Question 91: What should teams do before Agile sprint planning and execution?
A. Find a large enough collaboration space
B. Compile a list of necessary QA and dev tools
C. Gather software requirements
D. Host a company-wide air hockey tournament
Correct Answer: C. Gather software requirements
Explanation: An organization must establish what functionalities and features its end users want from the software development project. Without knowledge of the requirements that Agile teams must meet, it’s difficult — if not impossible — to plan out their work. Don’t put the cart before the horse.
Question 92: What topic falls outside the scope of a well-run daily stand-up meeting?
A. Recently completed tasks
B. Current obstacles
C. Planning out an iteration or sprint
D. What everyone will work on today
Correct Answer: C. Planning out an iteration or sprint
Explanation: A daily stand-up meeting typically takes no longer than 15 minutes, much too short to plan out an Agile sprint or iteration. Take more time to plan out sprints and gather software requirements — and do that work before the actual iteration or sprint. Limit the scope of daily stand-up meetings to imminent or recent items, such as recently completed tasks, current obstacles and ongoing work.
Question 93: What must the team discuss in a sprint planning meeting?
A. When and how they will deliver backlog items
B. Whether this or an alternative project would deliver more business value
C. Who will be the Scrum master
D. Who on the development team will be on-call during weekends
Correct Answer: A. When and how they will deliver backlog items
Explanation: Before any sprint, an Agile team determines what work will get done and how. At the end of sprint planning, teams should have a clear understanding of the scope of the next iteration and the yardsticks that will gauge work in progress. The Scrum master, who facilitates teamwork and communication throughout the project, requires training and certification. This role shouldn’t be left up to chance, or a group decision during sprint planning.
Question 94: Which of the following options is not part of an Agile software development framework or model?
B. Extreme Programming
C. Feature-driven development
Correct Answer: D. Spiral
Explanation: While Spiral is an incremental software development model, it is not considered Agile. Spiral involves planning out a whole project in larger chunks that can take several months to complete — far longer than a typical weeks- or month-long Agile iteration. Spiral more closely resembles Waterfall software development methodologies than Agile. Kanban, defined by its use of visuals on a Kanban board, is an Agile framework and a methodology used for manufacturing and other business. Extreme Programming is another Agile model that heavily stresses communication and simplicity. Lastly, feature-driven development is an Agile process that prioritizes feature delivery to customers.
Question 95: What primarily distinguishes Scrum from its superset Agile?
A. An iterative and incremental development approach
B. A flexibility to constantly changing software requirements
C. Post-release review meetings
D. A set of predetermined roles
Correct Answer: D. A set of predetermined roles
Explanation: A Scrum team calls for three fixed roles: the Scrum master, the product owner and the development team. A post-release review meeting, the need to respond to changing software requirements and an iterative approach are not unique to Scrum. While Scrum outlines roles and responsibilities, it’s not a methodology like Agile; it’s a framework. Accordingly, Scrum can help teams be Agile and observe its principles, and still be its own concept.
Question 96: Which set of priorities below is the opposite of the ideals put forth in the Agile Manifesto?
A. Processes and tools over individuals and interactions
B. Working software over comprehensive documentation
C. Customer collaboration over contract negotiation
D. Responding to change over following a plan
Correct Answer: A. Processes and tools over individuals and interactions
Explanation: The Agile Manifesto prioritizes individuals and interactions over processes and tools. Agile teams should let people, not processes and tools, steer development projects. The manifesto includes these four core statements about empowered individuals, working software, customer collaboration and change, as well as 12 principles related to how Agile teams work together and with their customers.
Question 97: Which of these Agile terms is paired with its correct definition?
A. User personas: a summary of a feature from the user’s perspective
B. Use cases: a characterization of your intended end user
C. User stories: documentation of user paths through an app
D. Acceptance criteria: what needs to be done for a user story to be achieved
Correct Answer: D. Acceptance criteria: what needs to be done for a user story to be achieved
Explanation: Acceptance criteria is the only correct definition. User personas are a characterization of your project’s intended end user. Use cases document user paths through an app. User stories summarize a feature from the user’s perspective.
Question 98: Which metric is relevant to Agile software development?
B. Lead time
C. Cycle time
D. All of the above
Correct Answer: D. All of the above
Explanation: All these measurements could prove useful to Agile teams as key performance indicators. Throughput measures the amount of work a system can handle within a certain amount of time. Cycle time specifies the time that elapses between when work begins on an item and when that task is complete. Lead time is a metric from the end user’s perspective that gauges the amount of time between when a user requests something and when it is received.
Question 99: What should be the primary objective of a risk management strategy?
A. Determine the organization’s risk appetite.
B. Identify credible risks and transfer them to an external party.
C. Identify credible risks and reduce them to an acceptable level.
D. Eliminate credible risks.
Correct Answer: C. Identify credible risks and reduce them to an acceptable level.
Explanation: The primary objective of a risk management strategy is the identification of risks, followed by the reduction of those risks to levels acceptable to executive management.
“Determine the organization’s risk appetite” is incorrect because the determination of risk appetite, while important — and essential to the proper functioning of a risk management program — is not the main purpose of a risk management strategy. “Identify credible risks and transfer them to an external party” is incorrect because transferring risks to external parties is but one of several possible outcomes for risks that are identified. “Eliminate credible risks” is incorrect because risks cannot be eliminated, only reduced to acceptable levels.
Question 100: Marie, a CISO at a manufacturing company, is building a new cyber-risk governance process. For this process to be successful, what is the best first step for Marie to take?
A. Develop a RACI matrix that defines executive roles and responsibilities.
B. Charter a security steering committee consisting of IT and cybersecurity leaders.
C. Develop a risk management process similar to what is found in ISO/IEC 27001.
D. Charter a security steering committee consisting of IT, security, and business leaders.
Correct Answer: D. Charter a security steering committee consisting of IT, security, and business leaders.
Explanation: The best course of action is the formation of a chartered information security steering committee that consists of IT and security leaders, as well as business leaders. For security governance to succeed, business leaders need to be involved and participate in discussions and decisions.
“Develop a RACI matrix that defines executive roles and responsibilities” is incorrect because a RACI matrix, while important, is but a small part of a chartered information security steering committee. “Charter a security steering committee consisting of IT and cybersecurity leaders” is incorrect because a security steering committee must include business leaders. “Develop a risk management process similar to what is found in ISO/IEC 27001” is incorrect because this question is about security governance, which is more than just a risk management process.