When implementing an application software package, which of the following presents the GREATEST risk?
Correct Answer: C
Explanation/Reference: Explanation: Parameters that are not set correctly would be the greatest concern when implementing an application software package. The other choices, though important, are a concern of the provider, not the organization that is implementing the software itself.
Question 602
Which of the following is the MOST effective means of helping management and the IT strategy committee to monitor IT performance?
Correct Answer: D
Question 603
A company has decided to implement an electronic signature scheme based on public key infrastructure. The user's private key will be stored on the computer's hard drive and protected by a password. The MOST significant risk of this approach is:
Correct Answer: A
Section: Protection of Information Assets Explanation: The user's digital signature is only protected by a password. Compromise of the password would enable access to the signature. This is the most significant risk. Choice B would require subversion of the public key infrastructure mechanism, which is very difficult and least likely. Choice C would require that the message appear to have come from a different person and therefore the true user's credentials would not be forged. Choice D has the same consequence as choice C.
Question 604
Which of the following BEST facilitates the legal process in the event of an incident?
Correct Answer: C
The best way to facilitate the legal process in the event of an incident is to preserve the chain of custody of the evidence. The chain of custody is a record of who handled, accessed, or modified the evidence, when, where, how, and why. The chain of custody helps to ensure the integrity, authenticity, and admissibility of the evidence in a court of law. The chain of custody also helps to prevent tampering, alteration, or loss of evidence that could compromise the investigation or the prosecution. References: * CISA Review Manual (Digital Version) * CISA Questions, Answers & Explanations Database
Question 605
Which of the following methods will BEST reduce the risk associated with the transition to a new system using technologies that are not compatible with the old system?
Correct Answer: A
Explanation The best method to reduce the risk associated with the transition to a new system using technologies that are not compatible with the old system is parallel changeover. Parallel changeover is a method of system conversion that involves running both the old and the new systems simultaneously for a period of time, until the new system is verified to be working correctly and completely. Parallel changeover can help reduce the risk of data loss, errors, or disruptions that may occur due to the incompatibility of the technologies, as well as provide a backup option in case of failure or malfunction of the new system. Parallel changeover can also help users compare and validate the results of both systems, and facilitate their training and adaptation to the new system. Modular changeover is a method of system conversion that involves replacing one module or component of the old system with a corresponding module or component of the new system at a time, until the entire system is replaced. Modular changeover can help reduce the complexity and scope of the conversion, as well as minimize the impact on the users and operations. However, modular changeover may not be feasible or effective when the technologies of the old and new systems are not compatible, as it may create integration or interoperability issues among the modules. Phased operation is a method of system conversion that involves implementing the new system in stages or increments, each with a subset of functions or features, until the entire system is operational. Phased operation can help reduce the risk and cost of implementing a large and complex system, as well as allow for testing and feedback at each stage. However, phased operation may not be suitable or efficient when the technologies of the old and new systems are not compatible, as it may require extensive modifications or adaptations to enable partial functionality. Pilot operation is a method of system conversion that involves implementing the new system in a limited or controlled environment, such as a department or a location, before rolling it out to the entire organization. Pilot operation can help test and evaluate the performance and usability of the new system, as well as identify and resolve any issues or problems before full-scale implementation. However, pilot operation may not be relevant or reliable when the technologies of the old and new systems are not compatible, as it may not reflect the actual conditions or challenges of operating both systems concurrently. References: TRANSITION TO THE NEW SYSTEM - O'Reilly Media 1 10 Challenges To Think About When Upgrading From Legacy Systems - Forbes
