CISA Domain 3 Missed Questions: Information Systems Development and Implementation; Information Systems Implementation
11 views 0 purchase
Course
CISA Domain 3: Information System Development and
Institution
CISA Domain 3: Information System Development And
CISA Domain 3 Missed Questions: Information Systems Development and Implementation; Information Systems Implementation|When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST ensure that:
a clear business case has been approved by management.
corporate security...
, CISA Domain 3 Missed Questions: Information
Systems Development and Implementation; Information
Systems Implementation
When auditing the proposed acquisition of a new computer system, an IS auditor should
FIRST ensure that:
a clear business case has been approved by management.
corporate security standards will be met.
users will be involved in the implementation plan.
the new system will meet all required user functionality. - Ans A is the correct answer.
Justification
The first concern of an IS auditor is to ensure that the proposal meets the needs of the
business. This should be established by a clear business case.
Compliance with security standards is essential, but it is too early in the procurement pro-
cess for this to be an IS auditor's first concern.
Having users involved in the implementation process is essential, but it is too early in the
procurement process for this to be an IS auditor's first concern.
Meeting the needs of the users is essential, and this should be included in the business
case presented to management for approval.
An IS auditor reviewing a proposed application software acquisition should ensure that the:
operating system (OS) being used is compatible with the existing hardware platform.
planned OS updates have been scheduled to minimize negative impacts on company
needs.
OS has the latest versions and updates.
product is compatible with the current or planned OS. - Ans D is the correct answer.
Justification
If the OS is currently being used, it is compatible with the existing hardware platform; if it
were incompatible, it would not operate properly.
The planned OS updates should be scheduled to minimize negative impacts on the organi-
zation, but this is not an issue when considering the acquisition of new software.
The installed OS should be equipped with the most recent versions and updates (with suf-
ficient history and stability). Because this is installed, it is not a consideration at the time of
considering acquisition of a new application.
In reviewing the proposed application, the auditor should ensure that the products to be
purchased are compatible with the current or planned OS.
A company has implemented a new client-server enterprise resource planning (ERP) sys-
tem. Local branches transmit customer orders to a central manufacturing facility. Which of
the following would BEST ensure that the orders are processed accurately, and the corre-
sponding products are produced?
Verifying production of customer orders
Logging all customer orders in the ERP system
Using hash totals in the order transmitting process
Approving (production supervisor) orders prior to production - Ans A is the correct answer.
Justification
Verification of the products produced will ensure that the produced products match the or-
ders in the order system.
Logging can be used to detect inaccuracies but does not, in itself, guarantee accurate pro-
cessing.
, Hash totals will ensure accurate order transmission, but not accurate processing centrally.
Production supervisory approval is a time consuming, manual process that does not guar-
antee proper control.
Question
Once an organization has finished the business process reengineering (BPR) of all its criti-
cal operations, an IS auditor would MOST likely focus on a review of:
pre-BPR process flowcharts.
post-BPR process flowcharts.
BPR project plans.
continuous improvement and monitoring plans. - Ans B is the correct answer.
Justification
An IS auditor must review the process as it is today, not as it was in the past.
An IS auditor's task is to identify and ensure that key controls have been incorporated into
the reengineered process.
Business process reengineering (BPR) project plans are a step within a BPR project.
These are steps within a BPR project.
Which of the following will BEST ensure the successful offshore development of business
applications?
Stringent contract management practices
Detailed and correctly applied specifications
Awareness of cultural and political differences
Post-implementation review - Ans B is the correct answer.
Justification
Contract management practices, although important, will not ensure successful develop-
ment if the specifications are incorrect.
When dealing with offshore operations, it is essential that detailed specifications be cre-
ated. Language differences and a lack of interaction between developers and physically
remote end users could create gaps in communication in which assumptions and modifica-
tions may not be adequately communicated. Inaccurate specifications cannot easily be
corrected.
Cultural and political differences, although important, should not affect the delivery of a
good product.
This, although important, is too late in the process to ensure successful project delivery
and is not as pivotal to the success of the project.
During the review of a web-based software development project, an IS auditor realizes that
coding standards are not enforced, and code reviews are rarely carried out. This will
MOST likely increase the likelihood of a successful:
buffer overflow.
brute force attack.
distributed denial-of-service attack,.
war dialing attack. - Ans A is the correct answer.
Justification
Poorly written code, especially in web-based applications, is often exploited by hackers us-
ing buffer overflow techniques.
This is used to crack passwords, but this is not related to coding standards.
This floods its target with numerous packets, to prevent it from responding to legitimate re-
quests. This is not related to coding standards.
This uses modem-scanning tools to hack private branch exchanges or other telecommuni-
cations services.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller dennys. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.49. You're not tied to anything after your purchase.
