Documentation of a business case used in an IT development project should be retained until:

• A.the end of the system's life cycle.
• B.the project is approved.
• C.user acceptance of the system.
• D.the system is in production.

Comment: *

Name: *

Email: *

Verification: *

Which of the following software development methodology uses minimal planning and in favor of rapid prototyping?

• A.Agile Developments
• B.Software prototyping
• C.Rapid application development
• D.Component based development

Correct Answer: C

Explanation/Reference:
Rapid application development (RAD) is a software development methodology that uses minimal planning in favor of rapid prototyping. The "planning" of software developed using RAD is interleaved with writing the software itself. The lack of extensive per-planning generally allows software to be written much faster, and makes it easier to change requirements.
Rapid Application Development

Click Here for original image
Four phases of RAD
Requirements Planning phase - combines elements of the system planning and systems analysis phases of the Systems Development Life Cycle (SDLC). Users, managers, and IT staff members discuss and agree on business needs, project scope, constraints, and system requirements. It ends when the team agrees on the key issues and obtains management authorization to continue.
User design phase - during this phase, users interact with systems analysts and develop models and prototypes that represent all system processes, inputs, and outputs. The RAD groups or subgroups typically use a combination of Joint Application Development (JAD) techniques and CASE tools to translate user needs into working models. User Design is a continuous interactive process that allows users to understand, modify, and eventually approve a working model of the system that meets their needs.
Construction phase - focuses on program and application development task similar to the SDLC. In RAD, however, users continue to participate and can still suggest changes or improvements as actual screens or reports are developed. Its tasks are programming and application development, coding, unit-integration and system testing.
Cutover phase - resembles the final tasks in the SDLC implementation phase, including data conversion, testing, changeover to the new system, and user training. Compared with traditional methods, the entire process is compressed. As a result, the new system is built, delivered, and placed in operation much sooner.
The following were incorrect answers:
Agile Development - Agile software development is a group of software development methods based on iterative and incremental development, where requirements and solutions evolve through collaboration between self-organizing, cross-functional teams.
Software prototyping- Software prototyping, refers to the activity of creating prototypes of software applications, i.e., incomplete versions of the software program being developed. It is an activity that can occur in software development and is comparable to prototyping as known from other fields, such as mechanical engineering or manufacturing.
Component Based Development - It is a reuse-based approach to defining, implementing and composing loosely coupled independent components into systems. This practice aims to bring about an equally wide- ranging degree of benefits in both the short-term and the long-term for the software itself and for organizations that sponsor such software.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 195

Comment: *

Name: *

Email: *

Verification: *

While reviewing similar issues in an organization s help desk system, an IS auditor finds that they were analyzed independently and resolved differently This situation MOST likely indicates a deficiency in:

• A.configuration management
• B.IT service level management
• C.problem management
• D.change management

Comment: *

Name: *

Email: *

Verification: *

Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?

• A.Proper authentication
• B.Proper identification AND authentication
• C.Proper identification
• D.Proper identification, authentication, AND authorization

Comment: *

Name: *

Email: *

Verification: *

Which of the following term in business continuity determines the maximum tolerable amount of time that is
needed to verify the system and/or data integrity?

• A.RPO
• B.RTO
• C.WRT
• D.MTD

Correct Answer: C

Section: Information System Operations, Maintenance and Support
Explanation:
The Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to
verify the system and/or data integrity. This could be, for example, checking the databases and logs,
making sure the applications or services are running and are available. In most cases those tasks are
performed by application administrator, database administrator etc. When all systems affected by the
disaster are verified and/or recovered, the environment is ready to resume the production again.
For your exam you should know below information about RPO, RTO, WRT and MTD:
Stage 1: Business as usual
Business as usual

At this stage all systems are running production and working correctly.
Stage 2: Disaster occurs
Disaster Occurs

On a given point in time, disaster occurs and systems needs to be recovered. At this point the Recovery
Point Objective (RPO) determines the maximum acceptable amount of data loss measured in time. For
example, the maximum tolerable data loss is 15 minutes.
Stage 3: Recovery
Recovery

At this stage the system are recovered and back online but not ready for production yet. The Recovery
Time Objective (RTO) determines the maximum tolerable amount of time needed to bring all critical
systems back online. This covers, for example, restore data from back-up or fix of a failure. In most cases
this part is carried out by system administrator, network administrator, storage administrator etc.
Stage 4: Resume Production
Resume Production

At this stage all systems are recovered, integrity of the system or data is verified and all critical systems can
resume normal operations. The Work Recovery Time (WRT) determines the maximum tolerable amount of
time that is needed to verify the system and/or data integrity. This could be, for example, checking the
databases and logs, making sure the applications or services are running and are available. In most cases
those tasks are performed by application administrator, database administrator etc. When all systems
affected by the disaster are verified and/or recovered, the environment is ready to resume the production
again.
MTD

The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines the total
amount of time that a business process can be disrupted without causing any unacceptable consequences.
This value should be defined by the business management team or someone like CTO, CIO or IT
manager.
The following answers are incorrect:
RPO - Recovery Point Objective (RPO) determines the maximum acceptable amount of data loss
measured in time. For example, the maximum tolerable data loss is 15 minutes.
RTO - The Recovery Time Objective (RTO) determines the maximum tolerable amount of time needed to
bring all critical systems back online. This covers, for example, restore data from back-up or fix of a failure.
In most cases this part is carried out by system administrator, network administrator, storage administrator
etc.
MTD - The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines
the total amount of time that a business process can be disrupted without causing any unacceptable
consequences. This value should be defined by the business management team or someone like CTO,
CIO or IT manager.
References:
CISA review manual 2014 page number 284
http://defaultreasoning.com/2013/12/10/rpo-rto-wrt-mtdwth/

Comment: *

Name: *

Email: *

Verification: *