Domain 3: Information Systems Acquisition and Development

Question 1

What are the three project management structures?

Answer 1

Functional, Project and Matrix

Question 2

Who is responsible for approving and prioritising projects?

Answer 2

The IT steering committee

Question 3

What is the role of the IT strategy committee?

Answer 3

To guide and recommend the BoD on IT initatives.

Question 4

What are three types of code size evaluation?

Answer 4

SLOC, FPA and COCOMO

Question 5

What is CPM?

Answer 5

Critical path methodology. It is a project evaluation method which uses a critical path that is made up of the tasks that are longest to complete

Question 6

What is PERT?

Answer 6

Program Evaluatoin Review Technique. Another project evaluation method which considers three differe scenarios. Optimistic (best), pessimistic (worst) and normal (most likely).

Question 7

What are two proccess that should take place prior to the beginning of a project?

Answer 7

Business Case and Feasibility analysis

Question 8

What are all the elements in feasibility study report?

Answer 8

Scope, current process, requirements, approach, evaluation and review

Question 9

What is scope creep?

Answer 9

Scope creep refers to an uncontrolled project scope due to continuous changes

Question 10

What happens in the Feasibility Study phase? (SDLC Phases)

Answer 10

It is the first phase. The expected benefits are outlined against the cost of the implementation.

Question 11

What happens in the requirements phase? (SDLC Phases)

Answer 11

The second phase. Requirements of the new systems are detailed and documented.

Question 12

What happens in the Software Selection and Acquisition phase? (SDLC Phases)

Answer 12

The third phase. This should contain the architectural and technical specifications of the new system. Security requirements need to be considered.

Question 13

What happens in the development phase? (SDLC Phases)

Answer 13

The fourth phase. Development of the application takes place.

Question 14

What happens in the testing and implementation phase? (SDLC Phases)

Answer 14

The fifth phase. Unit testing, system testing and UAT are conducted

Question 15

What happens in the post-implementation phase? (SDLC Phases)

Answer 15

The sixth phase. Reviews are conducted and ROI is assessed.

Question 16

What is the objective of Agile development approach?

Answer 16

To produce releasable software in short iterations without putting too much time into paper-based deliverables

Question 17

What is a characteristic of agile?

Answer 17

Systematic review after completion of each iteration to identify areas of improvement

Question 18

What is a characteristic of waterfall approach?

Answer 18

Suitable for when requirements are well defined and do not undergo frequent changes

Question 19

What is a characteristic of a prototype approach?

Answer 19

It saves a considerable amount of time and cost but there is a risk of inadequate controls

Question 20

What development technique uses a prototype that can be frequently updated to address business requirements?

Answer 20

Rapid Application Development

Question 21

What is a benefit of object oriented development?

Answer 21

Object modules can be reused

Question 22

What makes the OOSD method enable greated security?

Answer 22

It uses encapsulation

Question 23

What is a benefit of component-based development?

Answer 23

Ability to support multiple development envrionments

Question 24

What is, check digits?

Answer 24

A check digit is an extra digit, used for error detection. It helps to ensure that original data is not tampered or altered.

Question 25

What are parity bits?

Answer 25

They are used to verify complete and accurate data transmission. Used as the simplest form of error-detecting code when data is transfered from one machine to another.

Question 26

What are checksums?

Answer 26

Similar to parity bits but have the capability to recognise multi-bit errors.

Question 27

What is forward error control?

Answer 27

Can detect errors but can also help to correct the errors on the receiving computer

Question 28

What are the four data intergirty principles?

Answer 28

Atomicity, Consistency, Isolation and Durability

Question 29

What is meant by atomicity?

Answer 29

Atomicity ensures that a process is completely fully or not processed at all. If there is an error during transfer, then it should be rolled back.

Question 30

What is meant by consistency?

Answer 30

This ensures that all integrity conditions are appliced to each transaction in a database

Question 31

What is meant by isolation?

Answer 31

This ensures that each transaction is kept seperated from other transactions

Question 32

What is meant by durability?

Answer 32

This ensures that databases are resilient to survive any system failures

Question 33

What are limit checks?

Answer 33

This is for input control. To ensure that only data within a predefinded limit can be entered to the system

Question 34

What is automated systems balancing?

Answer 34

Helps to reconcile the total input with the total output. Helps to highlight if any transactions are lost during processing.

Question 35

What is DSS?

Answer 35

The decision support system is an interactive decision-making framework. It supports semi-structured or less structured decisions. It also enables flexibility.

Question 36

What is decision trees?

Answer 36

A questionnaire based process that helps lead a user through a series of choices.

Question 37

What is unit testing?

Answer 37

Where individual units are tested. For example, Module A is tested seperately to Module B

Question 38

What is intergrated testing?

Answer 38

This is where the connections between units is tested.

Question 39

What are all the testing phases?

Answer 39

Unit testing > intergration testing > system testing and final acceptance training

Question 40

What is the testing approach for unit testing?

Answer 40

Whitebox testing

Question 41

What is the testing approach when testing the network between two or more systems?

Answer 41

Interface testing

Question 42

When conducting regression tests, what datasets should be used?

Answer 42

The same dataset as previous

Question 43

What is a benefit to bottom-up testing approach?

Answer 43

Erorrs can be found early in critical modules

Question 44

What information source is best for detecting unauthorised input from a terminal?

Answer 44

The transaction journal because it records all transaction activity which can then be compared to authorised source documents

Question 45

What is the greatest benefit in implementing an expert system?

Answer 45

Capturing the knowledge and experience of individuals in an organisation

Question 46

What is the primary benefit to intergrating a total quality management into a softdev project?

Answer 46

End-user satisfaction because this is ultimately the measure of quality for staff.

Question 47

When discovering that a IS department does not use any formal documented methodology or standards, what is the best cause of action?

Answer 47

To document the informal standards and test for compliance.

Question 48

Which stage of the SDLC represents the last phase for software baselining to occur?

Answer 48

Design phase, any changes after this should go through a formal process

Question 49

What can a control total check be used for?

Answer 49

This can be used when a system has been converted and you need to check that all the data has been converted

Question 50

What does cohesion refter to?

Answer 50

Cohesion refers to the performance of a single, dedicated function

Question 51

What does coupling refer to?

Answer 51

Coupling refers to the independce of comparable units.

Question 52

What is the most effective way to control application maintenance?

Answer 52

By obtaining user approval for program changes

Question 53

What is one of the tasks during the research stage of the benchmarking process?

Answer 53

Benchmarking partners are identified

Question 54

What control is useful in detecting the duplication of a message?

Answer 54

Digital signature’s will ensure nonrepudication and avoid dummy/duplicate messages

Question 55

What is the greatest risk within an Electronic Data Interchange environment?

Answer 55

Unauthroised transactions

Question 56

What are Run-to-run totals?

Answer 56

Run-to-run totals provide the ability to verify data values through the stages of application processing. Run-to-run total verification ensures that data read into the computer were accepted and then applied to the updating process.

Question 57

What are the benefits of an EDI system?

Answer 57

EDI enables real-time visibility into transaction status. This in turn enables faster decision-making and improved responsivenessw.

Question 58

Why would an IS auditor be most concerned with the level of experience/skills contained in the knowledge base for an expert system?

Answer 58

Decision errors based on a lack of knowledge could have a severe impact on the organisation.

Question 59

At what point is best to implement controls to prevent data loss?

Answer 59

During data preperation

Question 60

What control is best to ensure batch data is completely and accurately transferred between systems?

Answer 60

Control total

Question 61

In an AI system, why should access to the knowledge base be restricted?

Answer 61

The knowledge base contains information related certain subjects so restricting access and protecting integrity is key

Question 62

What is a trace utility used for?

Answer 62

To get a picutre of the internal memory’s content at different stages during program execution

Question 63

What is most cruical for a data warehouse?

Answer 63

Accuracy of the source data, it is a preqequisite

Question 64

For a project, requirement specifications is the ultimate responsibility of who?

Answer 64

Project sponsor

Question 65

Who assumes overall responsibility for system development projects?

Answer 65

Project steering committee