Ensurepass

 

QUESTION 441

The reason for establishing a stop or freezing point on the design of a new system is to:

 

A.

prevent further changes to a project in process.

B.

indicate the point at which the design is to be completed.

C.

require that changes after that point be evaluated for cost-effectiveness.

D.

provide the project management team with more control over the project design.

 

Correct Answer: C

Explanation:

Projects often have a tendency to expand, especially during the requirements definition phase. This expansion often grows to a point where the originally anticipated cost-benefits are diminished because the cost of the project has increased. When this
occurs, it is recommended that the project be stopped or frozen to allow a review of all of the cost- benefits and the payback period.

 

 

QUESTION 442

The reason a certification and accreditation process is performed on critical systems is to ensure that:

 

A.

security compliance has been technically evaluated.

B.

data have been encrypted and are ready to be stored.

C.

the systems have been tested to run on different platforms.

D.

the systems have followed the phases of a waterfall model.

 

Correct Answer: A

Explanation:

Certified and accredited systems are systems that have had their security compliance technically evaluated for running on a specific production server. Choice B is incorrect because not all data of certified systems are encrypted. Choice C is incorrect because certified systems are evaluated to run in a specific environment. A waterfall model is a software development methodology and not a reason for performing a certification and accrediting process.

 

 

QUESTION 443

An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of:

 

A.

reverse engineering.

B.

prototyping.

C.

software reuse.

D.

reengineering.

 

Correct Answer: D

Explanation:

Old (legacy) systems that have been corrected, adapted and enhanced extensively require reengineering to remain maintainable. Reengineering is a rebuilding activity to incorporate new technologies into existing systems. Using program language statements, reverse engineering involves reversing a program’s machine code into the source code in which it was written to identify malicious content in a program, such as a virus, or to adapt a program written for use with one processor for use with a differently designed processor. Prototyping is the development of a system through controlled trial and error. Software reuse is the process of planning, analyzing and using previously developed software components. The reusable components are integrated into the current software product systematically.

 

 

QUESTION 444

During the audit of an acquired software package, an IS auditor learned that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:

 

A.

test the software for compatibility with existing hardware.

B.

perform a gap analysis.

C.

review the licensing policy.

D.

ensure that the procedure had been approved.

 

Correct Answer: D

Explanation:

In the case of a deviation from the predefined procedures, an IS auditor should first ensure that the procedure followed for acquiring the software is consistent with the business objectives and has been approved by the appropriate authorities. The other choices are not the first actions an IS auditor should take. They are steps that may or may not be taken after determining that the procedure used to acquire the software had been approved.

 

 

QUESTION 445

When two or more systems are integrated, input/output controls must be reviewed by an IS auditor in the:

 

A.

systems receiving the output of other systems.

B.

systems sending output to other systems.

C.

systems sending and receiving data.

D.

interfaces between the two systems.

 

Correct Answer: C

Explanation:

Both of the systems must be reviewed for input/output controls, since the output for one system is the input for the other.

 

 

QUESTION 446

A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:

 

A.

payroll reports should be compared to input forms.

B.

gross payroll should be recalculated manually.

C.

checks (cheques) should be compared to input forms.

D.

checks (cheques) should be reconciled with output reports.

 

Correct Answer: A

Explanation:

The best way to confirm data accuracy, when input is provided by the company and output is generated by the bank, is to verify the data input (input forms) with the results of the payroll reports. Hence, comparing payroll reports with input forms isthe best mechanism of verifying data accuracy. Recalculating gross payroll manually would only verify whether the processing is correct and not the data accuracy of inputs. Comparing checks (cheques) to input forms is not feasible as checks (cheques)have the processed information and input forms have the input datA. Reconciling checks (cheques) with output reports only confirms that checks (cheques) have been issued as per output reports.

 

 

QUESTION 447

Which of the following is an advantage of the top-down approach to software testing?

 

A.

Interface errors are identified early

B.

Testing can be started before all programs are complete

C.

it is more effective than other testing approaches

D.

Errors in critical modules are detected sooner

 

Correct Answer: A

Explanation:

The advantage of the top-down approach is that tests of major functions are conducted early, thus enabling the detection of interface errors sooner. The most effective testing approach is dependent on the environment being tested. Choices B and D areadvantages of the bottom-up approach to system testing.

 

 

QUESTION 448

Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:

 

A.

existence of a set of functions and their specified properties.

B.

ability of the software to be transferred from one environment to another.

C.

capability of software to maintain its level of performance under stated conditions.

D.

relationship between the performance of the software and the amount of resources used.

 

Correct Answer: A

Explanation:

Functionality is the set of attributes that bears on the existence of a set of functions and their specified properties. The functions are those that satisfy stated or implied needs. Choice B refers to portability, choice C refers to reliability andchoice D refers to efficiency.

 

 

QUESTION 449

When reviewing an organization’s approved software product list, which of the following is the MOST important thing to verify?

 

A.

The risks associated with the use of the products are periodically assessed

B.

The latest version of software is listed for each product

C.

Due to licensing issues the list does not contain open source software

D.

After hours support is offered

 

Correct Answer: A

Explanation:

Since the business conditions surrounding vendors may change, it is important for an organization to conduct periodic risk assessments of the vendor software list. This might be best incorporated into the IT risk management process. Choices B, C andD are possible considerations but would not be the most important.

 

 

QUESTION 450

Which of the following would impair the independence of a quality assurance team?

 

A.

Ensuring compliance with development methods

B.

Checking the testing assumptions

C.

Correcting coding errors during the testing process

D.

Checking the code to ensure proper documentation

 

Correct Answer: C

Explanation:

Correction of code should not be a responsibility of the quality assurance team as it would not ensure segregation of duties and would impair the team’s independence. The other choices are valid quality assurance functions.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.