CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 79)

Page 78 of 269
PDF with 1074 Questions

Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data?

  1. Test environment using test data.
  2. Test environment using sanitized live workloads data.
  3. Production environment using test data.
  4. Production environment using sanitized live workloads data.

Answer(s): B

Explanation:

The best way to properly verify an application or system during a stress test would be to expose it to "live" data that has been sanitized to avoid exposing any sensitive information or Personally Identifiable Data (PII) while in a testing environment. Fabricated test data may not be as varied, complex or computationally demanding as "live" data. A production environment should never be used to test a product, as a production environment is one where the application or system is being put to commercial or operational use. It is a best practice to perform testing in a non-production environment.
Stress testing is carried out to ensure a system can cope with production workloads, but as it may be tested to destruction, a test environment should always be used to avoid damaging the production environment. Hence, testing should never take place in a production environment. If only test data is used, there is no certainty that the system was adequately stress tested.



Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users?

  1. Inadequate quality assurance (QA) tools.
  2. Constantly changing user needs.
  3. Inadequate user participation in defining the system's requirements.
  4. Inadequate project management.

Answer(s): C

Explanation:

Inadequate user participation in defining the system's requirements. Most projects fail to meet the needs of the users because there was inadequate input in the initial steps of the project from the user community and what their needs really are.
The other answers, while potentially valid, are incorrect because they do not represent the most common problem assosciated with information systems failing to meet the needs of users.


Reference:

All in One pg 834
Only users can define what their needs are and, therefore, what the system should accomplish. Lack of adequate user involvement, especially in the systems requirements phase, will usually result in a system that doesn't fully or adequately address the needs of the user.


Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 296).



Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate?

  1. The project will be completed late.
  2. The project will exceed the cost estimates.
  3. The project will be incompatible with existing systems.
  4. The project will fail to meet business and user needs.

Answer(s): D

Explanation:

This is the most serious risk of inadequate systems development life cycle methodolgy.
The following answers are incorrect because :
The project will be completed late is incorrect as it is not most devastating as the above answer.
The project will exceed the cost estimates is also incorrect when compared to the above correct answer.
The project will be incompatible with existing systems is also incorrect when compared to the above correct answer.


Reference:

Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 290).



Which of the following is an advantage of prototyping?

  1. Prototype systems can provide significant time and cost savings.
  2. Change control is often less complicated with prototype systems.
  3. It ensures that functions or extras are not added to the intended system.
  4. Strong internal controls are easier to implement.

Answer(s): A

Explanation:

Prototype systems can provide significant time and cost savings, however they also have several disadvantages. They often have poor internal controls, change control becomes much more complicated and it often leads to functions or extras being added to the system that were not originally intended.


Reference:

Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 306).






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Exam Discussions & Posts