The document contains 20 multiple choice review questions related to information systems auditing. The questions cover topics such as project initiation stakeholders, reviewing project business cases, preparing user acceptance test plans, evaluating project controls and progress, types of system testing, data validation controls, system conversion strategies, and risks related to thin client architecture.
The document contains 20 multiple choice review questions related to information systems auditing. The questions cover topics such as project initiation stakeholders, reviewing project business cases, preparing user acceptance test plans, evaluating project controls and progress, types of system testing, data validation controls, system conversion strategies, and risks related to thin client architecture.
The document contains 20 multiple choice review questions related to information systems auditing. The questions cover topics such as project initiation stakeholders, reviewing project business cases, preparing user acceptance test plans, evaluating project controls and progress, types of system testing, data validation controls, system conversion strategies, and risks related to thin client architecture.
The document contains 20 multiple choice review questions related to information systems auditing. The questions cover topics such as project initiation stakeholders, reviewing project business cases, preparing user acceptance test plans, evaluating project controls and progress, types of system testing, data validation controls, system conversion strategies, and risks related to thin client architecture.
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1of 21
Domain 3
Review Questions Q1 Normally, it would be essential to involve which of the following stakeholders in the initiation stage of a project?
A. System owners B. System users C. System designers D. System builders Q2 When reviewing an active project, an IS auditor observed that the business case was no longer valid because of a reduction in anticipated benefits and increased costs. The IS auditor should recommend that the:
A. project be discontinued. B. business case be updated and possible corrective actions be identified. C. project be returned to the project sponsor for reapproval. D. project be completed and the business case be updated later. Q3 During which of the following phases in system development would user acceptance test plans normally be prepared?
A. Feasibility Study B. Requirement Definition C. Implementation Planning D. Post implementation review Q4 Which of the following should an IS auditor review to gain an understanding of effectiveness of controls over the management of multiple projects?
A. Project Database B. Policy Documents C. Project Portfolio Database D. Program organization Q5 Which of the following should an IS auditor review to understand project progress in term of time, budget and deliverables for early detection of possible overruns and for projecting estimation at completion?
A. Functional point analysis (FPA)
B. Earned value analysis (EVA) C. Cost budget D. Program evaluation and review technique (PERT) Q6 Which of the following is MOST relevant to an IS auditor evaluating how the project manager has monitor the progress of the project?
A. Critical Path Diagram
B. PERT Diagram C. Functional point analysis (FPA) D. Gantt Chart Q7 Which of the following would BEST help to prioritize project activities and determine the time line for a project?
A. A Gantt chart B. Eared value analysis (EVA) C. Program evaluation techniques (PERT) D. Functional point analysis (FPA) Q8 During which phase of software application testing should an organization perform the testing of architectural design?
A. Acceptance testing B. System testing C. Integration testing D. Unit testing Q9 The most common reason for the failure of information systems to meet the need of users is that:
A. User needs are constantly changing
B. The growth of user requirements was forecasted inaccurately C. The hardware system limits the number of concurrent users D. User participation is defining the system’s requirements was inadequate. Q10 Which of the following types of testing would determine whether a new or modified system can operate in its target environment without adversely impacting other existing systems?
A. Parallel testing B. Pilot testing C. Interface testing D. Sociability testing Q11 The waterfall life cycle model of software development is MOST appropriately used when:
A. Requirements are well understood and are expected to remain stable,
as is the business environment in which the system will operate. B. Requirements are well understood and the project is subject to time pressure. C. The project intends to apply an object oriented design and programming approach. D. The project will involve the use of new technology. Q12 The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure:
A. Integrity B. Authenticity C. Authorization D. Nonrepudiation Q13 When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated?
A. Using a cryptographic hashing algorithm
B. Enciphering the message digest C. Calculating a checksum of the transaction D. Using a sequence number and time stamp Q14 An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?
A. Log all table update transactions
B. Implement integrity constraints in the database C. Implement before and after image reporting D. Use tracing and tagging Q15 The editing/ validation of data entered at a remote site would be performed MOST effectively at the:
A. Central processing site after running the application
B. Central processing site during running of the application system C. Remote processing site after transmission of the data to the central processing site D. Remote processing site prior transmission of the data to the central processing site Q16 Which of the following system and data conversion strategies provides the GREATEST redundancy?
A. Direct cutover B. Pilot study C. Phased Approach D. Parallel run Q17 At the completion of a system development project, a post-project review should include which of the following:
A. Assessing risk that may lead to downtime after the production
release B. Identifying lessons learned that may be applicable to future projects C. Verifying that the controls in the delivered system are working D. Ensuring that test data are deleted Q18 The PRIMARY objectives of conducting a postimplementation review for a business for a business process automation project is to:
A. Ensure that the project meets the intended business requirements
B. Evaluate the adequacy of controls C. Confirm compliance with technological standards D. Confirm compliance with regulatory requirements Q19 Which of the following BEST ensures that business requirements are met prior to implementation?
A. Feasibility study B. User acceptance test (UAT) C. Postimplementation review D. Implementation plan Q.20 When introducing thin client architecture, which of the following types of risk regarding servers is significantly increased?
A. Integrity B. Concurrency C. Confidentiality D. Availability
