Which of the following BEST describes an IT department?s
strategic planning process?
A. The IT department will have either short-range or
long-range plans depending on the organization?s broader
plans and objectives.
B. The IT department?s strategic plan must be time and
project oriented, but not so detailed as to address and help
determine priorities to meet business needs.
C. Long-range planning for the IT department should
recognize organizational goals, technological advances and
regulatory requirements.
D. Short-range planning for the IT department does not need
to be integrated into the short-range plans of the
organization since technological advances will drive the IT
department plans much quicker than organizational plans.
Answer / guest
Answer: C
Long-range planning for the IT department should recognize
organizational goals, technological advances and regulatory
requirements. Typically, the IT department will have both
long-range and short-range plans that are consistent and
integrated with the organization?s plans. These plans must
be time- and project-oriented, as well as addressing the
organization?s broader plans for attaining the
organization?s goals.
Is This Answer Correct ? | 6 Yes | 0 No |
Which of the following sampling methods is MOST useful when testing for compliance? A. Attribute sampling B. Variable sampling C. Stratified mean per unit D. Difference estimation
Software maintainability BEST relates to which of the following software attributes? A. Resources needed to make specified modifications. B. Effort needed to use the system application. C. Relationship between software performance and the resources needed. D. Fulfillment of user needs.
Use of asymmetric encryption in an Internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the: A. customer over the authenticity of the hosting organization. B. hosting organization over the authenticity of the customer. C. customer over the confidentiality of messages from the hosting organization. D. hosting organization over the confidentiality of messages passed to the customer.
Which of the following would BEST support 24/7 availability? A. Daily backup B. Offsite storage C. Mirroring D. Periodic testing
Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious? A. Sensitive data can be read by operators. B. Data can be amended without authorization. C. Unauthorized report copies can be printed. D. Output can be lost in the event of system failure.
The Primary purpose of audit trails is to
To develop a successful business continuity plan, end user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis D. Testing and maintenance
Which of the following provides nonrepudiation services for e-commerce transactions? A. Public key infrastructure (PKI) B. Data encryption standard (DES) C. Message authentication code (MAC) D. Personal identification number (PIN)
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
With the help of the security officer, granting access to data is the responsibility of: A. data owners. B. programmers. C. system analysts. D. librarians.
Which of the following is an objective of a control self-assessment (CSA) program? A. Concentration on areas of high risk B. Replacement of audit responsibilities C. Completion of control questionnaires D. Collaborative facilitative workshops
Which of the following is the MOST important function to be performed by IT management within an outsourced environment? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance