Helping other employees create their passwords may materially affect the integrity of the password. That is, the employee giving the advice may later be able to guess the password and gain access to the system. All the other options are employee security responsibilities.
Area: Content Area 3
11. Which of the following would warranty a quick continuity of operations when the recovery time window is short?
The correct answer is:
D. A manual contingency procedure
Explanation:
A quick continuity of operations could be accomplished when manual procedures for a contingency exist. Choices A, B and С are options for recovery.
Area: Content Area 4
12. Which of the following BEST describes the difference between a disaster recovery plan and a business continuity plan?
The correct answer is:
C. The disaster recovery plan defines all needed actions to restore to normal operation after an un-planned incident whereas the business continuity plan only deals with critical operations needed to continue working after an un-planned incident.
Explanation:
The difference pertains to the scope of each plan. A disaster recovery plan recovers all operations, whereas a business continuity plan retrieves business continuity (minimum requirements to provide services to the customers or clients). Choices А, В and D are incorrect because the type of plan (recovery or continuity) is independent from the sort of disaster or process and it includes both awareness campaigns and procedures.
Area: Content Area 4
13. The use of fourth generation languages (4GLs) should be weighed carefully against using traditional languages because 4GLs:
The correct answer is:
A. can lack lower level detail commands necessary to perform data intensive operations.
Explanation:
All of the answers are advantages of using 4GLs except that they can lack lower level detail commands necessary to perform data intensive operations. These operations are usually required when developing major applications.
Area: Content Area 5
14. Which of the following tools would NOT be used in program debugging during system development?
The correct answer is: A. Compiler
Explanation:
Debugging tools are programs that assist a programmer to fine-tune or debug the program under development. Compilers have some potential to provide feedback to a programmer but are not considered debugging tools. Debugging tools fall into three main categories; logic path monitors, memory dumps, and output analyzers.
Area: Content Area 5
15. Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality?
The correct answer is:
C. Rapid application development
Explanation:
Rapid application development is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality. PERT and critical path methodology are both planning and control techniques, while function point analysis is used for estimating the complexity of developing business applications.
Area: Content Area 5
16. Which of the following statements pertaining to program evaluation review technique (PERT) is FALSE?
The correct answer is:
C. PERT assumes a perfect knowledge of the times of individual activities.
Explanation:
PERT assumes an imperfect knowledge of the times of individual activities and therefore incorporates a level of uncertainty in the estimation of such times. All other answers are true of PERT.
Area: Content Area 6
17. A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is:
The correct answer is:
A. independent review of the transaction listing.
Explanation:
Tax tables represent sensitive data that will be used in numerous calculations and should be independently visually verified by a senior person before they are used in processing. Choices В and С are programmed controls that are useful for preventing "gross" errors. That is, errors such as an added zero or alpha instead of a numeric. A tax table must be exactly accurate, not just readable. Choice D will allow the data entry person to check input accuracy, but it is not sufficient.
Area: Content Area 6
18. Application controls ensure that when inaccurate data is entered into the system, the data is:
The correct answer is:
C. not accepted and not processed. Explanation:
Application controls ensure that only complete, accurate and valid data are entered and updated in a system. Area: Content Area 6
19. Which of the following BEST describes the purpose or character of an audit charter?
The correct answer is:
D. An audit charter should outline the overall authority, scope and responsibilities of the audit function.
Explanation:
An audit charter should clearly state management's objectives for, and delegation of authority to IS Audit. This charter should not change much over time and should be approved at the highest level of management. The audit charter is not so detailed as to include specific audit objectives.
Area: Process Area 7
20. A manufacturing company has implemented a new client/ server system enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following controls would BEST ensure that the orders are accurately entered and the corresponding products produced?
The correct answer is:
A. Verifying production to customer orders
Explanation:
Verification will ensure that production orders match customer orders. Logging can be used to detect inaccuracies, but does not in itself guarantee accurate processing. Hash totals will ensure accurate order transmission, but not accurate processing centrally. Production supervisory approval is a time consuming manual process that does not guarantee proper control.
Area: Process Area 7
Приложение 8. Пример бизнес-схем в стандарте IDEF0
┌───────────────────────────────────┬──────────────────────────────────────────────────────────────────────────┐
│Abend (аварийное завершение) │Аварийное завершение работы программы из-за программной или аппаратной│
│ │ошибки │
├───────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│Access Method (метод доступа) │Способ поиска для чтения и записи данных в место их постоянного или│
│ │временного хранения │
├───────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│Address (адрес) │Код, используемый для определения нахождения данных в информационной│
│ │системе │
├───────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│Address Space (адресное│Размер области, множество значений адресов в ней, которая может│
│пространство) │осуществлять хранение данных │
├───────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│Addressing (адресация) │Метод, используемый для идентификации области элемента в сети. В идеале│
│ │адресация показывает, где находится элемент и как к нему добраться │
├───────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│Administrative Controls│Контроль деятельности в строгом соответствии с политикой управления│
│(административный контроль) │организации │
├───────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│ALPHA (процессор Alpha) │64-разрядный RISC процессор, разработанный корпорацией Digital Equipment│
│ │(процессор Alpha 21064). Первый процессор в мире, пересекший планку│
│ │тактовой частоты 1 ГГц (см. также CPU) │
├───────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│Anonymous File Transfer Protocol│Метод, предоставляющий пользователю возможность поиска и переписывания│
│(анонимный FTP) │файлов в Интернет с помощью протокола FTP. Когда к FTP-серверу│
│ │подключается незарегистрированный пользователь, чтобы получить доступ к│
│ │файлам (как правило, только для чтения), он вводит вместо своего имени│
│ │слово anonymous, а вместо пароля - адрес своей электронной почты │
├───────────────────────────────────┼──────────────────────────────────────────────────────────────────────────┤
│Applet (аплет, приложение) │Программа на языке Java, которая может быть встроена в HTML-страницы и│
│ │выполнена браузером. Передается из сети Интернет вместе с документом как│
│ │присоединение для его надлежащего представления у пользователя. Аплеты│