IT best practices for the availability and continuity of IT services should: A. minimize costs associated with disaster-resilient components. B. provide for sufficient capacity to meet the agreed upon demands of the business. C. provide reasonable assurance that agreed upon obligations to customers can be met. D. produce timely performance metric reports.
Correct Answer: C
Explanation:
Explanation:
It is important that negotiated and agreed commitments (i.e., service level agreements [SLAs]) can be fulfilled all the time. If this were not achievable, IT should not have agreed to these requirements, as entering into such a commitment would be misleading to the business. ‘All the time’ in this context directly relates to the ‘agreed obligations’ and does not imply that a service has to be available 100 percent of the time. Costs are a result of availability and service continuity management and may only be partially controllable. These costs directly reflect the agreed upon obligations. Capacity management is a necessary, but not sufficient, condition of availability.
Despite the possibility that a lack of capacity may result in an availability issue, providing the capacity necessary for seamless operations of services would be done within capacity management, and not within availability management. Generating reports might be a task of availability and service continuity management, but that is true for many other areas of interest as well (e.g., incident, problem, capacity and change management).
Which of the following should be of PRIMARY concern to an IS auditor reviewing the management of external IT service providers? A. Minimizing costs for the services provided B. Prohibiting the provider from subcontracting services C. Evaluating the process for transferring knowledge to the IT department D. Determining if the services were provided as contracted
Correct Answer: D
Explanation:
Explanation:
From an IS auditor’s perspective, the primary objective of auditing the management of service providers should be to determine if the services that were requested were provided in a way that is acceptable, seamless and in line with contractual agreements.
Minimizing costs, if applicable and achievable (depending on the customer’s need) is traditionally not part of an IS auditor’s job. This would normally be done by a line management function within the IT department.
Furthermore, during an audit, it is too late to minimize the costs for existing provider arrangements. Subcontracting providers could be a concern, but it would not be the primary concern. Transferring knowledge to the internal IT department might be desirable under certain circumstances, but should not be the primary concern of an IS auditor when auditing IT service providers and the management thereof.
The PRIMARY objective of service-level management (SLM) is to: A. define, agree, record and manage the required levels of service. B. ensure that services are managed to deliver the highest achievable level of availability. C. keep the costs associated with any service at a minimum. D. monitor and report any legal noncompliance to business management.
Correct Answer: A
Explanation:
Explanation:
The objective of service-level management (SLM) is to negotiate, document and manage (i.e., provide and monitor) the services in the manner in which the customer requires those services. This does not necessarily ensure that services are delivered at the highest achievable level of availability (e.g., redundancy and clustering). Although maximizing availability might be necessary for some critical services, it cannot be applied as a general rule of thumb. SLM cannot ensure that costs for all services will be kept at a low or minimum level, since costs associated with a service will directly reflect the customer’s requirements. Monitoring and reporting legal noncompliance is not a part of SLM.
An organization has outsourced its help desk. Which of the following indicators would be the best to include in the SLA? A. Overall number of users supported B. Percentage of incidents solved in the first call C. Number of incidents reported to the help desk D. Number of agents answering the phones
Correct Answer: B
Explanation:
Explanation:
Since it is about service level (performance) indicators, the percentage of incidents solved on the first call is the only option that is relevant. Choices A, C and D are not quality measures of the help desk service.
A benefit of quality of service (QoS) is that the: A. entire network's availability and performance will be significantly improved. B. telecom carrier will provide the company with accurate service-level compliance reports. C. participating applications will have guaranteed service levels. D. communications link will be supported by security controls to perform secure online transactions.
Correct Answer: C
Explanation:
Explanation:
The main function of QoS is to optimize network performance by assigning priority to business applications and end users, through the allocation of dedicated parts of the bandwidth to specific traffic. Choice A is not true because the communication itself will not be improved. While the speed of data exchange for specific applications could be faster, availability will not be improved. The QoS tools that many carriers are using do not provide reports of service levels; however, there are other tools that will generate service-level reports. Even when QoS is integrated with firewalls, VPNs, encryption tools and others, the tool itself is not intended to provide security controls.
Which of the following reports should an IS auditor use to check compliance with a service level agreements (SLA) requirement for uptime? A. Utilization reports B. Hardware error reports C. System logs D. Availability reports
Correct Answer: D
Explanation:
Explanation:
IS inactivity, such as downtime, is addressed by availability reports. These reports provide the time periods during which the computer was available for utilization by users or other processes. Utilization reports document the use of computer equipment, and can be used by management to predict how/where/when resources are required. Hardware error reports provide information to aid in detecting hardware failures and initiating corrective action. System logs are a recording of the system’s activities.
When performing an audit of a client relationship management (CRM) system migration project, which of the following should be of GREATEST concern to an IS auditor? A. The technical migration is planned for a Friday preceding a long weekend, and the time window is too short for completing all tasks. B. Employees pilot-testing the system are concerned that the data representation in the new system is completely different from the old system. C. A single implementation is planned, immediately decommissioning the legacy system. D. Five weeks prior to the target date, there are still numerous defects in the printing functionality of the new system’s software.
Correct Answer: C
Explanation:
Explanation:
Major system migrations should include a phase of parallel operation or a phased cut-over to reduce implementation risks. Decommissioning or disposing of the old hardware would complicate any fallback strategy, should the new system not operate correctly.
A weekend can be used as a time buffer so that the new system will have a better chance of being up and running after the weekend. A different data representation does not mean different data presentation at the front end. Even when this is the case, this issue can be solved by adequate training and user support. The printing functionality is commonly one of the last functions to be tested in a new system because it is usually the last step performed in any business event. Thus, meaningful testing and the respective error fixing are only possible after all other parts of the software have been successfully tested.
After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend? A. Stress B. Black box C. Interface D. System
Correct Answer: D
Explanation:
Explanation:
Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. Interface testing is not enough, and stress or black box testing are inadequate in these circumstances.
An IS auditor performing an application maintenance audit would review the log of program changes for the: A. authorization of program changes. B. creation date of a current object module. C. number of program changes actually made. D. creation date of a current source program.
Correct Answer: A
Explanation:
Explanation:
The manual log will most likely contain information on authorized changes to a program. Deliberate, unauthorized changes will not be documented by the responsible party. An automated log, found usually in library management products, and not a changelog would most likely contain date information for the source and executable modules.
An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.
Correct Answer: D
Explanation:
Explanation:
Old (legacy) systems that have been corrected, adapted and enhanced extensively require reengineering to remain maintainable. Reengineering is a rebuilding activity to incorporate new technologies into existing systems. Using program language statements, reverse engineering involves reversing a program’s machine code into the source code in which it was written to identify malicious content in a program, such as a virus, or to adapt a program written for use with one processor for use with a differently designed processor. Prototyping is the development of a system through controlled trial and error. Software reuse is the process of planning, analyzing and using previously developed software components. The reusable components are integrated into the current software product systematically.
Please disable your adblocker or whitelist this site!