Failure to adequately define or manage the requirements for
a system can result in a number of risks. The GREATEST risk is:
A. inadequate user involvement.
B. inadequate allocation of resources.
C. scope creep.
D. an incorrect estimation of the critical path.
- 1 Answers
- 4126 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The process through which requirements change (scope creep)
is considered the greatest risk. Changes in the requirements
will impact development schedules/resources. Inadequate user
involvement may have been the cause but it is not the
resulting risk. Inadequate allocation of resources is a tied
to the proficiency of the project manager. The inaccurate
estimation of the critical path is not as great a risk as
scope creep.
| Is This Answer Correct ? | 5 Yes | 0 No |
Linux is an __________ operating system
Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally change jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.
To review access to ceratin data base to determine whether the "new user" forms were correctly authorized. This is an example of:
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.
1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation
When reviewing a business process reengineering (BPR) project, which of the following is the MOST important for an IS auditor to evaluate? A. The impact of removed controls. B. The cost of new controls. C. The BPR project plans. D. The continuous improvement and monitoring plans.
Which of the following would be the BEST population to take a sample from when testing program changes? A. Test library listings B. Source program listings C. Program change requests D. Production library listings
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
The risk that an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when, in fact, they do, is an example of: A. inherent risk. B.control risk. C. detection risk. D. audit risk.
Which of the following information valuation methods is LEAST likely to be used during a security review? A. Processing cost B. Replacement cost C. Unavailability cost D. Disclosure cost
In an EDI process, the device which transmits and receives electronic documents is the: A. communications handler. B. EDI translator. C. application interface. D. EDI interface.
Use of asymmetric encryption in an Internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the: A. customer over the authenticity of the hosting organization. B. hosting organization over the authenticity of the customer. C. customer over the confidentiality of messages from the hosting organization. D. hosting organization over the confidentiality of messages passed to the customer.
Cisco Certifications 
