Assumptions while planning an IS project involve a high
degree of risk because they are:
A. based on known constraints.
B. based on objective past data.
C. a result of lack of information.
D. often made by unqualified people.
- 1 Answers
- 6717 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
"Assumptions are made when adequate information is not
available. When an IS project manager makes an assumption,
there is a high degree of risk because the lack of proper
information can cause unexpected loss to an IS project.
Assumptions are not based on "
known"
constraints. When constraints are known in advance, a
project manager can plan according to those constraints
rather than assuming the constraints won't affect the
project. Having objective data about past IS projects will
not lead to making assumptions, but rather helps the IS
project manager in planning the project in a better manner.
Hence, if objective past data are available and the project
manager makes use of them, risk to the project is less.
Regardless of whether made by qualified people or
unqualified people, assumptions are risky."
| Is This Answer Correct ? | 4 Yes | 0 No |
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure (PKI) with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but the certificate authorities (CAs) are not. B. Customers can make their transactions from any computer or mobile device. C. The CA has several data processing subcenters to administer certificates. D. The organization is the owner of the CA.
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should: A. compute the amortization of the related assets. B. calculate a return on investment (ROI). C. apply a qualitative approach. D. spend the time needed to define exactly the loss amount.
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.
Which tests is an IS auditor performing when certain program is selected to determine if the source and object versions are the same?
A request for a change to a report format in a module (subsystem) was made. After making the required changes, the programmer should carry out: A. unit testing. B. unit and module testing. C. unit, module and regression testing. D. module testing.
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules
Which of the following IT governance best practices improves strategic alignment? A. Supplier and partner risks are managed. B. A knowledge base on customers, products, markets and processes is in place C. A structure is provided that facilitates the creation and sharing of business information. D. Top management mediate between the imperatives of business and technology
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
At the end of a simulation of an operational contingency test, the IS auditor performed a review of the recovery process. The IS auditor concluded that the recovery took more than the critical time frame allows. Which of the following actions should the auditor recommend? A. Widen the physical capacity to accomplish better mobility in a shorter time. B. Shorten the distance to reach the hot site. C. Perform an integral review of the recovery tasks. D. Increase the number of human resources involved in the recovery process.
Which of the following is the MOST effective control procedure for security of a stand-alone small business computer environment? A. Supervision of computer usage B. Daily management review of the trouble log C. Storage of computer media in a locked cabinet D. Independent review of an application system design
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP? A. Full operational test B. Preparedness test C. Paper test D. Regression test
An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. internal control procedures. B. user acceptance test schedules. C. adequacy of the user training program. D. clerical processes for resubmission of rejected items.
Cisco Certifications 
