A company has contracted with an external consulting firm to
implement a commercial financial system to replace its
existing in-house developed system. In reviewing the
proposed development approach, which of the following would
be of GREATEST concern?
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on initial
implementation.
D. Prototyping is being used to confirm that the system
meets business requirements.
- 3 Answers
- 10799 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
A quality plan is an essential element of all projects. It
is critical that the contracted supplier be required to
produce such a plan. The quality plan for the proposed
development contract should be comprehensive and encompass
all phases of the development and include which business
functions will be included and when. Acceptance is normally
managed by the user area, since they must be satisfied that
the new system will meet their requirements. If the system
is large, a phased-in approach to implementing the
application is a reasonable approach. Prototyping is a valid
method of ensuring that the system will meet business
requirements.
| Is This Answer Correct ? | 10 Yes | 0 No |
Answer / guest
B. A quality plan is not part of the contracted deliverables
| Is This Answer Correct ? | 2 Yes | 0 No |
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP). B. A digital signature with RSA has been implemented. C. Digital certificates with RSA are being used. D. Work is being completed in TCP services.
A MAJOR risk of using single sign-on (SSO) is that it: A. has a single authentication point. B. represents a single point of failure. C. causes an administrative bottleneck. D. leads to a lockout of valid users.
Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties? A. Job submission B. Resource management C. Code correction D. Output distribution
During an IT audit of a large bank, an IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk that the bank is exposed to is that the: A. business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. B. business continuity plan may not include all relevant applications and therefore may lack completeness in terms of its coverage. C. business impact of a disaster may not have been accurately understood by the management. D. business continuity plan may lack an effective ownership by the business owners of such applications.
When a PC that has been used for the storage of confidential data is sold on the open market the: A. hard disk should be demagnetized. B. hard disk should be mid-level formatted.s C. data on the hard disk should be deleted. D. data on the hard disk should be defragmented.
The act that describes a computer intruder capturing a stream of data packets and inserting these packets into the network as if it were another genuine message stream is called: A. eavesdropping. B. message modification. C. a brute-force attack. D. packet replay.
The PRIMARY purpose of audit trails is to: A. improve response time for users. B. establish accountability and responsibility for processed transactions. C. improve the operational efficiency of the system. D. provide useful information to auditors who may wish to track transactions.
Which of the following is intended to detect the loss or duplication of input? A. Hash totals B. Check digits C. Echo checks D. Transaction codes
A programmer included a routine into a payroll application to search for his/her own payroll number. As a result, if this payroll number does not appear during the payroll run, a routine will generate and place random numbers onto every paycheck. This routine is known as: A. scavenging. B. data leakage. C. piggybacking. D. a trojan horse.
Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization? A. A program that deposits a virus on a client machine B. Applets recording keystrokes and, therefore, passwords C. Downloaded code that reads files on a client's hard drive D. Applets opening connections from the client machine
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an: A. control procedure. B. control objective. C. corrective control. D. operational control.
Cisco Certifications 
