Home > CISA (Certified Information Systems Auditor) > Quizzes > CISA Domain 3: Information Systems Acquisition, Development, and Implementation
CISA Domain 3: Information Systems Acquisition, Development, and Implementation
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 29% Most missed: “The best source for requirements for an RFP project is:”
CISA Domain 3: Information Systems Acquisition, Development, and Implementation
Time left 00:00
25 Questions

1. Which SEI CMM maturity level states that there is some consistency in the ways that individuals perform tasks from one time to the next, as well as some management planning and direction to ensure that tasks and projects are performed consistently?
2. Which management processes cover the post-implementation phase of the SDLC?
3. What is the purpose of the review process after each phase of the SDLC?
4. What is the best reason for considering a proof of concept?
5. A formal process whereby the organization gathers all business and technical requirements and forwards them to several qualified vendors, who then respond to them, is called:
6. All of the following are considered risks to a software development project except:
7. Which type of tests will determine whether there are any failures or errors in input, processing, or output controls in an application?
8. When is the best time for an organization to measure business benefits of a new system?
9. In the context of logical access control, what does the term “fail closed” mean?
10. Which type of testing, usually performed by developers during the coding phase of the software development project, is used to verify that the code in various parts of the application works properly?
11. Which type of quality assurance method involves the users rather than IT or IS personnel?
12. An organization is considering acquiring a key business application from a small software company. What business provision should the organization require of the software company?
13. Change management and configuration management are key to which phase of the SDLC?
14. Which of the following represents the components of the project in graphical or tabular form and is a visual or structural representation of the system, software, or application?
15. All of the following are considerations when selecting and evaluating a software vendor except:
16. A project manager regularly sends project status reports to executive management. Executives are requesting that status reports include visual diagrams showing the project schedule and project-critical paths from week to week. Which type of a chart should the project manager use?
17. Which quantitative method of sizing software projects is repeatable for traditional programming languages, but is not as effective with newer, nontextual languages?
18. When would you design an access control to “fail open”?
19. In the context of logical access controls, the terms “subject” and “object” refer to:
20. What is the purpose of a configuration management database?
21. Which kind of testing ensures that data is being formatted properly and inserted into the new application from the old application?
22. What are the three levels of the Constructive Cost Model (COCOMO) method for estimating software development projects?
23. During which phase of the infrastructure development life cycle are all changes to the environment performed under formal processes, including incident management, problem management, defect management, change management, and configuration management?
24. An organization that wishes to acquire IT products or services that it fully understands should issue what kind of document?
25. Which entity commissions feasibility studies to support a business case?