Module 4 Isa

1

The Primary function of the steering committee is: A. Reviewing user requirements and ensuring that all controls are considered. B. Strategic planning for computer installation. C. Evaluating specific project plans for systems. D. Conducting a major feasibility study, when it is required.

The Most Appropriate answer is B Strategic planning for computer installation 2

In an information processing system, specific measures were introduced to improve quality. An auditor however will not be assured of the effectiveness of these measures by: A. A perceptible reduction in problems reported by users. B. Increased satisfaction. C. An increase in the quality assurance budget. D. A reduction in the maintenance cost of the application.

The Most Appropriate answer is “C” An increase in the quality assurance budget 3

Which one of the following methodologies requires efficient system requirement analysis? A. Reverse Engineering B. The Delphi Design C. Joint application Design (JAD) D.Traditional system development life cycle.

The Most Appropriate answer is “D” Traditional system development life cycle Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. The practice, taken from older industries, is now frequently used on computer hardware and software. Software reverse engineering involves reversing a program's machine code (the string of 0s and 1s that are sent to the logic processor) back into the source code that it was written in, using program language statements. Software reverse engineering is done to retrieve the source code of a program because the source code was lost, to study how the program performs certain operations, to improve the performance of a program, to fix a bug (correct an error in the program when the source code is not available), to identify malicious content in a program such as a virus or to adapt a program written for use with one microprocessor for use with another. Reverse engineering for the purpose of copying or duplicating programs may constitute a copyright violation. In some cases, the licensed use of software specifically prohibits reverse engineering.

Someone doing reverse engineering on software may use several tools to disassemble a program. One tool is a hexadecimal dumper, which prints or displays the binary numbers of a program in hexadecimal format (which is easier to read than a binary format). By knowing the bit patterns that represent the processor instructions as well as the instruction lengths, the reverse engineer can identify certain portions of a program to see how they work. Another common tool is the disassembler. The disassembler reads the binary code and then displays each executable instruction in text form. A disassembler cannot tell the difference between an executable instruction and the data used by the program so a debugger is used, which allows the disassembler to avoid disassembling the data portions of a program. These tools might be used by a cracker to modify code and gain entry to a computer system or cause other harm. Hardware reverse engineering involves taking apart a device to see how it works. For example, if a processor manufacturer wants to see how a competitor's processor works, they can purchase a competitor's processor, disassemble it, and then make a processor similar to it. However, this process is illegal in many countries. In general, hardware reverse engineering requires a great deal of expertise and is quite expensive. Another type of reverse engineering involves producing 3-D images of manufactured parts when a blueprint is not available in order to remanufacture the part. To reverse engineer a part, the part is measured by a coordinate measuring machine (CMM). As it is measured, a 3-D wire frame image is generated and displayed on a monitor. After the measuring is complete, the wire frame image is dimensioned. Any part can be reverse engineered using these methods. The term forward engineering is sometimes used in contrast to reverse engineering

The Delphi method is a systematic, interactive forecasting method which relies on a panel of independent experts. The carefully selected experts answer questionnaires in two or more rounds. After each round, a facilitator provides an anonymous summary of the experts’ forecasts from the previous round as well as the reasons they provided for their judgments. Thus, participants are encouraged to revise their earlier answers in light of the replies of other members of the group. It is believed that during this process the range of the answers will decrease and the group will converge towards the "correct" answer. Finally, the process is stopped after a pre-defined stop criterion (e.g. number of rounds, achievement of consensus, stability of results) and the mean or median scores of the final rounds determine the results.[1] Delphi [pron: delfI] is based on the principle that forecasts from a structured group of experts are more accurate than those from unstructured groups or individuals.[2] The technique can be adapted for use in face-to-face meetings, and is then called mini-Delphi or Estimate-Talk-Estimate (ETE). Delphi has been widely used for business forecasting and has certain

4

Which of the following statements is false (with regard to structured programming concepts and program modularity)? A. Modules should perform only the principal function. B. Interaction between modules should be minimal. C. Modules should have only one entry and one exit point. D. Modularity means program segmentation.

The Most Appropriate answer is “D” Modularity means program segmentation

5

Software quality assurance takes care of: A. Error prediction. B. Error prevention. C. Error detection. D. Error correction.

The Most Appropriate answer is “C” Error Detection 6

A computerized information system frequently fails to meet the needs of users because: A. users needs are constantly changing. B. the growth of user requirements was inaccurately forecast. C. the hardware system limits the number of concurrent users. D. user participation in defining the system’s requirements is inadequate.

The Most Appropriate answer is “D” user participation in defining the system’s requirements is inadequate. 7

Which of the following groups /individuals assume ownership of systems development life cycle projects and the resulting system? A. User management B. Senor management. C. Project steering committee D. Systems development management.

The Most Appropriate answer is “A” User management 8

Data flow diagrams are used by IS auditors to: A. Order data hierarchically. B. Highlight high-level data definitions C. Graphically summarise data generation. D. Portray step by step detail of data generation

The Most Appropriate answer is “C”

9

Which of the following would NOT normally be a part of feasibility study? A. Identify the cost savings of a new system. B. Defining the major requirements of the new system. C. Determining the productivity gains of implementing a new system. D. Estimating a pay-back schedule for cost incurred in implementing a new System. The Most Appropriate answer is “B” Defining the major requirements of the new system. 10

When auditing the requirements phase of software, an IS auditor would: A. Access the adequacy of audit trails. B. Identify and determine the criticality of the need. C. verify cost justifications and anticipated benefit. D.Ensure the control specifications have been defined.

The Most Appropriate answer is “D” Ensure the control specifications have been defined. 11

Which phase of SDLC uses Data Flow Diagrams? A. Requirements. B. Design C. Implementation D. Maintenance

The Most Appropriate answer is “ B” Design 12

Which of the following is performed first in a system development life cycle project? A. Developing progaramme flow chart B. Determining system inputs and outputs C. Developing design documents. D. Developing conversation plans

The Most Appropriate answer is “B” Determining system inputs and outputs 13

In which of the following SDLC (System Development Life Cycle) phases, is ther IS auditor’s participation unnecessary. A. Feasibility Study B. User Requirements C. Programming D. Manual specifications

The Most Appropriate answer is “C” Programming.

14

In a system development project, the formal change control mechaninism is begun after: A. Completing the system planning document B. Completing the system requirement documents C. Completing the system design document. D. Completing the program coding work.

The Most Appropriate answer is “B” Completing the system requirement documents 15 A decision table is used in program testing to check the branching of distinct processes. It consists of: A. A condition stub and result. B. A condition stub and condition entry. C. An action stub and condition entry. D. An action stub and result. The Most Appropriate answer is “B” A condition stub and condition entry 16.

An IS auditor who plans on testing the connection of two or more system components that pass information from one area to another would use: A. Pilot testing B. Parallel testing C. Interface testing D. Regression testing

The Most Appropriate answer is “ C” Interface testing 17

A large number of system failures are occurring hen corrections to previously detected faults are resubmitted for acceptance testing. This would indicate that the development team is probably not adequately performing which of the following types of testing? A. Unit testing B. Regression testing C. Acceptance testing D. Integration testing3

The Most Appropriate answer is “B” Regression testing 18

An organization is developing a new business system. Which of the following will provide the MOST assurance that the system provides the required functionality? A. Unit testing B. Regression testing C. Acceptance testing D. Integration testing

The Most Appropriate answer is “C” Acceptance testing 19 Which of the following is a primary purpose for conducting parallel testing A. To determine if the system is more cost-effective B. To enable comprehensive unit and system testing C. To highlight errors in the programme interfaces with files D. To ensure the new systems meets all user requirements. The Most Appropriate answer is “D” To ensure the new systems meets all user requirements. 20

Unit testing g is different from system testing because: A. unit testing is more comprehensive. B. programmers are not involved in system testing. C .system testing relates to interfaces between programs. D. system testing proves user requirements are adequate.

The Most Appropriate answer is “C” system testing relates to interfaces between programs 21

Which of the following is NOT an advantage of an object –oriented approach to Data management systems? A. A means to model complex relationships. B. The ability to restrict the variety of data types. C. The capacity to meet the demands of a changing environment. D. The ability to access only the information that is needed.

The Most Appropriate answer is “The ability to restrict the variety of data types” 22

Design prototyping is more likely to be needed when: A. The application system to be designed is a traditional accounting system. B. There is substantial uncertainly surrounding the system to be designed. C. The designer believes that there is no need to develop user specification for the system to be implemented. D. The SDLC approach to system development is adopted.

The Most Appropriate answer is “B” There is substantial uncertainly surrounding the system to be designed 23

Which of the following represents a typical prototype of an interactive application? A. Screens and process programs B. Screens, interactive edits sample reports C. Interactive Edits, process programs and sample reports. D. Screens, interactive edits, process programs and sample reports.

The Most Appropriate answer is “D” Screens, interactive edits, process programs and sample reports 24 Which of the following is a management technique that enables organizations to develop strategically important system faster while reducing development costs and maintaining quality? A. Function point analysis B. Critical path methodology C. Rapid application development D. Program evaluation review technique The Most Appropriate answer is “C” Rapid application development 25

The prototyping approach does not assume the existence of: A. Reusable software B. Formal specifications languages C. Detail requirements document D. Fourth- generation programming languages

The Most Appropriate answer is “ C” Detail requirements document 26

Which of the following will be considered to be the MOST serious disadvantage of prototyping systems development? A. The prototyping system is expensive. B. Prototyping demands excessive computer usage C Users may perceive that the development is complete. D.The users needs may not have been correctly assessed.

The Most Appropriate answer is “ C” Users may perceive that the development is complete 27

Which of the following is an advantage of prototyping? A. The finished system normally has strong internal reports. B. Prototype systems can provide significant time and cost savings. C. Change control is often less complicated with prototype systems. D. It ensures that functions or extras are not added to the intended system.

The Most Appropriate answer is “B” Prototype systems can provide significant time and cost savings 28

Structured programmes is BEST described as a technique that: A. Provides knowledge of program functions to other programmers via peer reviews. B. reduces the maintenance time of programs by the user of small-scale program Modules. C.Makes the readable coding reflect as closely as possible the dynamic execution of the program.

D. Controls the coding and testing of the high-level functions of the program in the development process. The Most Appropriate answer is “B” reduces the maintenance time of programs by the user of small-scale program modules. 29

The biggest benefit of prototyping is: A. Better version control. B. Better communication between developers and users. C. Increased productivity D. Quicker delivery

The Most Appropriate answer is “ B” Better communication between developers and users 30

Which one of the following techniques is represented by structured analysis and design? A. Function-oriented techniques B. Data-oriented techniques C. Control- oriented techniques D. Information-oriented techniques

The Most Appropriate answer is “ A” Function-oriented techniques 31

The critical path in a Program Evaluation Review Technique(PERT) is identified by: A. The project manager team after identifying the critically of the function. B. The path that has maximum slack time. C. The path that has zero slack time D. project development team after discussing with the uses.

The Most Appropriate answer is “ C” The path that has zero slack time 32

Which of the following ‘estimate of time’ has most important relevance in PERT evaluation technique? A. Most likely time B. Pessimistic time C. Actual time D. Optimistic time .

The Most Appropriate answer is “C” Actual time 33

Introduction of CASE tools in a mainframe environment provides which of the following benefit? A. Easy conversion of huge data. B. Adequate technical knowledge

C. Proper training personnel D. Acts as supportive tools The Most Appropriate answer is “A” Easy conversion of huge data 34

PC-based analysis and design tools are used along with mainframe computerbased tools. Identify the CASE tool that is required in this situation. A .Diagramming tools B. Simulation tools. C. Export/Import tools. D. Diagram checking tools

The Most Appropriate answer is “ C” Export/Import tools. 35

Many IT projects experience problems because the development time and / or resource requirements are underestimated. Which of the following techniques would improve the estimation of the resources required in system construction after the development of the requirements specifications? A. PERT chart B. Recalibration C. Cost-benefit analysis. D. Function point estimation

The Most Appropriate answer is “D” Function point estimation 36

Which of the following is a management technique that enables organizations to develop strategically important system faster while reducing development costs and maintaining quality? A. Function point analysis B. Critical path methodology C. Rapid application development. D. Program evaluation review technique

The Most Appropriate answer is “C” Rapid application development 37

A significant problem is planning and controlling a software development project is determining: A. Project slack times B. a project’s critical path C. time and resource requirements for individual tasks. D. precedent relationships which preclude the start of certain activities until others complete.

The Most Appropriate answer is “C” time and resource requirements for individual tasks. Answer the questions 38 and 39 on the basis of the following PERT diagram.

Start

P8

U12 W8 R9

Q10

END END

V5 S7 The Most Appropriate answer is

38.

The arrows and letters P through W in the diagram represent: A. events B. activities C. successor points D. predecessors points

The Most Appropriate answer is “ B” activities 39

Which of the following project completion paths represents the critical path? A. PUW B. PTVW C.RVW D. QSVW

The Most Appropriate answer is “ D” . QSVW 40

Which of the following computer aided software engineering (CASE) products is used for developing detailed designs, such as screen and report layouts? A. Super Case B.Upper Case C. Middle Case D. Lower Case

The Most Appropriate answer is “ C” Middle Case

41

For which of the following does the 15 auditor NOT take part in the development team deliberations?

A. Ensuring adequacy of data integrity controls. B. Ensuring adequacy of data security controls. C.Ensuring that there are no costs and time overruns. D. Ensuring that documentation is accurate life cycle project. The Most Appropriate answer is “ C” Ensuring that there are no costs and time overruns 42

Which of the following issues requires more attention from an information systems (IS) auditor participating in a system development life cycle project? A. Technical issues B. Organizational issues C. Behavioral issues D.Contractual issues

The Most Appropriate answer is “ C” Behavioral issues 43

After the systems is developed, the auditor’s objective in conducting a general review is to A. Determine whether a critical application needs some modification due to recent changes in the status. B. Conduct a test of controls to ensure that the no necessary control is omitted in the design? C. Make an evaluation of the whole process to quantify the substantive test required for the specialization audit of the process. D. Conduct a substantive test of the application system.

The Most Appropriate answer is “ C” Make an evaluation of the whole process to quantify the substantive test required for the specialization audit of the process. 44

An auditor evaluating a software package purchase contract will NOT expect the contract to include. A. License cost B. Maintenance cost C.Operational cost D. Outage cost

The Most Appropriate answer is “ D” Outage cost 45

An IS auditors while conducting a post-implementation review, would look for: A. The documentation of the test objectives B. The extent of issues pointed out in the user acceptance test and the unresolved Issues. C. The documentation of the test results. D. The Log containing of the problems reported by the users.

The Most Appropriate answer is “ B” The extent of issues pointed out in the user acceptance test and the unresolved Issues 46

The use of coding standards is encourage by the IS auditors because they: A. define access control tables. B. detail program documentation C. standardize dataflow diagram methodology D. ensure compliance with field naming conventions.

The Most Appropriate answer is “ D” ensure compliance with field naming conventions 47

An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. Internal control procedures B. user acceptance test schedules. C. adequacy of the user training programs. D. Clerical progress for resubmission of rejected items.

The Most Appropriate answer is “ A” Internal control procedures 48

An IS auditor who has participated in the development of an application system might have their independence impaired if they: A. perform an application development review. B. recommends control and other system enhancements. D. Are actively involved in the design and implementation of the application system.

The Most Appropriate answer is “ D” Are actively involved in the design and implementation of the application system 49 ‘

The primary role of an IS auditor in the system design phase of an application development project is to A. advise on specific and detailed control procedures. B. ensure the design accurately reflects the requirement C. ensure all necessary controls are included in the initial design D. advise the development manager on adherence to the schedule.

The Most Appropriate answer is “ C” ensure all necessary controls are included in the initial design 50

Which of the following tasks would NOT be performed by IS auditor when reviewing systems development controls in a specific applications? A. Attend project progress meetings. B. Review milestone documents for appropriate sign-off. C. Compare development budgets with actual time and amount spent. D. Design and execute testing procedures for use during acceptance testing.

The Most Appropriate answer is “ C” Compare development budgets with actual time and amount spent 51

E- cash is a form of electronic money that: A. can be used over any computer network. B. utilizes reusable e-cash coins to make payments. C. does not require the use of an Internet digital bank. D. contains unique serial numbering to track the identity of the buyer.

The Most Appropriate answer is “ D” contains unique serial numbering to track the identity of the buyer 52

Which of the following statements is incorrect? A. Expert systems are aimed at solving problems using an algorithmic approach. B. Expert systems are aimed at solving that have irregular structure. C. Expert systems are aimed at solving problems that have irregular structure. D. Expert systems are aimed at solving problems of considerable complixity.

The Most Appropriate answer is “ A” Expert systems are aimed at solving problems using an algorithmic approach 53

Which of the following is a characteristic of a decision support system ( DSS)? A. DSS is aimed at solving highly structured problem. B. DSS combines the use of models with non-traditional data access and retrieval functions. C. DSS emphasizes flexibility in the decision making approach of users. D. DSS supports only structured decision-making tasks.

The Most Appropriate answer is “ C” .DSS emphasizes flexibility in the decision making approach of users 54

Which of the following is false with regard to expert-systems? A. Expert system knowledge is represented declaratively B. Expert system computations are performed through symbolic reasoning C. Expert systems knowledge is incorporated in the program control. D. Expert systems control their own actions3

The Most Appropriate answer is “ C” Expert systems knowledge is incorporated in the program control. 55

Which of the following statements pertaining to data warehouses is FALSE? A. A data warehouse is designed specifically for decision support. B. The quality of the data warehouse must be very high. C. Data warehouses are made up of existing database, files and external information.

D. A data warehouse is used by senior management only because of the sensitivity of the data. The Most Appropriate answer is “C” Data warehouses are made up of existing database, files and external information. 56

Use of asymmetric encryption over an Internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the: A. Customer over the authetenticity of the customer. B. Hosting organization over the authencity of the customer. C. Customer over the confidentially of messages from the hosting organization. D. Hosting organization over the confidentially of message passed to the customer.

The Most Appropriate answer is “ A” Customer over the authetenticity of the customer 57

Which of the following concerns about the security of an electronic message would be addressed by Digital Signatures? A. Unauthorised reading B. Theft C. Unatohorised copying D. Alteration

The Most Appropriate answer is “ D” Alteration 58

A (B 2 C) E commerce web site as part of its information security program, wants to monitor, detect and prevent hacking activities and alert the system administrator when suspicious activities occur. Which of the following infrastructure components could be used for this purpose? A. Intrusion detection systems B. Firewalls C. Routers D. Asymmetric encryption

The Most Appropriate answer is “ “A” Intrusion detection systems 59

Fuzzy Logic is most effective when: A. Used to develop decision support system. B. Combined with neural network technologies. C. Used to build hard disc controllers D. Used to design memory caches

The Most Appropriate answer is “ C” Used to build hard disc controllers 60 Which of the following is not a subsystem of the decision support system? A. Language system

B. Knowledge system C. Transaction processing system D. Problem processing system. The Most Appropriate answer is “C” Transaction processing system