Академический Документы
Профессиональный Документы
Культура Документы
A. Reviewing user requirements and ensuring that all controls are considered.
B. Strategic planning for computer installation.
C. Evaluating specific project plans for systems.
D. Conducting a major feasibility study, when it is required.
The Most Appropriate answer is “C” An increase in the quality assurance budget
The Most Appropriate answer is “D” Traditional system development life cycle
Reverse engineering is taking apart an object to see how it works in order to duplicate or
enhance the object. The practice, taken from older industries, is now frequently used on
computer hardware and software. Software reverse engineering involves reversing a
program's machine code (the string of 0s and 1s that are sent to the logic processor) back
into the source code that it was written in, using program language statements.
Software reverse engineering is done to retrieve the source code of a program because the
source code was lost, to study how the program performs certain operations, to improve
the performance of a program, to fix a bug (correct an error in the program when the
source code is not available), to identify malicious content in a program such as a virus or
to adapt a program written for use with one microprocessor for use with another. Reverse
engineering for the purpose of copying or duplicating programs may constitute a
copyright violation. In some cases, the licensed use of software specifically prohibits
reverse engineering.
Someone doing reverse engineering on software may use several tools to disassemble a
program. One tool is a hexadecimal dumper, which prints or displays the binary numbers
of a program in hexadecimal format (which is easier to read than a binary format). By
knowing the bit patterns that represent the processor instructions as well as the instruction
lengths, the reverse engineer can identify certain portions of a program to see how they
work. Another common tool is the disassembler. The disassembler reads the binary code
and then displays each executable instruction in text form. A disassembler cannot tell the
difference between an executable instruction and the data used by the program so a
debugger is used, which allows the disassembler to avoid disassembling the data portions
of a program. These tools might be used by a cracker to modify code and gain entry to a
computer system or cause other harm.
Hardware reverse engineering involves taking apart a device to see how it works. For
example, if a processor manufacturer wants to see how a competitor's processor works,
they can purchase a competitor's processor, disassemble it, and then make a processor
similar to it. However, this process is illegal in many countries. In general, hardware
reverse engineering requires a great deal of expertise and is quite expensive.
Delphi [pron: delfI] is based on the principle that forecasts from a structured group of
experts are more accurate than those from unstructured groups or individuals.[2] The
technique can be adapted for use in face-to-face meetings, and is then called mini-Delphi
or Estimate-Talk-Estimate (ETE). Delphi has been widely used for business forecasting
and has certain
4 Which of the following statements is false (with regard to structured
programming concepts and program modularity)?
A. Modules should perform only the principal function.
B. Interaction between modules should be minimal.
C. Modules should have only one entry and one exit point.
D. Modularity means program segmentation.
The Most Appropriate answer is “D” Modularity means program segmentation
The Most Appropriate answer is “D” user participation in defining the system’s
requirements is inadequate.
The Most Appropriate answer is “D” Ensure the control specifications have been defined.
The Most Appropriate answer is “B” Determining system inputs and outputs
13 In which of the following SDLC (System Development Life Cycle) phases, is ther
IS auditor’s participation unnecessary.
A. Feasibility Study
B. User Requirements
C. Programming
D. Manual specifications
The Most Appropriate answer is “B” Completing the system requirement documents
15 A decision table is used in program testing to check the branching of distinct
processes. It consists of:
A. A condition stub and result.
B. A condition stub and condition entry.
C. An action stub and condition entry.
D. An action stub and result.
The Most Appropriate answer is “B” A condition stub and condition entry
16. An IS auditor who plans on testing the connection of two or more system
components that pass information from one area to another would use:
A. Pilot testing
B. Parallel testing
C. Interface testing
D. Regression testing
The Most Appropriate answer is “D” To ensure the new systems meets all user
requirements.
The Most Appropriate answer is “C” system testing relates to interfaces between
programs
The Most Appropriate answer is “The ability to restrict the variety of data types”
The Most Appropriate answer is “B” There is substantial uncertainly surrounding the
system to be designed
The Most Appropriate answer is “ C” Users may perceive that the development is
complete
The Most Appropriate answer is “B” Prototype systems can provide significant time and
cost savings
The Most Appropriate answer is “B” reduces the maintenance time of programs by the
user of small-scale program modules.
The Most Appropriate answer is “ C” The path that has zero slack time
32 Which of the following ‘estimate of time’ has most important relevance in PERT
evaluation technique?
A. Most likely time
B. Pessimistic time
C. Actual time
D. Optimistic time .
34 PC-based analysis and design tools are used along with mainframe computer-
based tools. Identify the CASE tool that is required in this situation.
A .Diagramming tools
B. Simulation tools.
C. Export/Import tools.
D. Diagram checking tools
The Most Appropriate answer is “C” time and resource requirements for individual tasks.
Answer the questions 38 and 39 on the basis of the following PERT diagram.
Start P8 U12
W8
R9
Q10 END
END
V5
S7
39 Which of the following project completion paths represents the critical path?
A. PUW
B. PTVW
C.RVW
D. QSVW
41 For which of the following does the 15 auditor NOT take part in the development
team deliberations?
A. Ensuring adequacy of data integrity controls.
B. Ensuring adequacy of data security controls.
C.Ensuring that there are no costs and time overruns.
D. Ensuring that documentation is accurate life cycle project.
The Most Appropriate answer is “ C” Ensuring that there are no costs and time overruns
44 An auditor evaluating a software package purchase contract will NOT expect the
contract to include.
A. License cost
B. Maintenance cost
C.Operational cost
D. Outage cost
The Most Appropriate answer is “ D” ensure compliance with field naming conventions
The Most Appropriate answer is “ D” Are actively involved in the design and
implementation of the application system
The Most Appropriate answer is “ C” ensure all necessary controls are included in the
initial design
The Most Appropriate answer is “ D” contains unique serial numbering to track the
identity of the buyer
The Most Appropriate answer is “ A” Expert systems are aimed at solving problems using
an algorithmic approach
The Most Appropriate answer is “ C” .DSS emphasizes flexibility in the decision making
approach of users
The Most Appropriate answer is “C” Data warehouses are made up of existing database,
files and external information.
The Most Appropriate answer is “ A” Customer over the authetenticity of the customer