If you were to download a software package, which had been developed and placed on the internet for general usage, the one thing you could not control is:
Responsibility for resolving a noncompliance may be enforced automatically through____________.
To validate that the COTS software will meet the functional and structural needs of the user, both ________________ and _______________ Testing is performed.
Evaluating and quantifying the risks, controls, and vulnerabilities is called _________ .
____________ provides teams an opportunity to reach high-quality decisions with total team commitment.
Which of the following is not one of the four major purposes of recording defects?
Which of the following factors should NOT be considered when defining a Control Method?
If an organization was to categorize risks as critical, major, or minor what aspect of Risk Management would that be called?
Measurement has a high cost; too much investment is required and the return is too low.
In control charts, accepted practice uses a width of _________________________around the population mean (?) to establish the control limits.
Which technique is used to develop a common vision of what a process should look like and depicts processes, their relationships, and their owners?
The objective of integrating business and quality planning in a single planning cycle is to ensure that:
Organizations use many ways to determine the size of a program. Which of the following methods for measuring the size of a program can be used before the coding process is complete?
Identifying, analyzing, and prioritizing risks require knowledge of the business functions and user involvement. The Project Management Institute's Project Management Body of Knowledge (PMBOK) defines four risk management processes. List and describe the four processes.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Define measure and metric. Give two examples of a measure and two examples of a metric.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
CobiT enables an enterprise to implement effective governance over IT. Briefly describe the CobiT Model.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Before beginning a measurement program, there are four prerequisite steps that are necessary to help position the measurement program for success within the organization. Describe each of these prerequisite steps and explain why these steps are important?
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Explain why risk prioritization is important and give two methods used to prioritize risk.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
The user of the software product is not the only customer of a software project. List three other customer categories or groups, and explain how their perspectives should be represented in the various phases of the project life cycle process.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Management commitment is the single most important requirement for successful implementation of quality management.
_________ includes periodically assessing project status, reassessing the documented risks, examining executed strategies that succeeded or failed, and considering new risks.
Who is responsible to ensure that the organization has sufficiently trained personnel to protect its IT resources?
One of the critical success factors in acquiring COTS software is that the vendor will continue to provide additional features in the future. This critical success factor is commonly referred to as:
Project objectives and goals expressed in quantitative terms is part of which planning activity?
The factors that need to be addressed during contract negotiations for software developed by an outside organization include the following, except for:
Which of the following is an important component of a complaint resolution process?
If you had seven programs and the size in function points were 80, 20, 20, 60, 40, 50, and 150. What is the median size of those seven programs in function points?
Which of the following models uses this four part cyclE. (part one - plan and organize; part two - acquire and implement; part three - deliver and support; part four - monitor)?
If your customer complains that you made an error, you need to do the following:
Determining that the COTS software selected is compatible with the acquiring organization's computer environment addresses:
Which of the following question(s) is associated with the post-implementation review?
Which of the following would be associated with contracted software developed by a contractor in another country?
Causes of variation that are typically "external" to the process are referred to as:
When developing testing tactics for a project, which of the following should be considered?
The plan of organization in methods and procedures adopted by management to ensure that resource use is consistent with laws, regulations, and policies; that resources are safeguarded against waste, loss, and misuse; and that reliable data are obtained, maintained, and fairly disclosed in reports. The previous statement is the definition of:
At low levels of process maturity, people believe they are subjectively evaluated and focus their attention on:
A quality tool used to determine and understand the forces that drive and restrain a change.
Measurement provides ____________ feedback to an organization about whether it is achieving its goals.
Determining which risks are likely to affect the project and documenting the characteristics of each is called ________ .
If you acquired COTS software and were attending a demonstration of that software, what aspects of that software would you want to observe during the demonstration?
The development of the approach for process deployment is much harder than the actual deployment of the process.
Which of the following planning activities is associated with the quality planning question "where do we want to go"?
If you want to ensure that individuals can effectively perform work processes, which activity would you implement to achieve that goal?
In which phase of the Quality Function's maturation does the organization's objectives move from Quality Control to Quality Assurance?
Which of the following Dynamic Testing techniques produces the highest defect yield?
From a control perspective, detective controls are only effective when what other types of controls are implemented?
You have observed a high failure rate in production due to defects in the computer programs. If you follow good quality practices, the approach you would take to reduce the incidence of failure is to:
Which has frequently been referred to as the most difficult task in getting people to use the process?
Correlation between process maturity and an organization's willingness to embrace change can be described as:
QA is a management function with emphasis on the process producing the product.
It is important in developing a contract that the contract provisions are fair to both parties. The reason for this is:
The person who accepts personal responsibility for the success of quality management without being assigned the responsibility is called____________ .
Critical success factors for purchased software should be defined from the perspective of :
What is independent monitoring and who can perform it?
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
There are three types of enforcement actions; automated enforcement, self-enforcement, and supervisory enforcement. Which of these is the best enforcement action and why? Give an example that illustrates why it is the best.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
What are the three components of Cost of Quality (COQ)? For each of the COQ components, list two relevant activities within the software life cycle?
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
There are two definitions of quality. Define and describe those two definitions of quality. Then list four approaches that you believe, if implemented, would help reconcile those two definitions so that they, in fact, became the same definition of quality.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
The project team in the XYZ Company's IT Department has been provided with a system development methodology. The methodology details the standards and procedures that are to be followed in building an application system. A project team assigned to build an application system followed those procedures exactly and met the standards. However, when the project was completed it was late, over-budget, and the users of that application were dissatisfied.
Provide four reasons that could have caused this project to fail.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
You have been appointed the Information Security Manager of the organization. List and give details the three steps for adequate 'security awareness program'.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Many organizations have chosen to outsource all or part of their IT services. Assume you are an IT quality assurance manager and you have been asked by senior management in your organization about outsourcing. They want to know the answer to these two questions:
1. What are the major advantages to outsourcing software development?
2. What are the major disadvantages to outsourcing software development?
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
You have been asked to develop a measurement for quantifying software size. Describe what you will use and why you have chosen that measurement.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
One of the objectives of Quality Assurance is to reduce the variability in process execution. There are two causes of variation in a process, common cause and special cause. First, define those two terms, special cause and common cause of process variation, and second, for a software acceptance test process, give examples of two common causes of variation and two special causes of variation that might occur in a software acceptance testing project.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
One of the main objective of the quality assurance function is to reduce the variability in process execution. There are two causes of variation in a process, common cause and special cause. Describe three ways for reducing common causes of variation.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Good quality management principles state that any organization committed to quality should have a IT Quality Plan in place. What are five key points that the IT Quality Plan should include?
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Explain the difference between verification and validation. List two verification techniques and two validation techniques.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
You plan to meet with a project’s business analyst and test team lead to explain why they need to implement static testing techniques early in the product life cycle. Describe below how you plan to describe the benefits of static tests and list at least two types of static tests they should implement.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Briefly describe the three categories of Quality Tools and give two examples of tools in each of these categories.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Describe the difference between an "objective" measure and a "subjective" measure. Give two examples of an objective measure and two examples of a subjective measure.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
What strategy should a Quality Manager recommend to senior management, if the organization wants to move from maturity level 2 to a higher level? Why?
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
In addition to meeting business functions requirements, critical success factors must be present in COTS software for it to be successful. List and describe five critical success factors that should be included when evaluating COTS software.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Your manager has been reading about the “Toyota production system,” also known as “Just-In-Time” (JIT) production. She has asked you to suggest ways that you might employ JIT principles in the IT area. Briefly describe what you would suggest.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
In planning for risk response, what are the three categories which can be used for effective planning?
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
When acquiring COTS software, it is important to see a demonstration of the software. There are several aspects of the COTS software that should be observed during the demonstration. Describe three aspects of the software you would specifically want to observe and explain why.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
The Quality Management Infrastructure is made up of three levels: the Quality Council, Management Committees, and Teams/Work Groups. Describe who typically makes up each of these three levels in the QM Infrastructure (e.g., top executives) and describe the purpose of each level.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Your senior management wants to initiate a major process change in the organization and has asked you how to get people to follow the changed approach to the process. What tactics would you recommend for deploying the changed approach?
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Describe the five characteristics of a Risk.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Describe three behaviors of a traditional management philosophy and describe how the quality management philosophy's behavior would be different.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
The benefits from a measurement program are not obtained until the measures/metrics are used. Describe four major uses of measurement data.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Your manager has ask you to help develop a well defined continuous improvement process that can be used by the various teams in the IT department. Use the PDCA concept to provide a detailed outline of your continuous improvement process.
Type your answer in the box provided. Use options on the box toolbar to edit your response as needed before moving to the next question.
Cooperation is required to improve quality and to implement quality management.
The check sheet is used to record data gathered over a period of time to determine frequency of an event.
In a software system a control implemented to protect the security of the system is:
When building a quality environment, one of top management's major responsibilities must be:
In a Waterfall Development Model, most risk management activity occurs close to milestones.
Which of the following quality control activities is most effective in uncovering defects?
The concept of "just in time", as pioneered by Toyota, is only applicable to inventory control.
What type of testing evaluates the completeness of the documentation associated with a software application?
Which of the following is not a process within Level 4 for maturing Quality Assurance Processes?
-- Exhibit –
-- Exhibit --
In the Cost of Quality diagram shown, the COQ cost labeled "A" represents:
The primary responsibility of a quality program, from a consumer's standpoint, is that the product should be:
There is a strong correlation between process maturity and defect rates. As the process maturity level increases, the defect rate decreases.
One of the most effective arguments for establishing an independent test group within an IT organization is:
The following types of controls, which are designed to alert individuals to a process problem such as control totals assuring data transmissions are complete, are called:
During the management cycle, which activity MUST be integrated with other activities because it is a continuous activity?
-- Exhibit –
-- Exhibit --
In the diagram, the sections of the diagram labeled "A" and "B" represent larger portions of "DO" and "CHECK". Note that the top of the diagram represents a more creative process and lower portion a more defined process.
Your manager describes his / her desires and intents concerning a process to you. The manager is describing the:
Continuing process improvement techniques should be applied to which of the following IT work processes?
Process ___________ allows priorities to be set for defining or improving processes.
Which of the following would be considered the lack of involvement by management to promote quality concepts?
According to quality experts, the most effective way to implement quality practices is:
After establishing the team for conducting security baseline, the first step should be to:
In the PDCA cycle, if a check detects an abnormality, then record the abnormality and continue the work per the procedure.
Tracking the status of each requirement throughout the development and test phases is called:
Which level(s) of the organization should be involved in both establishing and using processes in their daily work?
In transaction processing, the accuracy and completeness of database storage, data security and privacy, error handling, backup, recovery, and retention is governed by:
A process is a vehicle of communication, specifying the methods used to produce:
Which of the following activities occur when the software developed by an outside organization is ready for delivery?
The step which evaluates whether people possess the skills necessary to effectively use the COTS software in their day-to-day work is referred as:
Process improvement activities should also be conducted as per a defined process.
While unit testing should be done, it is not necessary to spend the time and effort to develop and document the unit test plan and cases because it is conducted by the developers themselves.
Laws and regulations affecting the products produced and operated are generally addressed in which planning activity:
COTS software is normally developed prior to an organization selecting that software for its use.
A subjective enforcement decision is when someone analyzes the situation and then makes a decision on whether or not to enforce the policy.
It is very easy to distinguish between accidental loss and intentional loss, with respect to security activities.
The level of quality can vary significantly from project to project. These levels of quality, which can be quantified and measured, are called:
In a cost-of-quality analysis, the costs required to avoid errors to do the job right the first time are called:
Which one of the following is NOT a responsibility of management committees (or process management committees)?
Which answer below is NOT one of the seven steps for implementing an IT quality function?
Internal control is not a serial process, where one component affects only the next. It is a multidirectional interactive process in which almost any component can and will influence another.
The effort required for testing a program to insure it performs its intended function is called:
What technique can be used to provide structure to the ideas from a brainstorming session?
Within an ISO process assessment, a capability level is said to be established 'only' and 'only if' all the process attributes are 'fully achieved'.
As the type of product changes on the process maturity continuum, the work processes also change.
A contract that will assure the contracting organization of effective ongoing operation maintenance of the contracted software should include which of the following contractual provisions?
Which of the following should be the selection criteria for COTS software regarding the integration of the software into an organization's business system work flow?
A major corporation issued this statement: "We see ourselves now and in the future as a company with a strong customer franchise, known for reliability, trust and integrity in all relationships. Our business will be based on technologies that have evolved over a long history and which will give us unique advantages over our competition. These technologies will span our core businesses and will also go beyond boundaries we can see today." What type of statement is this?
While contracting for outsourced software development, ___________ refers to the rights of the customer to run the application system in more than one location.
Which of the following is not included in 'Failure Cost' under 'Cost of Quality'?
The greater the involvement of the entire IT staff in quality, the larger the size of the quality staff that is needed.
At what process maturity level in the SEI process maturity model would you expect that the most effort would be devoted to quality control?