Large-scale systems development efforts:
A. are not affected by the use of prototyping tools.
B. can be carried out independent of other organizational
practices.
C. require that business requirements be defined before the
project begins.
D. require that project phases and deliverables be defined
during the duration of the project.
Answer / guest
Answer: C
The methodology used should provide for business
requirements to be clearly defined before approval of any
development, implementation or modification project. The
phases and deliverables should be decided during the early
planning stages of the project and not throughout its
duration. The phases necessary to complete the project
depend on its size and the type of tolls being used by the
project team (e.g., prototyping tools) In addition, the
selected methodology must fit to a particular organization's
practices and size.
Is This Answer Correct ? | 6 Yes | 0 No |
The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.
When two or more systems are integrated, input/output controls must be reviewed by the IS auditor in the: A. systems receiving the output of other systems. B. systems sending output to other systems. C. systems sending and receiving data. D. interfaces between the two systems.
When auditing a mainframe operating system, what would the IS auditor do to establish which control features are in operation? A. Examine the parameters used when the system was generated B. Discuss system parameter options with the vendor C. Evaluate the systems documentation and installation guide D. Consult the systems programmers
Which of the following concerns associated with the World Wide Web would be addressed by a firewall? A. Unauthorized access from outside the organization B. Unauthorized access from within the organization C. A delay in Internet connectivity D. A delay in downloading using file transfer protocol (FTP)
In a web server, a common gateway interface (CGI) is MOST often used as a(n): A. consistent way for transferring data to the application program and back to the user. B. computer graphics imaging method for movies and TV. C. graphic user interface for web design. D. interface to access the private gateway domain.
In a risk-based audit approach, an IS auditor should FIRST complete :
Which of the following would be considered a business risk? A. Former employees B. Part-time and temporary personnel C. Loss of competitive edge D. Hackers
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
An IS auditor performing a review of the backup processing facilities should be MOST concerned that: A. adequate fire insurance exists. B. regular hardware maintenance is performed. C. offsite storage of transaction and master files exists. D. backup processing facilities are tested fully.
An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities
A malicious code that changes itself with each file it infects is called a: A. logic bomb. B. stealth virus. C. trojan horse. D. polymorphic virus.
Which of the following BEST describes an integrated test facility? A. A technique that enables the IS auditor to test a computer application for the purpose of verifying correct processing B. The utilization of hardware and/or software to review and test the functioning of a computer system C. A method of using special programming options to permit printout of the path through a computer program taken to process a specific transaction D. A procedure for tagging and extending transactions and master records that are used by an IS auditor for tests