Domain 3 - IS Acquisition, Dev, & Implementation

Question 1

Methods that estimate project duration or timelines

Answer 1

PERT/CPM (PERT is first preference)

Question 2

What helps schedule/monitor progress of a project (simply)?

Answer 2

Gantt chart

Question 3

What helps monitor the progress of a project with detail around budget/actual/estimates?

Answer 3

EVA - earned value analysis

Question 4

What technique estimates the size of software development efforts? (Indirect measure)

Answer 4

FPA (function point analysis)

Question 5

What prevents cost overruns and delivery delays?

Answer 5

Timebox management

Question 6

Zero slack time =

Answer 6

Overall completion time - time for activity

(Critical activity)

Question 7

Which phase should a proper plan and strategy for new systems be developed ?

Answer 7

The design phase

Question 8

Scope creep

Answer 8

Uncontrolled project scope due to continuous changes in project requirements
- major factor in project failure

Question 9

Waterfall approach

Answer 9

-Most common method of software development
-for stable and well defined projects
-after completion of each stage, testing is done before moving on to next stage

Question 10

System development life cycle (SDLC) phases

Answer 10

1) feasibility study
2) requirements definition
3A) software selection & acquisition (purchased systems)
3B) design (in-house development)
4A) configuration (purchased)
4B) development (in-house)
5) final testing and implementation
6) post implementation review

Question 11

What develops systems quickly while reducing costs and maintaining quality ?

Answer 11

RAD - rapid application development

Question 12

Prototypes (RAD approach)

Answer 12

Provides time and costs savings

Question 13

Most effective testing method for prototype

Answer 13

Top down approach

Question 14

Major risk to agile development

Answer 14

Lack of documentation

Question 15

Major benefit of (OOSD) object oriented system development

Answer 15

Ability to reuse objects/modules

Question 16

OOSD Polymorphism

Answer 16

Same message is interpreted differently 2 or more objects

Question 17

OOSD encapsulation

Answer 17

Permits enhanced degree of security over data

Question 18

Difference between reengineering and reverse engineering

Answer 18

Reengineering- updates a system
Reverse engineering- produces a similar system

Question 19

Major benefit of component based development ?

Answer 19

Ability to support multiple development environments

Question 20

Important characteristic to the agile approach

Answer 20

A systematic review after the completion of each iteration to identify areas of improvement

Question 21

The prototyping approach is used to design:

Answer 21

Screens, interactive edits, and sample reports

Question 22

What detects transposition and transcription errors and ensure data accuracy ?

Answer 22

Check digit

Question 23

What detects transmission errors and ensures data integrity and COMPLETENESS?

Answer 23

Parity Bit

Question 24

What is the same as parity bit but used for more complex errors?

Answer 24

Checksum

Question 25

Most advanced version of parity and checksum

Answer 25

CRC cyclical redundancy checksums

Question 26

Forward error control

Answer 26

Same as CRC but corrects the error Objective - to correct data transmission error

Question 27

Automated system balancing

Answer 27

Reconciles total input and total output; helps determine if any transactions are lost during processing

Question 28

Data integrity principles of ACID

Answer 28

Atomicity Consistency Isolation Durability

Question 29

Atomicity

Answer 29

Transaction is processed completely or not at all

Question 30

Consistency

Answer 30

All integrity conditions applied to each transaction

Question 31

Isolation

Answer 31

Each transaction should be separated from other transactions

Question 32

Durability

Answer 32

Database should be resilient enough to survive any system failure

Question 33

What is best to prevent duplication of vouchers during data entry

Answer 33

Sequence check

Question 34

DSS (decision support system) enables

Answer 34

Flexibility in the users approach to decision-making

Question 35

Main risk of DSS

Answer 35

Inability to specify purpose and usage patterns

Question 36

When reviewing the DSS, an IS auditor should be most concerned with

Answer 36

The level of skills and experiences contains in the knowledge base

Question 37

White box approach

Answer 37

-Applied in unit testing -Testing of internal program logic

Question 38

Recovery testing

Answer 38

Checking systems ability to recover after a hardware or software failure

Question 39

Security testing

Answer 39

Testing of appropriate access control and other security measures

Question 40

Load testing

Answer 40

Testing of performance of systems during peak hours (processing large quantity of data)

Question 41

Volume testing

Answer 41

Testing to determine max volume of records/data the application can handle

Question 42

Stress testing

Answer 42

Testing to determine the max number of concurrent users/services the application can process -best to use live data in a test environment

Question 43

Performance testing

Answer 43

Comparing the performance of the system to other equivalent systems using well defined benchmarks

Question 44

Regression testing

Answer 44

Ensures changes or corrections in a program have not introduced new errors

Question 45

Sociability testing

Answer 45

Ensures new or modified system can work in a specific environment w/o greatly impacting the existing system

Question 46

Parallel testing

Answer 46

Ensures implementation of new system meets user requirements

Question 47

Parallel changeover (cutover)

Answer 47

-When both a new and old system are running simultaneously to test reliability and performance of new system before discontinuing old. -greatest redundancy (duplication)

Question 48

Abrupt (direct) changeover

Answer 48

New system is implemented and old system is taken off immediately; riskiest changeover

Question 49

Checksum ensures

Answer 49

Integrity

Question 50

Stress testing should be carried out in a:

Answer 50

Test environment using live workloads

Question 51

Unit testing

Answer 51

Development stage / white box approach

Question 52

Integrated/interface testing

Answer 52

Testing of 2 or more modules or components that pass info from one area to another (connection)

Question 53

System testings (6)

Answer 53

Recovery, security, load, volume, stress, performance

Question 54

Hash totals

Answer 54

Help detect errors in data processing; indicates an error in data integrity

Question 55

Functional acknowledgments

Answer 55

One of the main controls used in data mapping; acts as an audit trail for EDI transactions

Question 56

3 primary dimensions of a project

Answer 56

Deliverables Allocated resources Delivery time

Question 57

EUCs may not be subject to

Answer 57

Testing and IT general controls

Question 58

When using agile development, what should be found during review

Answer 58

Postiteration reviews that identify lessons learned for future use in the project