Area: 6 484. If an application program is modified and proper system maintenance procedures are in place, which of the following should be tested? The correct answer is: C. The complete program, including any interface systems Explanation: The complete program with all interfaces needs to be tested to determine the full impact of a change to program code. Usually the more complex the program, the more testing that is required. Area: 6 485. An IS auditor performing an application maintenance audit would review a manually prepared log of program changes to determine the:
The correct answer is: A. number of authorized program changes. Explanation: The manual log will most likely contain only information on authorized changes to a program. Deliberate, unauthorized changes will not be documented by the responsible party. An automated log, found usually in library management products, will most likely contain date information for the source and executable modules. Area: 6 486. Ideally, stress testing should only be carried out in a: The correct answer is: C. test environment using live workloads. Explanation: Stress testing is carried out to ensure a system can cope with production workloads, but as it may be tested to destruction, a test environment should always be used to avoid damaging the production environment. Hence, testing should never take place in a production environment (B and D) and if only test data is used, there is no certainty that the system was adequately stress tested. Area: 6 487. When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that: The correct answer is: A. a clear business case has been approved by management. Explanation: The first concern of the IS auditor should be to establish that the proposal meets the needs of the business, and this should be established by a clear business case. Although compliance with security standards is essential, as are meeting the needs of the users and having users involved in the implementation process, it is too early in the procurement process for these to be the IS auditor's first concern. Area: 6
488. Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? The correct answer is: C. Encapsulation Explanation: Encapsulation is a property of objects because of which it is not possible to access either properties or methods that has not been previously defined as public. This means that any implementation of the behavior of an object is not accessible. An object defines a communication interface with the exterior and only whatever belongs to that interface can be accessed. Area: 6 489. The objective of software test designs is to provide the highest likelihood of finding most errors with a minimum of time and effort. Which of the following methods is LEAST likely to meet the design objective?
- Summer '17