55. c. Normally, the primary contingency strategy for applications and data is regular backup and secure offsite storage. Important decisions to be addressed include how often the backup is performed, how often it is stored offsite, and how it is transported to storage, to an alternative processing site, or to support the resumption of normal operations. How often the backup is used is not relevant because it is hoped that it may never have to be used.
56. Which of the following is not totally possible from a security control viewpoint?
a. Detection
b. Prevention
c. Correction
d. Recovery
56. b. Prevention is totally impossible because of its high cost and technical limitations. Under these conditions, detection becomes more important, which could be cheaper than prevention; although, not all attacks can be detected in time. Both correction and recovery come after prevention or detection.
57. The return on investment on quality is highest in which of the following software defect prevention activities?
a. Code inspection
b. Reviews with users
c. Design reviews
d. Unit test
57. b. It is possible to quantify the return on investment (ROI) for various quality improvement activities. Studies have shown that quality ROI is highest when software products are reviewed with user customers. This is followed by code inspection by programmers, design reviews with the project team, and unit testing by programmers.
58. The IT operations management of KPT Corporation is concerned about the reliability and availability data for its four major, mission-critical information systems that are used by business end-users. The KPT corporate management’s goal is to improve the reliability and availability of these four systems in order to increase customer satisfaction both internally and externally. The IT operations management collected the following data on percent reliability. Assume 365 operating days per year and 24 hours per day for all these systems. The IT operations management thinks that system reliability is important in providing quality of service to end-users.
System
Reliability
199.50297.50398.25495.25
Which of the following systems has the highest downtime in a year expressed in hours and rounded up?
a. System 1
b. System 2
c. System 3
d. System 4
58. d. The system 4 has the highest downtime in hours. Theoretically speaking, the higher the reliability of a system, the lower its downtime (including scheduled maintenance), and higher the availability of that system, and vice versa. In fact, this question does not require any calculations to perform because one can find out the correct answer just by looking at the reliability data given in that the lower the reliability, the higher the downtime, and vice versa.
Calculations for System 1 are shown below and calculations for other systems follow the System 1 calculations.
Downtime = (Total hours) × [(100 − Reliability%)/100] = 8,760 × 0.005 = 44 hours
Availability for System 1 = [(Total time − Downtime)/Total time] × 100 = [(8,760 − 44)/8,760] × 100 = 99.50%
Check: Availability for System 1 = [Uptime/(Uptime + Downtime)] × 100 = (8,716/8,760) × 100 = 99.50%
59. Which of the following is the most important requirement for a software quality program to work effectively?
a. Quality metrics
b. Process improvement
c. Software reengineering
d. Commitment from all parties
59. d. A software quality program should reduce defects, cut service costs, increase customer satisfaction, and increase productivity and revenues. To achieve these goals, commitment by all parties involved is the most important factor. The other three factors such as quality metrics, process improvement, and software reengineering have some merit, but none is sufficient on its own.
