Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following groups should assume ownership of a
systems development project and the resulting system?
A. User management
B. Senior management
C. Project steering committee
D. Systems development management
- 3 Answers
- 10604 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
User management assumes ownership of the project and
resulting system. They should review and approve
deliverables as they are defined and accomplished. Senior
management approves the project and the resources needed to
complete it. The project steering committee provides overall
direction and is responsible for monitoring costs and
timetables. Systems development management provides
technical support.
| Is This Answer Correct ? | 9 Yes | 5 No |
An organization acquiring other businesses continues using its legacy EDI systems, and uses three separate value added network (VAN) providers. No written VAN agreements exist. The IS auditor should recommend that management: A. obtain independent assurance of the third party service providers. B. set up a process for monitoring the service delivery of the third party. C. ensure that formal contracts are in place. D. consider agreements with third party service providers in the development of continuity plans.
Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
Which of the following provides the framework for designing and developing logical access controls? A. Information systems security policy B. Access control lists C. Password management D. System configuration files
Which of these has the potential to improve security incident response processes? A. Review the incident response procedures. B. Post-mortem or post-event reviews by the security team. C. Getting the hot-site ready. D. Reviw the BCP plan every six months
Of the following who is MOST likely to be responsible for network security operations? A. Users B. Security administrators C. Line managers D. Security officers
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning
Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
An IS auditor is assigned to help design the data security aspects of an application under development. Which of the following provides the MOST reasonable assurance that corporate assets are protected when the application is certified for production? A. A review conducted by the internal auditor B. A review conducted by the assigned IS auditor C. Specifications by the user on the depth and content of the review D. An independent review conducted by another equally experienced IS auditor
The objective of IT governance is to ensure that the IT strategy is aligned with the objectives of (the): A. enterprise. B. IT. C. audit. D. finance.
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might: A. create new users. B. delete database and log files. C. access the system utility tools. D. access the system writeable directories.
The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment: A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities. B. and penetration tests are different names for the same activity. C. is executed by automated tools, whereas penetration testing is a totally manual process. D. is executed by commercial tools, whereas penetration testing is executed by public processes.
Cisco Certifications 
