Which of the following type of testing validate functioning of the application under test with other system, where a set of data is transferred from one system to another?
Correct Answer: A
Section: Information System Acquisition, Development and Implementation Explanation: Interface or integration testing is a hardware or software test that evaluates the connection of two or more components that pass information from one area to another. The objective it to take unit tested module and build an integrated structure dictated by design. The term integration testing is also referred to tests that verify and validate functioning of the application under test with other systems, where a set of data is transferred from one system to another. For CISA exam you should know below types of testing: Unit Testing - The testing of an individual program or module. Unit testing uses set of test cases that focus on control structure of procedural design. These tests ensure internal operation of the programs according to the specification. Interface or integration testing - A hardware or software test that evaluates the connection of two or more components that pass information from one area to another. The objective it to take unit tested module and build an integrated structure dictated by design. The term integration testing is also referred to tests that verify and validate functioning of the application under test with other systems, where a set of data is transferred from one system to another. System Testing - A series of tests designed to ensure that modified programs, objects, database schema, etc , which collectively constitute a new or modified system, function properly. These test procedures are often performed in a non-production test/development environment by software developers designated as a test team. The following specific analysis may be carried out during system testing. Recovery Testing - Checking the systems ability to recover after a software or hardware failure. Security Testing - Making sure the modified/new system includes provisions for appropriate access control and does not introduce any security holes that might compromise other systems. Load Testing - Testing an application with large quantities of data to evaluate its performance during peak hour. Volume testing - Studying the impact on the application by testing with an incremental volume of records to determine the maximum volume of records that application can process. Stress Testing - Studying the impact on the application by testing with an incremental umber of concurrent users/services on the application to determine maximum number of concurrent user/service the application can process. Performance Testing - Comparing the system performance to other equivalent systems using well defined benchmarks. Final Acceptance Testing - It has two major parts: Quality Assurance Testing(QAT) focusing on the technical aspect of the application and User acceptance testing focusing on functional aspect of the application. QAT focuses on documented specifications and the technology employed. It verifies that application works as documented by testing the logical design and the technology itself. It also ensures that the application meet the documented technical specifications and deliverables. QAT is performed primarily by IS department. The participation of end user is minimal and on request. QAT does not focus on functionality testing. UAT supports the process of ensuring that the system is production ready and satisfies all documented requirements. The methods include: Definition of test strategies and procedure. Design of test cases and scenarios Execution of the tests. Utilization of the result to verify system readiness. Acceptance criteria are defined criteria that a deliverable must meet to satisfy the predefined needs of the user. A UAT plan must be documented for the final test of the completed system. The tests are written from a user's perspective and should test the system in a manner as close to production possible. The following were incorrect answers: Unit Testing - The testing of an individual program or module. Unit testing uses set of test cases that focus on control structure of procedural design. These tests ensures internal operation of the programs according to the specification. System Testing - A series of tests designed to ensure that modified programs, objects, database schema, etc , which collectively constitute a new or modified system, function properly. These test procedures are often performed in a non-production test/development environment by software developers designated as a test team. Final Acceptance Testing - During this testing phase the defined methods of testing to apply should be incorporated into the organization's QA methodology. Reference: CISA review manual 2014 Page number 166
Question 327
After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the auditor recommend?
Correct Answer: A
Explanation/Reference: Explanation: Performing an exhaustive review of the recovery tasks would be appropriate to identify the way these tasks were performed, identify the time allocated to each of the steps required to accomplish recovery, and determine where adjustments can be made. Choices B, C and D could be actions after the described review has been completed.
Question 328
Which of the following controls would BEST ensure that payroll system rate changes are valid?
Correct Answer: C
Question 329
The BEST way for an IS auditor to determine which business processes are currently outsourced to a specific service provider is to review the:
Correct Answer: B
Section: The process of Auditing Information System
Question 330
Which of the following could be determined by an entity-relationship diagram?
