| A |
Punishing the violators would be outside the authority of the auditor and inappropriate until the reason for the violations have been determined.
|
| B |
Delaying the project would be an inappropriate suggestion because of business requirements or the likely damage to entire project profitability.
|
| C |
The usage of nonstandard data definitions would lower the efficiency of the new development and increase the risk of errors in critical business decisions. To change data definition standards after project conclusion is risky and is not a viable solution.
|
| D |
Provided that data architecture, technical and operational requirements are sufficiently documented, the alignment to standards could be treated as a specific work package assigned to new project resources.
|
| A |
While standardization can reduce support costs, the transition to a standardized kit can be expensive; therefore, the overall level of IT infrastructure investment is not likely to be reduced
|
| B |
A standardized infrastructure may simplify testing of changes, but it does not reduce the need for such testing.
|
| C |
A standardized infrastructure results in a more homogeneous environment, which is more prone to attacks.
|
| D |
A standardized IT infrastructure provides a consistent set of platforms and operating systems across the organization. This standardization reduces the time and effort required to manage a set of disparate platforms and operating systems. In addition, the implementation of enhanced operational support tools (e.g., password management tools, patch management tools and auto provisioning of user access) is simplified. These tools can help the organization reduce the cost of IT service delivery and operational support.
|
| A |
To install the patch without knowing what it might affect could easily cause problems. The installation of a patch may also affect system availability; therefore, the patch should be rolled out at a time that is acceptable to the business.
|
| B |
Declining to deal with vendors does not take care of the flaw and may severely limit service options.
|
| C |
New software versions with all fixes included are not always available and a full installation could be time consuming.
|
| D |
The effect of installing the patch should be immediately evaluated and installation should occur based on the results of the evaluation. There are numerous cases where a patch from one vendor has affected other systems; therefore, it is necessary to test the patches as much as possible before rolling them out to the entire organization.
|
| A |
A distributed denial-of-service attack floods its target with numerous packets, to prevent it from responding to legitimate requests. This is not related to coding standards.
|
| B |
Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques.
|
| C |
A brute force attack is used to crack passwords, but this is not related to coding standards.
|
| D |
War dialing uses modem-scanning tools to hack private branch exchanges or other telecommunications services.
|