To minimize the cost of a software project, quality management techniques should be applied:
Correct Answer: C
While it is important to properly establish a software development project, quality management should be effectively practiced throughout the project. The major source of unexpected costs on most software projects is rework. The general rule is thatthe earlier in the development life cycle that a defect occurs, and the longer it takes to find and fix that defect, the more effort will be needed to correct it. A well-written quality management plan is a good start, but it must also be actively applied. Simply relying on testing to identify defects is a relatively costly and less effective way of achieving software quality. For example, an error in requirements discovered in the testing phase can result in scrapping significant amounts of work. Capturing lessons learned will be too late for the current project. Additionally, applying quality management techniques throughout a project is likely to yield its own insights into the causes of quality problems and assist in staff development.
Question 237
Following a security breach, an IS auditor finds an organization's transport layer security (TLS) certificate is compromised. Which of the following would be the auditor's BEST recommendation to the system administrator?
Correct Answer: D
Question 238
Which of the following is the MOST important consideration when planning a penetration test for a financial management system?
Correct Answer: A
Question 239
Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?
Correct Answer: A
Explanation/Reference: Explanation: Allowing application programmers to directly patch or change code in production programs increases risk of fraud.
Question 240
Reverse proxy technology for web servers should be deployed if:
Correct Answer: A
Explanation/Reference: Explanation: Reverse proxies are primarily designed to hide physical and logical internal structures from outside access. Complete URLs or URIs can be partially or completely redirected without disclosing which internal or DMZ server is providing the requested data. This technology might be used if a trade-off between security, performance and costs has to be achieved. Proxy servers cache some data but normally cannot cache all pages to be published because this depends on the kind of information the web servers provide. The ability to accelerate access depends on the speed of the back-end servers, i.e., those that are cached. Thus, without making further assumptions, a gain in speed cannot be assured, but visualization and hiding of internal structures can. If speed is an issue, a scale-out approach (avoiding adding additional delays by passing firewalls, involving more servers, etc.) would be a better solution. Due to the limited caching option, reverse proxies are not suitable for enhancing fault tolerance. User requests that are handled by reverse proxy servers are using exactly the same bandwidth as direct requests to the hosts providing the data.
