Ensurepass

 

QUESTION 471

An organization is implementing an enterprise resource planning (ERP) application to meet its business objectives. Of the following, who is PRIMARILY responsible for overseeing the project in order to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results?

 

A.

Project sponsor

B.

System development project team (SPDT)

C.

Project steering committee

D.

User project team (UPT)

 

Correct Answer: C

Explanation:

A project steering committee that provides an overall direction for the enterprise resource planning (ERP) implementation project is responsible for reviewing the project’s progress to
ensure that it will deliver the expected results. A project sponsor is typically the senior manager in charge of the primary business unit that the application will support. The sponsor provides funding for the project and works closely with the project manager to define the critical success factors or metrics forthe project. The project sponsor is not responsible for reviewing the progress of the project. A system development project team (SDPT) completes the assigned tasks, works according to the instructions of the project manager and communicates with the user project team. The SDPT is not responsible for reviewing the progress of the project. A user project team (UPT) completes the assigned tasks, communicates effectively with the system development team and works according to the advice of the project manager. A UPT is not responsible for reviewing the progress of the project.

 

 

QUESTION 472

Which of the following is the GREATEST risk when implementing a data warehouse?

 

A.

increased response time on the production systems

B.

Access controls that are not adequate to prevent data modification

C.

Data duplication

D.

Data that is not updated or current

 

Correct Answer: B

Explanation:

Once the data is in a warehouse, no modifications should be made to it and access controls should be in place to prevent data modification. Increased response time on the production systems is not a risk, because a data warehouse does not impact production datA. Based on data replication, data duplication is inherent in a data warehouse. Transformation of data from operational systems to a data warehouse is done at predefined intervals, and as such, data may not be current.

 

 

QUESTION 473

During which of the following phases in system development would user acceptance test plans normally be prepared?

 

A.

Feasibility study

B.

Requirements definition

C.

implementation planning

D.

Postimplementation review

 

Correct Answer: B

Explanation:

During requirements definition, the project team will be working with the users to define their precise objectives and functional needs. At this time, the users should be working with the team to consider and document how the system functionality canbe tested to ensure it meets their stated needs. The feasibility study is too early for such detailed user involvement, and the implementation planning and postimplementation review phases are too late. An IS auditor should know at what point user testing should be planned to ensure it is most effective and efficient.

 

 

QUESTION 474

An IS auditor performing an application maintenance audit would review the log of program changes for the:

 

A.

authorization of program changes.

B.

creation date of a current object module.

C.

number of program changes actually made.

D.

creation date of a current source program.

 

Correct Answer: A

Explanation:

The manual log will most likely contain information on authorized changes to a program. Deliberate, unauthorized changes will not be documented by the responsible party. An automated log, found usually in library management products, and not a changelog would most likely contain date information for the source and executable modules.

 

 

QUESTION 475

What control detects transmission errors by appending calculated bits onto the end of each segment of data?

 

A.

Reasonableness check

B.

Parity check

C.

Redundancy check

D.

Check digits

 

Correct Answer: C

Explanation:

A redundancy check detects transmission errors by appending calculated bits onto the end of each segment of datA. A reasonableness check compares data to predefined reasonability limits or occurrence rates established for the datA. A parity check isa hardware control that detects data errors when data are read from one computer to another, from memory or during transmission. Check digits detect transposition and transcription errors.

 

 

QUESTION 476

A project manager of a project that is scheduled to take 18 months to complete announces that the project is in a healthy financial position because, after 6 months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine:

 

A.

what amount of progress against schedule has been achieved.

B.

if the project budget can be reduced.

C.

if the project could be brought in ahead of schedule.

D.

if the budget savings can be applied to increase the project scope.

 

Correct Answer: A

Explanation:

Cost performance of a project cannot be properly assessed in isolation of schedule performance. Cost cannot be assessed simply in terms of elapsed time on a project. To properly assess the project budget position it is necessary to know how much progress has actually been made and, given this, what level of expenditure would be expected. It is possible that project expenditure appears to be low because actual progress has been slow. Until the analysis of project against schedule has been completed, it is impossible to know whether there is any reason to reduce budget, if the project has slipped behind schedule, then not only may there be no spare budget but it is possible that extra expenditure may be needed to retrieve the slippage. The low expenditure could actually be representative of a situation where the project is likely to miss deadlines rather than potentially come in ahead of time. If the project is found to be ahead of budget after adjusting for actual progress, this is notnecessarily a good outcome because it points to flaws in the original budgeting process; and, as said above, until further analysis is undertaken, it cannot be determined whether any spare funds actually exist. Further, if the project is behind schedule, then adding scope may be the wrong thing to do.

QUESTION 477

The specific advantage of white box testing is that it:

 

A.

verifies a program can operate successfully with other parts of the system.

B.

ensures a program’s functional operating effectiveness without regard to the internal program structure.

C.

determines procedural accuracy or conditions of a program’s specific logic paths.

D.

examines a program’s functionality by executing it in a tightly controlled or virtual environment with restricted access to the host system.

 

Correct Answer: C

Explanation:

White box testing assesses the effectiveness of software program logic. Specifically, test data are used in determining procedural accuracy or conditions of a program’s logic paths. Verifying the program can operate successfully with other parts of the system is sociability testing. Testing the program’s functionality without knowledge of internal structures is black box testing. Controlled testing of programs in a semi-debugged environment, either heavily controlled step-by-step or via monitoring in virtual machines, is sand box testing.

 

 

QUESTION 478

When reviewing a project where quality is a major concern, an IS auditor should use the project management triangle to explain that:

 

A.

increases in quality can be achieved, even if resource allocation is decreased.

B.

increases in quality are only achieved if resource allocation is increased.

C.

decreases in delivery time can be achieved, even if resource allocation is decreased.

D.

decreases in delivery time can only be achieved if quality is decreased.

 

Correct Answer: A

Explanation:

The three primary dimensions of a project are determined by the deliverables, the allocated resources and the delivery time. The area of the project management triangle, comprised of these three dimensions, is fixed. Depending on the degree of freedom, changes in one dimension might be compensated by changing either one or both remaining dimensions. Thus, if resource allocation is decreased an increase in quality can be achieved, if a delay in the delivery time of the project will be accepted. The area of the triangle always remains constant.

 

 

QUESTION 479

When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the:

 

A.

project be discontinued.

B.

business case be updated and possible corrective actions be identified.

C.

project be returned to the project sponsor for reapproval.

D.

project be completed and the business case be updated later.

 

Correct Answer: B

Explanation:

An IS auditor should not recommend discontinuing or completing the project before reviewing an updated business case. The IS auditor should recommend that the business case be kept current throughout the project since it is a key input to decisions made throughout the life of any project.

QUESTION 480

An IS auditor is assigned to audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?

 

A.

Report that the organization does not have effective project management.

B.

Recommend the project manager be changed.

C.

Review the IT governance structure.

D.

Review the conduct of the project and the business case.

 

Correct Answer: D

Explanation:

Before making any recommendations, an IS auditor needs to understand the project and the factors that have contributed to making the project over budget and over schedule. The organization may have effective project management practices and sound ITgovernance and still be behind schedule or over budget. There is no indication that the project manager should be changed without looking into the reasons for the overrun.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.