Professional Practice in IT (1/2

1. In relation to the process of quality control, it focuses on the end result, such as testing a sample of items from a batch after production (从批量生产后).

2. The scope of an Information System audit:

   • Application software review

   • Network security review

   • Data integrity (数据完整性) review

   • Physical and environment review

3. A drawback (缺点) to team work: individuals cannot be held responsible (个人不能承担责任).

4. Change management is:

   • A structured process and set of tools for leading the people side of change (引导人们进行变更) to achieve a desired outcome.

   • A leadership competency (领导能力) for enabling change within an organisation.

   • A strategic capability (战略能力) designed to increase change capacity (变革能力) and responsiveness (响应能力).

   • Historically has been done poorly in a lot of major organisations.

5. Which best describes "change management":

   • A structured process and set of tools for leading the people side of change to achieve a desired outcome.

6. TRUE statements of the "Capacity Maturity Model (CMM)":

   • Many organisations are at less than the fifth level (第五级/最高级) of maturity.

   • It describes five levels of maturity in relation to processes in an organisation.

   • It encourages "best practice" (鼓励最佳实践).

   • It was formulated (制定) by IEEE specifically for software development.

7. The length of a task bar in a Gantt chart usually indicate: duration of the task.

8. The major difference between CPM (Critical Path Method) and PERT is: PERT makes use of three values to determine expected duration.

9. It is important to think about the business side of IT because IT serves business requirements.

10. The "Stages of Group Development Model" proposed by Bruce W Tuckman in 1965 can be helpful in understanding team behaviour.

11. Challenges to the recruitment of IT Human Resources are:

    • People with technical skills also need to know how business works.

    • The pace of change in the industry means skills can quickly become out of date.

    • Recruiters are often not sufficiently technically aware (没有充分的技术意识).

    • There is generally a shortage people with the required IT skills.

12. Motivations for an information system audit to be carried out (执行):

    • Corporate governance (公司治理)

    • Regulatory requirement (法规要求)

    • Asset owner request (资产所有者请求)

    • Operations review (业务回顾)

13. Which best distinguishes a CPM network diagram from a Gantt chart: Gantt chart are most useful for resource levelling (资源平衡).

14. A preferred name for "Human Resource" departments: "Talent and Capability" departments.

15. It is important to understand the impact of IT in developing countries because it has a massive impact to people's lives.

16. A "project" may be described as a temporary endeavour (尽力) undertaken to create a unique product or service.

17. TRUE statements relating to change management:

    • With poorly managed change, you can expect a bigger impact that will last longer
    • The reality is that change creates instability (不稳定性) and introduces risk to the organisation. Multiple changes within the organisation aggravate (加重) and compound (复合) this risk.
    • The degree of impact will vary by group and depends on the effectiveness of OCM (Organisational Change Management) work.

18. TRUE statements in relation to the process of QA (Quality Assurance):

    • It is a process-centered approach to ensuring that a company or organization is meeting specified requirements.
    • It focuses on enhancing and improving the process that is used to create the end result.
    • It includes planning, design, development, production and service.

19. TRUE statement regarding quality assurance and quality control: QA is a process-centered approach.

20. Examples of a "project":

    • Manufactoring state-of-the-art plasma (先进的等离子体) TV screens
    • Developing a web-based mail-order system for DVDs
    • Carrying out routine maintance on an aeroplane (飞机)
    • Producing a paticular brand of automobile (汽车)

21. Apart from change managers, who else in an organisation is concerned with change:

    • Executives (总经理) and senior leaders
    • Middle managers and supervisors
    • Project team
    • Support functional teams

22. TRUE statement in conncecting with quality assurance or control: Quality assurance systems emphasize (强调/着重) catching defects before they get into the final product.

23. Statements best explain what level of detail to seek when creating a work breakdown structure:

    • small enough to permit control and visibility
    • large enough not to create an unwieldy administrative burden (笨重的管理负担)

24. TRUE statements concerning the process of ISO 9000 certification:

    • It can take any where from 6 to 18 months for an organisation to go through its certification process.
    • The certification process can cost from ten thousand up to hundreds of thousand of dollars.
    • Some say that the indirect costs (strain on staff (工作人员紧张), cost of changing process for example) can be even higher than the direct costs.
    • Certification is usually valid for three years.

25. In the ADKAR Change Model the letters stand for: Awareness (认知), Desire (渴望), Knowledge (知识), Ability (能力), Reinforcement (巩固).

26. The main purpose of the project schedule development is to provide: a basis for monitoring project progress over the duration of the project.

27. Ensuring that staff have good working conditions, and employing multiple employees who have skills that mean they can cover for each other, are both ways of dealing with the risk of staff leaving a project. They are both examples of what kind of response to risk: Mitigating risk (减轻风险).

28. The best description of a "work breakdown structure": a deliverable-oriented grouping of project elements that organizes and defines the total scope of the project.

29. Possible approaches to sourcing IT Human Resources:

    • Direct recruitment
    • Contract staff
    • Outsource
    • Hire a recruitment company

30. If a member of a team appears to be a "free loader" that is, someone who contributes little or no effort, but is happy to accept the team mark, the best way to deal with them is: to find out what they are good at, and exploit (开发) their talents.

31. In the ADKAR building block model for change, the step that is most critical in getting an individual to make a personal choice to commit to the change is: Desire.

32. If employees are being asked to do so much that there is just too much going on for them to process and deal with, this can be reffered to as: change saturation / change fatigue (改变饱和 / 改变疲劳).

33. Quality Assurance is about catching defects before they get into the final product.

34. In the Deloitte and CIO survey on IT talent recruitment which of the following appeared in the Top3 attraction and retention strategies (吸引和保留策略):

    • Offer job and career flexibility
    • Provide access to coaching and mentoring

35. Chanllenges when recruiting IT staff:

- Techinical skills can go out of date
- Candidates need to understand how business works
- Person recruiting is not technically aware
- Skill shortage

36. Which is an characteristic of the "Norming Stage (规范化阶段)" in Tuckman's model: individuals appreciate each other skills and support each other.

37. The most important function of the Australian Computer Society: Assessment of IT degrees.

38. Which best explains the meaning of "information system audit" as defined by Ron Weber from QUT: "The process of collecting and evaluating evidence to determine whether a computer system (information system) safeguards assets, maintains data integrity, achieves organisational goals and effectively and consumes (消费) resources efficiently."

39. What was one of the top 3 retention strategies used by those surveyed in the Deloitte and CIO survey: Provide access to coaching and mentoring.

40. Adavantages of having quality processes in place in the manufactoring industry:

    • It satisfies customers who demand quality
    • It ensures that products and services provided meet customer requirements
    • It ensures consistency in the day to day operations
    • It ensures that processes are repeatable and predictable

41. If you observed the following behaviour among members of a team:
    • they realise the task is more difficult than they had imagined
    • they are resistant (反抗的) to the task
    • they have sharp fluctuations (变动) in attitude about the project's chance of success
    • there is minimal collaboration,

    then you would conclude that the team had reached which of the following stages of development: Storming.

42. Which of the following technological changes occurred during the life of the NZ Police Integrated National Crime Investigation System (INCIS) project: A change in operating system from OS/2 to Windows NT.

43. What is the name of the most valued I.T company in the world by market capitilization (资本总额): Apple.

44. Which of the following lists correctly the three key areas of concern that Sanya suggests an Information System Audit should cover: Availability (可用性), Confidentiality (机密性) and Integrity (完整性).

45. The following suggest steps need to be undertaken in carrying out an information system audit. In which order should they be carried out:

    ​ 1. Conduct an inventory (详细目录) of the information systems and categorise them.

    ​ 2. Identify which systems impact critical functions or assets.

    ​ 3. Assess (评估) risks that affect the system assign (分配) a severity rating (严重性评级) to them.

    ​ 4. Rank Systems and decide audit priority, resources and schedule.

46. What does a team leader do:

    • Define goals and set firm dates
    • Organise resources to maximize performance
    • Guide individuals towards those goals
    • Resolve conflict

47. The audit process should include:

    • preperation
    • formal kick off (正式的开始)
    • formal findings
    • follow up on corrective actions (跟踪纠正措施)

48. When preparing a PowerPoint presentation for a conference or seminar (讨论会) which of the following is TRUE: One should use a sans (无) serif (衬线) font of 24 points or more.

49. TRUE statements in relation to a professional acting as an expert witness:

    • Reveal any potential conflict or interest
    • Ensure that reports and opinions include all relevant matirial
    • Listen carefully to each question
    • Prepare reports in an obejective (客观的) and accurate manner

50. The audit plan consists of:

    • A list of personnel (人员) to be interviewed
    • A statement of control obejectives (目标)

51. In relation to performance testing, the function of the "capacity model" is:

    • To simulate the maximum expected load in terms of number of users
    • To simulate the maximum expected load in terms of resulting system load

52. The acronym (首字母缩略词) OLAP stands for: On-Line Analytic Processing.

53. Which of the following best represents the sort of items queried by an "Enterprise search engine"?

    • Keyword search over text and structured data in documents
    • Aggregating queries over large numbers of records containing customer addresses and the like
    • Keyword search over text and structured data in email messages

54. The key ROI (Return On Investment) factors when managing the people side of change: Speed of Adoption.

55. A valuable lesson for Intel to have learned:

    • Trying to bluff (愚弄/吓唬) the public can be very expensive
    • Make press (新闻) releases through the proper channels
    • Information spreads quickly on the Internet even if it is not accurate
    • It is a good idea to reply promptly (讯速地) to emails from knowledgeable academics (知识渊博的学者)

56. Four most common reasons given for companies not reporting a security breach (破坏):

    • They did not think perpetrators (犯罪者) would be caught
    • It was not considered serious enough
    • They did not think the authorities (当局) were competent (有能力的)
    • The company wanted to avoid negative publicity (宣传)

57. Text analytic engines are described as being especially useful for: extracting data from customer responses to a survey.

58. TRUE statements regarding IP (intellectual property):

    • It may give you the "edge" which will make your company successful
    • It may be stolen and used without permission
    • It can be worth money and may be sold on to other parties to utilise
    • It represents the property of your mind or intellect

59. Lewin's "unfreeze" step involves:

    • preparing ourselves for change
    • creating a situation in which we want to change
    • preparing others for change
    • getting ready to change

60. A major problem with assessing "usability" is that: Users need to be expert before they can be used for usability assessment.

61. Establishing a detailed disaster recovery plan is an example of: Risk mitigation (风险消减).

62. Which best describes the act of "phishing" as it is used in relation to attacks on computer security: The act of sending an e-mail falsely claiming (声称) to be from an established legitimate (合法的) enterprise.

63. A suitable definition of CMMI (Capability Maturity Model Integration) is that:

    • It is an approach which approaches risk management as an organized and technical discipline (学科)
    • A certification tool that certifies business whose processes conform (符合) to the laid down standards (制定的标准)

64. The best approach to reducing risk in the workplace: build in physical design controls as part of the initial design.

65. Which best expresses the prime (主要的) cause of TJX's mishap (事故): Unsecured data transmission during customer registration.

66. Which issues could be considered as one of professional ehics:

    • Intel may have considered placing a warning on computers saying that "in some cases this computer may produce errors"
    • Engineers working for Intel knew that the chip was faulty, but that it was still being supplied to consumers
    • The IEEE code of practice would speak against selling goods that were known to be faulty
    • Intel decided not to reveal information about the defects to costomers

67. The so called "Triple constraint" in project management concerns the three dimensions of: Time, Scope and Cost.

68. Which may be properly described as a "defect" in a computer program:

    • A badly designed part of the user interface that causes the user to make mistakes
    • A missing constraint which should apply to some user defined process
    • An alogirithm for calculating a key performance indicator (KPI) which does not agree with the user's requirements

69. TRUE statements about patent:

    • A normal patent one granted (授予的) is valid for 20 years
    • It is possible to register a design without regard to function
    • An innovation patent is valid for only 8 years
    • Any kind of trade mark (商标) or sign (符号) can be registered
    • Designs and patents are different

70. Best description of a "test case": A set of inputs together with corresponding outputs used to test a specific function.

71. The statement "Program testing can be used to show the presence (存在) of bugs, but never to show their absence!" was made by Edsger Dijkstra.

72. Which properly illustrates "verification": Reading the system requirements spec. and comparing with the component functionality.

73. Which example best distinguishs the capabilities of "Data mining engines": building predictive models to help answer questions about likely customer responses.

74. Important factors in ensuring business continuity (业务连续性):

    • Establishing routine backup procedures
    • Practising recovery procedures regularly
    • Ensuring that all relevant data will be restored
    • Including people in the recovery process

75. What is meant by "quality aussurance": A process-centered approach to ensuring that a company or organization is providing the best possible products or services.

76. If, as a professional, you give a boring or badly delivered oral presentation which of the following is the most serious outcome: Your message is not communicated.

77. More recently computer audit has more to do with:

    • Unauthorized access
    • Lack of integrity of computer systems

78. Holger Hjortsvang was a systems engineer in the BART Maintenance Section. Which of the following best expresses Hjortsvang's concerns: There was inadequate supervision of development practice.

79. In the area of cyber-security the auditors found that, although controls blocked most attempts to scan the system or gain access, the auditors could gain access through 'social engineering'.

80. The objective of commissioning (委托) a computer systems audit will be:

    • Verifying that confidential (保密的) data is not exposed to unauthorized individuals
    • Confirming that the systems are appropriately accounted for as assets
    • Assessing the operational integrity of an automated process
    • Validating the correctness of the systems' calculations

81. The problems of integrating, cleansing and standardizing data in preparation for BI tasks can be challenging because: the data comes from different sources which contain data of varying quality.

82. In the Tesco system test plan the usage model made use of:

    • Statistical extrapolation (推断)
    • Historical data from previous years
    • Allowances (津贴) for Christmas and other contingencies (意外事件)
    • Input from management's corporate plan

83. The fundamental difference between CMMI and ISO is that: CMMI is a process model and ISO is an audit standard.

84. Which of the following best describes the Pentium chip fiasco: An incident (事件) displaying bad judgment in public relations.

85. Business Intelligence Technology is described by Chaudhuri, Dayal and Narasayya as: A collection of decision support technologies for the enterprise aimed at enabling knowledge workers to make better and faster decisions.

86. A computer system audit is considered 'open' until: The remedial (矫正的) activity is complete.

87. Which of the following is the most important goal of stress testing: To examine the behaviour of the system when it is stressed beyond the resources available.

88. Which factor is the most difficult to overcome in collecting good historical data: Lack of programmer cooperation.

89. When considering the capture and storage of personal data, which of the following is an important ethical issue:

    • Property - who owns it?
    • Accessbility - who is entitled (有资格的) access it?
    • Accuracy - is it correct and current?
    • Privacy - should it be captured?

90. Which of the following BEST sums up the attitude of professional bodies to ‘whistle blowing’?

    • Try normal channels initially
    • If you "blow the whistle" you are on your own!

91. Spyware (间谍软件) is best described as software which: aids (帮助) in gathering information about a person or organisation without their knowledge.

92. If a risk-based approach is taken to an IS audit, any one paticular system may be excluded from the audit because it is considered a relatively low risk.

93. The major elements of an information system audit:

    • Data integrity review
    • Network security review
    • Physical and environment review

94. The actual performance of the individual, what they need in the way of support and any materials or facilitating procedures would be dealt with in which step of the ADKAR model: Ability.

95. A claimed benefit of a ‘continuous testing regimen (连续测试方案)’ is that:

    • Testing is incoporated (包含) into the development process at an early stage
    • Discrepancies (差异) and omissions (疏忽) are identified earlier
    • The chances of users being satisfied are improved
    • The amount of chaos at the end of a project is reduced

96. The best explanation of the term 'crashing', when applied to a project schedule is: adding resources until a particular target finish date is achieved.

97. The term "empirical model (经验模型)" means that: the model has been determined from observed (观测的) data without any theoretical basis (理论依据).

98. The collapse (失败) of the ‘Nectar’ loyalty system was in most part caused by: Underestimation (低估) of the expected number of users.

99. TRUE statements relating to malware attacks on computers:

    • Attacks due to malware are becoming less frequent (Code-Red I was an example of a worm).
    • Melissa was a virus that caused an estimated $80 million in damage.
    • It is possible to defend against attack by worm.
    • A trojan (木马) appears to be a harmless program, but has other harmful functionality.
    • Rootkit (隐匿程式) attack is difficult to detect and remove.

100. Which of the following was/were listed as areas suitable for the application of Business Intelligence tools:

     • In manufacturing for order shipment and customer support
     • In health care for outcomes analysis
     • In financial services for claims analysis and fraud detection
     • In utilities for power usuage analysis

101. The back-end technologies for preparing data for BI can be referred to collectively (共同地) as: Extract-Transform-Load (ETL) tools.