implementation, one would not engage in interface testing or detailed design documentation, which will probably be out of date. Evaluating interface testing would be part of the implementation process. The issue of reviewing detailed design documentation is not generally relevant to an enterprise resource management system since these are usually vendor packages with user manuals. System testing is also normally performed before final user sign off. Area: 6 499. An executable module is about to be migrated from the test environment to the production environment. Which of the following controls would MOST likely detect an unauthorized modification to the module? The correct answer is: A. Object code comparison Explanation: The IS auditor would probably want to review access control to ensure that users have been properly set up with the appropriate level of authorization while ensuring that IS staff are removed or limited in their access. Since the module is in executable form, only object code comparison would detect the change, not a source code comparison. Timestamps and manual inspection are far less effective. Area: 6 500. The use of object-oriented design and development techniques would MOST likely: The correct answer is: A. facilitate the ability to reuse modules. Explanation: One of the major benefits of object-oriented design and development is the ability to reuse modules. The other options do not necessarily require such a technique. Area: 6 501. Once an application's access control process has been established, an IS auditor should verify that:
The correct answer is: B. files and passwords are encrypted. Explanation: The IS auditor should verify that the files and passwords are encrypted. Choice A is incorrect because once access control processes are in place. Sharing of passwords should not be a major concern. Choices C and D do not apply to security. Choice C is used to determine the access control process and not a previous step. Choice D refers to functions overlapping and not to the access control process. Area: 6 502. Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files? The correct answer is: C. Function point analysis (FPA) Explanation: Function point analysis is a measure of the size of an information system based on the number and complexity of the inputs, outputs and files that a user sees and interacts with. FPs are used in a manner analogous to LOC as a measure of software productivity, quality and other attributes. PERT is a network management technique used in both the planning and control of projects. RAD is a methodology that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality. CPM is used by network management techniques, such as PERT, in computing a critical path.
- Summer '17