Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor is reviewing a project that is using an agile software development approach. Which of the following should the IS auditor expect to find?
A. Use of a capability maturity model (CMM)
B. Regular monitoring of task-level progress against schedule
C. Extensive use of software development tools to maximize team productivity
D. Postiteration reviews that identify lessons learned for future use in the project
- 1 Answers
- 3601 Views
- I also Faced
- E-Mail Answers
the answer is D.
A. The capability maturity model (CMM) places heavy emphasis on predefined formal processes and formal project management and software development deliverables, while agile software development projects, by contrast, rely on refinement of process as dictated by the particular needs of the project and team dynamics.
B. Task-level tracking is not used because daily meetings identify challenges and impediments to the project.
C. Agile projects make use of suitable development tools; however, tools are not seen as the primary means of achieving productivity. Team harmony, effective communications and collective ability to solve challenges are of greater importance.
D. A key tenet of the agile approach to software project management is ongoing team learning to refine project management and software development processes as the project progresses. One of the best ways to achieve this is that the team considers and documents what worked well and what could have worked better at the end of each iteration and identifies improvements to be implemented in subsequent iterations. Additionally, less importance is placed on formal paper-based deliverables, with the preference being effective informal communication within the team and with key outside contributors. Agile projects produce releasable software in short iterations, typically ranging from four to eight weeks. This, in itself, instills considerable performance discipline within the team. This, combined with short daily meetings to agree on what the team is doing and the identification of any impediments, renders task-level tracking against a schedule redundant.
Question #: 424 CISA Job Practice Task Statement: 3.5
| Is This Answer Correct ? | 5 Yes | 0 No |
Naming conventions for system resources are important for access control because they: A. ensure that resource names are not ambiguous. B. reduce the number of rules required to adequately protect resources. C. ensure that user access to resources is clearly and uniquely identified. D. ensure that internationally recognized names are used to protect resources.
An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include: A. defining the conceptual schema. B. defining security and integrity checks. C. liaising with users in developing data model. D. mapping data model with the internal schema.
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that: A. this lack of knowledge may lead to unintentional disclosure of sensitive information. B. information security is not critical to all functions. C. IS audit should provide security training to the employees. D. the audit finding will cause management to provide continuous training to staff.
Which of the following ensures completeness and accuracy of accumulated data? A. Processing control procedures B. Data file control procedures C. Output controls D. Application controls
Which of the following is a threat? A. Lack of security B. Loss of goodwill C. Power outage D. Information services
An IS auditor performing a review of the backup processing facilities should be MOST concerned that: A. adequate fire insurance exists. B. regular hardware maintenance is performed. C. offsite storage of transaction and master files exists. D. backup processing facilities are tested fully.
Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing C. Encapsulation D. Polymorphism
Which of the following is a data validation edit and control? A. Hash totals B. Reasonableness checks C. Online access controls D. Before and after image reporting
An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit? A. Design further tests of the calculations that are in error. B. Identify variables that may have caused the test results to be inaccurate. C. Examine some of the test cases to confirm the results. D. Document the results and prepare a report of findings, conclusions and recommendations.
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
Which of the following facilitates program maintenance? A. More cohesive and loosely coupled programs B. Less cohesive and loosely coupled programs C. More cohesive and strongly coupled programs D. Less cohesive and strongly coupled programs
A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a: A. digest signature. B. electronic signature. C. digital signature. D. hash signature.
Cisco Certifications 
