Ensurepass

 

QUESTION 521

Normally, it would be essential to involve which of the following stakeholders in the initiation stage of a project?

 

A.

System owners

B.

System users

C.

System designers

D.

System builders

 

Correct Answer: A

Explanation:

System owners are the information systems (project) sponsors or chief advocates. They normally are responsible for initiating and funding projects to develop, operate and maintain information systems. System users are the individuals who use or are affected by the information system. Their requirements are crucial in the testing stage of a project. System designers translate business requirements and constraints into techni
cal solutions. System builders construct the system based on the specifications from the systems designers. In most cases, the designers and builders are one and the same.

 

 

QUESTION 522

When performing an audit of a client relationship management (CRM) system migration project, which of the following should be of GREATEST concern to an IS auditor?

 

A.

The technical migration is planned for a Friday preceding a long weekend, and the time window is too short for completing all tasks.

B.

Employees pilot-testing the system are concerned that the data representation in the new system is completely different from the old system.

C.

A single implementation is planned, immediately decommissioning the legacy system.

D.

Five weeks prior to the target date, there are still numerous defects in the printing functionality of the new system’s software.

 

Correct Answer: C

Explanation:

Major system migrations should include a phase of parallel operation or a phased cut-over to reduce implementation risks. Decommissioning or disposing of the old hardware would complicate any fallback strategy, should the new system not operate correctly. A weekend can be used as a time buffer so that the new system will have a better chance of being up and running after the weekend. A different data representation does not mean different data presentation at the front end. Even when this is thecase, this issue can be solved by adequate training and user support. The printing functionality is commonly one of the last functions to be tested in a new system because it is usually the last step performed in any business event. Thus, meaningful testing and the respective error fixing are only possible after all other parts of the software have been successfully tested.

 

 

QUESTION 523

The MAJOR advantage of a component-based development approach is the:

 

A.

ability to manage an unrestricted variety of data types.

B.

provision for modeling complex relationships.

C.

capacity to meet the demands of a changing environment.

D.

support of multiple development environments.

 

Correct Answer: D

Explanation:

Components written in one language can interact with components written in other languages or running on other machines, which can increase the speed of development. Software developers can then focus on business logic. The other choices are not themost significant advantages of a component-based development approach.

 

 

QUESTION 524

An organization has an integrated development environment (IDE) on which the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an IDE?

 

A.

Controls the proliferation of multiple versions of programs

B.

Expands the programming resources and aids available

C.

Increases program and processing integrity

D.

Prevents valid changes from being overwritten by other changes

 

Correct Answer: B

Explanation:

A strength of an IDE is that it expands the programming resources and aids available. The other choices are IDE weaknesses.

 

 

QUESTION 525

An IS auditor reviewing a proposed application software acquisition should ensure that the:

 

A.

operating system (OS) being used is compatible with the existing hardware platform.

B.

planned OS updates have been scheduled to minimize negative impacts on company needs.

C.

OS has the latest versions and updates.

D.

products are compatible with the current or planned OS.

 

Correct Answer: D

Explanation:

Choices A, B and C are incorrect because none of them are related to the area being audited. In reviewing the proposed application the auditor should ensure that the products to be purchased are compatible with the current or planned OS. Regarding choice A, if the OS is currently being used, it is compatible with the existing hardware platform, because if it is not it would not operate properly. In choice B, the planned OS updates should be scheduled to minimize negative impacts on the organization. For choice C, the installed OS should be equipped with the most recent versions and updates (with sufficient history and stability).

 

 

QUESTION 526

A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced?

 

A.

Verifying production to customer orders

B.

Logging all customer orders in the ERP system

C.

Using hash totals in the order transmitting process

D.

Approving (production supervisor) orders prior to production

 

Correct Answer: A

Explanation:

Verification will ensure that production orders match customer orders. Logging can be used to detect inaccuracies, but does not in itself guarantee accurate processing. Hash totals will ensure accurate order transmission, but not accurate processingcentrally. Production supervisory approval is a time consuming, manual process that does not guarantee proper control.

 

 

QUESTION 527

Which of the following is a prevalent risk in the development of end-user computing (EUC) applications?

 

A.

Applications may not be subject to testing and IT general controls

B.

increased development and maintenance costs

< font face="Arial">C.

increased application development time

D.

Decision-making may be impaired due to diminished responsiveness to requests for information

 

Correct Answer: A

Explanation:

End-user developed applications may not be subjected to an independent outside review by systems analysts and frequently are not created in the context of a formal development methodology. These applications may lack appropriate standards, controls,quality assurance procedures, and documentation. A risk of end-user applications is that management may rely on them as much as traditional applications. End-user computing (EUC) systems typically result in reduced application development and maintenance costs, and a reduced development cycle time. EUC systems normally increase flexibility and responsiveness to management’s information requests.

 

 

 

 

 

 

QUESTION 528

From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is:

 

A.

a big bang deployment after proof of concept.

B.

prototyping and a one-phase deployment.

C.

a deployment plan based on sequenced phases.

D.

to simulate the new infrastructure before deployment.

 

Correct Answer: C

Explanation:

When developing a large and complex IT infrastructure, the best practice is to use a phased approach to fitting the entire system together. This will provide greater assurance of quality results. The other choices are riskier approaches.

 

 

QUESTION 529

A decision support system (DSS):

 

A.

is aimed at solving highly structured problems.

B.

combines the use of models with nontraditional data access and retrieval functions.

C.

emphasizes flexibility in the decision making approach of users.

D.

supports only structured decision making tasks.

 

Correct Answer: C

Explanation:

DSS emphasizes flexibility in the decision making approach of users. It is aimed at solving less structured problems, combines the use of models and analytic techniques with traditional data access and retrieval functions, and supports semistructureddecision making tasks.

 

 

QUESTION 530

An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is:

 

A.

continuous improvement.

B.

quantitative quality goals.

C.

a documented process.

D.

a process tailored to specific projects.

 

Correct Answer: A

Explanation:

An organization would have reached the highest level of the software CMM at level 5, optimizing. Quantitative quality goals can be reached at level 4 and below, a documented process is executed at level 3 and below, and a process tailored to specific projects can be achieved at level 3 or below.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.