Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following should be in place to protect the
purchaser of an application package in the event that the
vendor ceases to trade?
A. Source code held in escrow.
B. Object code held by a trusted third party.
C. Contractual obligation for software maintenance.
D. Adequate training for internal programming staff.
- 1 Answers
- 4283 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Contractual obligations may not be enforceable if the vendor
ceases to trade. Training is irrelevant, as programmers
cannot maintain an application unless source code is
available. Thus, having object code available also is not an
adequate solution. Only ensuring that the source code can be
obtained in the event that the vendor cannot provide support
will protect the purchaser.
| Is This Answer Correct ? | 8 Yes | 0 No |
Which of the following procedures should be implemented to help ensure the completeness of inbound transactions via electronic data interchange (EDI)? A. Segment counts built into the transaction set trailer B. A log of the number of messages received, periodically verified with the transaction originator C. An electronic audit trail for accountability and tracking D. Matching acknowledgement transactions received to the log of EDI messages sent
In a risk-based audit approach, an IS auditor should FIRST complete :
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
Which of the following is an advantage of an integrated test facility (ITF)? A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction. B. Periodic testing does not require separate test processes. C. It validates application systems and tests the ongoing operation of the system. D. It eliminates the need to prepare test data.
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation? A. Specific developments only B. Business requirements only C. All phases of the installation must be documented D. No need to develop a customer specific documentation
Which of the following audit procedures would an IS auditor be LEAST likely to include in a security audit? A. Review the effectiveness and utilization of assets. B. Test to determine that access to assets is adequate. C. Validate physical, environmental and logical access policies per job profiles. D. Evaluate asset safeguards and procedures that prevent unauthorized access to the assets.
When selecting software, which of the following business and technical issues is the MOST important to be considered? A. Vendor reputation B. Requirements of the organization C. Cost factors D. Installed base
Which of the following BEST describes an IT department?s strategic planning process? A. The IT department will have either short-range or long-range plans depending on the organization?s broader plans and objectives. B. The IT department?s strategic plan must be time and project oriented, but not so detailed as to address and help determine priorities to meet business needs. C. Long-range planning for the IT department should recognize organizational goals, technological advances and regulatory requirements. D. Short-range planning for the IT department does not need to be integrated into the short-range plans of the organization since technological advances will drive the IT department plans much quicker than organizational plans.
Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.
Which is the first software capability maturity model (CMM) level to include a standard software development process? A. Initial (level 1) B. Repeatable (level 2) C. Defined (level 3) D. Optimizing (level 5)
An IS auditor should be involved in: A. observing tests of the disaster recovery plan. B. developing the disaster recovery plan. C. maintaining the disaster recovery plan. D. reviewing the disaster recovery requirements of supplier contracts.
When an organization's network is connected to an external network in an Internet client-server model not under that organization's control, security becomes a concern. In providing adequate security in this environment, which of the following assurance levels is LEAST important? A. Server and client authentication B. Data integrity C. Data recovery D. Data confidentiality
Cisco Certifications 
