Domain 3: Information Systems Acquisition, Development, and Implementation - PART 3B

Question 1

An advantage in using a bottom-up vs. a top-down approach to software testing is that:

Answer 1

errors in critical modules are detected earlier.

Question 2

An advantage of using sanitized live transactions in test data is that:

Answer 2

test transactions are representative of live processing.

Question 3

At the completion of a system development project, a post-project review should include which of the following?

Answer 3

Identifying lessons learned that may be applicable to future projects

Question 4

At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has NOT been corrected. No action has been taken to resolve the error. The IS auditor should:

Answer 4

recommend that problem resolution be escalated.

Question 5

Change control for business application systems being developed using prototyping could be complicated by the:

Answer 5

rapid pace of modifications in requirements and design.

Question 6

A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing system developed in-house. In reviewing the proposed development approach, which of the following would be of GREATEST concern?

Answer 6

A quality plan is not part of the contracted deliverables.

Question 7

During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely:

Answer 7

review access control configuration.

Question 8

During a postimplementation review, which of the following activities should be performed?

Answer 8

Return on investment analysis

Question 9

During the development of an application, quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be:

Answer 9

improper acceptance of a program.

Question 10

During the requirements definition stage of a proposed enterprise resource planning system, the project sponsor requests that the procurement and accounts payable modules be linked. Which of the following test methods would be the BEST to perform?

Answer 10

Integration testing

Question 11

During the system testing phase of an application development project the IS auditor should review the:

Answer 11

error reports.

Question 12

During which of the following phases in system development would user acceptance test plans normally be prepared?

Answer 12

Requirements definition

Question 13

During which phase of software application testing should an organization perform the testing of architectural design?

Answer 13

Integration testing

Question 14

An enterprise is developing a new procurement system, and things are behind schedule. As a result, it is proposed that the time originally planned for the test phase be shortened. The project manager asks the IS auditor for recommendations to mitigate the risk associated with reduced testing. Which of the following is a suitable risk mitigation strategy?

Answer 14

Test and release a pilot with reduced functionality.

Question 15

A failure discovered in which of the following testing stages would have the GREATEST impact on the implementation of new application software?

Answer 15

Acceptance testing

Question 16

From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is:

Answer 16

a deployment plan based on sequenced phases.

Question 17

Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:

Answer 17

existence of a set of functions and their specified properties.

Question 18

The GREATEST advantage of rapid application development over the traditional system development life cycle is that it:

Answer 18

shortens the development time frame.

Question 19

Ideally, stress testing should be carried out in a:

Answer 19

test environment using live workloads.

Question 20

An IS audit group has been involved in the integration of an automated audit tool kit with an existing enterprise resource planning system. Due to performance issues, the audit tool kit is not permitted to go live. What should the IS auditor’s BEST recommendation be?

Answer 20

Review the results of stress tests during user acceptance testing.

Question 21

An IS auditor finds that a system under development has 12 linked modules and each item of data can carry up to 10 definable attribute fields. The system handles several million transactions a year. Which of these techniques could an IS auditor use to estimate the size of the development effort?

Answer 21

Function point analysis

Question 22

An IS auditor finds that user acceptance testing of a new system is being repeatedly interrupted by defect fixes from the developers. Which of the following would be the BEST recommendation for an IS auditor to make?

Answer 22

Consider the feasibility of a separate user acceptance environment.

Question 23

An IS auditor has been asked to review the implementation of a customer relationship management system for a large organization. The IS auditor discovered the project incurred significant over-budget expenses and scope creep caused the project to miss key dates. Which of the following should the IS auditor recommend for future projects?

Answer 23

A software baseline

Question 24

An IS auditor is involved in the reengineering process that aims to optimize IT infrastructure. Which of the following will BEST identify the issues to be resolved?

Answer 24

Gap analysis

Question 25

An IS auditor is reviewing an enterprise’s system development testing policy. Which of the following statements concerning use of production data for testing would the IS auditor consider to be MOST appropriate?

Answer 25

Senior IS and business management must approve use before production data can be used for testing.

Question 26

An IS auditor is reviewing a project for the implementation of a mission-critical system and notes that, instead of parallel implementation, the team opted for an immediate cutover to the new system. Which of the following is the GREATEST concern?

Answer 26

The implementation phase of the project has no back out plan.

Question 27

An IS auditor is reviewing a project that is using an agile software development approach. Which of the following should the IS auditor expect to find?

Answer 27

Post iteration reviews that identify lessons learned for future use in the project

Question 28

The IS auditor is reviewing a recently completed conversion to a new enterprise resource planning system. In the final stage of the conversion process, the organization ran the old and new systems in parallel for 30 days before allowing the new system to run on its own. What is the MOST significant advantage to the organization by using this strategy?

Answer 28

Assurance that the new system meets functional requirements

Question 29

An IS auditor is reviewing system development for a health care organization with two application environments—production and test. During an interview, the auditor notes that production data are used in the test environment to test program changes. What is the MOST significant potential risk from this situation?

Answer 29

The test environment may not have adequate access controls implemented to ensure data confidentiality.

Question 30

An IS auditor is reviewing the software development process for an organization. Which of the following functions are appropriate for the end users to perform?

Answer 30

Program output testing

Question 31

An IS auditor’s PRIMARY concern when application developers wish to use a copy of yesterday’s production transaction file for volume tests is that:

Answer 31

unauthorized access to sensitive data may result.

Question 32

The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as:

Answer 32

decision trees.

Question 33

A legacy payroll application is migrated to a new application. Which of the following stakeholders should be PRIMARILY responsible for reviewing and signing-off on the accuracy and completeness of the data before going live?

Answer 33

Data owner

Question 34

An organization is implementing a new system to replace a legacy system. Which of the following conversion practices creates the GREATEST risk?

Answer 34

Direct cutover

Question 35

An organization is migrating from a legacy system to an enterprise resource planning system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:

Answer 35

correlation of semantic characteristics of the data migrated between the two systems.

Question 36

An organization is replacing a payroll program that it developed in-house, with the relevant subsystem of a commercial enterprise resource planning (ERP) system. Which of the following would represent the HIGHEST potential risk?

Answer 36

Faulty migration of historical data from the old system to the new system

Question 37

An organization recently deployed a customer relationship management application that was developed in-house. Which of the following is the BEST option to ensure that the application operates as designed?

Answer 37

Post- implementation review

Question 38

The PRIMARY objective of conducting a post-implementation review for a business process automation project is to:

Answer 38

ensure that the project meets the intended business requirements.

Question 39

The PRIMARY objective of performing a postincident review is that it presents an opportunity to:

Answer 39

improve internal control procedures.

Question 40

The PRIMARY purpose of a post- implementation review is to ascertain that:

Answer 40

project objectives have been met.

Question 41

A project development team is considering using production data for its test deck. The team removed sensitive data elements from the bed before loading it into the test environment. Which of the following additional concerns should an IS auditor have with this practice?

Answer 41

Not all functionality will be tested.

Question 42

Regression testing is undertaken PRIMARILY to ensure that:

Answer 42

applied changes have not introduced new errors.

Question 43

Results of a post-implementation review indicate that only 75 percent of the users can log in to the application concurrently. Which of the following could have BEST discovered the identified weakness of the application?

Answer 43

Load testing

Question 44

A small company cannot segregate duties between its development processes and its change control function. What is the BEST way to ensure that the tested code that is moved into production is the same?

Answer 44

Release management software

Question 45

The specific advantage of white box testing is that it:

Answer 45

determines procedural accuracy or conditions of a program’s specific logic paths.

Question 46

What is the BEST method to facilitate successful user testing and acceptance of a new enterprise resource planning payroll system that is replacing an existing legacy system?

Answer 46

Parallel testing

Question 47

What is the PRIMARY reason that an IS auditor would verify that the process of post-implementation review of an application was completed after a release?

Answer 47

To check that the project meets expectations

Question 48

What kind of software application testing is considered the final stage of testing and typically includes users outside of the development team?

Answer 48

Beta testing

Question 49

When a new system is to be implemented within a short time frame, it is MOST important to:

Answer 49

perform user acceptance testing.

Question 50

When reviewing input controls, an IS auditor observes that, in accordance with corporate policy, procedures allow supervisory override of data validation edits. The IS auditor should:

Answer 50

ensure that overrides are automatically logged and subject to review.

Question 51

When two or more systems are integrated, the IS auditor must review input/output controls in the:

Answer 51

systems sending and receiving data.

Question 52

Which of the following BEST helps an IS auditor assess and measure the value of a newly implemented system?

Answer 52

Post- implementation review

Question 53

Which of the following carries the LOWEST risk when managing failures while transitioning from legacy applications to new applications?

Answer 53

Parallel changeover

Question 54

Which of the following has the MOST significant impact on the success of an application systems implementation?

Answer 54

The overall organizational environment

Question 55

Which of the following helps an IS auditor evaluate the quality of new software that is developed and implemented?

Answer 55

The first report of the mean time between failures

Question 56

Which of the following is an advantage of an integrated test facility (ITF)?

Answer 56

Periodic testing does not require separate test processes.

Question 57

Which of the following is an advantage of the top-down approach to software testing?

Answer 57

Interface errors are identified early.

Question 58

Which of the following is MOST critical when creating data for testing the logic in a new or modified application system?

Answer 58

Data representing conditions that are expected in actual processing

Question 59

Which of the following is of GREATEST concern to an IS auditor when performing an audit of a client relationship management (CRM) system migration project?

Answer 59

A single implementation is planned, immediately decommissioning the legacy system.

Question 60

Which of the following is the BEST approach to ensure that sufficient test coverage will be achieved for a project with a strict end date and a fixed time to perform testing?

Answer 60

Requirements should be tested in terms of importance and frequency of use.

Question 61

Which of the following is the BEST indicator that a newly developed system will be used after it is in production?

Answer 61

User acceptance testing

Question 62

Which of the following is the PRIMARY purpose for conducting parallel testing?

Answer 62

To ensure the new system meets user requirements

Question 63

Which of the following software testing methods provides the BEST feedback on how software will perform in the live environment?

Answer 63

Beta testing

Question 64

Which of the following system and data conversion strategies provides the GREATEST redundancy?

Answer 64

Parallel run

Question 65

Which of the following test techniques would the IS auditor use to identify specific program logic that has not been tested?

Answer 65

Mapping

Question 66

Which of the following types of testing would determine whether a new or modified system can operate in its target environment without adversely impacting other existing systems?

Answer 66

Sociability testing

Question 67

Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?

Answer 67

Top-down testing