Domain 3

Review Questions
Q1
Normally, it would be essential to involve which of the following
stakeholders in the initiation stage of a project?

A. System owners
B. System users
C. System designers
D. System builders
Q2
When reviewing an active project, an IS auditor observed that the
business case was no longer valid because of a reduction in anticipated
benefits and increased costs. The IS auditor should recommend that the:

A. project be discontinued.
B. business case be updated and possible corrective actions be identified.
C. project be returned to the project sponsor for reapproval.
D. project be completed and the business case be updated later.
Q3
During which of the following phases in system development would
user acceptance test plans normally be prepared?

A. Feasibility Study
B. Requirement Definition
C. Implementation Planning
D. Post implementation review
Q4
Which of the following should an IS auditor review to gain an
understanding of effectiveness of controls over the management of
multiple projects?

A. Project Database
B. Policy Documents
C. Project Portfolio Database
D. Program organization
Q5
Which of the following should an IS auditor review to understand
project progress in term of time, budget and deliverables for early
detection of possible overruns and for projecting estimation at
completion?

A. Functional point analysis (FPA)

B. Earned value analysis (EVA)
C. Cost budget
D. Program evaluation and review technique (PERT)
Q6
Which of the following is MOST relevant to an IS auditor evaluating
how the project manager has monitor the progress of the project?

A. Critical Path Diagram

B. PERT Diagram
C. Functional point analysis (FPA)
D. Gantt Chart
Q7
Which of the following would BEST help to prioritize project activities
and determine the time line for a project?

A. A Gantt chart
B. Eared value analysis (EVA)
C. Program evaluation techniques (PERT)
D. Functional point analysis (FPA)
Q8
During which phase of software application testing should an
organization perform the testing of architectural design?

A. Acceptance testing
B. System testing
C. Integration testing
D. Unit testing
Q9
The most common reason for the failure of information systems to
meet the need of users is that:

A. User needs are constantly changing

B. The growth of user requirements was forecasted inaccurately
C. The hardware system limits the number of concurrent users
D. User participation is defining the system’s requirements was
inadequate.
Q10
Which of the following types of testing would determine whether a
new or modified system can operate in its target environment
without adversely impacting other existing systems?

A. Parallel testing
B. Pilot testing
C. Interface testing
D. Sociability testing
Q11
The waterfall life cycle model of software development is MOST
appropriately used when:

A. Requirements are well understood and are expected to remain stable,

as is the business environment in which the system will operate.
B. Requirements are well understood and the project is subject to time
pressure.
C. The project intends to apply an object oriented design and
programming approach.
D. The project will involve the use of new technology.
Q12
The purpose of a checksum on an amount field in an electronic data
interchange (EDI) communication of financial transactions is to
ensure:

A. Integrity
B. Authenticity
C. Authorization
D. Nonrepudiation
Q13
When transmitting a payment instruction, which of the following will
help verify that the instruction was not duplicated?

A. Using a cryptographic hashing algorithm

B. Enciphering the message digest
C. Calculating a checksum of the transaction
D. Using a sequence number and time stamp
Q14
An IS auditor finds out-of-range data in some tables of a database.
Which of the following controls should the IS auditor recommend to
avoid this situation?

A. Log all table update transactions

B. Implement integrity constraints in the database
C. Implement before and after image reporting
D. Use tracing and tagging
Q15
The editing/ validation of data entered at a remote site would be
performed MOST effectively at the:

A. Central processing site after running the application

B. Central processing site during running of the application system
C. Remote processing site after transmission of the data to the central
processing site
D. Remote processing site prior transmission of the data to the
central processing site
Q16
Which of the following system and data conversion strategies
provides the GREATEST redundancy?

A. Direct cutover
B. Pilot study
C. Phased Approach
D. Parallel run
Q17
At the completion of a system development project, a post-project
review should include which of the following:

A. Assessing risk that may lead to downtime after the production

release
B. Identifying lessons learned that may be applicable to future
projects
C. Verifying that the controls in the delivered system are working
D. Ensuring that test data are deleted
Q18
The PRIMARY objectives of conducting a postimplementation review
for a business for a business process automation project is to:

A. Ensure that the project meets the intended business requirements

B. Evaluate the adequacy of controls
C. Confirm compliance with technological standards
D. Confirm compliance with regulatory requirements
Q19
Which of the following BEST ensures that business requirements are
met prior to implementation?

A. Feasibility study
B. User acceptance test (UAT)
C. Postimplementation review
D. Implementation plan
Q.20
When introducing thin client architecture, which of the following
types of risk regarding servers is significantly increased?

A. Integrity
B. Concurrency
C. Confidentiality
D. Availability