IS auditor should FIRST determine:
A
、
what amount of progress against schedule has been achieved.
B
、
if the project budget can be reduced.
C
、
if the project could be brought in ahead of schedule.
D
、
if the budget savings can be applied to increase the project scope.
ANSWER:A
NOTE:Cost performance of a project cannot be properly assessed in
isolation of schedule performance. Cost cannot be assessed simply in terms
of elapsed time on a project. To properly assess the project budget
position it is necessary to know how much progress has actually been made
and, given this, what level of expenditure would be expected. It is
possible that project expenditure appears to be low because actual
progress has been slow. Until the analysis of project against schedule has
been completed, it is impossible to know whether there is any reason to
reduce budget. If the project has slipped behind schedule, then not only
may there be no spare budget but it is possible that extra expenditure may
be needed to retrieve the slippage. The low expenditure could actually be
representative of a situation where the project is likely to miss
deadlines rather than potentially come in ahead of time. If the project is
found to be ahead of budget after adjusting for actual progress, this is
not necessarily a good outcome because it points to flaws in the original
budgeting process; and, as said above, until further analysis is
undertaken, it cannot be determined whether any spare funds actually
exist. Further, if the project is behind schedule, then adding scope may
be the wrong thing to do.
690
、
Inadequate programming and coding practices introduce the risk of:
A
、
phishing.
B
、
buffer overflow exploitation.
C
、
SYN flood.
D
、
brute force attacks.
ANSWER:B
NOTE:Buffer overflow exploitation may occur when programs do not check the
length of the data that are input into a program. An attacker can send
data that exceed the length of a buffer and override part of the program
with malicious code. The countermeasure is proper programming and good
coding practices. Phishing, SYN flood and brute force attacks happen
independently of programming and coding practices.
691
、
Integrating business continuity planning (BCP) into an IT project