CISA Exam-Test 16 /30 224 Sorry, Your time is over. CISA EXAM-TEST 16 1 / 30 1. Which of the following BEST measures project progress? Earned-value analysis (EVA) Project plan SWOT analysis Gantt chart Earned Value Analysis (EVA) is used to measure the progress of the project at any given point in time, to forecast the completion date and the final cost, and to analyze any variance in the budget. 2 / 30 2. An IS auditor has been asked to review the implementation of a customer relationship management (CRM) system for a large organization. The IS auditor discovered the project incurred significant over-budget expenses and scope creep caused the project to miss key dates. Which of the following should the IS auditor recommend for future projects? A software baseline Project management training A balanced scorecard (BSC) Automated requirements software Use of a software baseline provides a cutoff point for the design of the system and allows the project to proceed as scheduled without being delayed by scope creep. 3 / 30 3. Which of the following is protocol data unit (PDU) of transport layer in TCP/IP model? Packet Segment Data Frame 4 / 30 4. While evaluating the "out of scope" section specified in a project plan, an IS auditor should ascertain whether the section: effectively describes project boundaries. clearly states the project's "nice to have" objectives. effectively describes unofficial project objectives. provides the necessary flexibility to the project team. The purpose of the out of scope section is to make clear to readers what items are not considered project objectives so that all project stakeholders understand the project boundaries and what is in scope versus out of scope. This applies to all types of projects, including individual audits. 5 / 30 5. An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of. value chain analysis risk framework balanced scorecard control self-assessment (CSA) BSC is a set of performance measures organized into four categories that include traditional financial measures, but adds customer, internal business process, and learning and growth perspectives 6 / 30 6. An IS auditor is involved in the reengineering process that aims to optimize IT infrastructure. Which of the following will BEST identify the issues to be resolved? Reverse engineering Prototyping Self-assessment Gap analysis Gap analysis would be the best method to identify issues that need to be addressed in the reengineering process. Gap analysis indicates which parts of current processes conform to good practices (desired state) and which do not. 7 / 30 7. Which of the following is protocol data unit (PDU) of network interface layer in TCP/IP model? Segment Frame Packet Data 8 / 30 8. Which of the following is the MOST effective way to reduce risk to an organization from widespread use of web-based communication technologies? Incorporate risk awareness training for web-based communications into the IT security program. Publish an enterprise-wide policy outlining acceptance use of web-based communication technologies. Monitor staff usage of web-based communication and notify the IT security department of violations. Block access from user devices to unauthorized pages that allow web-based communication. In this case ,to establish the policy is first step , then educate the users via training 9 / 30 9. At the completion of a system development project, a post-project review should include which of the following? Assessing risk that may lead to downtime after the production release Ensuring that test data are deleted Identifying lessons learned that may be applicable to future projects Verifying that the controls in the delivered system are working A project team has something to learn from each and every project. As risk assessment is a key issue for project management, it is important for the organization to accumulate lessons learned and integrate them into future projects. 10 / 30 10. Which of the following has the MOST significant impact on the success of an application systems implementation? The overall organizational environment Compliance with applicable external requirements The prototyping application development methodology The software reengineering technique The overall organizational environment has the most significant impact on the success of applications systems implemented. This includes the alignment between IT and the business, the maturity of the development processes and the use of change control and other project management tools. 11 / 30 11. Which of the following types of risk could result from inadequate software baselining? Sign-off delays Software integrity violations Scope creep Inadequate controls A software baseline is the cutoff point in the design and development of a system. Beyond this point, additional requirements or modifications to the scope must go through formal, strict procedures for approval based on a business cost-benefit analysis. Failure to adequately manage a system through baselining can result in uncontrolled changes in a project's scope and may incur time and budget overruns. 12 / 30 12. An organization is implementing an enterprise resource planning (ERP) application. Of the following, who is PRIMARILY responsible for overseeing the project to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results? User project team (UPT) Project steering committee Project sponsor System development project team (SDPT) A project steering committee that provides an overall direction for the enterprise resource planning (ERP) implementation project is responsible for reviewing the project's progress to ensure that it will deliver the expected results. 13 / 30 13. An IS auditor is assigned to audit a software development project, which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take? Recommend the project manager be changed. Report that the organization does not have effective project management. Review the business case and project management. Review the IT governance structure. Before making any recommendations, an IS auditor needs to understand the project and the factors that have contributed to bringing the project over budget and over schedule. 14 / 30 14. A company's development team does not follow generally accepted system development life cycle (SDLC) practices. Which of the following is MOST likely to cause problems for software development projects? Functional verification of the prototypes is assigned to end users. Project responsibilities are not formally defined at the beginning of a project. The project is implemented while minor issues are open from user acceptance testing (UAT). Program documentation is inadequate. Errors or lack of attention in the initial phases of a project may cause costly errors and inefficiencies in later phases. Proper planning is required at the beginning of a project. 15 / 30 15. When reviewing an active project, an IS auditor observed that the business case was no longer valid because of a reduction in anticipated benefits and increased costs. The IS auditor should recommend that the: project be discontinued. project be returned to the project sponsor for reapproval. project be completed and the business case be updated later. business case be updated and possible corrective actions be identified. The IS auditor should recommend that the business case be kept current throughout the project because it is a key input to decisions made throughout the life of any project. 16 / 30 16. Which of the following transmission media is MOST difficult to tap? Fiber Optics Copper cable Radio System Satellite Radio Link 17 / 30 17. Which of the following is MOST relevant to an IS auditor evaluating how the project manager has monitored the progress of the project? Gantt charts Program evaluation review technique (PERT) diagrams Function point analysis (FPA) Critical path diagrams Gantt charts help to identify activities that have been completed early or late through comparison to a baseline. Progress of the entire project can be read from the Gantt chart to determine whether the project is behind, ahead of or on schedule. 18 / 30 18. While reviewing an ongoing project, the IS auditor notes that the development team has spent eight hours of activity on the first day against a budget of 24 hours (over three days). The projected time to complete the remainder of the activity is 20 hours. The IS auditor should report that the project: is ahead of schedule. cannot be evaluated until the activity is completed. is on schedule. is behind schedule. Earned value analysis (EVA) is based on the premise that if a project task is assigned 24 hours for completion, it can be reasonably completed during that time frame. According to EVA, the project is behind schedule because the value of the eight hours spent on the task should be only four hours, considering that 20 hours of effort remain to be completed. 19 / 30 19. Which of the following INCORRECTLY describes the layer function of the Application Layer within the TCP/IP model? Provides reliable delivery Keeps separate the data of different applications Provides user interface Perform data processing such as encryption, encoding, etc 20 / 30 20. An IS auditor is assessing the results of an organization's post-implementation review of a newly developed information system. Which of the following should be the auditor's MAIN focus? Lessons learned have been identified Benefits realization analysis has been completed The procurement contract has been closed The disaster recovery plan (DRP) has been updated 21 / 30 21. An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor's MAIN concern should be that the: technical deliverables have been identified. a contract for external parties involved in the project has been completed. resources needed throughout the project have been determined. complexity and risk associated with the project have been analyzed. Understanding complexity and risk, and actively managing these throughout a project are critical to a successful outcome. 22 / 30 22. Which of the following types of risk is MOST likely encountered in a software as a service (SaaS) environment? Performance issues due to Internet delivery method Higher cost due to the need to update to compatible hardware Noncompliance with software license agreements Higher cost due to software licensing requirements The risk that could be most likely encountered in a SaaS environment is speed and availability issues, due to the fact that SaaS relies on the Internet for connectivity. 23 / 30 23. Which of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion (EACs)? Earned value analysis (EVA) Cost budget Function point analysis (FPA) Program evaluation and review technique (PERT) Earned value analysis (EVA) is an industry standard method for measuring a project's progress at any given point in time, forecasting its completion date and final cost, and analyzing variances in the schedule and budget as the project proceeds. It compares the planned amount of work with what has actually been completed to determine if the cost, schedule and work accomplished are progressing in accordance with the plan. EVA works most effectively if a well-formed work breakdown structure exists. 24 / 30 24. A rapid application development (RAD) methodology has been selected to implement a new enterprise resource planning (ERP) system. All of the project activities have been assigned to the contracted consulting company because internal employees are not available. What is the IS auditor's FIRST step to compensate for the lack of resources? Recommend that the company hire more people. Stop the project until all human resources (HR) are available. Review the project plan and approach. Ask the vendor to provide additional external staff. Rapid methodologies require available resources with good expertise and a fast decision-making process because the plan duration is usually short. Reviewing the project plan and approach is the best recommendation to make the appropriate changes to compensate for the missing end users. 25 / 30 25. While evaluating software development practices in an organization, an IS auditor notes that the quality assurance (QA) function reports to project management. The MOST important concern for an IS auditor is the: effectiveness of the project manager because the project manager should interact with the QA function. efficiency of the QA function because it should interact with the project implementation team. effectiveness of the QA function because it should interact between project management and user management. efficiency of the project manager because the QA function will need to communicate with the project implementation team. To be effective, the quality assurance (QA) function should be independent of project management. If not, project management may put pressure on the QA function to approve an inadequate product. 26 / 30 26. An organization is running servers with critical business application that are in an area subject to frequent but brief power outages. Knowledge of which of the following would allow the organization's management to monitor the ongoing adequacy of the uninterruptable power supply (UPS)? Mean time to recover servers after failure Business impact of server downtime Number of servers supported by the ups Duration and interval of the power outages The use of UPS is to provide power supply to Information systems during power outages , so important is to monitor the backup of the UPS( How long UPS can provide power supply during power failre. 27 / 30 27. An IS auditor finds that a system under development has 12 linked modules and each item of data can carry up to 10 definable attribute fields. The system handles several million transactions a year. Which of these techniques could an IS auditor use to estimate the size of the development effort? Function point analysis (FPA) Program evaluation review technique (PERT) White box testing Counting source lines of code Function point analysis (FPA) is a technique used to determine the size of a development task based on the number of function points. Function points are factors such as inputs, outputs, inquiries and logical internal sites. 28 / 30 28. Which of the following transmission media is LEAST vulnerable to cross talk? Coaxial cable Fiber Optics Satellite Radio Link Copper cable 29 / 30 29. Which of the following should be an IS auditor's PRIMARY concern after discovering that the scope of an IS project has changed and an impact study has not been performed? Users not agreeing with the change The project team not having the skills to make the necessary change The time and cost implications caused by the change The risk that regression tests will fail Any scope change might have an impact on duration and cost of the project; that is the reason why an impact study is conducted and the client is informed of the potential impact on the schedule and cost. 30 / 30 30. An IS auditor performing a review of a major software development project finds that it is on schedule and under budget even though the software developers have worked considerable amounts of unplanned overtime. The IS auditor should: investigate further to determine whether the project plan may not be accurate. conclude that the project is progressing as planned because dates are being met. conclude that the programmers are intentionally working slowly to earn extra overtime pay. question the project manager further to identify whether overtime costs are being tracked accurately. While the dates on which key projects are completed are important, there may be issues with the project plan if an extraordinary amount of unplanned overtime is required to meet those dates. In most cases, the project plan is based on a certain number of hours, and requiring programmers to work considerable overtime is not a good practice. While overtime costs may be an indicator that something is wrong with the plan, in many organizations the programming staff may be salaried, so overtime costs may not be directly recorded. Your score is LinkedIn Facebook Twitter Exit Eco Bags in Dubai | Eco Bags in UAE | Eco Bags in Sharjah