MCQ 3-Information Systems Acquisition, Development and Implementation
Which of the following techniques helps to detect as well as correct the errors by transmitting redundant information with each character? A. Parity bits B. Forward error control C. Checksums D. Redundancy checks
B. Forward error control Explanation: Forward error control works on same principle as redundancychecksums. In addition to detecting errors, they have the capability to correct theerrors found. It helps the receiver computer to correct the error.
In the prototyping method, change control can be impacted by which of the following? A. User participation B. Frequent changes in requirements and design C. The trial-and-error method D. Limited budgets
B. Frequent changes in requirements and design Explanation: In prototyping, there are frequent changes in the designs andrequirements and hence they are seldom documented or approved. Changecontrol becomes more complicated with prototyped systems. Other options donot have an adverse effect on change control.
RAD has which of the following advantages over the traditional SDLC? A. User involvement in system development B. UAT C. A reduction in the development time frame D. Enhanced technical support
C. A reduction in the development time frame Explanation: The objective of RAD is the quick development of a system whilereducing costs and ensuring quality. The major benefit of RAD is the reduction ofthe time required for the development of a system. Other options are true forboth RAD and the traditional SDLC.
Which of the following is the best control to ensure that no transactions are lost during processing? A. Limit checks B. Check digits C. Automated system balancing D. Validation control
C. Automated system balancing Explanation: Automated system balancing reconciles the total input and totaloutput. Any difference will be shown as an error for further investigation andcorrection. Automated system balancing helps to determine whether anytransactions are lost during the processing as any mismatch in input and outputwill be highlighted for further investigation.
Which of the following is the purpose of the checksum control? A. To ensure confidentiality B. To ensure availability C. To ensure integrity D. To ensure non-repudiation
C. To ensure integrity Explanation: The purpose of a checksum is to ensure data integrity and datacompleteness. It requires adding an extra bit to the data in such a way that thetotal number of 1 bits in the data string is either even or odd. This parity isverified by the receiving computer to ensure data completeness and dataintegrity during transmission.
An inadequate software baseline can result in which of the following? A. Scope creep B. Inadequate security C. High resource requirements D. Inadequate UAT
A. Scope creep Explanation: A software baseline is the agreed-upon features of the software tobe designed and developed. Any additional requirement must go through theformal change management procedure. An inadequate baseline will result inscope creep. Scope creep refers to an uncontrolled project scope due tocontinuous changes in project requirements. Scope creep is one of the majorfactors in the failure of a project.
The prototyping approach is used to design which of the following? A. Screens, interactive edits, and sample reports B. Screens, interactive edits, and program logic C. Sample reports and program logic D. Program logic and interactive edits
A. Screens, interactive edits, and sample reports Explanation: It must be noted that program logics are not developed by aprototyping tool. In the prototyping approach, the system is developed throughthe trial-and-error method. The prototype is basically a preliminary version of asystem to test a concept, process, or any assumptions about the functionality,design, or internal logic. In prototyping, more emphasis is given to majorfunctionality such as screens, and the report thus shapes most of the proposedsystem's features in a short period.
The main concern for the implementation of a new project is which of the following? A. The business case has not been prepared. B. Security standards have not been considered. C. Users are not involved in the implementation. D. UAT is not documented.
A. The business case is not prepared Explanation: The business case is a justification for the proposed project. Thebusiness case is prepared to justify efforts and investment in a proposed project.The business case is a precursor to the start of the project. The first concern of anIS auditor is whether the new project meets the needs of the business. Thisshould be established by an approved business case. Other options are not asimportant as the availability of a business case.
The major benefit of the prototype approach is which of the following? A. Significant time and cost savings B. A stringent approval process C. Strong change controls D. Proper documentation
A. Significant time and cost savings Explanation: In the prototyping approach, the system is developed through thetrial-and-error method. A prototype is basically a preliminary version of a systemto test a concept, process, or any assumptions about functionality, design, or theinternal logic. A prototype model helps to save a considerable amount of timeand expenditure for the organization. One of the potential risks of the prototypeapproach is that the finished system may not have adequate controls comparedto the traditional system development approach. In prototyping, the design andrequirements change too often and are hardly documented or approved.
Which of the following is a feature of DSS? A. DSS enables flexibility in the user's approach to decision-making. B. DSS only supports structured tasks related to decision-making. C. DSS is designed to solve highly structured problems. D. DSS uses non-traditional data access and restoration techniques.
A. It enables flexibility in the user's approach to decision-making Explanation: The characteristics of DSS are as follows:It supports decisions that are either semi-organized or less organized.It uses standard data access and retrieval techniques.It is flexible and user-friendly when it comes to changingenvironments and user decision-making.
A benefit of object-oriented development technique is which of the following? A. Object modules can be reused. B. The use of a prototype that can be frequently updated to address the ever-changing user or business requirements. C. Enhanced control compared to the traditional SDLC. D. There is no need for the developer to design the system.
A. Object modules can be reused. Explanation: OOSD is a programming technique with the objective to makeprogram code that can be reusable and maintainable. Object here refers to a smallpiece of the program that can be used individually or in combination with otherobjects. The other options here are not normally benefits of the object-orientedtechnique.
The best technique to estimate the duration of the project is which of the following? A. The program evaluation review technique B. Component-based development C. RAD D. FPA
A. PERT Explanation: PERT is considered the best technique to estimate the duration ofthe project. Component-based development and RAD are software developmentmethodologies. FPA is a technique for the estimation of software size.
To determine project priorities and implementation, the IS auditor should review which of the following? A. Portfolio management B. Change management C. Patch management D. The capability maturity model
A. Portfolio management Explanation: The objective of a portfolio management is to manage the variousprojects of an organization. It includes prioritization, budgeting, approvals, andmonitoring the implementation. It helps to align the projects in accordance withthe business objective.
The business information system that provides answers to semi-structured issues and validates business decisions is which of the following? A. A DSS B. An executive support system C. A transaction processing system D. A vendor support system
A. A DSS Explanation: A DSS is a semi-structured interactive decision-making framework.A DSS collects data from a variety of sources and gives managers usefulinformation. A DSS supports semi-structured or less structured decisions. A DSSis flexible and user-friendly when it comes to changing environments and withregard to the user's approach to decision making. Executive support systems aremore focused on strategic problems.
The most important factor for whether a business case helps management in decision-making is which of the following? A. The feasibility study B. Security considerations C. Resource constraints D. Effective implementation
A. A feasibility study Explanation: A feasibility study is an analysis that takes various factors intoaccount, such as economic, technical, and legal factors, to ascertain the likelihoodof completing the project successfully. It helps to assess whether a solution ispractical and achievable within the established budgets and schedulerequirements.
An IS auditor is conducting a post-implementation review of an ERM system. They are most likely to review: A. Access control settings B. The procedure for unit testing C. The procedure for system testing D. Detailed design documentation
A. Access control settings Explanation: An IS auditor is most likely to review whether security parametershave been appropriately mapped in the new system. One of the parameters is toreview access control configuration. The post-implementation review is doneafter user acceptance testing. User acceptance testing already covers other aspectssuch as unit testing, system testing, and design documentation. Hence, theauditor may not like going into the details of unit testing, system testing, ordesign documentation.
For early completion of the project, emphasis on which of the following activities will be helpful? A. An activity with zero slack time B. An activity with the highest time C. An activity with the highest slack time D. An activity with the highest level of resource allocation
A. An activity with zero slack time Explanation: Slack time is the buffer or extra time before the project completiondeadline, and an activity can be delayed up to the slack time without impactingthe overall project completion date.Project managers concentrate on activities with zero slack time (that is, thecritical path) and if the critical path can be reduced, then it will help to minimizethe overall project duration.
The first step in business process reengineering is to do which of the following? A. Finalize the scope and areas to be reviewed. B. Develop a project plan. C. Analyze the process under review. D. Conduct reengineering for the process under review.
A. Defining the scope and the areas to be reviewed Explanation: The first step in business process reengineering is to finalize thescope and areas to be reviewed. The next step is to develop the project plan.
The technique to evaluate project progression in terms of time, cost, and schedule, and to determine estimates of these by completion, is which of the following? A. EVA B. FPA C. PERT D. CPM
A. EVA Explanation: EVA is a method of measuring a project's progress at any givenpoint in time, forecasting its completion date and final cost, and analyzingvariances in the schedule and budget as the project proceeds. EVA determinesand evaluates the following factors on a periodic basis:How does the actual spending up to the current date compare to thebudget?What will the estimated completion time be?What will the estimated total expenditure be?PERT and CPM will help to determine the project time but lacks projection forestimates as completion
A characteristic of the OOSD method that enables greater security over data is which of the following? A. Encapsulation B. Polymorphism C. Prototyping D. Modulation
A. Encapsulation Explanation: OOSD is a programming technique with an objective to makeprogram code that is reusable and maintainable. An object is basically a smallpiece of code in a program. The system is developed via the use and combinationof different objects. OOSD uses a technique known as encapsulation, in whichobjects interact with each other. Encapsulation provides enhanced security fordata. The ability of two or more objects to interpret a message is termedas polymorphism.
A post-implementation review is conducted primarily to: A. Ensure that the project meets the intended business requirements B. Determine the adequacy of information security C. Determine the project's compliance with regulatory requirements D. Evaluate the project's expenses against the budget
A. Ensure that the project meets the intended business requirements Explanation: A post-implementation review is conducted primarily to ensurethat the project is implemented in accordance with the business requirements.The other options are not the primary objective.
The most appropriate technique to evaluate the progress of a project is which of the following? A. Gantt charts B. PERT C. CPM D. SLOC
A. Gantt charts Explanation: Gantt charts are a technique to monitor the progress of a project.Gantt charts are used to determine the status of the project, such as whether theproject is delayed, ahead of schedule, or on schedule. Gantt charts are used fortracking and monitoring achievements of milestones.PERT and CPM are techniques for determining the duration of the project. SLOCis a technique for software size estimation.
A major risk in the Agile development process is which of the following? A. Inadequate documentation B. Inadequate testing C. Inadequate requirement gathering D. Inadequate user involvement
A. Inadequate documentation Explanation: The dictionary definition of agile is "able to move quickly andeasily." In the Agile method, the programmer does not spend much time ondocumentation. They are allowed to write their program straight away. Henceinadequate documentation is considered one of the major risks of the Agileapproach.
Business case documentation needs to be preserved until which of the following? A. The end of the project life cycle B. The end of the project approval stage C. The end of the post-implementation review stage D. The end of UAT
A. The end-of-project life cycle Explanation: A business case is prepared to justify efforts and investment in aproposed project. The business case is the precursor to the start of the project.Documentation of the business case should be retained throughout the life cycleof the project. It provides focus and valuable insight for the success of the projectthroughout its life cycle. It provides valuable input about expectations versusactual outcomes. It also serves as a reference document for the new personnelinvolved in the project.
An auditor reviewing a feasibility study of a new project should be mainly concerned about which of the following? A. The project impact on the organization not having been evaluated B. The project manager not having been identified C. Inputs from all IT teams not having been considered D. The project completion period not having been determined
A. The project's impact on the organization has not been evaluated Explanation: A feasibility study is an analysis that takes various factors intoaccount, such as economic, technical, and legal factors, to ascertain the likelihoodof completing the project successfully. A feasibility study should consider howthe project will impact the organization in terms of risk, costs, and benefits. Otheroptions are not as significant as non-evaluation of the impact of the project on theorganization.
Which of the following data elements should be used while conducting a regression test? A. The same dataset as previous tests B. Randomly generated data C. Completely different dataset from the previous tests D. Data produced by a test generator
A. The same dataset as previous tests Explanation: The objective of a regression test is to confirm that a recent changehas not introduced any new faults and other existing features are workingcorrectly.It must be ensured that the same data that was used in earlier tests is used for theregression test. This will help to confirm that there are no new errors ormalfunctions.
The greatest concern for an IS auditor reviewing the business process reengineering process is which of the following? A. The unavailability of key controls to protect assets and information resources B. The unavailability of appropriate documentation C. Non-adherence to time and resource budgets D. The unavailability of documented roles and responsibilities
A. The unavailability of key controls to protect assets and informationresources Explanation: The main concern of an IS auditor is the unavailability of keycontrols to protect assets and information resources. The other options are not assignificant as the unavailability of key controls.
The waterfall life cycle approach is more suitable for which of the following? A. Well-defined requirements with no expected changes. B. Well-defined requirements in a context where the project is to be competed in a short time frame. C. Open requirements that are subject to frequent changes. D. Users do not want to spend much time on testing.
A. Well-defined requirements with no expected changes Explanation: The waterfall method is the most commonly adopted approach fordeveloping business applications. It works well when requirements are welldefined and do not undergo frequent changes. This model aims to ensure thatmistakes are identified at early stages and not during final acceptance testing. Inthe waterfall approach, UAT is done after the completion of each stage beforemoving on to the next stage.
An IS auditor noted that a project, which is expected to be completed in 2 years, has utilized only 25% of the budget after completion of the first year. The auditor should first determine which of the following? A. Work completed compared against the completion schedule B. Whether the project budget can be reduced C. The process for estimating project duration D. The process for estimating project cost
A. Work completed compared to the schedule for completion Explanation: The auditor needs to determine what percentage of work has beencompleted before making any recommendation. Costs cannot be assessed only onthe basis of a time schedule. It may be possible that major expenses are expectedin a later part of the project.
An advantage of using a bottom-up approach as opposed to a top-down approach is: A. Errors can be found early on in critical modules. B. Testing will only take place after all the systems have been completed. C. Interface errors can be noticed early. D. Confidence is earlier achieved in the method.
A: Errors can be found early on in critical modules. Explanation: In the bottom-up approach, the test starts from an individualprogram or module and gradually the entire system is tested. One benefit of thebottom-up approach is that tests can begin before the full system is completed.Also, it has the advantage that it can detect faults in critical modules early. In thetop-down approach, the test starts at the broad system-level and moves towardindividual programs and modules. One benefit of the top-down approach is theearly detection of interface errors. The top-down approach is best suited forprototype-based system development.
The data integrity principle of atomicity ensures which of the following? A. That a database survives a hardware or software failure B. That a transaction is completed in its entirety C. That database consistency is maintained D. That each transaction is separated from other transactions
B : A transaction is completed in its entirety. Explanation: Data integrity principles of ACID (atomicity, completeness,isolation, and durability) are as follow:Atomicity: The principle of atomicity prescribes that a transaction iseither processed completely or should not be processed at all. In thecase of an error or interruption, partial processing, if any, should berolled back.Consistency: The principle of consistency prescribes that all integrityconditions must be applied to each transaction of the database.Isolation: The principle of isolation prescribes that each transactionshould be separated from other transactions.Durability: The principle of durability prescribes that the databaseshould be resilient enough to survive any system failures.
The post-implementation review includes: A. Interface testing B. An analysis of the return on investment C. A review of the audit trails D. A review of enterprise architecture diagrams
B. An analysis of the return on investment Explanation: One of the purposes of conducting a post-implementation review isto do a cost-benefit analysis and check the return on investment to determine thatthe original business case requirements are met.
The data integrity principle, which prescribes that a transaction is either processed completely or not processed at all, falls under which of the following principles? A. Consistency B. Atomicity C. Isolation D. Durability
B. Atomicity Explanation: The data integrity principles of ACID (Atomicity, Completeness,Isolation, and Durability) are as follows:Atomicity: The principle of atomicity prescribes that a transaction iseither processed completely or should not be processed at all. In thecase of an error or interruption, partial processing, if any, should berolled back.Consistency: The principle of consistency prescribes that all integrityconditions must be applied to each transaction of the database.Isolation: The principle of isolation prescribes that each transactionshould be separated from other transactions.Durability: The principle of durability prescribes that the databaseshould be resilient enough to survive any system failures.
To detect transposition and transcription errors, which of the following controls is the most effective? A. Limit checks B. Check digits C. Automated system balancing D. Range checks
B. Check digits Explanation: A check digit is a form of redundancy check used for error detectionon identification numbers. It helps to ensure that the original data is nottampered with or altered. Check digits help to prevent transposition andtranscription errors.
To reduce the overall cost of the project, quality management techniques should be applied when? A. Upon initiation of the project B. Continuously throughout the project C. Before handing over the project for UAT D. After implementation of the project
B. Continuously throughout the project Explanation: It is important to establish quality management processesthroughout the life cycle of the project. It helps to reduce the overall cost of theproject by identifying quality gaps and ensuring early rectification.
The most important factor for test data selection is: A. The extent and size of the data B. Data designed as per expected live processing C. Random data selection D. Different data for each test
B. Data designed as per expected live processing. Explanation: It is always advisable to use live data in a test environment. Testdata should be designed to be as similar as possible to the live workload foraccurate test results. This will provide accurate test results.
Questionnaires to guide the user through a set of choices to arrive at a conclusion is used by which of the following? A. Audit checklists B. Decision trees C. Logical analysis D. Budget checklists
B. Decision trees Explanation: A decision tree uses a set of questions to guide the user through a set of choices to arrive at a conclusion.
The knowledge domain of an expert system, which uses questionnaires to guide the user through a series of choices before coming to a conclusion, is known as which of the following? A. Diagram trees B. Decision trees C. Semantic nets D. Networks trees
B. Decision trees Explanation: A decision tree uses a set of questions to guide the user through aset of choices to arrive at a conclusion.
The phases and deliverables of a new system should be determined when? A. Once the sign-off has been obtained from user management B. During the initial planning stage of the project C. Once clearance has been obtained from the risk management team D. Continuously throughout the project
B. During the initial planning stage of the project Explanation: It is very critical to have proper planning for system phases anddeliverable user requirements for effective and efficient program management. Itshould be planned during the initial stage of the project to enable project trackingand resource management.
In some instances, system interface failures occur when corrections are re- submitted to previously observed errors. This might indicate the absence of which of the following kinds of testing? A. Stress testing B. Integration testing C. Unit testing D. Security testing
B. Integration testing Explanation: Integration testing is performed to ensure correct and accurate dataflow between two or more systems. Integration testing aims to ensure theaccuracy of the device interface's most critical components. To evaluate theresults, pilot testing takes place first at a single location.
Testing the network between two or more systems for accurate data flow is: A. Stress testing B. Interface testing C. Functionality test D. Security testing
B. Interface testing Explanation: Integration testing comprises a test of the integration of orconnection between two or more system components. The purpose of theintegration test is to validate the accurate and correct information flow betweenthe systems.
Which of the following is true for timebox management? A. It is not appropriate for RAD. B. It aims to prevent excess cost and time overruns that affect project completion. C. It does not encourage UAT. D. It does not encourage quality assurance processes.
B. It aims to prevent excess cost and time for project completion Explanation: The major advantage of this approach is that it prevents project costoverruns and delays to the scheduled time frame for delivery. It is used forprototyping or RAD where a project needs to be completed within a given timeframe. It integrates system and user acceptance testing, but does not eliminatethe need for a quality process.
The technique to control the completeness of data transmission is which of the following? A. Limit checks B. Parity bits C. Sequence checks D. Range checks
B. Parity bits Explanation: Parity bits are used to verify complete and accurate datatransmission. Parity bits are used as the simplest form of error-detecting codewhen data is transferred from one computer to another. An extra bit is added tothe data in such a way that the total number of 1 bits in the data string is eithereven or odd. This extra bit is called a parity bit. This parity is then verified by thereceiving computer to validate the data accuracy and completeness duringtransmission.
The technique that relies on a prototype that can be frequently updated to address ever-changing user or business requirements is which of the following? A. Business process reengineering B. RAD C. Software reengineering D. Object-oriented system development
B. RAD Explanation: The objective of RAD is the quick development of a system whilereducing cost and ensuring quality. RAD relies on a prototype, which can befrequently updated to address the ever-changing user or business requirements.
Which of the following type of test would be relevant when an organization needs to determine whether a replacement or modified system is capable of functioning in its target environment without affecting other existing systems? A. Regression testing B. Sociability testing C. Interface/integration testing D. Pilot testing
B. Sociability testing Explanation: Sociability is the quality of being able to merge with others. Theobjective of sociability testing is to ensure that the new system works as expectedin existing infrastructure without any adverse impact on other existing systems.
What feature of white box testing differentiates it from black box testing? A. Testing is conducted by an IS auditor. B. Testing includes the verification of internal program logic. C. Testing is conducted via a bottom-up approach. D. Testing does not include verification of internal program logic.
B. Testing includes the verification of internal program logic Explanation: In white box testing, the program logic is verified. To conduct whitebox testing, appropriate knowledge of relevant programming language is a must.White box testing is generally conducted during unit testing. In black box testing,the emphasis is on the functionality of the system. To conduct black box testing,knowledge of relevant programming language is not mandatory.
Which of the following is a major concern of an IS auditor reviewing the system development approach? A. The process owner is responsible for signing off on UAT. B. The absence of a quality plan for system development. C. Old modules are discontinued in phases. D. The use of prototypes to test system functionalities.
B. The absence of a quality assurance plan for system development Explanation: It is very important to have a quality assurance plan in order to getbetter outcomes for the final system. The quality assurance plan should bedocumented and consider various aspects of the SDLC to maintain the agreedupon quality.UAT is normally managed by the process owner. It is reasonable to discontinuethe old system in phases, especially when the system is large. Prototyping is avalid method to test system functionality
An auditor reviewing the outsourcing process of an organization should be primarily concerned about which of the following? A. The non-inclusion of the right to audit clause in the SLA B. The business case not having been prepared C. Th unavailability of a source code escrow arrangement D. The non-inclusion of a business continuity clause in the SLA
B. The business case having not been prepared Explanation: The business case is a justification for why the proposed projectshould be undertaken. The business case helps to determine the efforts andinvestment in a proposed project against the expected benefit. Generally, thebusiness case is a precursor to the start of the project and is the key element indecision making for any project. Development of the business case is theresponsibility of the project sponsor.
A post-implementation review should cover: A. An assessment of the downtime risk B. The lessons learned in order to improve future projects C. A verification of the controls built into the system D. The deletion of test data
B. The lessons learned in order to improve future projects Explanation: One of the reasons for conducting a post-implementation review isto identify the lessons learned and use them to improve future projects.
When reviewing the decision support system, an IS auditor should be most concerned with which of the following? A. Input data quality B. The level of skills and experience contained in the knowledge base C. The system's logical access control D. The processing controls implemented in the system
B. The level of skills and experience contained in the knowledge base Explanation: A primary issue for the IS auditor is the level of expertise orcompetence in the knowledge base, as errors in decision-making based on a lackof information may have a significant effect on the organization.
To obtain reasonable assurance about the completion of the project within the timeline, the best method is which of the following? A. To compare the estimated end date and estimated time for completion of the project B. To extrapolate the end date on the basis of completed work and resource availability at this point C. To obtain confirmation from the project manager about the project completion date D. To calculate the end date on the basis of the remaining budget
B. To extrapolate the end date on the basis of completed work and resource availability Explanation: It is also advisable to rely on direct observations of results on thebasis of factual data. Relying on estimates and interviews with the projectmanager may not give correct information.
What should an auditor recommend when a business case is no longer valid due to an increase in cost and a reduction in the expected benefits? A. To discontinue the project B. To update the business case to determine the relevance of the project C. To complete the project at the earliest D. To obtain reapproval for budget excess
B. To update the business case to determine the relevance of theproject Explanation: It is important to update the business case per the current scenarioand to determine whether the project is still viable.
The most effective testing method for the initial phase of prototyping is which of the following? A. Bottom-up testing B. Top-down testing C. Interface testing D. Unit testing
B. Top-down testing Explanation: The most effective testing method for the initial phase ofprototyping is the top-down approach. Top-down testing begins with thesystem's major functionality and gradually moves to other functionality. Inprototyping, more emphasis is given to major functionality such as screens andreports, thereby covering most of the proposed system's features in a shortperiod.
A major benefit of using prototyping for system development is which of the following? A. More emphasis on system controls B. More emphasis on stringent change management processes C. A reduction in deployment time D. More emphasis on stringent approval processes
C. A reduction in deployment time Explanation: In the prototyping approach, the system is developed through thetrial-and-error method. A prototype is basically a preliminary version of a systemto test a concept, process, or any assumptions about functionality, design, or theinternal logic. A prototype model helps to save a considerable amount of timeand expenditure for the organization. One of the potential risks of the prototypeapproach is that the finished system may not have adequate controls comparedto the traditional system development approach. The prototype approachprovides more emphasis on user requirements. In prototyping, there are frequentchanges made to the designs and requirements and hence they are seldomdocumented or approved.
The technique used by banks for the prevention of transposition and transcription mistakes, thus ensuring the integrity of bank account numbers allotted to customers, is which of the following? A. Limit checks B. Parity bits C. Check digits D. Range checks
C. Check digits Explanation: A check digit is a form of redundancy check used for error detectionon identification numbers. It helps to ensure that the original data is nottampered with or altered. Check digits help to prevent transposition andtranscription errors. A check digit is a mathematically calculated value that isadded to data to ensure that the original data has not been altered.
The prime objective of assigning process ownership in a system development project is to do which of the following? A. Help in keeping an eye on the completion of the project. B. Help in efficient and effective UAT. C. Ensure that project requirements are aligned with business needs. D. Minimize the impact of scope creep.
C. Ensure that project's requirements are aligned with business needs Explanation: The involvement of the process owner in the system developmentproject is to ensure that the requirements of the project are aligned with businessneeds. It is very important to have the sign-off from the process owner before theimplementation of the project. Other options are not the prime objective.
Which of the following techniques is used to estimate the size of software having many linked modules and different attribute fields? A. SLOC B. PERT C. FPA D. Gantt charts
C. FPA Explanation: FPA is an indirect technique to estimate the size of software.Function points are a unit of measurement for software size, just as time ismeasured in hours and distance is measured in miles. To arrive at the functionpoint, different factors are considered, such as the complication of the design,input, processing, outputs, modules, and their interactions. FPA is moreconsistent and reliable than SLOC.SLOC is a traditional way of estimating software size on the basis of a singleparameter, such as the number of lines of code. However, this may not beeffective in the case of complex systems with functionality other than codes. Suchfunctionality could include diagrams, objects, database queries, or graphical userinterfaces.PERT and Gantt charts are techniques for determining and monitoring projectduration.
The greatest risk in a combined QAT and UAT during the final acceptance test is: 0/1 A. High cost of test B. Insufficient documentation C. Insufficient functional testing D. The report may be delayed
C. Insufficient functional testing Explanation: The greatest risk in a combined QAT and UAT during the finalacceptance test is insufficient functional testing. Combining the tests may resultin skipping some of the functional requirements. Other options are not assignificant as insufficient functional tests.
Business process reengineering aims to achieve which of the following? A. Keep the business processes stable. B. Train the new employees. C. Improve the performance of products and services. D. Reduce the resource demands.
C. It aims to improve the performance of products and services Explanation: Reengineering is the process of updating a system to enhance thesystem functionality to make the system better and more efficient. A reduction ofresource requirements may be the outcome of business process reengineering,but the ultimate objective is to improve the performance of the product andservice.
A DSS does which of the following? A. Focuses on the highly structured problems B. Supports only the top management requirements C. Emphasizes flexibility in the user's approach to decision-making D. Fails to support unstructured problems
C. It emphasizes flexibility in the user's approach to decision-making Explanation: DSS puts emphasis on flexibility in the users' approach to decisionmaking. The characteristics of DSS are given as follows:It supports decisions that are semi-organized or less organized.It uses methods that include traditional data access and retrievalfunctions.It is flexible and functional in terms of changing environments and theuser's approach to decision making.
Which of the following is the best control to address input errors? A. The hash total B. The run-to-run total C. Limit checks D. Daily reconciliation
C. Limit checks Explanation: Limit checks restrict the data input up to certain predefined limits.Data is checked for certain limits, either upper or lower, as in, the numberentered should not be greater than 100. A limit check is an input control. It is apreventive control to restrict invalid input into the system. It ensures that onlydata within the predefined limit can enter the system. All other options arecontrols that address the output.
The methodology for quick development at a reduced cost while ensuring high quality is which of the following? A. The Waterfall method B. PERT C. RAD D. FPA
C. RAD Explanation: The objective of RAD is the quick development of a system whilereducing costs and ensuring quality. RAD relies on a prototype that can befrequently updated to address the ever-changing user or business requirements.The waterfall method is a traditional method that is comparatively costly andtime-consuming. PERT and FPA are not the system development methodology.PERT is a system development evaluation tool while FPA is a softwareestimation method.
The most important consideration in a business case is which of the following? A. The cost of the project B. The resource requirements for the project C. The ROI of the project D. The security requirements of the project
C. ROI of the project Explanation: The business case is a justification for the proposed project. Thebusiness case is prepared to justify efforts and investment in a proposedproject. The proposed ROIs along with the expected benefits are the mostimportant considerations for decision-making in any new project.
Unit testing shows that individual modules function correctly. The IS auditor should: A. Conclude that the system as a whole can produce the results stated. B. Report the test result as a symbol of the functionality of the program. C. Review integrated test findings. D. Carry out the test again to validate the results.
C. Review integrated test findings Explanation: After the unit test, the next phase is the interface or integration test.Integration testing tests the integration of or connection between two or moresystem components. The purpose of the integration test is to validate the accurateand correct information flow between the systems.
The technique to prevent duplication of a voucher during data entry is which of the following? A. Limit checks B. Check digits C. Sequence checks D. Range checks
C. Sequence checks Explanation: Sequence checks involve testing a list of items or files of records forthe correct ascending or descending sequence based on predefined requirements.It checks whether vouchers are in sequence and thus prevents the duplication ofthe vouchers.
Which of the following is a technique to enhance the system by extracting and reusing design and program components? A. Regression B. Agile development C. Software reengineering D. Reverse engineering
C. Software reengineering Explanation: Software reengineering and business process reengineering are theprocesses of updating a system or process to enhance the system functionality tomake the system or processes better and more efficient. Reverse engineering isthe process of detailed analysis and study of a system with the objective ofdeveloping a similar system.
An IS auditor noted a system vulnerability. To address all the undetected vulnerabilities, which of the following tests is recommended? A. Integration testing B. Stress testing C. System testing D. Security testing
C. System testing Explanation: System testing tests the entire system's capabilities. It covers end-toend system specifications. It covers functionality tests, recoverability tests,security tests, load tests, volume tests, stress tests, and performance tests. Theobjective of the system test is to evaluate the reliability of the entire software.
Which of the following should be revalidated first when planning to add more personnel to the project to reduce the completion time? A. The project budget B. The project manager's performance C. The critical path of the project D. The number of existing resources
C. The critical path of the project Explanation: CPM is used to estimate the duration of the project. Any project willhave a minimum of one critical path. A critical path is determined by identifyingthe longest path of the dependent activities. The time required to finish thecritical path is the shortest possible time required for finishing the project. Noslack time will be available for the activities on the critical path. If the addition ofnew resources is unable to shorten the critical path, new resources will have noimpact on the overall project duration. Other paths may be shortened, but thiswill result in slack time and the overall project duration will not be shortened.Hence it is necessary to revalidate the critical path of the project first.
In which of the following phases should a proper plan and strategy for new systems be developed? A. The testing phase B. The development phase C. C. The design phase D. The implementation phase
C. The design phase Explanation: The implementation process affects the design of the system. Henceit is recommended to consider and plan for implementation during the designphase itself.
The main risk of using a DSS is which of the following? A. It does not support semi-structured problems. B. The cost of implementing the system. C. The inability to specify purpose and usage patterns. D. The constant change in decision-making processes.
C. The inability to specify the purpose and usage patterns Explanation: The inability to define objective and usage patterns is a risk to beexpected by developers when implementing a DSS.
On the evaluation of a 4-day project of 32 hours (8 hours per day), the IS auditor noted that at the end of day 1, 28 hours of work is still pending. The IS auditor should report which of the following? A. That the project is in accordance with the schedule B. That the project is ahead of schedule C. That the project is behind schedule D. That the project will be difficult to be completed
C. The project is behind schedule Explanation: EVA is based on the assumption that a project canreasonably be completed within the time frame allotted. So if a project is allotted32 hours (4 days with 8 hours per day) and at the end of the day, 28 hours ofwork is still is pending, then the work completed is only 4 hours on the first day,against the schedule of 8 hours. Hence, the project is behind schedule.
The IS auditor's primary focus during post-implementation review is: A. To determine appropriate documentation of user feedback B. To determine whether the return on investment is being measured C. To determine the operating effectiveness of the controls built into the system D. To review change management procedures
C. To determine the operating effectiveness of the controls built intothe system Explanation: From the IS audit perspective, an IS auditor's prime focus should beon determining the adequacy and effectiveness of the controls built into thesystem. Other options are important but a more significant area of focus shouldbe the effectiveness of the controls built into the system.
Which of the following is the main objective for conducting a system test? A. To determine security controls B. To document the system's functionality C. To evaluate the functioning of the system D. To determine cost of the system versus the approved budget
C. To evaluate the functioning of the system Explanation: System testing tests the complete and full system capabilities. Itcovers end-to-end system specifications. It covers functionality test,recoverability test, security test, load test, volume test, stress test andperformance test. Objective of the system test is to evaluate the reliability of thecomplete software.
The most effective method for conducting stress tests is: A. Using test data within the test environment B. Using live data within the production environment C. Using live data within the test environment D. Using test data within the production environment
C. Using live data within the test environment Explanation: It is always advisable to use live data in a test environment. Testdata should be designed so that it is as similar as possible to the live workloadfor accurate test results. In any given scenario, the test environment shouldalways be used (that is, tests should not be conducted in a live/productionenvironment).
A major limitation of the Agile software development methodology is which of the following? A. A limited budget may impact the quality of the system. B. The lack of a requirements gathering process. C. The lack of a review process to identify areas of improvement. D. A lack of proper documentation due to time management.
D. A lack of proper documentation due to time management Explanation: A major limitation of the agile development approach is the lack ofdocumentation. The other options here are not correct.
A test that is conducted when a system is in development phase is: A. A sociability test B. A functionality test C. A load test D. A unit test
D. A unit test Explanation: Unit tests include tests of each separate program or module. Testingis generally conducted by developers themselves. They are conducted as andwhen a program or module is ready, and it is not necessary to wait until theentire system is completed. Unit testing is done through a white box approachwherein internal program logic is tested.
An unsuccessful result of which of the following tests has a major impact on budgeted time and cost? A. Load testing B. Interface testing C. Parallel testing D. Acceptance testing
D. Acceptance testing Explanation: Generally, in a system development life cycle, unit testing isconducted first. It is followed by integrated testing, system testing, and finalacceptance testing. Acceptance tests include QAT and UAT. It is usually the finalstep before implementation of the system. If the acceptance test indicates asystem failure, then this may lead to major schedule delays and cost overruns.The effect of failure in other tests, such as unit, interface, and system tests, is lessthan with acceptance testing.
Parity bits are implemented to validate which of the following? A. Data confidentiality B. The data source C. Data availability D. Data completeness
D. Data completeness Explanation: Parity bits are used to verify complete and accurate datatransmission. Parity bits are used as the simplest form of error-detecting codewhen data is transferred from one computer to another. An extra bit is added tothe data in such a way that the total number of 1 bits in the data string is eithereven or odd. This extra bit is called a parity bit. This parity is then verified by thereceiving computer to validate the data accuracy and completeness duringtransmission.
A major benefit of component-based system development is which of the following? A. It supports multiple data types. B. It supports complex relationships. C. It supports the demands of a changing environment. D. It supports multiple development environments.
D. It supports multiple development environments Explanation: In component-based development, ready-made components(objects) are assembled together to design and develop a specific application. Asdevelopers are not required to write programming code, they can concentrate onbusiness functionality. Component-based development supports multipledevelopment environments. Components can interact with each otherirrespective of their programming language.
The purpose of regression testing is to decide if: A. A new or modified system will operate without having an impact on the existing system. B. The flow of data between two or more systems is accurate and correct. C. It meets new requirements. D. No new errors were introduced within the unchanged code.
D. No new errors were introduced within the unchanged code. Explanation: Regression testing is performed to ensure no errors have beenintroduced in improvements or corrections. Sociability testing is performed toensure the new or changed system will operate without affecting the existingsystem.
The best technique to prioritize project activities and to determine the timeline for each activity is which of the following? A. SLOC B. FPA C. Gantt charts D. Program evaluation and review techniques
D. PERT Explanation: PERT is a technique for estimating project duration. PERT isconsidered more accurate and appropriate compared to CPM for estimations ofproject duration. Gantt charts are primarily used to monitor the progress of theproject. SLOC and FPA are techniques to estimate software size.
The best method to find transmission mistakes by adding an extra bit at the end of segment is which of the following? A. Parity bits B. Checksums C. Validation control D. Redundancy checks
D. Redundancy checks Explanation: Parity checks, checksums, and cyclic redundancy are used to verifyand validate complete and accurate data transmission. However,CRCs/redundancy checks involve applying complex mathematical calculationsand are more accurate than parity bits and checksums.
Which of the following techniques helps to detect errors in a network transmission? A. Parity bits B. Checksums C. Validation control D. Redundancy checks
D. Redundancy checks Explanation: Parity checks, checksums, and cyclic redundancy are used to verifyand validate complete and accurate data transmission. However,CRCs/redundancy checks involve applying complex mathematical calculationsand are more accurate than parity bits and checksums. CRCs can check for ablock of transmitted data. The sending computer generates the CRC andtransmits it with the data. The receiving machine again generates a CRC andcompares it to the transmitted CRC. If both of them are equal, then the block isassumed error-free.
A technique to study and analyze an application or a system, and to use that information to develop a similar system, is known as which of the following? A. Business process reengineering B. Agile development C. Software reengineering D. Reverse engineering
D. Reverse engineering Explanation: Reverse engineering is the process of detailed analysis and study ofa system with the objective of developing a similar system. Softwarereengineering and business process reengineering are the processes of updating asystem or process to enhance the system functionality to make the system orprocesses better and more efficient.
The IS auditor noted that a project that is more than 75% complete has already overrun by 20%, with costs increasing by 30%. Which of the following is the first course of action for the IS auditor? A. Recommend the adoption of effective project management practices B. Recommend reviewing the capability of the project manager C. Determine the complexity of the project D. Review the business case and project management
D. Review the business case and project management Explanation: The first step of an IS auditor is to review the business case todetermine the expected benefits of the project and review the factors thatcontributed to schedule overruns and excess budget expenditure. On the basis ofthis review, the auditor should make relevant recommendations.
One of the important characteristics of the Agile approach is which of the following? A. A systematic review after the completion of each iteration to identify areas of improvement B. Systematic and detailed planning before writing a program C. The use of software development tools to improve productivity D. Detailed documentation
D. Reviews at the end of each iteration to identify lessons learned foruse in future projects Explanation: As we are aware, the dictionary definition of agile is 'able to movequickly and easily.' In the Agile method, the programmer does not spend muchtime on documentation. They are allowed to write their program straight away.The objective of the Agile approach is to produce releasable software in shortiterations without giving much importance to formal, paper-based deliverables.Once each iteration is completed, emphasis is placed on what went well andwhere there is scope for improvement in the following iterations. Agile is one ofthe most preferable approaches for programmers as it saves them from a lot ofplanning, paperwork, and approvals.
Which of the following is the greatest concern about acceptance testing? A. The objective of the test is not documented. B. The result of the test is not documented. C. Test data is not reviewed. D. There maybe major unsolved issues.
D. There may be major unsolved issues. Explanation: The main concern will be major issues that have not yet beenaddressed. The other options are not as critical as major unsolved issues.
Which of the following is the main objective of a post-implementation review? A. Documentation of lessons learned B. Identification of future enhancements C. To determine timely delivery of the project D. To determine whether project objectives have been met
D. To determine whether the project objectives have been met Explanation: The main objective of performing a post-implementation review isto determine the project's overall success and its impact on the business. If theproject's objectives have been successfully achieved, it indicates success of theproject. Although the other options are important, it is more important todetermine whether the project's objectives have been met.
The prime objective of evaluating a project using the capability maturity model is which of the following? A. To ensure the reliability of the product B. To improve the programmers' efficiency C. To design security requirements D. To ensure a stable software development process
D. To ensure a stable software development process Explanation: CMM enables an auditor to determine whether the organizationfollows a stable process of software development. CMM does not support theother options.
Which of the following is the PRIMARY purpose of conducting parallel testing? A. To determine the budget versus the actual cost B. To record the functionalities of the program C. To highlight errors in the program logic D. To validate device functionality with user specifications
D. To validate device functionality with user specifications Explanation: Parallel testing involves the testing of a new system and comparingthe results of the new system with that of the old system. The objective of paralleltesting is to ensure that the new system meets the requirements of the user.
For prototype-based system development, the most effective test approach is: A. Bottom-up B. Load C. Stress D. Top-down
D. Top-down Explanation: In the top-down approach, the test starts at the broad system leveland moves toward separate programs and modules. One benefit of the top-downapproach is early detection of interface errors. The top-down approach is bestsuited for prototype-based system development. A prototype is a sample modelof an actual system to be implemented. The objective of the prototype is to createmajor functionality such as system screens and in a short period of time. The topdown design approach is most successful for the development of prototypes.
The approach to unit testing is: A. Top-down B. Black box C. Bottom-up D. White box
D. White box Explanation: In white box testing, program logic is verified. To conduct whitebox testing, appropriate knowledge of programming language is a must. Whitebox testing is generally conducted during unit testing.
The test that verifies that changes in Windows Registry have not adversely affected the performance of any other features is: A. Regression testing B. Unit testing C. Integrated testing D. Parallel testing
The objective of a regression test is to confirm that a recent changehas not introduced any new faults and other existing features are workingcorrectly.
