Which of the following BEST describes the necessary
documentation for an enterprise product reengineering (EPR)
software installation?
A. Specific developments only
B. Business requirements only
C. All phases of the installation must be documented
D. No need to develop a customer specific documentation
Answers were Sorted based on User's Feedback
Answer / guest
Answer: C
A global enterprise product reengineering (EPR) software
package can be applied to a business to replace, simplify
and improve the quality of IS processing. Documentation is
intended to help understand how, why and which solutions
that have been selected and implemented, and therefore must
be specific to the project. Documentation is also intended
to support quality assurance and must be comprehensive.
Is This Answer Correct ? | 3 Yes | 0 No |
Answer / guest
C. All phases of the installation must be documented
Is This Answer Correct ? | 2 Yes | 0 No |
The security level of a private key system depends on the number of: A. encryption key bits. B. messages sent. C. keys. D. channels used.
Which of the following would allow a company to extend it?s enterprise?s intranet across the Internet to it?s business partners? A. Virtual private network B. Client-Server C. Dial-Up access D. Network service provider
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
An organization is proposing to install a single sign-on facility giving access to all systems. The organization should be aware that: A. Maximum unauthorized access would be possible if a password is disclosed. B. User access rights would be restricted by the additional security parameters. C. The security administrator?s workload would increase. D. User access rights would be increased.
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
In a TCP/IP-based network, an IP address specifies a: A. network connection. B. router/gateway. C. computer in the network. D. device on the network.
An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error
To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features that can be implemented in this environment, which of the following makes implementation and maintenance difficult? A. User isolation B. Controlled remote access C. Transparent remote access D. The network environments
Controls designed to ensure that unauthorized changes are not made to information residing in a computer file are known as: A. data security controls. B. implementation controls. C. program security controls. D. computer operations controls.
Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce? A. Registration authority B. Certification authority C. Certification relocation list D. Certification practice statement
A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls