164. d. Certifications performed on applications under development are interleaved with the system development process. Certification and accreditation needs must be considered in the validation, verification, and testing phases employed throughout the system development process (i.e., development and implementation). It does not address the operation/maintenance phase.
165. A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle (SDLC)?
a. Initiation
b. Development/acquisition
c. Operation/maintenance
d. Implementation
165. d. The major outputs from the implementation (testing) phase include the security evaluation report and accreditation statement. The purpose of the testing phase is to perform various tests (unit, integration, system, and acceptance). Security features are tested to see if they work and are then certified.
166. Which of the following phases of a system development life cycle (SDLC) should not be compressed so much for the proper development of a prototype?
a. Initiation
b. Development/acquisition
c. Implementation
d. Operation/maintenance
166. c. System testing, which is a part of implementation, is important to determine whether internal controls and security controls are operating as designed and are in accordance with established policies and procedures.
In the prototyping environment, there is a tendency to compress system initiation, definition, design, programming, and training phases. However, the testing phase should not be compressed so much for quality reasons. By definition, prototyping requires some compression of activities and time due to the speedy nature of the prototyping development methodology without loss of the main features, functions, and quality.
167. The activity that would be different between a prototype development approach and the traditional system development approach is:
a. How are activities to be accomplished?
b. What do users need from the system?
c. What should a project plan contain?
d. How are individual responsibilities defined?
167. a. Managers still need to define what they want from the system, some assessment of costs/benefits is still needed, and a plan to proceed with individual responsibilities is still required. The difference may be in the way activities are accomplished. The tools, techniques, methods, and approaches used in the prototype development project and traditional system development project are different.
168. A general testing strategy for conducting an application software regression testing includes which of the following sequence of tasks?
a. Read, insert, and delete
b. Precompile, link, and compile
c. Prepare, execute, and delete
d. Test, debug, and log
168. c. Each test program involves preparing the executable program, executing it, and deleting it. This saves space on mass storage and generates a complete log. This approach is recommended for debugging and validating purposes. Read, insert, and delete include the transfer of all rows from Table A to Table B in that a table is read, inserted, and deleted. A source program is precompiled, linked, and compiled to become an object or executable program. A source program is tested (errors discovered), debugged (errors removed), and logged for review and further action.
169. Which of the following tests would be conducted when an application system in an organization exchanges data with external application systems?
a. Unit test
b. Integration test
c. End-to-end test
d. System acceptance test
169. c. The purpose of end-to-end testing is to verify that a defined set of interrelated systems, which collectively support an organizational core business area or function, interoperate as intended in an operational environment. These interrelated systems include not only those owned and managed by the organization, but also the external systems with which they interface.
