Controls related to authorized modifications to production programs are BEST tested by:
Correct Answer: D
Section: Information System Operations, Maintenance and Support
Question 657
What is the PRIMARY purpose of performing a parallel run of a now system?
Correct Answer: D
Explanation The primary purpose of performing a parallel run of a new system is to validate the new system against its predecessor. A parallel run is a strategy for system changeover where a new system slowly assumes the roles of the older system while both systems operate simultaneously. This allows for comparison of the results and outputs of both systems to ensure that the new system is working correctly and reliably. A parallel run can also help identify and resolve any errors, discrepancies, or inconsistencies in the new system before the old system is discontinued. The other options are not the primary purpose of performing a parallel run of a new system. A. To train the end users and supporting staff on the new system. Training is an important part of system implementation, but it is not the main reason for doing a parallel run. Training can be done before, during, or after the parallel run, depending on the needs and preferences of the organization. B. To verify the new system provides required business functionality. Verifying the business functionality of the new system is part of user acceptance testing (UAT), which is a formal and structured process of testing whether the new system meets the specifications and expectations of the users and stakeholders. UAT is usually done before the parallel run, as a prerequisite for system changeover. C. To reduce the need for additional testing. Reducing the need for additional testing is not the primary purpose of performing a parallel run, but rather a possible benefit or outcome of doing so. A parallel run can help ensure that the new system is thoroughly tested and validated in a real-world environment, which may reduce the likelihood of encountering major issues or defects later on. However, additional testing may still be needed after the parallel run, depending on the feedback and evaluation of the users and stakeholders. References: ISACA, CISA Review Manual, 27th Edition, 2019, p. 2471 IS
Question 658
Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff?
Correct Answer: A
Section: Protection of Information Assets Explanation: "Everything not explicitly permitted is forbidden (default deny) improves security at a cost in functionality. This is a good approach if you have lots of security threats. On the other hand, ""Everything not explicitly forbidden is permitted"" (default permit) allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non- existent or negligible."
Question 659
During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system?
Correct Answer: C
Section: Protection of Information Assets Explanation: Rebooting the system may result in a change in the system state and the loss of files and important evidence stored in memory. The other choices are appropriate actions for preserving evidence.
Question 660
Which of the following is MOST important to include in forensic data collection and preservation procedures?
