企业最终决定直接采购商业化的软件包，而不是开发。那么，传统的软件开发生产周期（SDLC）中设计和开发阶段，就被置换为：
A、挑选和配置阶段
B、可行性研究和需求定义阶段
C、实施和测试阶段
D、（无，不需要置换）
答案：A
With respect to business continuity strategies, an IS auditor interviews key stakeholders in an organization to determine whether they understand their
roles and responsibilities. The IS auditor is attempting to evaluate the:
A. clarity and simplicity of the business continuity plans.
B. adequacy of the business continuity plans.
C. effectiveness of the business continuity plans.
D. ability of IS and end-user personnel to respond effectively in emergencies.
NSWER: A
NOTE: The IS auditor should interview key stakeholders to evaluate how well they understand their roles and responsibilities. When all stakeholders have
a detailed understanding of their roles and responsibilities in the event of a disaster, an IS auditor can deem the business continuity plan to be clear
and simple. To evaluate adequacy, the IS auditor should review the plans and compare them to appropriate standards. To evaluate effectiveness, the IS
auditor should review the results from previous tests. This is the best determination for the evaluation of effectiveness. An understanding of roles and
responsibilities by key stakeholders will assist in ensuring the business continuity plan is effective. To evaluate the response, the IS auditor should
review results of continuity tests. This will provide the IS auditor with assurance that target and recovery times are met. Emergency procedures and
employee training need to be reviewed to determine whether the organization had implemented plans to allow for the effective response.