Classification of information systems is essential in business continuity planning. Which of the following system types can not be replaced by manual methods? A. Critical system B. Vital system C. Sensitive system D. Non-critical system

An IS auditor should be involved in: A. observing tests of the disaster recovery plan. B. developing the disaster recovery plan. C. maintaining the disaster recovery plan. D. reviewing the disaster recovery requirements of supplier contracts.

The window of time recovery of information processing capabilities is based on the: A. criticality of the processes affected. B. quality of the data to be processed. C. nature of the disaster. D. applications that are mainframe based.

During an IT audit of a large bank, an IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk that the bank is exposed to is that the: A. business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. B. business continuity plan may not include all relevant applications and therefore may lack completeness in terms of its coverage. C. business impact of a disaster may not have been accurately understood by the management. D. business continuity plan may lack an effective ownership by the business owners of such applications.

Which of the following is necessary to have FIRST in the development of a business continuity plan? A. Risk-based classification of systems B. Inventory of all assets C. Complete documentation of all disasters D. Availability of hardware and software

The application test plans are developed in which of the following systems development life cycle (SDLC) phases? A. Design B. Testing C. Requirement D. Development

Which of the following tests confirm that the new system can operate in its target environment? A. Sociability testing B. Regression testing C. Validation testing D. Black box testing

The MOST appropriate person to chair the steering committee for a system development project with significant impact on a business area would be the: A. business analyst. B. chief information officer. C. project manager. D. executive level manager.

The PRIMARY purpose of undertaking a parallel run of a new system is to: A. verify that the system provides required business functionality. B. validate the operation of the new system against its predecessor. C. resolve any errors in the program and file interfaces. D. verify that the system can process the production load.

Change control procedures to prevent scope creep during an application development project should be defined during: A. design. B. feasibility. C. implementation. D. requirements definition.

Which of the following would MOST likely ensure that a system development project meets business objectives? A. Maintenance of program change logs B. Development of a project plan identifying all development activities C. Release of application changes at specific times of the year D. User involvement in system specification and acceptance

Which of the following is a measure of the size of an information system based on the number and complexity of a system?s inputs, outputs and files? A. Function point (FP) B. Program evaluation review technique (PERT) C. Rapid application design (RAD) D. Critical path method (CPM)

When auditing the requirements phase of a software acquisition, the IS auditor should: A. assess the feasibility of the project timetable. B. assess the vendor?s proposed quality processes. C. ensure that the best software package is acquired. D. review the completeness of the specifications.

The purpose of debugging programs is to: A. generate random data that can be used to test programs before implementing them. B. protect, during the programming phase, valid changes from being overwritten by other changes. C. define the program development and maintenance costs to be include in the feasibility study. D. ensure that program abnormal terminations and program coding flaws are detected and corrected.

KPMG,

Software maintainability BEST relates to which of the following software attributes? A. Resources needed to make specified modifications. B. Effort needed to use the system application. C. Relationship between software performance and the resources needed. D. Fulfillment of user needs.