Sample Question Paper

Test -1 Your results:

1. WAN helps in.

Correct Answer is : connecting different branches of an organisation within the city or in different cities

2.While acquiring software which of the following criteria should be applied?.

Correct Answer is : All the above

3.A PIN if stored for reference purposes, must be stored in:.

Your Response: ciphertext form that is a function of the account number Your Answer is Correct.

4.A verification process by adding one or more redundant digits added at the end of a word or number which was derived in relation to the other digits in the word or number is called -.

Correct Answer is : Check digit verification

5.While preparing a cost benefit analysis of a security objective for an electronic data interchange (EDI transaction, which one of the following costs should be part of a detection method?.

Correct Answer is : Cost of recovery action

6.Which of the following statements regarding computer viruses is correct?.

Your Response: Computer security techniques can reduce the threat of computer viruses.

Your Answer is Correct.

7.Which of these Internet protocols are used by Unified Messaging framework:.

Your Response: All of the above Your Answer is Correct.

8.Which one of the following controls would protect the production libraries without compromising the efficiency of open access?.

Your Response: Restrict updating to one position but permit read acccess to source code for everyone in IS


9.Which one of the following is not an operating control:.

Correct Answer is : Batch controls

10.An IS auditor carrying out review of logical access control, shall have the PRIMARY OBJECTIVE of.

Correct Answer is : ensuring that access is given in accordance with the organisations authorities

11.Because of the sensitivity of its data, a database system for business forecasting was implemented with access control at different levels. Users’ initial log-in would be controlled by.

Your Response: Operating System Your Answer is Correct.

12.During which of the following stages is user resistance encountered in Computer Aided Software Engineering (CASE) Life Cycle ?.

Correct Answer is : Case system Introduction

13.Identify the cost that does NOT form part of software package installation or implementation cost? .

Correct Answer is : Cost of hardware

14.In a stand-alone small business computer environment which control procedure for security will be the most effective?.

Correct Answer is : Closely supervising the usage of computers

15.Lock-and-key mechanism is MOST likely to be used in which of the following types of real memory access control system?.

Your Response: Multiple user, non-contiguous storage allocation system Your Answer is Correct.

16.Satellite communications cannot be used in which of the following cases?.

Correct Answer is : Unencrypted Confidential data is to be sent

17.Social Engineering is:.

Correct Answer is : Referred to as people hacking

18.The advantage of an ISO 9001 quality system implementation is:.

Correct Answer is : Software Life Cycle activities are improved.

19.The BEST set of attribute of Functionality in evaluating the quality of the software product during its lifecycle is:.

Correct Answer is : Availability of a set of functions and its relevant properties.

20.The most common concern regarding physical access to a data centre is: .

Correct Answer is : Piggybacking

21.The MOST likely characteristic of an informational systems OPERATIONAL plan is:.

Correct Answer is : documenting the major milestones to be achieved in the system development process

22.The use of programming aids, data and instructions that are prepared for one computer and can be used on another computer without conversion or program modifications are examples of :.

Your Response: Portability Your Answer is Correct.

23.To ensure proper separation of duties, the function NOT to be performed by the Scheduling and Operations personnel is :.

Correct Answer is : Code Correction

24.Which of the following areas would an IS auditor NOT do while conducting a review of an organisation’s IS Strategies..

Correct Answer is : Assessing the required Security procedures for the IS environment.

25.Which of the following factors would bring down the risks most in Joint Application Design (JAD meetings? .

Correct Answer is : The right people

26.Which of the following is not a component of audit risk?.

Correct Answer is : Restrictive risk

27.Which of the following is not an EDI risk?.

Correct Answer is : Data that is transmitted is always error free

28.Which of the following is NOT TRUE about a database management system application environment?.

Correct Answer is : Data are shared by passing files between programs or systems

29.Which of the following provides mobile user network access over an air interface in Wireless IP?.

Correct Answer is : Radio Access Network

30.Which of the following provide control over program maintenance?.

Your Response: A written authorisation for program change to be obtained from the user department.


Test – 2 Your results:

1.Which phase of SDLC uses Data Flow Diagram? .

Correct Answer is : Requirements

2.While carrying out IS Audit, you have discovered a Trojan Horse program in the computer system. Which of the following actions you will take FIRST?.

Correct Answer is : Immediately remove the code containing the portion of " TROJAN HORSE"

3.Which of these wireless technologies deploys Radio Frequency (RF) for a WLL (Wireless Local Loop)?.

Correct Answer is : Personal Communication system (PCS)

4.Which one of the following local area network devices functions as a data regenerator? .

Correct Answer is : Repeater

5.Which one of the following pairs, when performed simultaneously, would pose a major Risk?.

Correct Answer is : Systems analysis and design

6.An access control review conducted by an IS auditor, highlighted the following control weaknesses in the system. Which of the weakness will not result in an exposure?.

Correct Answer is : Audit trails are not enabled

7.An IS auditor reviewing an organisation’s Business Continuity Plan discovered that the software backups are not stored in an offsite location and the management is not aware of where backups are being kept. In this situation which of the following recomme.

Correct Answer is : IS security measures including controls over access to data should be strengthened.

8.As an IS auditor, which would you consider the MOST CRITICAL CONTROL over an employee performing a function. .

Correct Answer is : Periodic rotation of duties

9.Before disposing off the PC used for storing confidential data the most important precautionary measure to be taken is -.

Your Response: demagnetising the hard disk Your Answer is Correct.

10.Components of an ACL include_______.

Correct Answer is : Roles, rights and resources

11.Identify the item that is not a part of performance guarantees in software contract negotiations. .

Correct Answer is : Terms of payment

12.In object-oriented technology, hiding the complexity of characteristics is called:.

Correct Answer is : Abstraction

13.Network-based Intrusion Detection Systems cannot do which of the following:.

Your Response: Recognise new types of attacks Your Answer is Correct.

14.Of the following, which is NOT an advantage of distributed over centralized processing?.

Correct Answer is : It is easier to implement security controls than in a centralized environment

15.Output control is best described by which of the following ?.

Correct Answer is : the controls that provide reasonable assurance that all transactions are processed as authorised

16.Which among the following hacking techniques DOES NOT facilitate impersonation?.

Correct Answer is : Packet replay

17.The BEST set of attribute of Functionality in evaluating the quality of the software product during its lifecycle is:.

Correct Answer is : Availability of a set of functions and its relevant properties.

18.The extent to which a newly developed or acquired system meets the functionality required of it is determined in:.

Correct Answer is : User acceptance test (UAT)

19.The initial validation control for a credit card transaction capture application would MOST like be to:.

Correct Answer is : verify the format of the number entered and then locate it on the database

20.The IS security policy of a company usually incorporates all of the following features EXCEPT -.

Your Response: details of complete authentication steps and security procedures to allow access


21.The Job responsibilities and rights of an application programmer does NOT include.

Correct Answer is : Defining backup procedures.

22.The residual dump technique in backup has the disadvantage of.

Correct Answer is : complexity of recovery more than a physical dump

23.Which among the following is NOT true of start topologies?.

Correct Answer is : Ring topologies are more reliable than start topologies

24.Which feature makes an intranet similar to the Internet?.

Correct Answer is : TCP/IP

25.Which of the following is not a characteristic of a modem?.

Correct Answer is : Data Accuracy

26.Which of the following is an application level firewall?.

Correct Answer is : Proxy systems

27.Which of the following is FALSE with regard to a public key cryptosystem?.

Your Response: the decryption key is the same as the encryption key Your Answer is Correct.

28.Which of the following is NOT a prerequisite for software system project planning?.

Your Response: Programming area environment and infrastructure Your Answer is Correct.

29.Which of the following is true regarding software testing:.

Your Response: Tests are designed after each level of software specification has been written.


30.Which of the following may be the least important factor for implementing a password control system?.

Correct Answer is : Purchasing computers with boot level password facilities


1.A bank performs a backup of its online deposit files each day after all processing is over and retains it for 7 days. The bank does not retain a copies of each days transaction. This approach is:.

Correct Answer is : Risky, since restoring from the most recent backup file would omit

subsequent transactions

2.A computer can call into primary storage only that portion of a program and data needed immediately while storing the remaining portions in an auxiliary storage device. This feature is commonly known as:.

Correct Answer is : virtual storage

3.A computer programmer altered the program for Saving Bank accounts so that his account would be not be listed, when a list of accounts with over draft was prepared. Following controls would be effective in preventing or detecting this fraud EXCEPT?.

Correct Answer is : a User sign-off for program changes.

4.A feasibility study should be conducted when:.

Correct Answer is : the consequences of decentralising data processing functions must be assessed

5.A modem is NOT intended to.

Correct Answer is : encrypt the messages transmitted and decrypt them on reception

6.Computer viruses continue to pose a threat to the following characteristics of information systems except: .

Your Response: Confidentiality Your Answer is Correct.

7.While arguing the need for an IS auditor to be involved in a system development, which of the following is LEAST important?.

Correct Answer is : the number of lines to be written

8.Which of the following statements is true with regard to Computer Aided Software Engineering (CASE) workbench?.

Your Response: Workbench can be easily managed with the aid of the configuration management system


9.Which one of the following design approaches would address data sharing and system access problems in legacy application systems? .

Your Response: Develop a GUI application Your Answer is Correct.

10.An agreement between two computer systems on the ways in which the data to be transmitted between them shall be packed and interpreted is called.

Correct Answer is : Communication protocol

11.An Integrated Test Facility (ITF) is BEST described as:.

Correct Answer is : Technique enabling to enter test data into a live computer for processing verification.

12.During exposure analysis, which of the following is NOT done? .

Correct Answer is : Identifying the source of threats to assets

13.Echo Check belongs to hardware controls, which usually are those built into the equipment. Echo Check is best described as:.

Correct Answer is : a component that signals the control unit that an operation has been performed

14.Embedded Systems make use of software called-.

Correct Answer is : Firmware

15.For electronic-Commerce deals through web-based transactions involving acceptance of payment through credit cards, installation of firewall with strict parameters is required, having impact on the transaction itself. State the parameter having the LEAST i.

Correct Answer is : Architecture of the firewall hiding the internal network

16.Generalised Audit Software (GAS) are NOT used for:.

Correct Answer is : Performing intricate and complex calculations

17.In System Development Life Cycle (SDLC) the functional specification are translated into the logical and physical design during ___________ stage.

Correct Answer is : Detailed design specification

18.The auditor while reviewing the local area network (LAN) takes into consideration the purpose and processing environment. In the pre-audit phase the auditor.

Correct Answer is : Considers LAN utilities which are used by the company and take training on the same

19.The BEST and the most reliable form of evidence that an IS auditor would look for in audit of an IS environment is.

Correct Answer is : A confirmation letter received by the IS auditor directly from an outside source

20.The following measures will protect the computer systems from virus attack EXCEPT:.

Your Response: always boot from the diskettes Your Answer is Correct.




22.The presence of a Quality Assurance (QA function has an effect of the auditors’ function. Which of the following statements about the relationship between quality assurance and auditing is most likely to be not true?.

Correct Answer is : the inherent risk associated with an organisation decreases considerably when an organisation has an information systems QA function

23.The relationship with vendors is important from the view of maintenance of the systems and servicing. The auditor in his review of LAN ensures that software meets the demand of the company and.

Correct Answer is : The license agreement exists

24.Which image processing display technique is also known as point operations?.

Your Response: Contrast enhancement Your Answer is Correct.

25.Which of the following is a passive measure for securing the Linux Operating System?.

Correct Answer is : Logging

26.Which of the following BEST describes "reducing exposure to an acceptable level"?.

Correct Answer is : The cost of implementing and operating further controls exceed the reduction in expected losses that will occur

27.Which of the following electronic commerce systems handle non-monetary documents? .

Correct Answer is : Electronic data interchange (EDI)

28.Which of the following instruments is used to measure atmospheric humidity in Data Centres?.

Correct Answer is : Hygrometer

29.Which of the following is the most objective and relevant evidence in a computer system related fraud investigation? .

Correct Answer is : Computer logs

30.Which of the following offsite alternative for business recovery would require the least amount of funds?.

Correct Answer is : Reciprocal agreement


1.A company has policy to purchase microcomputer software only from recognized vendors and prohibit employees from installing non-authorized software on their microcomputers. To minimize the likelihood of computer viruses infecting any of its systems, the .

Your Response: Test all new software on a stand-alone microcomputer. Your Answer is Correct.

2.A fraud involving accessing data by using other’s password and altering the same for gain, was detected and investigated. The IS Auditor, during investigation will be in a position to provide information about all the following except –.

Your Response: preventive methods to avoid similar attempts/ Your Answer is Correct.

3.Active attack on communication network DOES NOT include.

Correct Answer is : Traffic analysis

4.You are planning to use monetary-unit sampling for testing the rupee value of a large inventory population. The advantages of using monetary-unit sampling include all of the following except .

Your Response: As errors increase, it results in a smaller sample size than that required when using classical sampling.


5.Which of this is not an internal access control mechanism?.

Correct Answer is : Host-based authentication

6.Which one of the following databases supports programming languages?.

Your Response: Object-oriented models Your Answer is Correct.

7.Which one of the following is TRUE about Pretty Good Privacy (PGP , an electronic mail security program?.

Correct Answer is : PGP is a product

8.Which one of the following statements concerning microcomputer systems NOT true?.

Correct Answer is : Integrated packages are examples of operating systems for microcomputers

9.All of the following should be in place prior to programming except: .

Correct Answer is : User manual

10.Auditing of development project works in the prototyping model presents the IS auditors difficult problems. Which of the following is the MOST difficult?.

Correct Answer is : Exhibiting flexibility to new approaches vis-à-vis traditional approaches

11.Companies use Enterprise Resource Planning (ERP) packages to:.

Correct Answer is : Integrate the work of various departments

12.Identify the element that is not connected with structured design..

Correct Answer is : Objects

13.In a microcomputer small business environment, the following will be the BES T security control procedure that can be employed effectively..

Your Response: regular and daily supervision and monitoring of computer usage


14.In auditing an on-line perpetual inventory system, an auditor selected certain transactions for

detailed testing. The audit technique which will provide a computer trail of all relevant processing steps applied to a specific transaction is described as: .

Your Response: Tagging and tracing Your Answer is Correct.

15.In network protection technique of e-commerce, which one of the following use Secure Socket Layer(SSL):.

Your Response: Data encryption Your Answer is Correct.

16.In order to achieve more perfection of an already working software system, what method will be adopted?.

Correct Answer is : Program changes due to fine tuning of existing systems

17.Information Systems auditors can take part in the system development life cycle as an independent member is not likely to jeopardize his/her audit quality. In which of the following stages will the participation will be the MOST effective?.

Correct Answer is : Requirements definition phase

18.Network-based Intrusion Detection Systems cannot do which of the following:.

Your Response: Recognise new types of attacks Your Answer is Correct.

19.On June 23, 2000, an accounting clerk prepared an invoice dated June 33, 2000 and sent it to data entry as part of a batch of invoices. The input control most likely to detect this error is: .

Your Response: Range check Your Answer is Correct.

20.Passwords belong to the following class of authentication information:.

Your Response: remembered information Your Answer is Correct.

21.The BEST transmission control that can be employed to protect data during data transfer is –.

Correct Answer is : Data encryption

22.The class of control used to minimise the impact of a threat is :.

Correct Answer is : Corrective

23.The snapshot technique involves:.

Your Response: Taking picture of transaction as it flows through a system


24.Uninterruptible power supply (UPS systems are an environmental control to address electric power failures. Which one of the following factors would be a least concern in selecting a UPS system? .

Correct Answer is : Size of the gas fuel supply

25.What is the cross-reference in the workbench used for? .

Correct Answer is : Producing a cross-reference listing, indicating where all the program names are declared and used

26.Where are larger cell structures commonly used?.

Correct Answer is : Rural areas

27.Which of the following a company need not prepare or decide upon after appointing an IS auditor?.

Your Response: Number of days the audit should be carried out Your Answer is Correct.

28.Which of the following CANNOT be used for measuring the progress of a software development project?.

Correct Answer is : Appraisal of the performance of the team members by the superiors

29.Which of the following does NOT need to be considered in determining statistical sample

sizes?.

Your Response: Standard deviation of the population Your Answer is Correct.

30.Which of the following is TRUE about perturbation controls, compared with restriction controls? .

Correct Answer is : Result in an information loss associated with the variance of the perturbed statistic around the true value


1.A feasibility study should be conducted when:.

Correct Answer is : the consequences of decentralising data processing functions must be assessed


Your Response: All the above Your Answer is Correct.

3.A successful project management practice involves training a project team to achieve desired goals. Under which process does this fall?.

Correct Answer is : Organising

4.Which of the following tests address the interaction and consistency issues of successfully tested Parts of a system?.

Correct Answer is : Integration testing

5.Arithmetically business risk is defined as business value x threat x vulnerability. Thus if there are no threats it means that the business risk.

Correct Answer is : Does not exist

6.During the problem definition phase, the terms of reference do not describe:.

Correct Answer is : problems of the stakeholders

7.Environmental controls include protection from water, temperature, dust and related matter. While auditing the environment controls in a LAN environment the auditor should confirm that.

Your Response: Fire protection equipment are adequate and appropriate Your Answer is Correct.

8.In a Mouse, there are three rollers that can rotate. How many rollers are actually responsible for the movement of the curser?.

Correct Answer is : Two

9.In a data processing environment, where the data is centrally stored at a database and data entry is carried out from remote terminals, it would be more effective to perform editing/validation of data at the:.

Your Response: Remote processing site prior to transmission to the central processing site.


10.In SDLC, in which phase would you perform Boundary value analysis? .

Correct Answer is : Implementation

11.In which phase of SDLC Desk Checking is practiced?.

Correct Answer is : Implementation

12.Program Evaluation Review Technique charts aid.

Correct Answer is : Identification of critical paths, interdependencies of the processes and slack

times on certain paths

13.The biggest benefit of prototyping is: .

Correct Answer is : Better communications between developers and users

14.The extent to which a newly developed or acquired system meets the functionality required of it is determined in:.

Correct Answer is : User acceptance test (UAT)

15.The media that is rarely used in present day LANs is:.

Your Response: Coaxial cable Your Answer is Correct.

16.The primary objective of security software is to:.

Correct Answer is : Control access to information system resources.

17.The purpose of compliance tests is to provide reasonable assurance that:.

Your Response: Risks are analysed and exposure qualified.

18.The quality that should be determined by the IS auditor while reviewing the functions of a Database administrator is .

Correct Answer is : The job responsibilities of the function are clearly defined.

19.The requirements specification phase needs a lot of operational viewpoint input in the early stage of a system development. Which of the following models that takes care of this aspect?.

Your Response: Rapid prototyping model Your Answer is Correct.

20.Which feature gives Time Division Multiple Access the edge over other spread spectrum technologies?.

Correct Answer is : Elimination of interference

21.Which file format requires an acrobat reader to view the file?.

Correct Answer is : .pdf

22.Which of the following CANNOT be used for measuring the progress of a software development project?.

Correct Answer is : Appraisal of the performance of the team members by the superiors

23.Which of the following is addressed by software configuration management as part of Software quality assurance?.

Correct Answer is : At what point was the first baseline established?

24.Which of the following is LEAST likely to be an objective of file handling controls?.

Correct Answer is : To prevent inefficient access by programs to data

25.Which of the following is not a preventive maintenance approach?.

Correct Answer is : Forward engineering

26.Which of the following is not an element of measurement program?.

Your Response: Cost to the hardware Your Answer is Correct.

27.Which of the following is NOT TRUE with regard to network reliability enhancement:.

Correct Answer is : Licensed software

28.Which of the following is true regarding Remote Authentication Dial-In User Service (RADIUS):[a] [b] [c] [d] .

Correct Answer is : It can authenticate multiple clients at a time through a centralised database

29.Which of the following security control is MOST effective to prevent fraud and abuse in the case of electronic fund transfers?.

Correct Answer is : Encryption

30.Which of the following step forms part of an approach to IT audit.


Test 6 - Your results:

1.A disaster recovery plan for a companys computer system usually focuses on which of the following? .

Correct Answer is : Alternative procedures to process transactions

2.A project manger must know which of the following, in order to be sure that the schedule will work , even though he has a detailed project schedule?.

Your Response: Resource allocation Your Answer is Correct.

3.Ability to operate on multiple computer types from different vendors is envisaged by .

Your Response: Portability Your Answer is Correct.

4.Which one of the following maintenance aspects would greatly ensure the currency of the plan as time passes?.

Correct Answer is : Incorporate into change management procedures

5.Which one of the following methodologies require efficient system requirements analysis? .

Your Response: Traditional system development life cycle Your Answer is Correct.

6.After you enter a purchase order in an on-line system, you get the message, “The request could not be processed due to lack of funds in your budget”. This is an example of error.

Correct Answer is : Prevention

7.An example for a concurrent audit tool whose complexity is low is :.

Your Response: Audit hooks Your Answer is Correct.

8.Components of an ACL include_______.

Correct Answer is : Roles, rights and resources

9.Electronic Data Interchange.

Correct Answer is : Provides strategic, operational and opportunity benefits

10.Identify the correct sequence in the acceptance testing process:.

Your Response: Preparation, execution, validation, reporting Your Answer is Correct.

11.In a client server environment, if all printing options are commonly accessed by all users, it may result in the following exposure -.

Correct Answer is : unauthorised users may receive information

12.In an ex-post review audit of the system development process, the auditor:.

Correct Answer is : evaluates the system development process, in general, as a basis for reducing the extent of substantive testing needed

13.Maximum reliability is available in.

Your Response: Mesh topology network Your Answer is Correct.

14.Risk mitigation deals with:.

Correct Answer is : All of the above

15.Since it is the end-users who are going to use an application, they must be consulted and their

opinions must be incorporated if found reasonable. Which of the following principle of User-Interface Design reflects the above statements?.

Correct Answer is : User-Perceptions

16.The advantage tagging live transactions in an Integrated Test Facility (ITF) as against designing new test data is that:.

Your Response: Test transactions are representative of normal application system processing.


17.The primary purpose of Quality of Services is to.

Correct Answer is : Improved services to specified flows

18.The technical support personnel should have unlimited access to all data and program files to do their job. Which of the following is the right prescription for proper access authority devolution..

Correct Answer is : Such access authority is inappropriate because it violates the principle of "access on need - to - know basis, irrespective of position

19.To implement BPR, the best approach would be to:.

Correct Answer is : Develop a plan based on the data gathered

20.To prevent virus attack effectively in an IS environment, the first and the foremost step to be taken is -.

Correct Answer is : formulating and adopting a detailed anti-virus policy for the organisation as a whole and appraising all users about the same and implementing it.

21.What is the MAJOR difference between business process reengineering (BPR and business process improvement (BPI .

Correct Answer is : The enormity of the changes contemplated and implemented

22.When the results of production data files processing with a generalized audit software do not agree with the total balance according to the inventory application reports, what should the IS Auditor do first?.

Correct Answer is : Review the data field definitions and logic in the audit software.

23.Which of the following functions SHOULD NOT BE combined with Systems Analyst .

Correct Answer is : Control Group

24.Which of the following data items is most likely to appear in the operations audit trail and not the accounting audit trail for the communication subsystem?.

Correct Answer is : message transit time between nodes and at nodes

25.Which of the following employs client-server computing?.

Correct Answer is : Networked multimedia

26.Which of the following is not a component of audit risk?.

Your Response: Restrictive risk Your Answer is Correct.

27.Which of the following is not an element of measurement program?.

Your Response: Cost to the hardware Your Answer is Correct.

28.Which of the following is NOT an input control objective?.

Your Response: Appropriate accounting for rejections and exceptions Your Answer is Correct.

29.Which of the following is NOT True as a mode of network reliability enhancement: .

Correct Answer is : Licensed software

30.Which of the following is TRUE in relation to the input controls of EDI ?.

Test – 7

Your results:

1.A hacker changes data stored in hidden form fields to reduce the price in online shopping. This type of attack is called:.

Correct Answer is : Data Manipulation

2.A well written and concise job description is IRRELEVANT to .

Correct Answer is : Providing a little indication of segregation of duties.

3.Abuse of information system (IS is BEST described as :.

Correct Answer is : Any incident involving the IS whereby a perpetrator is able to inflict a loss to a would-be victim for his/her personal gain

4.After the system is developed, the auditors objective in conducting a general review is to.

Correct Answer is : make an evaluation of the whole process to quantify the substantive test required for the specialized audit of the process

5.Data is an important asset in an organisation. To prevent the interception of data the auditor should determine.

Correct Answer is : Whether access controls exist at the source and destination of data transfers

6.Due to an important work, the senior computer operator has gone on a leave for ten days. In his place, the security officer has been asked to officiate. In this scenario, as an IS auditor which of the following would be the most appropriate..

Correct Answer is : Inform the top management of the complexities and risks in doing so.

7.Every organisation should have a contingency plan regardless of its size. Contingency plan should be detailed for the management and staff to actually act in event of a disaster. The contingency plan need not address.

Correct Answer is : Audit of the plan

8.For an effective implementation of a continuous monitoring system, which of the following is identified as the FIRST and FOREMOST step by an IS auditor..

Correct Answer is : The Organisation’s critical and high risk business areas

9.Identify the correct sequence in the acceptance testing process:.

Your Response: Preparation, execution, validation, reporting Your Answer is Correct.

10.Implementing a firewalls is not the best solution for Virtual Private Networks because:.

Correct Answer is : Firewalls cannot detect spoofing attacks.

11.In an information processing system, certain measures were introduced for improving the quality. An auditor looking for the effectiveness of the measures WILL NOT be assured of the effectiveness by.

Correct Answer is : an increase in quality assurance budget by the management

12.Monetary-unit sampling is most useful when: .

Correct Answer is : Cannot cumulatively arrange the population items

13.Mr. R. sends a signed message to Mr. S. If Public Key cryptosystem is used for sending the messages, then Mr. R. encrypts the message under the -.

Correct Answer is : Mr. R. s private key.

14.Networked micro computers can be protected from viruses by practising the following EXCEPT –.

Your Response: Using untested software on system and testing new software before use.


15.Single copy of a software product installed on the server and used by all the connected clients is an example of:.

Correct Answer is : Corporate Piracy

16.Session-hijacking refers to.

Correct Answer is : A type of attack where the session ids of other users are guessed

17.Short Message Service (SMS) cannot be used to provide which of the following services?.

Your Response: Display a graphic-rich web page Your Answer is Correct.

18.The BEST method to verify the data values through the various stages of processing.

Correct Answer is : Run-to-run totals

19.The duties and role of an IS Steering Committee is:.

Your Response: Ensuring data processing resources are efficiently use Your Answer is Correct.

20.The primary objective of security software is to:.

Correct Answer is : Control access to information system resources.

21.The salient features of the data file access control shall address the following EXCEPT –.

Your Response: Access to physical resources Your Answer is Correct.

22.What feature of Linux allows a secure connection between client and server for generally insecure services such as Telnet?.

Your Response: Secure Shell (SSH) Your Answer is Correct.

23.Which of the following functions SHOULD NOT BE combined with Control Group..

Correct Answer is : Systems Analyst

24.Which of the following functions of the database language SQL contributes to maintaining the integrity of the database?.

Correct Answer is : transactional management

25.Which of the following is a feature of ActiveX controls that can both be used as well as misused?.

Correct Answer is : ActiveX controls can access system resources

26.Which of the following is not related to an electronic-mail system?.

Correct Answer is : X.500

27.Which of the following is TRUE about an electronic-mail (E-mail) network?.

Your Response: Decentralised system Your Answer is Correct.

28.Which of the following statements is not a benefit for using the Voice-over-Internet protocol?.

Correct Answer is : Use of vocoder

29.Which of the following should find a place in a disaster recovery plan.

Your Response: Responsibilities of each organizational unit Your Answer is Correct.

30.Which of the following statement is TRUE about an offsite information processing facility?.

Correct Answer is : Should have the same amount of physical access restrictions as the primary processing site


1._________ tests individual programs..

Correct Answer is : Unit testing

2.Access control procedure provides for access rights administration by the Security administrator. However, the access to production data should be authorised by –.

Correct Answer is : Data owner

3.Which sampling plan will be used to find evidence of at least one improper transaction in the population?.

Correct Answer is : Discovery sampling

4.While classifying controls on the basis of the operations involved, input control can be classified as -.

Your Response: Application control Your Answer is Correct.

5.While reviewing an organisation that has a mainframe and a client/server environment where all production data reside, the IS auditor discovered several weaknesses. The most serious weakness of the following is -.

Your Response: Password controls are not administered over the client/server environment


6.With respect to the various phases in the system development life cycle, which of the following is least likely to vary:.

Your Response: presence of each phase Your Answer is Correct.

7.Which of the following steps provide the highest assurance in achieving confidentiality, message integrity and non-repudiation by either sender or recipient?.

Correct Answer is : the recipient uses the senders public key, verified with a certificate authority, to decrypt the pre-hash code

8.Which of the following would not normally be considered a typical file structure for a database management system:.

Correct Answer is : Batched sequential structure

9.Which one of the following is NOT false:.

Correct Answer is : Data redundancy can be reduced

10.Which one of the following statement is true with respect to VSAT?.

Your Response: It operates in two frequency bands namely Ku and C Your Answer is Correct.

11.All of the following assumptions about legacy application systems are correct except .

Correct Answer is : A legacy system is old and hence no longer good



13.For ensuring adequate security of LAN, the auditor must exercise control over.

Correct Answer is : Password

14.In determining good preventive and detective security measures practised by an employee, the IS auditor places the HIGHEST reliance on :.

Correct Answer is : Observation

15.In preventing unauthorised access to a computer file from a remote terminal, which of the following controls can be used with best results?.

Your Response: Call back procedures Your Answer is Correct.

16.Integration of asset management system, network performance data, customer information, and call details results in improved help desk customer satisfaction. Which one of the following is the most important benefit that can be realized by integrating help.

Your Response: Service level agreements are met Your Answer is Correct.

17.Intentional Standards Organisation (ISO) has defined risk as “ the potential that a given threat will exploit vulnerability of an asset or group of assets to cause loss or damage to the assets “.This means , risk has all of the following elements EXCEPT:.

Your Response: Controls to contain the threat. Your Answer is Correct.

18.Preventive controls are usually preferred to detective controls because: .

Correct Answer is : Are intended to stop losses before they occur

19.SONET is a standard for which of the following networks?.

Correct Answer is : Fiber-optic cable

20.When the account number is entered into an online banking system, the computer responds with a message that reads: “Account number that you entered is not assigned to an active number. Please reenter”. What technique is the computer using..

Correct Answer is : Existence check

21.Which of the following are not part of the information systems design:.

Correct Answer is : design of the user specification document layout

22.Which of the following do not lend themselves to compression easily?.

Correct Answer is : Images

23.Which of the following is a dynamic analysis to detect software errors? .

Correct Answer is : Testing

24.Which of the following functions, if combined, would provide the GREATEST risk to an organisation..

Your Response: Application Programmer and Data entry clerk Your Answer is Correct.

25.Which of the following is FALSE with regard to a symmetric key cryptosystem?.

Correct Answer is : two different keys are used for the encryption and decryption

26.Which of the following is NOT a constraint while using Computer Aided Software Engineering(CASE tools running on workstations..

Your Response: Lack of tools for source code generation Your Answer is Correct.

27.Which of the following is not a PKI Component?.

Correct Answer is : Merchant Server

28.Which of the following is not an objective in the analysis and planning of storage management?.

Correct Answer is : To decide on software that has to be loaded on the server

29.Which of the following is the BEST disaster recovery plan for the communication processor for a large chain of shops which has a central communication processor for connecting with the banking network with electronic fund transfer (EFT at point-of-sale de.

Correct Answer is : Alternate standby processor at another network node

30.Which of the following statements about automated operations facility parameters is not true?.

Correct Answer is : operating system will identify an inaccuracy


1.A bank performs a backup of its online deposit files each day after all processing is over and retains it for 7 days. The bank does not retain a copies of each days transaction. This approach is:.

Correct Answer is : Risky, since restoring from the most recent backup file would omit subsequent transactions

2.A firewall cannot do one of the following:.

Correct Answer is : Protect the network against users connecting to the Internet using the office telephone and a modem

3.A modem is NOT intended to.

Correct Answer is : encrypt the messages transmitted and decrypt them on reception

4.While classifying controls on the basis of the operations involved, input control can be classified as -.

Correct Answer is : Application control

5.Which of the following worms does the friendly "Cheese worm" counteract?.

Correct Answer is : 1i0n worm

6.Which of the following would not be considered a characteristic of a private key cryptosystem?.

Correct Answer is : two different keys are used for the encryption and decryption





9.Which one of the following statements is not true about audit trails?.

Your Response: If a user is impersonated, the audit trail will establish events and the identity of the impersonator.


10.An advantage of outsourcing data processing activities in a company is obtained by:.

Correct Answer is : Best IS expertise from the outside source.

11.An Information System Auditor observed that technical support personnel have unlimited access to all data and program files in the computer. Such access authority is:.

Correct Answer is : inappropriate, since access should be limited to a need-to-know basis, regardless of position

12.Business continuity plan of an organisation should address early recovery of which of the following?.

Correct Answer is : Processes in priority order, as defined by the business manager

13.Extensible Business Reporting Language (XBRL) is an XML based application that is used for financial processing. Which of the following statements is false?.

Correct Answer is : Organisation has to disclose additional information than required in normal accounting standards

14.In an accounting audit trail for online output, which of the following information is LEAST LIKELY to be stored?.

Correct Answer is : The resources consumed to produce the output

15.In the system development life cycle approach, which of the following is MOST likely to be constant?.

Correct Answer is : Each phase will have to be present



17.Software metric that deals with measurement of lines of code is:.

Correct Answer is : Code metrics

18.Which among the following hacking techniques DOES NOT facilitate impersonation?.

Correct Answer is : Packet replay

19.The CSMA/CD Protocol is useful in.

Correct Answer is : Detecting Collisions

20.The duties and role of an IS Steering Committee is:.

Correct Answer is : Ensuring data processing resources are efficiently use

21.The main difference between manual and computerized systems in so far as separation of duties is concerned is :.

Correct Answer is : separate persons are responsible for initiation and authorization in manual systems whereas execution and maintenance of programs are entrusted to different persons in computerized environment

22.The public audit trail of a Digital Signature system will not contain which of the following?.

Correct Answer is : Private key modifications

23.Where would you handle finite state machines in SDLC?.

Your Response: Requirements Your Answer is Correct.

24.Where access control mechanism is implemented in an open environment, the users are allowed to access a resource:.

Correct Answer is : unless authorisation information specifies users cannot access the resource

25.Which of the computer assisted audit techniques and tools help the auditor to identify the impact of delays and rescheduling audit plans .

Correct Answer is : Project management and audit tracking

26.Which of the following is deemed as good system design practice? .

Your Response: High cohesion of modules, low coupling of modules, and high modularity of programs


27.Which of the following is TRUE about Automated Teller Machines (ATMs) ?.

Correct Answer is : Allow for cash withdrawal and cash deposits only

28.Which of the following methods can detect burst errors only if the number of errors is in each data unit is odd?.

Your Response: Vertical Redundancy check (VRC) - even parity Your Answer is Correct.

29.Which of the following principles should guide the ways in which QA personnel monitor compliance with information systems standards?.

Correct Answer is : QA personnel should seek to understand the reasons for a compliance failure so that they can advise management

30.Which of the following risks is not greater in an electronic funds transfer (EFT) environment than in a manual system using paper transactions?.

Your Response: higher cost per transaction Your Answer is Correct.

Test – 10

Your results:

1.Searching for weaknesses in the Windows NT and Unix Operating Systems is an example of:.

Correct Answer is : Passive attack



3.A LAN administrator is forbidden from:.

Correct Answer is : Having programming responsibilities.

4.Which of these access control mechanisms is not based on multi-level security?.

Correct Answer is : Role Based Access Control (RBA)



6.Which one of the following graphical user interface (GUI development approaches would create more user-friendly interactions ?.

Correct Answer is : Object-oriented user interfaces

7.Which one of the following is NOT false:.

Correct Answer is : Data redundancy can be reduced

8.Which one of the following network configurations used by electronic data interchange (EDI trading partners does not have a storage capability and does not provide any message status information?.

Your Response: Point-to-point network Your Answer is Correct.

9.After which of the following testing , should formal change control mechanism start? .

Correct Answer is : After completion of integration testing

10.For eCommerce deals through web based transactions involving acceptance of payment through credit cards, installation of firewall with strict parameters is required, having impact on the transaction itself. State the parameter having the LEAST impact over.

Correct Answer is : Architecture of the firewall hiding the internal network

11.How can hackers get access to password files or configuration information from a web server?.

Correct Answer is : Poorly written active content such as CGI scripts

12.In general, output controls over reports of batch systems would be more compared with that of online systems because:.

Correct Answer is : There are more intermediaries involved in producing and distributing batch output.

13.In which of the following phases of a system development life cycle decision tables being

used? .

Correct Answer is : Requirements Definition

14.In Windows XP, which component controls access to the credentials of users who are permitted to log onto the system?.

Your Response: Local Security Authority Your Answer is Correct.

15.Internet was established NOT for.

Correct Answer is : minimizing the high risk protocol conversion functions that the gateways perform

16.One main reason for using Redundant Array of Inexpensive Disks (RAID) is :.

Correct Answer is : all data can still be reconstructed even if one drive fails

17.Program Evaluation Review Technique charts aid.

Correct Answer is : Identification of critical paths, interdependencies of the processes and slack times on certain paths

18.Programming language used exclusively for artificial intelligence is____________..

Correct Answer is : Prolog

19.Project management needs are addressed first and artificial approach to development is adopted in.

Your Response: waterfall model or SDLC model Your Answer is Correct.

20.Risk mitigation deals with:.


21.The process of visualising the design of a project that is yet to take shape is called:.

Correct Answer is : Data modeling

22.There are various techniques for telecommunication controls. Confidentiality of data is BEST maintained by.

Correct Answer is : data encryption technique

23.To implement BPR, the best approach would be to:.

Correct Answer is : Develop a plan based on the data gathered

24.Uninterruptible power supply (UPS systems are an environmental control to address electric power failures. Which one of the following factors would be a least concern in selecting a UPS system? .

Correct Answer is : Size of the gas fuel supply

25.What is the similarity between a GSM (Global System for Mobile Communication) network and EDGE (Enhanced Data for GSM Environment)? .

Correct Answer is : Both use the TDMA frame structure

26.When data is accessed through both sequential and direct access methods the process is called:.

Your Response: Indexed sequential storage and retrieval Your Answer is Correct.



28.Which of the following is an advantage of Hardware-based Keystroke logging over Surveillance cameras for observing data input?.

Correct Answer is : Electrical interference does not affect the functioning




30.Which of the following statement is true about a mandatory access control policy?.

Test – 11

Your results:

1.A well written and concise job description is IRRELEVANT to .

Correct Answer is : Providing a little indication of segregation of duties.

2.Due diligence of third party service providers need not cover.

Your Response: Evaluation of ownership Your Answer is Correct.

3.While conducting the audit of security in an organisation, the procedure of LEAST concern to the IS auditor is:.

Your Response: Reviewing the effectiveness in utilisation of the assets. Your Answer is Correct.

4.Which of the spread spectrum technologies is widely employed?.

Correct Answer is : Direct Sequence

5.Which one of the following protocols is used by the Internet? .


6.Which part of the Universal Mobile Telecommunication system (UMTS) network houses the ATM (Asynchronous Transfer Mode) standard? .

Correct Answer is : Core Network

7.An electronic-mail security program is not effective in the case of the following attacks?.

Correct Answer is : Bogus traffic

8.At which stage of the data process flow, from source to warehouse, is detective controls implemented?.

Your Response: Reconciliation Your Answer is Correct.





11.Concept of charging an end-user on the number of times he/she has used the software is called:.

Correct Answer is : Meterware

12.During system design phase an auditor participating in system development attempts to:.

Correct Answer is : determine whether necessary controls have been designed into the system

13.How can hackers get access to password files or configuration information from a web server?.

Correct Answer is : Poorly written active content such as CGI scripts

14.In WAP, the actual transfer of data is done by the ___________.

Correct Answer is : Bearers

15.Introduction of CASE tools in an IS environment in the early stages of implementation of a software project will impact in the LEAST :.

Your Response: programmer Your Answer is Correct.

16.ISO 9000:2000 standards are based on eight quality management principles. One of the principles follows the systems approach to management, which has various advantages. Which of the following comes within the purview of this approach?.


17.Maximum reliability is available in.

Your Response: Mesh topology network Your Answer is Correct.

18.Object control is widely used in:.

Correct Answer is : Multi-user and distributed systems

19.The control to provide security against accidental destruction of records and to ensure continuous operations is called -.

Correct Answer is : An operations control

20.The duty of the Quality Assurance Group is .

Correct Answer is : Adherence of established standards by programs, program changes and documentation.

21.The MOST critical situation that an IS auditor should report when he observes a computer operator also performing the duties of a backup tape librarian and security administrator is:.

Correct Answer is : Computer operators acting as security administrators.

22.The prototyping approach to software development is most suitable when.

Correct Answer is : The user is not fully aware of the requirements

23.To prevent virus attack effectively in an IS environment, the first and the foremost step to be taken is -.

Correct Answer is : formulating and adopting a detailed anti-virus policy for the organisation as a whole and appraising all users about the same and implementing it.

24.Where a transaction processing application is very complex, involving many sources of data capture and many routes for output, the following control is used to ensure that transactions are not lost during processing..

Your Response: balancing procedures through the system itself automatically


25.Which image processing display technique is also known as point operations?.

Your Response: Contrast enhancement Your Answer is Correct.

26.Which is the function that the audit software does not perform?.

Correct Answer is : Decide on the sampling method to be used

27.Which of the following do not come under the Workload Operational Policy?.

Your Response: Training and support functions Your Answer is Correct.

28.Which of the following controls applies to PIN transmission?.

Correct Answer is : a unique cipher must be generated for each transmission of the PIN

29.Which of the following data base environment controls enforces access rules in addition to maintaining standardized definitions?.

Correct Answer is : Active data dictionary system

30.Which of the following is the most likely sequence of phases in the system development process:.

Your Response: feasibility study, information analysis, system design, program development


Test – 12

Your results:

1.Access control list of a firewall can have the following parameters, on the basis of which it may filter access, EXCEPT one..

Your Response: Network interface card Your Answer is Correct.

2.Access to a computer system is conditional upon success of the authentication process. The best methodology of authentication means .

Your Response: identifying what the user is and what she/he knows/remembers


3.Which transmission impairment is dependent on propagation velocity as a function of frequency?.

Correct Answer is : Delay distortion

4.While valuing the assets, an information systems(IS auditor is likely to value MOST.

Correct Answer is : Personnel like the DBA and systems analysts

5.Which one of the following pairs, when performed simultaneously, would pose a major Risk?.

Correct Answer is : Systems analysis and design

6.All of the following control procedures can be used to ensure completeness of data, EXCEPT –.

Your Response: Validity routines Your Answer is Correct.

7.An organisation’s strategic plan would normally comprise of the organisation’s goal of:.

Correct Answer is : Growing to become the unanimous supplier of choice among the buyers in a given period of time for the product / service to be offered by the organisation.

8.As compared with other Information Systems, Executive Information Systems does NOT have the characteristic of .

Correct Answer is : Focusing on broad problems to a specific view.

9.For effective implementaion of a software quality program the MOST important prerequisite is: .

Your Response: Commitment Your Answer is Correct.



11.In an organisation, Integrated Test Facility (ITF) is not used in:.

Correct Answer is : Quantity control

12.In general, mainframe computer production programs and data are adequately protected against unauthorized access. Certain utility software may, however, have privileged access to software and data. The risk of unauthorized use of privileged software could.

Correct Answer is : g. Limiting and monitoring the use of privileged software.

13.In Reverse Engineering, ______________ deals with the restructuring of existing source code..

Your Response: Directionality Your Answer is Correct.

14.Logging of authorised and unauthorised attempts to access the computer systems and Disconnection of a terminal after it has been inactive for a period of time are classfied as .

Correct Answer is : Terminal access controls

15.Mr. R. sends a signed message to Mr. S. If Public Key cryptosystem is used for sending the messages, then Mr. R. encrypts the message under the -.

Correct Answer is : Mr. R. s private key.

16.One of the disadvantages of residual dumping is:.

Your Response: Recovery is more complex than with physical dump Your Answer is Correct.

17.Out of the following pairs of services, which provides an access control over a network of computers.

Correct Answer is : Identification and authentication

18.The IT auditor considers the controls that are present for the evaluation of the internal controls. Which of the following controls cuts across the hierarchical line and follow the data as it flows in the organisation?.

Correct Answer is : Application controls



20.The modifications done in an image can be determined by.

Correct Answer is : Tamper proofing

21.The most serious exposure in a Digital Signature system is caused by which of the following?.

Correct Answer is : Key servers private key becoming public

22.The relationship with vendors is important from the view of maintenance of the systems and servicing. The auditor in his review of LAN ensures that software meets the demand of the company and.

Correct Answer is : The license agreement exists

23.To conduct a System audit the IS auditor should: .

Correct Answer is : Be able to understand the system that is being audited

24.Which feature of a distributed database supports multi-user access?.

Correct Answer is : Concurrency control

25.Which feature in UMTS (Universal Mobile Telecommunication system) security is not derived from GSM standards?.

Correct Answer is : Security against false base stations through mutual authentication

26.Which of the following functions SHOULD NOT BE combined with Systems Analyst .

Correct Answer is : Control Group

27.Which of the following best describes feature of statistical sampling?.

Your Response: It provides a means for assessing the risk that the sample results will not accurately represent the population characteristics.


28.Which of the following involves routing of traffic through split or duplicate cable facilities in providing telecommunication continuity?.

Correct Answer is : Diverse routing

29.Which of the following is NOT a characteristic of optical fibre cables?.

Your Response: The signal gets attenuated Your Answer is Correct.

30.Which of the following is not an advantage of distributed computing vis-à-vis centralised computing?.

Your Response: security measures are easier to provide Your Answer is Correct.

Test – 13

Your results:

1.A major advantage of associating passwords with users in the access control mechanism, over associating the passwords with the resources is -.

Correct Answer is : Users need not remember multiple passwords rather than a single passwords

2.A newly released virus was enabled into LAN, from a floppy drive in one of the workstations connected to the LAN. The existence of such virus in the LAN will be revealed effectively by which of the following?.

Correct Answer is : regular scanning of all network drives as per the established routines

3.Which one of the following threats would cause the greatest concern to an auditor auditing the data centre of a client organization? .

Correct Answer is : Gun powder is stored in the basement of the building where the data centre is also located

4.While appointing an auditor to conduct the IS audit the company need not look into ________ of the auditor?.

Correct Answer is : Proficiency in different computer languages

5.While attempting to discover a valid password, which of the following factors a perpetrator is least concerned with?.

Correct Answer is : The power of the computer used to break the password code

6.Which of the following would not be appropriate to consider in the physical design of a data centre?.

Correct Answer is : Design of authorization tables for operating system access.

7.Which one of the following computer fraud methods relates to obtaining information that may be left in or around a computer system after the execution of a job. .

Correct Answer is : Scavenging

8.Which one of the following statements is true? .

Correct Answer is : Debugging follows testing

9.An electronic device that combines data from several low speed communication lines into a single high-speed line is a :.

Correct Answer is : multiplexer

10.An efficient asset management system contributes to the smooth functioning of an organisation. Which of the following is false with respect to an asset management practice..

Correct Answer is : It should be taken up at fixed time periods.

11.If outsourcing a hot site is a feasible solution, then which of the following should be considered while interacting with the vendor?.


12.Intentional Standards Organisation (ISO) has defined risk as “ the potential that a given threat will exploit vulnerability of an asset or group of assets to cause loss or damage to the assets “.This means , risk has all of the following elements EXCEPT:.

Your Response: Controls to contain the threat. Your Answer is Correct.

13.Introduction of CASE tools in an IS environment in the early stages of implementation of a software project will impact in the LEAST :.

Your Response: programmer Your Answer is Correct.

14.Physical access control does not depend upon which of these factors?.

Correct Answer is : Public key infrastructure

15.Prototyping methodology is resorted to when :.

Correct Answer is : there is no user specification document

16.Since it is the end-users who are going to use an application, they must be consulted and their opinions must be incorporated if found reasonable. Which of the following principle of User-Interface Design reflects the above statements?.

Correct Answer is : User-Perceptions

17.The Digital Signature system uses the services of an Arbitrator to prevent.

Correct Answer is : the sender from disowning the message

18.The IS activity that is IRRELEVANT to information processing is:.

Your Response: System analysis. Your Answer is Correct.

19.The functions of operations management relating to the microcomputers in organisations where microcomputers are used extensively should be:.

Your Response: formulated by the operations manager and promulgated as a standard through-out the organisation


20.The of information design type used for navigational aids and graphs for geographical use is:.

Correct Answer is : Cartographic

21.The responsibility of business continuity does not rest with.

Your Response: Auditor Your Answer is Correct.

22.The System Development Tool which gives the BEST results in an application maintenance function is:.

Your Response: Test data generators Your Answer is Correct.

23.User authentication determines who is making a system request or access. There are various ways by which users can identify themselves to a computer system. Which of the following identification techniques provide the best means of user authentication? .

Correct Answer is : What the user has and what the user knows

24.Which of the below is a TRUE statement concerning Test Data Techniques..

Correct Answer is : Tests only pre-conceived situations

25.Which of the following characteristics is not associated with a public key cryptosystem?.


26.Which of the following data items is most likely to appear in the operations audit trail and not

the accounting audit trail for the communication subsystem?.

Correct Answer is : message transit time between nodes and at nodes

27.Which of the following is not a desirable property of a cipher system:.

Correct Answer is : high error propagation

28.Which of the following is not a PKI Component?.

Correct Answer is : Merchant Server

29.Which of the following is not an important control step of the input/output control group?.

Correct Answer is : identifying questionable data

30.Which of the following is true regarding ActiveX controls?.

Your Response: Even a digitally-signed control may be dangerous Your Answer is Correct.

Test 14

Your results:




Correct Answer is : Gun powder is stored in the basement of the building where the data centre is also located

3.Which one of the following uses a modem technology as a common means of communicating between computers? .

Your Response: Public switched telephone network Your Answer is Correct.

4.Which type of cipher has the highest work factor?.

Correct Answer is : product cipher

5.Which of the following would BEST ensure continuity of a Wide Area Network (WAN ?.

Your Response: Built-in alternative routing Your Answer is Correct.

6.Which of the following would not normally be considered a typical file structure for a database management system:.

Correct Answer is : Batched sequential structure

7.Which of these statements is true?.

Correct Answer is : There can be more than one internal perimeter router in a network

8.Which one of the following software test methods should invariably perform Input-tolerance testing? .

Your Response: User acceptance testing Your Answer is Correct.

9.Which one of the following testing order is correct? .

Your Response: Unit test, integration test, systems test, acceptance test Your Answer is Correct.

10.CASE Tools do not help in:.

Correct Answer is : Understanding requirements

11.Concentration technique in a communication network DOES NOT.

Correct Answer is : reduce the wiretapper’s capabilities to tap more data

12.For a company carrying on the business of leasing of computers, the GREATEST threat would be:.

Your Response: The re-assignment of the hardware quite frequently. Your Answer is Correct.

13.Implementation of control totals should begin at which point to prevent the loss of data during the processing?.

Your Response: at the time of data preparation & at input stage Your Answer is Correct.

14.Improper segregation of duties amongst programmers and computer operators may lead to the threat of :.

Correct Answer is : Unauthorised program changes.

15.In an accounting audit trail for online output, which of the following information is LEAST LIKELY to be stored?.

Your Response: The resources consumed to produce the output Your Answer is Correct.


Correct Answer is : Observation




18.The major difference between a client/server and a mainframe-based application may NOT likely to occur with regard to which of the following areas from system testing viewpoint? .

Correct Answer is : The system test deliverables

19.The principle of least privilege is a important concept in access controls of a network. Among the four enumerated here, which does NOT support this concept?.

Correct Answer is : Either allow access to all resources or none

20.The risk that the conclusion based on a sample might be different from the conclusion based on examination of the entire population is called .

Correct Answer is : Sampling risk

21.Under certain conditions, an inventory batch-update program ignores transactions with invalid transaction code types. Which of the following controls would detect the presence of such errors in processing: .

Correct Answer is : Hash total

22.User authentication determines who is making a system request or access. There are various ways by which users can identify themselves to a computer system. Which of the following identification techniques provide the best means of user authentication? .

Correct Answer is : What the user has and what the user knows

23.Which of the following activities is a task during scenario analysis?.

Your Response: Identifying how threats can circumvent controls Your Answer is Correct.

24.Which of the following are NOT true about electronic data interchange (EDI) ?.

Correct Answer is : Standardisation is not key to EDI transaction

25.Which of the following BEST describes an exposure?.

Correct Answer is : The expected loss that will occur, given the reliability of the existing controls

26.Which of the following is least likely to be a reason for making QA personnel responsible for identifying areas where quality improvement can be made?.

Your Response: QA personnel are in the best position to decide whether quality improvement will result in better achievement of the organisation’s overall corporate strategy


27.Which of the following is not an audit objective in the review of hardware acquisition?.

Correct Answer is : Ensuring that provisions are made to minimise damage or abuse to hardware and to maintain the hardware in good operational condition

28.Which of the following is the BEST disaster recovery plan for the communication processor for a large chain of shops which has a central communication processor for connecting with the banking network with electronic fund transfer (EFT at point-of-sale de.

Correct Answer is : Alternate standby processor at another network node

29.Which of the following statement is FALSE for Equipment mean-time-between-failure (MTBF)? .

Correct Answer is : Low MTBF values imply good reliability

30.Which of the following statements is true about "Trojan-horse"?.

Correct Answer is : It is a malicious computer program

Test 15

1.A firewall ruleset should not block.

You did not answer this Question.

The correct answer is: Inbound traffic from an authenticated source having Simple Network Management Protocol SNMP).

2.Abuse of information system (IS is BEST described as :.


The correct answer is: Any incident involving the IS whereby a perpetrator is able to inflict a loss to a would-be victim for his/her personal gain



The correct answer is: Gun powder is stored in the basement of the building where the data centre is also located

4.Which type of constrained user interface does an ATM have?.


The correct answer is: Physically constrained user interface

5.With respect to BCP, critical activities can be segregated into:.


The correct answer is: Essential activities, recommended activities, non-essential activities

6.Which of the following tests the compliance of internal accounting control procedure?.


The correct answer is: document inspection for verification of performance by employess

7.Which one of the following criteria shall NOT be considered for choosing an appropriate

Computer platform to suit a given application software system?.


The correct answer is: Data usage

8.Which one of the following is ideally suited for multimedia applications?.


The correct answer is: Broadband ISDN, fiber optics, and ATM

9.Which one of the following poses a major threat in using remote workstations? .


The correct answer is: Security

10.An agreement between two computer systems on the ways in which the data to be transmitted between them shall be packed and interpreted is called.


The correct answer is: Communication protocol

11.An Assembler is a translator program that converts _________________ into machine level language..


The correct answer is: Assembly level language



The correct answer is: Organisation has to disclose additional information than required in normal accounting standards

13.Implementing a firewalls is not the best solution for Virtual Private Networks because:.


The correct answer is: Firewalls cannot detect spoofing attacks.

14.In data processing, which of the following causes the maximum losses .


The correct answer is: errors and omissions



The correct answer is: Observation

16.In which phase of a system development life cycle would you perform Mutation analysis? .


The correct answer is: Implementation

17.IS activities can be outsourced to a third party. To evaluate the performance of the service provider the auditor should.


The correct answer is: Benchmark the services

18.Path length, bandwidth, load are:.


The correct answer is: Routing metrics

19.Parity checking and Access logging can be broadly classified as –.


The correct answer is: Detective control

20.One of the main advantages of employing biometric devices is that -.


The correct answer is: it provides effective physical access control

Test 16

1.Which step comes just before the final approval of the BCP?.

Correct Answer is : Testing the plan

2.While conducting the audit, the auditor shall allocate the audit resources to.

Correct Answer is : Prioritised areas

3.Which of the following terms best define a computer program looking “normal” but containing harmful code?.

Correct Answer is : Trojan horse

4.Which of the following utilities can be used to directly examine the quality of data in the database:.

Correct Answer is : Pointer validation utility

5.Which of the following would BEST ensure continuity of a Wide Area Network (WAN ?.

Your Response: Built-in alternative routing Your Answer is Correct.

6.Which one of the following statements concerning microcomputer systems NOT true?.

Correct Answer is : Integrated packages are examples of operating systems for microcomputers

7.As against link encryption, end-to-end encryption cannot protect against.

Your Response: traffic analysis Your Answer is Correct.

8.Arithmetically business risk is defined as business value x threat x vulnerability. Thus if there are no threats it means that the business risk.

Correct Answer is : Does not exist

9.Because of the sensitivity of its data, a database system for business forecasting was implemented with access control at different levels. Users’ initial log-in would be controlled by.

Your Response: Operating System Your Answer is Correct.

10.Compliance auditing is used to do?.

Your Response: Determine the degree to which substantive auditing may be limite


11.Design phase in the linear sequential model deals with:.


12.During the conduct of a source code review, the examination of the data processing installation’s programming standards occurs:.

Correct Answer is : before reviewing the program’s specifications

13.Evaluation of which of the following functional areas CANNOT be carried out by risk

assessment techniques..

Correct Answer is : Recommendations and conclusions based on the findings from the audit.

14.In a manufacturing company, which of the following computer files is MOST critical?.

Correct Answer is : Debtor’s file

15.In general, mainframe computer production programs and data are adequately protected against unauthorized access. Certain utility software may, however, have privileged access to software and data. The risk of unauthorized use of privileged software could.

Correct Answer is : g. Limiting and monitoring the use of privileged software.

16.Inaccurate data input can NOT be detected by the employment of which of the following controls ?.

Your Response: Hash totals, and run to run totals. Your Answer is Correct.

17.Normally detailed system specifications do NOT include:.

Your Response: Program, operations, and user documentation. Your Answer is Correct.

18.One of the disadvantages of residual dumping is:.

Your Response: Recovery is more complex than with physical dump Your Answer is Correct.



20.The following device is used to connect one type of IEEE 802.x LAN to another.

Correct Answer is : Bridge

21.The following statement about controls over computer operators is true:.

Correct Answer is : a malicious operator can undermine a disaster recovery operation by corrupting backup files progressively over time

22.What is the control that should have been in vogue so as to enable detection of a change made in a payroll program by a computer operator?.

Correct Answer is : Review of the payroll by the payroll department on a regular basis.

23.Which of the following actions should be undertaken when a file retention date expires?.

Correct Answer is : the file should be purged

24.Which of the following do not lend themselves to compression easily?.

Correct Answer is : Images




Correct Answer is : High cohesion of modules, low coupling of modules, and high modularity of programs

27.Which of the following is NOT true about a database management system application environment?.

Correct Answer is : Data are shared by passing files between programs or systems

28.Which of the following is used to determine authorised sign on in an EDI transaction?.

Correct Answer is : Digital signature

29.Which of the following should find a place in a disaster recovery plan.

Your Response: Responsibilities of each organizational unit Your Answer is Correct.

30.Which of the following statements is true about "Trojan-horse"?.

Correct Answer is : It is a malicious computer program

Test 17

1."Proxy servers" acts as a mediator between:.

Correct Answer is : Local network and Internet

2.A compensating control for the weakness in access controls is the daily review of log files. The IS Auditor reviewing the adequacy of this compensating control would be least concerned with -.

Your Response: The period up to which the log file is retained Your Answer is Correct.

3.A firewall ruleset should not block.

Your Response: Inbound traffic from an authenticated source having Simple Network Management Protocol SNMP).


4.A security management system should undertake _____________..


5.Computer viruses continue to pose a threat to the following characteristics of information systems except: .

Your Response: Confidentiality Your Answer is Correct.

6.While down sizing a material inventory system, data center personnel considered redundant array of inexpensive disks (RAID for the inventory database. One reason to use RAID is to ensure that :.


7.While reviewing the file identification standards in a client, the IS auditor may not be concerned with which of the following:.

Correct Answer is : Retention period standards

8.Which one of the following is not an application control to assure data accuracy? .

Your Response: Echo checking Your Answer is Correct.

9.Generally, which of the following is considered as a major threat to a computer installation? .

Correct Answer is : Fire



11.Due Professional Care” requires an IS auditor to possess which of the following quality .

Your Response: Skills and judgement that are commonly possessed by IS practitioners of that speciality.


12.For secure exchange of data, database has to ensure ACID properties. A property of database that avoids conflict between two or more transactions running simultaneously is:.

Correct Answer is : Integrity

13.Given below are major types of storage devices 1) Cache 2) Magnetic disk 3) Flash 4) Main Memory 5) Tape Storage 6) Optical Storage Rank them in the increasing order of their reading/writing capability..

Correct Answer is : 5,6,2,3,4,1

14.If a web site using the Internet Information Server from Microsoft does not run dynamic scripts, which of the following tools can harden the Web Server?.

Correct Answer is : IIS Lockdown

15.In determining new controls that might be implemented to reduce exposures to an acceptable level, which of the following is not used as a basis?.

Correct Answer is : Choose controls that emphasise design secrecy

16.Incremental Model as an approach adheres to:.

Correct Answer is : More of linear sequential, less of prototyping

17.Maintenance of adequate security measures over IS assets and accountability for the same rests with the:.

Correct Answer is : Data and System owners

18.Network growth is inevitable and in on increase. Which one of the following components of such growth is most difficult to predict? .

Your Response: Extension of the network to new users Your Answer is Correct.

19.Operations in a LAN environment are day to day operation, processes, activities etc. The auditor while auditing the controls over operation in a LAN confirms that.

Correct Answer is : There is segregation of duties

20.Personal Computers and Laptops have both a floppy disk drive and a hard disk drive. The major difference between the two types of storage is that a hard disk :.

Correct Answer is : Has much larger storage capacity than a floppy disk and can also access information much more quickly

21.Retention date on magnetic tape files would: .

Correct Answer is : Prevent the file from being overwritten before the expiry of the retention date

22.Software quality assurance suffers MOST when.

Correct Answer is : it is left to be inspected after the system is completely developed

23.The installation of a database management system (DBMS) does not have any direct impact on :.

Your Response: The logic needed to solve a problem in an application program


24.The prototyping approach to software development is most suitable when.

Correct Answer is : The user is not fully aware of the requirements

25.Which of the following is NOT a security concern while using Java?.

Correct Answer is : Message digests

26.Which of the following is not an advantage of distributed computing vis-à-vis centralised computing?.

Your Response: security measures are easier to provide Your Answer is Correct.

27.Which of the following is not true with regard to the establishment of a security management structure?.

Correct Answer is : Security management structure should be approved by all the employees

28.Which of the following is the NOT effective control for program changes?.

Correct Answer is : c Annual reviews of program listing

29.Which of the following is true with regard to the audit of acquisition risks..

Your Response: The non-cost factor is an important part of the alternative analysis of an acquisition project


30.Which of the following pairs of items which are related to each other? .

Correct Answer is : The segregation of duties principle, the "least privilege" principle

Test 18

Your results:

1. ___________ is not a component of the network security policy.

Correct Answer is : HR policy

2.A data unit 01000101 sent from the source was received as 01111101. What is the type of error?.

Correct Answer is : Burst error

3.A detective control designed to establish the validity and appropriateness or numeric data elements, and to guard against errors made in transcribing or keying data is -.

Correct Answer is : Check digit

4.A malicious user can change an application to get the full database. This is a pitfall in which type of database security measure ?.

Correct Answer is : User Accounts

5.Which would ensure that IS organizations do not take more resources for less output?.

Correct Answer is : Pilot projects

6.Which of the following statements is true:.

Correct Answer is : Stand alones are costly and require large scale deployments.

7.Which of these benefits is unique to CDMA one?.

Your Response: Soft handoffs Your Answer is Correct.

8.An audit technique used to select items from a population for audit testing purposes based on the characteristics is termed as.

Correct Answer is : Attribute Sampling



10.An Information System Auditor observed that technical support personnel have unlimited access to all data and program files in the computer. Such access authority is:.

Correct Answer is : inappropriate, since access should be limited to a need-to-know basis, regardless of position

11.An IS auditor reviewing an organisation’s Business Continuity Plan discovered that the plan was prepared many years ago and has never been updated, tested or approved by the senior management. In this situation the IS auditor should recommend that:.

Your Response: A senior management personnel co-ordinate creation of a new plan or revised plan within a defined timeframe.


12.Asynchronous transfer mode (ATM) is an example of fast packet switching network. Which one of the following statements about ATM is FALSE? .

Your Response: ATM networks use long packets with varying sizes Your Answer is Correct.

13.Design phase in the linear sequential model deals with:.


14.In a network security policy, a statement on methods of data communication will be listed

under.

Correct Answer is : Data exchange

15.One of the advantages of using naming convention for access control is that -.

Correct Answer is : rules for protecting resources can be minimised

16.Project management needs are addressed first and artificial approach to development is adopted in.

Your Response: waterfall model or SDLC model Your Answer is Correct.

17.The difference between SCARF and Continuous and Intermittence Simulation (CIS) is : .

Correct Answer is : CIS requires modification of the database management system used by the application

18.The estimate of time which has the MOST important relevance in evaluation of the activities in a Program Evaluation Review Technique (PERT is:.

Correct Answer is : Most Likely time

19.To effectively prevent intrusion, usually the following controls are established. Of this which control BEST detects intrusion attempts effectively?.

Your Response: log of unsuccessful log on attempts are reviewed online and the active monitoring of the same by the security administrator


20.To provide the management with appropriate information about the process being used by the software development project and of the products being built is taken care by: .

Correct Answer is : Software quality assurance management

21.What is the control that should have been in vogue so as to enable detection of a change made in a payroll program by a computer operator?.

Correct Answer is : Review of the payroll by the payroll department on a regular basis.

22.What is the cross-reference in the workbench used for? .

Correct Answer is : Producing a cross-reference listing, indicating where all the program names are declared and used

23.Where a transaction processing application is very complex, involving many sources of data capture and many routes for output, the following control is used to ensure that transactions are not lost during processing..

Your Response: balancing procedures through the system itself automatically


24.Which aspect of storage management incorporates redundancy into the system to maintain performance:.

Correct Answer is : Reliability

25.Which of the following activities is a task during scenario analysis?.

Your Response: Identifying how threats can circumvent controls Your Answer is Correct.

26.Which of the following BEST describes a warm site?.

Correct Answer is : Partially equipped site where the computer environment consists of few equipment without the main computer.

27.Which of the following is considered the greatest threat to the corporate network, as far as cyber theft is concerned:.

Your Response: Employees who are connected to the corporate network Your Answer is Correct.

28.Which of the following is least likely to be a motivation to establish a QA role within IS function?.

Your Response: A QA role will substantially decrease the costs of review work and testing work associated with the development and implementation of an Information system


29.Which of the following is not part of an emergency plan?.

Your Response: Restart procedures Your Answer is Correct.

30.Which of the following requires two different keys for encryption and decryption:.

Correct Answer is : Asymmetric Cryptography

Test 19

Your results:

1.A Bluetooth piconet can have a maximum of __________ slaves..

Your Response: Seven Your Answer is Correct.

2.A main advantage of a standard access control software implemented properly is -.

Correct Answer is : authorized files are logically allowed access to authorized users

3.Which of the following statistical selection technique is least desirable for use by the IS auditor..

Correct Answer is : Cluster sampling selection technique

4.Which of these biometric tools use thermal sensors along with infrared rays for identification?.

Correct Answer is : Iris/Retinal scan



6.Which part of the Universal Mobile Telecommunication system (UMTS) network houses the ATM (Asynchronous Transfer Mode) standard? .

Correct Answer is : Core Network

7.As a basis of determining the size of the project, COCOMO model uses:.

Correct Answer is : Object Points

8.An IS auditor reviewing an organisation’s Business Continuity Plan discovered that the plan was prepared many years ago and has never been updated, tested or approved by the senior management. In this situation the IS auditor should recommend that:.

Your Response: A senior management personnel co-ordinate creation of a new plan or revised plan within a defined timeframe.


9.An online banking system permitted withdrawals from inactive customer accounts. Which of the following controls would prevent this weakness:.

Correct Answer is : Master file lookup

10.Artificial Intelligence is now being used in every sphere of life. Which of the following options justifies the statement? .

Correct Answer is : Ability to think like human beings

11.During the audit of automated Information systems, responsibility and reporting lines CANNOT be established since :.

Correct Answer is : In sharing of resources, ownership is difficult to be established.

12.Identify the contractual provision that is objective and enforceable among the parties involved

in a system development life cycle project? .

Correct Answer is : Penalties for late delivery





15.IS Auditor performing a security review will perform all the following steps. However he will begin with -.

Correct Answer is : An overview understanding of the functions being audited and evaluate the audit and business risk

16.Method used for identification of risk is called:.

Correct Answer is : Risk item checklist

17.Maintenance of adequate security measures over IS assets and accountability for the same rests with the:.

Correct Answer is : Data and System owners

18.Passwords are the commonly used technique to identify and authenticate a user to a computer system. Which of the following password-related factors cannot be tested by an auditor? .

Correct Answer is : Password secrecy



20.Stress testing is mainly done to test the _____________..

Correct Answer is : Website

21.The Digital Signature system uses the services of an Arbitrator to prevent.

Correct Answer is : the sender from disowning the message

22.The MOST ideal documentation for an Enterprise Product Re-engineering software installation is that .

Correct Answer is : All phases of the installation must be documented.

23.The primary consideration for a System Auditor , regarding internal control policies, procedures, and standards available in the IS department, is whether they are: .

Correct Answer is : Implemented

24.The statement which is NOT false regarding end user computing is:.

Correct Answer is : Catering to the user’s requirement is more in such systems.

25.Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organisation?.

Correct Answer is : applets damaging machines on the network by opening connections from the client machine

26.Which of the following controls applies to PIN transmission?.

Correct Answer is : a unique cipher must be generated for each transmission of the PIN

27.Which of the following does not reflect good control over use or removable storage media?.

Correct Answer is : sensitive files and non sensitive files should be stored on the same removable storage medium


Your Response: Lack of tools for source code generation Your Answer is Correct.

29.Which of the following is TRUE about most of the business continuity tests?.

Your Response: Evaluate the performance of personnel Your Answer is Correct.

30.Which of the following is true with regard to White Box Testing?.

Correct Answer is : It may involve testing every line of code.

Test 20

Your results:

1."_____________" is not exchanged immediately after a session between two nodes is started..

Your Response: MAC address of devices Your Answer is Correct.

2.A restriction controls that merges cells containing sensitive statistics is described as: .

Correct Answer is : Rolling up

3.A risk associated with the use of laptop computers is their loss or theft and consequent disclosure of confidential information stored on them. Which one of the following control measures is most effective and inexpensive to protect the information stored.

Correct Answer is : Removable data storage media

4.Accuracy of data is important most likely to a.

Your Response: Management control system Your Answer is Correct.

5.Which one of the following transmission media is unsuitable for handling intrabuilding data or voice communications? .

Correct Answer is : Microwave transmission

6.Which of these wireless technologies deploys Radio Frequency (RF) for a WLL (Wireless Local Loop)?.

Correct Answer is : Personal Communication system (PCS)

7.All the following application system controls are considered preventive in nature except: .

Correct Answer is : Batch control totals



9.An IS Auditor carrying out security review for verification of the implementation of certain security measures, will be LEAST concerned about -.

Correct Answer is : the timely and efficient delivery of information by the EDP department

10.Implementing a large distributed system involves a number of unique risks arising from both technical and management issues. Which one of the following risks is common to both risk categories? .

Your Response: Security mechanisms Your Answer is Correct.

11.In an ex-post review audit of the system development process, the auditor:.

Correct Answer is : evaluates the system development process, in general, as a basis for reducing the extent of substantive testing needed

12.In network protection technique of e-commerce, which one of the following use Secure Socket Layer(SSL):.

Your Response: Data encryption Your Answer is Correct.

13.Possible errors related to a security issue during application development can be identified by reviewing-.

Correct Answer is : Code reviews

14.The BEST and reliable form of evidence that assists the IS auditor to develop audit conclusions is :.

Correct Answer is : A Letter of confirmation received from an outsider regarding the account balance.

15.The class of control used to overcome problems before they acquire gigantic proportions is :.

Correct Answer is : Preventive

16.The component of Management Information System (MIS) that assist in planning and decision making in a organisation is/are: -.


17.The feature of Linux that allows changing password without altering or recompiling any utility is:.

Correct Answer is : Pluggable Authentication Module (PAM)

18.The main difference in terms of control between a manual system and a computer system is:.

Correct Answer is : the methodology for implementing the controls is not the same in both

19.The MOST ideal documentation for an Enterprise Product Re-engineering software installation is that .

Correct Answer is : All phases of the installation must be documented.

20.The primary advantage of the list-oriented approach to authorisation is:.

Correct Answer is : it allows efficient administration of capabilities

21.Where would you handle finite state machines in SDLC?.


22.To properly control access to accounting data held in a Database Management System, the database administrator should ensure that database system features are in place to permit:.

Correct Answer is : Access only to authorized logical views.

23.Which of the following actions should be undertaken when a file retention date expires?.

Correct Answer is : the file should be purged

24.Which of the following characteristics is not associated with a public key cryptosystem?.


25.Which of the following events is recorded on a public audit trail in a digital signature system?.

Correct Answer is : registration of public keys

26.Which of the following is addressed by software configuration management as part of Software quality assurance?.

Correct Answer is : At what point was the first baseline established?

27.Which of the following is NOT a feature of Software Keystroke loggers?.

Your Response: They cannot record BIOS passwords Your Answer is Correct.

28.Which of the following is true:.

Correct Answer is : In an integrated environment the project documents are stored in different places

29.Which of the following persons is not a member of the IT steering committee?.

Correct Answer is : The control group

30.Which of the following statements about encryption is NOT correct?.

Correct Answer is : Encryption will solve all problems of industrial espionage

Test 21

Your results:

1.A sampling technique that estimates the amount of overstatement in an account balance is termed as : .

Correct Answer is : Monetary Unit Sampling

2.A Software Quality Assurance team performs the job of:.


3.A verification process by adding one or more redundant digits added at the end of a word or number which was derived in relation to the other digits in the word or number is called -.

Correct Answer is : Check digit verification

4.While implementing an application control system the management wants to ensure that the critical fields in the master record are properly posted. Which of the following controls may best address their intention?.

Correct Answer is : Before and after maintenance report

5.Which of the following terms best describes the purpose of control practice over the input -.

Your Response: Completeness, accuracy and validity of input Your Answer is Correct.

6.Which of these access control mechanisms is not based on multi-level security?.

Correct Answer is : Role Based Access Control (RBA)

7.An analysis of the project requirements for the activities of an organisation is done in which stage of the Software Development Life Cycle (SDLC).

Correct Answer is : Business requirement specifications stage

8.Different controls are required in the software whether they are re purchased, customised or developed. The auditor while auditing the LAN determines that.

Correct Answer is : There exists a license agreement for purchased software

9.In which of the following services is Public Key Infrastructure (PKI) and Digital certification not a useful feature..

Your Response: Circuit Switching Your Answer is Correct.

10.Network performance monitoring tools will MOST affect which of the following?.

Your Response: availability Your Answer is Correct.

11.Most important risk to be addressed in an electronic data interchange (EDI transaction is:.

Correct Answer is : Duplicated transactions

12.Prototyping approach to system design is resorted to when.

Your Response: the designer is uncertain as well as the user about the requirements and it is likely to evolve as the design progresses


13.Software quality assurance envisages .

Correct Answer is : Error detection

14.The control procedure of installing the anti-virus software in the system is called -.

Correct Answer is : Preventive control

15.System development controls are designed to prevent all of the following EXCEPT:.

Your Response: Unauthorised program modification Your Answer is Correct.

16.What is the methodology used in the Novell Netware Operating System to implement the concept of Access control Lists?.

Correct Answer is : Trusteeship

17.To properly control access to accounting data held in a Database Management System, the database administrator should ensure that database system features are in place to permit:.

Correct Answer is : Access only to authorized logical views.

18.What is the maximum number of critical paths in a program evaluation review technique (PERT chart?.

Your Response: as many paths as there are in the chart Your Answer is Correct.

19.What is the similarity between a GSM (Global System for Mobile Communication) network and EDGE (Enhanced Data for GSM Environment)? .

Correct Answer is : Both use the TDMA frame structure

20.Which among the following statements about information systems personnel is NOT true?.

Your Response: IS personnel do not enjoy the as much power and clout in organizations as manual systems personnel do like the HR personnel


21.Which of the computer assisted audit techniques and tools help the auditor to identify the impact of delays and rescheduling audit plans .

Correct Answer is : Project management and audit tracking

22.Which of the following BEST describes an exposure?.

Correct Answer is : The expected loss that will occur, given the reliability of the existing controls

23.Which of the following combination of authentication mechanisms is arranged in the decreasing sequence of effectiveness against intrusion into computer systems?.

Correct Answer is : Challenge response, one-time password, password and PIN, password only

24.Which of the following instruments is used to measure atmospheric humidity in Data Centres?.

Correct Answer is : Hygrometer

25.Which of the following is considered the greatest threat to the corporate network, as far as cyber theft is concerned:.

Your Response: Employees who are connected to the corporate network Your Answer is Correct.



27.Which of the following lines prevents tapping?.

Correct Answer is : an optical fiber line

28.Which of the following is true:.

Correct Answer is : In an integrated environment the project documents are stored in different places

29.Which of the following resources not controlled by the application controls ?.

Correct Answer is : Data processing environment

30.Which of the following step forms part of an approach to IT audit.


Test 22

Your results:

1._______ ensures an undisturbed connection between two nodes during data exchange.

Correct Answer is : Session layer



3.Whichever language an application program may be written in, it can be executed on a computer only if the primary memory contains.

Correct Answer is : an operating system

4.While conducting a detailed system design, the IS Auditor would be LEAST concerned with:.

Correct Answer is : adequacy of hardware to handle the system

5.Which of the following statements regarding security concerns for lap top computers is NOT false?.

Correct Answer is : The primary methods of controls usually involves general controls

6.Which of the following terms best define a computer program looking “normal” but containing harmful code?.

Your Response: Trojan horse Your Answer is Correct.

7.Which one of the following is NOT true relating to the use of fiber optics:.

Correct Answer is : It has high risk of wire tapping

8.Which one of these features is specific to cross bar switches?.

Correct Answer is : Common control

9.Hacking by making use of information on waste/discarded paper is termed -.

Correct Answer is : Dumpster diving

10.In 802.5 Token Ring LAN, when a data frame is in circulation, where is the token?.

Correct Answer is : At the sending station



12.In switching over to an Electronic Fund Transfer (EFT) environment, which of the following risks DOES NOT occur?.

Correct Answer is : Increased cost per transaction

13.In the Software Capability Maturity Model, the Productivity and Quality of a software project is measured in:.

Correct Answer is : Level 4

14.Multi-layer IPsec is different from original IPsec because in ML-IPsec:.

Correct Answer is : Datagrams can be divided into different zones

15.Normal Post Office Protocol (POP) session has three different stages:1)Transaction state 2) Update state 3) Authorisation state.The correct sequence is.

Correct Answer is : 3,1,2

16.One of the production supervisors who has got access to the corporate database sold sensitive product pricing information to a competitor. Which of the following controls would best prevent such a situation?.

Correct Answer is : Access privileges are established on a need-to-know basis

17.Session-hijacking refers to.

Correct Answer is : A type of attack where the session ids of other users are guessed

18.The basic control requirement in a real time application system is :.

Your Response: Logging of all transactions Your Answer is Correct.

19.The basic purpose of an IS audit is :.

Your Response: To identify control objectives Your Answer is Correct.

20.The best way to delete a highly confidential file from a microcomputer would be by using which of the following:.

Correct Answer is : Disk utility

21.The BEST method of detecting the copying of illegal softwares onto a network is by:.

Your Response: Periodically checking all the hard disks. Your Answer is Correct.

22.The FIRST step in the review of an IT strategic plan is the review of the:.

Your Response: Business plan of the organisation. Your Answer is Correct.

23.The independence of an IS auditor who was involved in the development of an appliction system shall be impaired when he :.

Your Response: Actively involves himself while designing and implementing the application system.


24.The primary advantage of the list-oriented approach to authorisation is:.

Correct Answer is : it allows efficient administration of capabilities

25.The requirements specification phase needs a lot of operational viewpoint input in the early stage of a system development. Which of the following models that takes care of this aspect?.

Correct Answer is : Rapid prototyping model

26.User interface prototyping may NOT focus on : .

Correct Answer is : System performance

27.What feature of Linux allows a secure connection between client and server for generally insecure services such as Telnet?.

Correct Answer is : Secure Shell (SSH)

28.When emails are exchanged over the Internet, one server handles incoming mails and the other outgoing. With respect to this, which of the following options is true?.

Correct Answer is : POP3 handles incoming mails and SMTP handles outgoing.


Your Response: Active data dictionary system Your Answer is Correct.


Your Response: High cohesion of modules, low coupling of modules, and Your Answer is Correct.

high modularity of programs

Test 23

1.A “Dry pipe”, which is an arrangement to extinguish fires is: .

Your Response: A sprinkler system where the water does not enter the pipes until the automatic sensor indicates that there is a fire in the area


2.Access to an online system running an application program, requires users to validate themselves with a user ID and password. This helps in providing -.

Correct Answer is : data security

3.While conducting an audit, the auditor should.

Your Response: Insist that a security policy exists. However he may not accept the existing policy


4.While reviewing the telecommunication access control, the primary concern of the IS Auditor will be on the -.

Your Response: proper procedure for verification of User ID and passwords, ensuring authorisation and authentication before granting access to resources


5.Which one of the following is not a substantive test? .

Correct Answer is : Determining program changes are approved

6.Which one of the following risks is unique to wireless communication?.

Correct Answer is : Lack of physical security

7.Which one of the following standards is relevant for a company dealing with inspection and final testing?-.

Your Response: ISO 9003 Your Answer is Correct.


Your Response: User acceptance testing Your Answer is Correct.

9.According to Gartner, the three components of systems management are:Knowledge and control, Policy setting and Continuous improvement. Which of the following forms the foundation of systems management?.

Correct Answer is : Knowledge and control

10.As compared with other Information Systems, Executive Information Systems does NOT have the characteristic of .

Correct Answer is : Focusing on broad problems to a specific view.



12.During an audit of the tape management system at a data center, an IS auditor discovered that some parameters are set to bypass or ignore the labels written on tape header records. However, the IS auditor did not e that there were effective staging and jo.

Correct Answer is : staging and job set-up procedures compensate for the tape label control weakness

13.Every organisation should have a contingency plan regardless of its size. Contingency plan

should be detailed for the management and staff to actually act in event of a disaster. The contingency plan need not address.

Correct Answer is : Audit of the plan

14.For an effective application development, each of the following would help EXCEPT:.

Correct Answer is : Prioritisation of applications to be developed

15.In a Denial of Service attack, a TCP SYN flood attack is an example of:.

Correct Answer is : Network Resource exhaustion

16.In an IPF (Information processing facility) is typically a large computer centre, which of the following has the primary consideration for selecting of a site. .

Correct Answer is : provide security

17.In the case of online output, which of the following is LEAST LIKELY to be an exposure covered by disposition controls?.

Correct Answer is : Unauthorised viewing of confidential data displayed on a screen by a passerby

18.LAN configuration if altered without proper controls may lead to disrupted operations. Which of the following is the control objective over configuration change control for the continuous satisfactory operation of LAN?.

Correct Answer is : There exists a procedure for changing configuration

19.Logging of transaction is an important means of backup. Which purpose among the following is not served by logging the transactions in a financial institution?.

Your Response: There will be no need for taking a data dump Your Answer is Correct.

20.Network downtime is very costly and should be kept to minimum as much as possible. Which one of the following network monitoring devices is best suited in a multivendor data center? .

Correct Answer is : Protocol analyzer

21.Notebook computers are portable and used to access the company’s database while the executives are on travel. Which of the following would provide the least security for sensitive data stored on a notebook computer?.

Your Response: Using a locking device that can secure the notebook computer to an immovable object.




23.The comment which is a DISADVANTAGE concerning prototyping is:.

Your Response: Change controls are more problematic to achieve than in a traditional SDLC.


24.The use of multiple disks in Redundant Array of Independent arrays results in_______.

Correct Answer is : Increased MTBF (Mean Time Between Failure)



26.Which controls would protect production programs from unauthorised modifications:.

Correct Answer is : c Limiting accesses to source code by operators.

27.Which of the following controls would prevent unauthorized access to specific data elements in a database management system?.

Correct Answer is : Authorized user access privileges for each data file or element

28.Which of the following is TRUE about Electronic Data Interchange (EDI) application system?.

Correct Answer is : System that performs based on business needs and activities




30.Which of the following statements is (are) correct regarding the Internet as a commercially viable network?.

Correct Answer is : organisations must use firewalls if they wish to maintain security over internal data

Test 24

Your results:

1._______ ensures an undisturbed connection between two nodes during data exchange.

Correct Answer is : Session layer

2.A class-B GPRS terminal can support _________ service at a time..

Correct Answer is : GSM or GPRS



4.A successful project management practice involves training a project team to achieve desired goals. Under which process does this fall?.

Correct Answer is : Organising

5.With respect to BCP, critical activities can be segregated into:.

Correct Answer is : Essential activities, recommended activities, non-essential activities

6.Which one of the following is a control weakness in the treatment of user messages in electronic mail system? .

Correct Answer is : Editing of corrupted message by the network staff

7.Which one of the following local area network devices functions as a data regenerator? .

Correct Answer is : Repeater

8.Availability of computer time is taken care of in which part of the Project Planning and scheduling ? .

Your Response: Assumptions Your Answer is Correct.

9.Assuming some irregularities exist in a population, the sampling plan to identify at least one irregularity, and then to discontinue sampling when one irregularity is found is called :.

Correct Answer is : Discovery sampling

10.Difference between the spiral model and the incremental model is:.

Correct Answer is : The former does not ensure delivery of product after every iteration, the latter does

11.Embedded Systems make use of software called-.

Your Response: Firmware Your Answer is Correct.

12.Improper segregation of duties amongst programmers and computer operators may lead to the threat of :.

Correct Answer is : Unauthorised program changes.


Your Response: Remote processing site prior to transmission to the central processing site.


14.In a Denial of Service attack, a TCP SYN flood attack is an example of:.

Correct Answer is : Network Resource exhaustion



16.Output control is best described by which of the following ?.

Correct Answer is : the controls that provide reasonable assurance that all transactions are processed as authorised

17.Processes in a Transaction Processing System are: 1)Data Validation 2) Data Preparation 3) Data Entry. The order in which they are performed is:.

Correct Answer is : 2,3,1

18.Password control procedures incorporate all the following features EXCEPT -.

Your Response: Helping the user by reminding the users password through the screen


19.Software change management.

Correct Answer is : Is all about managing alterations, irrespective of the stage of lifecycle of a product

20.The definition of beta sites is:.

Correct Answer is : software environments where vendors send their product for evaluation from users angle

21.The most important process in an SSL session is:.

Correct Answer is : Server authentication



23.The residual dump technique in backup has the disadvantage of.

Correct Answer is : complexity of recovery more than a physical dump

24.The time required for recovery of information processing facility in the case of a disaster is based on which of following?.

Correct Answer is : Criticality of the operations affected

25.There are various techniques for telecommunication controls. Confidentiality of data is BEST maintained by.

Correct Answer is : data encryption technique

26.Whenever there is a modification made to an existing software, which of the following testing approaches should be used?.

Correct Answer is : Regression analysis and testing

27.Which feature gives Time Division Multiple Access the edge over other spread spectrum technologies?.

Correct Answer is : Elimination of interference

28.Which of the following is not a benefit provided by a distributed database?.

Your Response: Reduced costs Your Answer is Correct.

29.Which of the following is incorrect with regard to IP multicasting?.

Correct Answer is : It requires additional resources for efficient delivery of data.

30.Which of the following software defect prevention activities would ensure the highest Rate on Investment?.

Correct Answer is : Reviews with users/customers Design reviews

Test 25

Your results:

1.A catastrophic failure in a memory chip is due to:.

Your Response: Physical or electrical damage Your Answer is Correct.

2.A less formal review technique is: .

Your Response: Walkthroughs Your Answer is Correct.

3.A normally expected outcome of a business process re-engineering is that:.

Correct Answer is : It improves the product, service and profitability.

4.A reasonably controlled practice in the distributed executable programs that execute in background of a web browser client, like Java applets and ActiveX controls, is -.

Correct Answer is : acceptance of executable only from the established and trusted source

5.While reviewing an organisation that has a mainframe and a client/server environment where all production data reside, the IS auditor discovered several weaknesses. The most serious weakness of the following is -.

Your Response: Password controls are not administered over the client/server environment






8.Concept of charging an end-user on the number of times he/she has used the software is called:.

Your Response: Meterware Your Answer is Correct.


Your Response: Organisation has to disclose additional information than required in normal accounting standards


10.In an audit of the outsourcing process, the IS auditor would LAST perform the task of:.

Correct Answer is : Control Risk assessment.

11.In evaluation of an organisation’s IS strategy, which of the following would an IS auditor consider to be the MOST important criteri .

Correct Answer is : Adequately supporting the business objectives of the organisation.

12.Incompatible functions may be performed by the same individual either in the Information System department or in the User department. One compensating control for this situation is the use of:.

Correct Answer is : A log

13.Many automated tools are designed for testing and evaluating computer systems. Which one of the following such tools impact the system s performance with a greater load and stress on the system?.

Correct Answer is : Statistical software packages

14.Software piracy is a common threat to an organization and so while choosing an application software package what should be the prime consideration?.

Correct Answer is : Software licensing

15.Staffing the QA function is often difficult because:.

Your Response: information systems personnel tend to prefer a development role to a monitoring role



Correct Answer is : Logging of all transactions

17.The auditor plans to select a sample of transactions to assess the extent that purchase cash discounts may have been lost by the company. After assessing the risks associated with lost purchase discounts, the auditor was most likely to select a sample fro.

Correct Answer is : Paid non-EDI invoices

18.The DISADVANTAGE in cross training employees is that:.

Correct Answer is : Allow individuals to understand all parts of a system.

19.The science of cryptography provides all of the following safeguards except.

Correct Answer is : system availability



21.The testing process in which the user participate is called:.

Correct Answer is : a Acceptance testing

22.The use of multiple disks in Redundant Array of Independent arrays results in_______.

Correct Answer is : Increased MTBF (Mean Time Between Failure)

23.What is the maximum number of critical paths in a program evaluation review technique (PERT chart?.

Your Response: as many paths as there are in the chart Your Answer is Correct.



25.Which is the primary reason for replacing cheques with Electronic Funds Transfer (EFT) systems in the accounts payable area?.

Correct Answer is : to increase the efficiency of the payment process



27.Which of the following is not a function of the control section:.

Correct Answer is : altering source data to correct input errors

28.Which of the following is not a visual programming language?.

Correct Answer is : Visual C++ language

29.Which of the following is preventive as well as recovery control measure?.

Correct Answer is : Business Continuity Plan

30.Which of these components of NFS uses authentication?.

Your Response: Remote procedure call Your Answer is Correct.

Test 26

Your results:

1.____________ is a feature of cooperative architecture in distributed job scheduling..

Correct Answer is : Fault tolerance

2.A remote dial up order entry system using portable computers for sales man to place order should have the following control system to prevent it from misuse..

Correct Answer is : Frequent access code revalidation

3.Wiretapping CANNOT easily be done without detection in.

Your Response: optical fibre transmission Your Answer is Correct.

4.Which one of the following errors will occur because of overflow conditions? .

Correct Answer is : Process errors


Correct Answer is : User acceptance testing

6.After you enter a purchase order in an on-line system, you get the message, “The request could not be processed due to lack of funds in your budget”. This is an example of error.

Correct Answer is : Prevention

7.Hackers cover their tracks by masking their IP address. This is done through:.

Your Response: Proxy Chaining Your Answer is Correct.

8.Due to an important work, the senior computer operator has gone on a leave for ten days. In his place, the security officer has been asked to officiate. In this scenario, as an IS auditor which of the following would be the most appropriate..

Your Response: Inform the top management of the complexities and risks in doing so.


9.During the audit of automated Information systems, responsibility and reporting lines CANNOT be established since :.

Your Response: In sharing of resources, ownership is difficult to be established.


10.Dynamic Synchronous Transfer Mode(DTM) supports implementation of Virtual Private

Networks(VPNs) because of.

Correct Answer is : DTM Local Area Network (LAN) Emulation (DLE)

11.Expected losses associated with rounding errors in a calculation are MOST LIKELY to be mitigated by the following application program control?.

Your Response: Calling two or more subroutines that perform the same calculation using different algorithms


12.In a DeMilitarized Zone (DMZ) Network.

Correct Answer is : A firewall between the router and the WebServer and another between this Server and the local Server

13.In a software development process, the MOST useful parameter or activity for measuring the progress is.

Correct Answer is : milestones reached





16.The main DISADVANTAGE of using a PBX-based communication network for establishing a local area network is.

Correct Answer is : large volumes of data cannot be handled

17.The major risk in prototyping model is : .

Your Response: The prototype becomes the finished system Your Answer is Correct.

18.Which is the component not found in a data dictionary?.

Correct Answer is : Actual data

19.The sequence and level of testing of an item or function is decided at.

Correct Answer is : Test Plans

20.The snapshot technique involves:.

Correct Answer is : Taking picture of transaction as it flows through a system

21.The success of Control Self Assessment (CS depends on culture of the organisation, project leader and the skills of the people involved in CSA. While implementing, the pitfall to be avoided is.

Your Response: Generalisation of the planning process Your Answer is Correct.

22.To provide the management with appropriate information about the process being used by the software development project and of the products being built is taken care by: .

Your Response: Software quality assurance management Your Answer is Correct.

23.Which among the following is NOT a serious problem in a ring topology based LAN?.

Correct Answer is : Collision of tokens during transmission may occur

24.Which of the following best describes the role of QA management with respect to the information systems function?.

Correct Answer is : monitoring IS activities for compliance with IS standards

25.Which of the following is not a congestion management tool? .

Correct Answer is : Network traffic queuing

26.Which of the following is not a desirable control feature in a modem:.

Your Response: attenuation amplification Your Answer is Correct.


Correct Answer is : Lack of tools for source code generation



29.Which of the following is not true with regard to Black Box Testing..

Correct Answer is : Requires knowledge of internal working of the program.

30.Which of the following is not true with regard to Commercial Off-The-Shelf (COTS) systems:.

Correct Answer is : The component user has little or no control over the evolution of component

Test 27

Your results:

1.Which RAID (Redundant Array of Independent Disks) type makes use of embedded operating systems?.

Your Response: RAID-7 Your Answer is Correct.

2.While preparing a cost benefit analysis of a security objective for an electronic data interchange (EDI transaction, which one of the following costs should be part of a detection method?.

Correct Answer is : Cost of recovery action

3.Which of the following would greatly affect the project estimate if any changes made to it while developing a project?.

Correct Answer is : Scope

4.Which one of the following protocols is used by the Internet? .


5.Artificial Intelligence is now being used in every sphere of life. Which of the following options justifies the statement? .

Correct Answer is : Ability to think like human beings

6.Dial back modem uses which of the following feature for external access control?.

Correct Answer is : Port protection

7.Expansion of a network is easiest if the topology employed is:.

Correct Answer is : Star

8.During the review of logical access controls over a company’s various application systems, an auditor found that access controls are programmed into each application. The best recommendation in this situation is to:.

Correct Answer is : Consider the use of access control software.

9.In order to achieve more perfection of an already working software system, what method will be adopted?.

Correct Answer is : Program changes due to fine tuning of existing systems

10.In the case of a large database with on-line communication network environment where the critical business continuity period is 7 days, which of the following alternative business recovery strategies would be LEAST appropriate?.

Your Response: Reciprocal agreement Your Answer is Correct.



12.Organizations which are unable to create and maintain their own private networks are more likely to use.

Your Response: public switched network Your Answer is Correct.

13.Ring topology envisages.

Correct Answer is : connecting all communication channels to form a loop and each connection passing the communication to its neighbour to the appropriate destination



15.Software quality assurance envisages .

Correct Answer is : Error detection

16.The access control program in a Database Management system can control access to which of the following ?.

Correct Answer is : Data elements, files and records


Correct Answer is : Logging of all transactions

18.The auditor during the course of audit takes into consideration the materiality of the transaction. Which of the following would not be considered by the auditor to assess the materiality in case of non-financial transaction.

Your Response: Cost of providing physical access controls to the system Your Answer is Correct.

19.The auditor while reviewing the local area network (LAN) takes into consideration the purpose and processing environment. In the pre-audit phase the auditor.

Correct Answer is : Considers LAN utilities which are used by the company and take training on the same

20.The IEEE 802.4 Token bus LAN.

Your Response: Physically linear and logically a ring Your Answer is Correct.

21.The network of the company must be protected from remote access that may damage the company'.

Your Response: All the above Your Answer is Correct.

22.The process of creating sample transactions for processing through a system to generate results for comparison with predetermined results is: .

Correct Answer is : Use of a test deck

23.The success of Control Self Assessment (CS depends on culture of the organisation, project leader and the skills of the people involved in CSA. While implementing, the pitfall to be avoided is.

Correct Answer is : Generalisation of the planning process

24.Voice recognition software does/is not:.

Correct Answer is : Convert text into voice

25.What does a firewall do when a security incident occurs?.

Correct Answer is : Correlate events, as the firewall is the gatekeeper to the entire network

26.Which among the following is a detective control in a system development project?.

Correct Answer is : Periodical design and code walkthroughs



28.Which of the following decisions most likely cannot be made on the basis of performance monitoring statistics that are calculated:.

Correct Answer is : whether the system being monitored has provided users with a strategic advantage over their competitors

29.Which of the following faults is MOST LIKELY to be detected by a parity check?.

Correct Answer is : Corruption of data in a register by electromagnetic interfaces

30.Which of the following statements is not a benefit for using the Voice-over-Internet protocol?.

Correct Answer is : Use of vocoder

Test 28

Your results:

1.---------- is a security protocol that can be used with Multipurpose Internet Mail Extension (MIME) to send messages through mixed transport systems, because of object-based features..

Correct Answer is : S/MIME (Secure/Multipurpose Internet Mail Extension)



3.A security management system should undertake _____________..


4.Which one of the following uses a modem technology as a common means of communicating between computers? .

Your Response: Public switched telephone network Your Answer is Correct.

5.Concentration technique in a communication network DOES NOT.

Correct Answer is : reduce the wiretapper’s capabilities to tap more data

6.Electronic methods of data transfer are involved in all of the following except:.

Correct Answer is : stand alone data processing

7.Find the CRITICAL PATH among the following paths in a PERT chart? Path 1: A-D-E-G- 120 MANDAYS, Path 2: A-B-C-D-G- 125 MANDAYS, Path 3: A-F-G -135 MANDAYS, Path 4: A-B-F-G -137 MANDAYS .

Correct Answer is : Path 3

8.Generation of PIN in EFT/PoS involves: 1. Acquirer validates information; 2. Acquirer sends resonse to the acceptor; 3. Authorisation request is sent to the acquirer; 4. PIN entered is encrypted. Which option indicates the correct order of events?.

Correct Answer is : 4,3,1,2


Your Response: Remote processing site prior to transmission to the Your Answer is Correct.

central processing site.

10.In an electronic data interchange (EDI) system, assessment of risks would help to determine which one of the following loss categories?.

Correct Answer is : Expected loss, single occurrence loss

11.In TPC benchmarks, the performance is measured in terms of.

Correct Answer is : Transactions per second

12.In resolving legal complications, e-mail systems act as an important medium of evidence since:.

Correct Answer is : Excessive cycles of backup files remain due to availability of poor housekeeping.

13.In the case of a large database with on-line communication network environment where the critical business continuity period is 7 days, which of the following alternative business recovery strategies would be LEAST appropriate?.

Your Response: Reciprocal agreement Your Answer is Correct.

14.Internal testing is a part of __________.

Correct Answer is : Penetration testing

15.Introducing CASE tools in a main frame environment is MOST likely to encounter.

Correct Answer is : huge data conversion efforts

16.Rollback is easily accomplished with differential file backup technique for which of the following reasons?.

Correct Answer is : Beforeimages of the modified records have been kept in the differential file

17.Spooling software can be subject to one of the following control problem:.

Correct Answer is : It can be used to obtain an unauthorized copy of a report.

18.Which application of Biometrics employs speech recognition systems?.

Correct Answer is : Telecommunications

19.The data flow diagram can be used to:.

Correct Answer is : Determine requirements of user.

20.The Internet protocol (IP) address is.

Correct Answer is : Can change even if the Domain Name remains the same

21.The primary purpose of Quality of Services is to.

Correct Answer is : Improved services to specified flows

22.The smallest unit of information on a hard disk is called:.

Correct Answer is : Cluster

23.Uninterruptible Power Supplies (UPS) are used in computer centers to reduce the likelihood of :.

Correct Answer is : losing data stored in main memory



25.Which of the following can be construed as a COMPREHENSIVE preventive method in locating a bug? .

Correct Answer is : Formal inspections

26.Which of the following is not a component of Electronic Data Interchange?.

Correct Answer is : Management Involvement

27.Which of the following is not a responsibility of the production control section with respect to acquisition of consumables that the information systems function uses?.

Correct Answer is : performing credit control checks on vendors who provide consumables

28.Which of the following is TRUE in relation to the input controls of EDI ?.

Correct Answer is : The data that is entered into the system should have sequence numbers

29.Which of the following is true with regard to fibre optics?.

Correct Answer is : It consists of an inner core and outer cladding.

30.Which of the following network risk apply to EDI transactions irrespective of the type of network involved?.

Your Response: The data being intercepted and disclosed to others without authorisation


Test 29

Your results:

1.A less formal review technique is: .

Your Response: Walkthroughs Your Answer is Correct.

2.A good email policy should state that:.

Your Response: All personal mail should be labelled Your Answer is Correct.

3.A network security policy need not include.

Correct Answer is : Penetration testing

4.Which phase of SDLC uses Data Flow Diagram? .


5.While arguing the need for an IS auditor to be involved in a system development, which of the following is LEAST important?.

Correct Answer is : the number of lines to be written

6.Which of this is not an internal access control mechanism?.

Correct Answer is : Host-based authentication

7.Which one of the following is NOT an essential component of a distributed computing environment? .

Correct Answer is : Unix platform

8.Which one of the following network architectures is designed to provide data services using physical networks that are more reliable and offer greater bandwidth? .

Your Response: Integrated services digital network (ISDN) Your Answer is Correct.

9.Which one of the following standards is relevant for a company dealing with inspection and final testing?-.

Your Response: ISO 9003 Your Answer is Correct.

10.An acceptable situation when IS product selection and purchase are done internally is when:.

Correct Answer is : The purchases are done in line with the company’s long and short term

technology plans.

11.An incorrect end-of-file protocol in an application update program tends to result in which of the following? .

Correct Answer is : Transaction file records not being processed

12.Control over data preparation is important because:.

Your Response: it can be a major bottleneck in the work flow in a data processing installation




14.For which of the following audit tests, parallel simulation would be an appropriate approach: .

Your Response: Re-calculating amounts for declining balance depreciation charges


15.Security assessment of capability levels does not involve:.

Your Response: Eliminating the incorporation of security architecture Your Answer is Correct.

16.LAN configuration if altered without proper controls may lead to disrupted operations. Which of the following is the control objective over configuration change control for the continuous satisfactory operation of LAN?.

Correct Answer is : There exists a procedure for changing configuration

17.The BEST and reliable form of evidence that assists the IS auditor to develop audit conclusions is :.

Correct Answer is : A Letter of confirmation received from an outsider regarding the account balance.

18.The Commercial Off-The-Shelf software is:.

Your Response: Maintained and controlled by original developer only Your Answer is Correct.



20.The IMPORTANT benefit of risk assessment approach compared to baseline approach to IS security management is that:.

Correct Answer is : Adequate levels of protection are applied to information assets.



22.The purpose of electronic signature is.

Correct Answer is : to establish the authenticity of the message

23.The risk that the conclusion based on a sample might be different from the conclusion based on examination of the entire population is called .

Correct Answer is : Sampling risk

24.The statement which is NOT false regarding end user computing is:.

Correct Answer is : Catering to the user’s requirement is more in such systems.

25.To disable easy detection of password, it should be arranged in the following convention as shown below:.

Your Response: XW7_TU Your Answer is Correct.

26.Transmission of electronic signals is not free of impairments. Which of the following statements is true?.

Correct Answer is : Inductive wiretaps can pick up the free space emissions emanating from amplifiers

27.Which is the function that the audit software does not perform?.

Correct Answer is : Decide on the sampling method to be used



29.Which of the following is false related to watermarking?.

Your Response: It identifies the user with the help of a serial number Your Answer is Correct.

30.Which of the following should be verified by an IS auditor reviewing a Business Continuity Plan?.

Correct Answer is : Plan is reviewed and updated regularly.

Test 30

Your results:

1.A lower cost software product metric that is used for data collection : .

Correct Answer is : Defect counts

2.A macro virus infections in a computer will __________..

Correct Answer is : Destroys document files

3.A procedure to have an overall environmental review which is NOT performed by an IS auditor during pre audit planning is .

Correct Answer is : Determining adherence of regulatory requirements by conducting compliance tests.

4.While auditing the logical access control, the auditor need not review:.

Correct Answer is : Bugs in the firewall

5.While conducting a business continuity audit, which of the following would an IS auditor consider to be MOST important to review?.

Correct Answer is : Backups are performed on a timely basis and stored offsite

6.Which one of the following forms a part of transmission control in EDI control layers?.

Correct Answer is : Interchange

7.Which one of the following is the most essential activity for effective computer capacity planning: .

Your Response: Workload forecasting Your Answer is Correct.

8.Which one of the following network architectures is designed to provide data services using physical networks that are more reliable and offer greater bandwidth? .

Your Response: Integrated services digital network (ISDN) Your Answer is Correct.

9.An auditor suspected that a program calculating interest on advances gave erroneous results for certain conditions. In an earlier audit, the auditor found no evidence of erroneous processing.

The best audit technique for investigating possible errors in t.

Your Response: Snapshot Your Answer is Correct.

10.Computer Forensics inspection has limitations due to?.

Correct Answer is : Legal restrictions in the form of limited search warrants

11.BCP (Business Continuity Plan) should focus on:.

Your Response: The entire enterpris Your Answer is Correct.

12.Custom Software Agreement should include a pre-acceptance performance standard to measure the software'.

Correct Answer is : Load Testing

13.Extensible Markup Language or XML differs from HTML in the sense that.

Correct Answer is : It allows the applications to define its own tags and semantics



15.In System Development Life Cycle (SDLC) the functional specification are translated into the logical and physical design during ___________ stage.

Correct Answer is : Detailed design specification

16.ISO 9000:2000 standards are based on eight quality management principles. One of the principles follows the systems approach to management, which has various advantages. Which of the following comes within the purview of this approach?.


17.Many automated tools are designed for testing and evaluating computer systems. Which one of the following such tools impact the system s performance with a greater load and stress on the system?.

Correct Answer is : Statistical software packages





20.The FIRST and preliminary step in the process of information security program establishment is :.

Correct Answer is : Framing and adherence of a Corporate IS policy statement

21.The information systems requirements plan is derived directly from the:.

Your Response: information systems strategic plan Your Answer is Correct.

22.The modifications done in an image can be determined by.

Correct Answer is : Tamper proofing

23.The objective of using System Control Audit Review File (SCARF within the application is for collecting following information except: .

Your Response: Lack of internal program documentation Your Answer is Correct.

24.Under certain conditions, an inventory batch-update program ignores transactions with invalid transaction code types. Which of the following controls would detect the presence of such errors in processing: .

Correct Answer is : Hash total

25.Which of the following is not a characteristic of a modem?.

Correct Answer is : Data Accuracy

26.Which of the following employs client-server computing?.

Correct Answer is : Networked multimedia


Correct Answer is : High cohesion of modules, low coupling of modules, and high modularity of programs

28.Which of the following is NOT a Top-Level Domain (TLD)?.

Your Response: co Your Answer is Correct.

29.Which of the following is the control information that prevents undetected removal of the last page of a batch report?.

Correct Answer is : End-of-job marker

30.Which of the following statements about national and international information systems standard is true?.

Correct Answer is : widespread acceptance of national and international information systems standards can undermine an organisation’s competitive position

Documents

Sample Question Paper