When identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those: whose sum of slack time is the shortest. that give the longest possible completion time. whose sum of activity time is the shortest. that have zero slack time. A critical path's activity time is longer than that for any other path through the network. This path is important because if everything goes as scheduled, its length gives the shortest possible completion time for the overall project. Activities on the critical path become candidates for crashing (i.e., for reduction in their time by payment of a premium for early completion). Activities on the critical path have zero slack time and conversely, activities with zero slack time are on a critical path. By successively relaxing activities on a critical path, a curve showing total project costs versus time can be obtained. 2 / 30 2. In which of the following WAN message transmission technique does two network nodes establish a dedicated communications channel through the network before the nodes may communicate? Circuit switching Message Switching Virtual Circuits Packet switching 3 / 30 3. Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects? Program organization Policy documents Project portfolio database Project database A project portfolio database is the basis for project portfolio management. It includes project data such as owner, schedules, objectives, project type, status and cost. Project portfolio management requires specific project portfolio reports. 4 / 30 4. By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that: reliable products are guaranteed. security requirements are designed. programmers' efficiency is improved. predictable software processes are followed. By evaluating the organization's development projects against the CMM, an IS auditor determines whether the development organization follows a stable, predictable software development process. 5 / 30 5. The GREATEST advantage of using web services for the exchange of information between two systems is: secure communication. improved performance. efficient interfacing. enhanced documentation Web services facilitate the interoperable exchange of information between two systems regardless of the operating system or programming language used. 6 / 30 6. An organization has purchased a third-party application and made significant modifications. While auditing the development process for this critical, customer-facing application, the IS auditor noted that the vendor has been in business for only one year. Which of the following would help mitigate the risk relating to continued application support? A contractual agreement for future enhancements Financial evaluation of the vendor A software escrow agreement A viability study on the vendor Considering that the vendor has been in the business for only one year, the biggest concern is financial stability or viability of the vendor and the risk of the vendor going out of business. The best way that this risk can be addressed is to have a software escrow agreement for the source code of the application, which provides the entity access to the source code in the event of the vendor going out of business. 7 / 30 7. To minimize the cost of a software project, quality management techniques should be applied: primarily at project start to ensure that the project is established in accordance with organizational governance standards. continuously throughout the project with an emphasis on finding and fixing defects primarily through testing to maximize the defect detection rate. mainly at project close-down to capture lessons learned that can be applied to future projects. as close to their writing (i.e., point of origination) as possible. While it is important to properly establish a software development project, quality management should be effectively practiced throughout the project. The major source of unexpected costs on most software projects is rework. The general rule is that the earlier in the development life cycle that a defect occurs, and the longer it takes to find and fix that defect, the more effort will be needed to correct it. A well-written quality management plan is a good start, but it must also be actively applied. Simply relying on testing to identify defects is a relatively costly and less effective way of achieving software quality. For example, an error in requirements discovered in the testing phase can result in scrapping significant amounts of work. 8 / 30 8. When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST? The length of the remaining tasks The project budget The critical path for the project The personnel assigned to other tasks Because adding resources may change the route of the critical path, the critical path must be reevaluated to ensure that additional resources will, in fact, shorten the project duration. 9 / 30 9. An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor's NEXT course of action? Obtain a verbal confirmation from IT for this exemption. Report this control process weakness to senior management. Verify management's approval for this exemption. Review the list of end users and evaluate for authorization. 10 / 30 10. Which of the following statement INCORRECTLY describes network device such as a Router? Router does not forward broadcast packet Router builds a routing table based on MAC address Router creates a new header for each packet 11 / 30 11. Which of the following observations should be of GREATEST concern to an IS auditor reviewing a large organization's virtualization environment? Guest tools have been installed without sufficient access control, An unused printer has been left connected to the host system. Host inspection capabilities have been disabled A rootkit was found on the host operating system 12 / 30 12. The most common reason for the failure of information systems to meet the needs of users is that: the hardware system limits the number of concurrent users. user participation in defining the system's requirements was inadequate. the growth of user requirements was forecast inaccurately. user needs are constantly changing. Lack of adequate user involvement, especially in the system's requirements phase, will usually result in a system that does not fully or adequately address the needs of the user. Only users can define what their needs are and, therefore, what the system should accomplish. 13 / 30 13. Change control for business application systems being developed using prototyping could be complicated by the: rapid pace of modifications in requirements and design. emphasis on reports and screens. lack of integrated tools. iterative nature of prototyping. Changes in requirements and design happen so quickly that they are seldom documented or approved. 14 / 30 14. Which of the following poses the GREATEST security risk when implementing acquired application systems? Password length Social engineering Lack of audit logs Default logon IDs 15 / 30 15. Documentation of a business case used in an IT development project should be retained until: the end of the system's life cycle. the system is in production. the project is approved. user acceptance of the system. A business case can and should be used throughout the life cycle of the product. It serves as an anchor for new (management) personnel, helps to maintain focus and provides valuable information on estimates versus actuals. Questions such as "Why do we do that?", "What was the original intent?" and "How did we perform against the plan?" can be answered, and lessons for developing future business cases can be learned. During the development phase of a project, one should always validate the business case because it is a good management instrument. After finishing a project and entering production, the business case and all the completed research are valuable sources of information that should be kept for further reference. 16 / 30 16. Which of the following is the MOST likely benefit of implementing a standardized infrastructure? Reduced level of investment in the IT infrastructure Reduced need for testing future application changes Increased security of the IT service delivery center Improved cost-effectiveness of IT service delivery and operational support A standardized IT infrastructure provides a consistent set of platforms and operating systems across the organization. This standardization reduces the time and effort required to manage a set of disparate platforms and operating systems. In addition, the implementation of enhanced operational support tools (e.g., password management tools, patch management tools and auto provisioning of user access) is simplified. These tools can help the organization reduce the cost of IT service delivery and operational support. 17 / 30 17. An IS auditor should know information about different network transmission media. Which of the following transmission media is used for short distance transmission? Fiber Optics Satellite Radio Link Copper cable 18 / 30 18. An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is: a process tailored to specific projects quantitative quality goals. continuous improvement. a documented process. An organization would have reached the highest level of the software capability maturity model (CMM) at level 5, optimizing. 19 / 30 19. Which of the following is a characteristic of timebox management? Prevents cost overruns and delivery delays Eliminates the need for a quality process Separates system and user acceptance testing Not suitable for prototyping or rapid application development (RAD) Timebox management, by its nature, sets specific time and cost boundaries. It is effective in controlling costs and delivery time lines by ensuring that each segment of the project is divided into small controllable time frames. 20 / 30 20. When evaluating the controls of an electronic data interchange (EDI) application, an IS auditor should PRIMARILY be concerned with the risk of: excessive transaction turnaround time. nonvalidated batch totals. application interface failure. improper transaction authorization. Foremost among the risk associated with electronic data interchange (EDI) is improper transaction authorization. Because the interaction with the parties is electronic, there is no inherent authentication. Improper authentication would pose a serious risk of financial loss. 21 / 30 21. Which of the following should be a concern for an IS auditor reviewing an organization's cloud computing strategy which is based on a software as a service (SaaS) model with an external provider? Workstation upgrades must be performed. Long-term software acquisition costs are higher. Incident handling procedures with the provider are not well defined Contract with the provider does not include onsite technical support. A SaaS provider does not normally have onsite support for the organization. Therefore, incident handling procedures between the organization and its provider are critical for the detection, communication and resolution of incidents, including effective lines of communication and escalation processes. 22 / 30 22. During business process reengineering (BPR) of a bank's teller activities, an IS auditor should evaluate: the cost of new controls. BPR project plans continuous improvement and monitoring plans. the impact of changed business processes. 23 / 30 23. Which of the following would BEST help to prioritize project activities and determine the time line for a project? Function point analysis (FPA) A Gantt chart Program evaluation review technique (PERT) Earned value analysis (EVA) The PERT method works on the principle of obtaining project time lines based on project events for three likely scenarios (worst, best, normal). The time line is calculated by a predefined formula and identifies the critical path, which identifies the key activities that must be prioritized. 24 / 30 24. The reason for establishing a stop or freezing point on the design of a new system is to: prevent further changes to a project in process. provide the project management team with more control over the project design. indicate the point at which the design is to be completed. require that changes after that point be evaluated for cost-effectiveness. Projects often have a tendency to expand, especially during the requirements definition phase. This expansion often grows to a point where the originally anticipated cost-benefits are diminished because the cost of the project has increased. When this occurs, it is recommended that the project be stopped or frozen to allow a review of all of the cost-benefits and the payback period. 25 / 30 25. Who should review and approve system deliverables as they are defined and accomplished to ensure the successful completion and implementation of a new business system application? Quality assurance staff Project steering committee User management Senior management User management assumes ownership of the project and resulting system, allocates qualified representatives to the team and actively participates in system requirements definition, acceptance testing and user training. User management should review and approve system deliverables as they are defined and accomplished or implemented. 26 / 30 26. Which of the following statement INCORRECTLY describes circuit switching technique? Connection oriented virtual links Packet uses many different dynamic paths to get the same destination Fixed delays Traffic travels in a predictable and constant manner 27 / 30 27. Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? Function point analysis (FPA) Object-oriented system development Program evaluation review technique (PERT) chart Rapid application development A program evaluation review technique (PERT) chart will help determine project duration once all the activities and the work involved with those activities are known. 28 / 30 28. Which of the following statement INCORRECTLY describes packet switching technique? Fixed delays to reach each packet to destination Packet uses many different dynamic paths to get the same destination Traffic is usually burst in nature Usually carries data-oriented data 29 / 30 29. Which of the following is the client organization's responsibility in a Software as a Service (SaaS) environment? Ensuring that users are properly authorized Ensuring the data is available when needed Detecting unauthorized access Preventing insertion of malicious code 30 / 30 30. The waterfall life cycle model of software development is most appropriately used when: the project will involve the use of new technology. the project intends to apply an object-oriented design and programming approach. requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate. requirements are well understood and the project is subject to time pressures. Historically, the waterfall model has been best suited to stable conditions and well-defined requirements. Your score is LinkedIn Facebook Twitter Exit Cotton Bags in Dubai | Cotton Bags in UAE | Cotton Bags in Sharjah