Seat No:______________ Enrollment No:______________________

PARUL UNIVERSITY
FACULTY OF MANAGEMENT
MBA Summer 2016-17, Examination
Semester: 4 Date: 31/05/2017
Subject Code: 06205253 Time: 2:00pm to 5:00pm
Subject Name: Information System And Audit Control Total Marks: 60
Instructions:
1. Attempt all questions from each section.
2. Figures to the right indicate full marks.
3. Make suitable assumptions wherever necessary.
4. Write section-A, section-B on separate answer sheets.
SECTION-A
Q.1 (a) Multiple Choice Questions: (03)
1. From an information systems audit perspective, which of the following is the
most valuable asset in an information systems facility:
a) Hardware
b) Database
c) Personnel
d) Software
2. Over which type of risk does the auditor have greatest control?
a) Desired audit risk
b) Inherent risk
c) Control risk
d) Detection risk
3. Which of the following controls is most likely to protect an organization’s
information systems from computer hackers?
a) Card-key locks
b) A virus detection program
c) Encryption of programs
d) Hard-to-determine password
Q.1 (b) Define the Following terms: (03)
a. Risk Assessment
b. Threat
c. Black-box testing
Q.2 Describe two controls that should exist over storage of removable storage media for: (08)
a. A mainframe computer with a large number of users
b. A micro computer with only one user.
Q.3 (a) Explain DA’s & DBA’s responsibilities with respect to: (04)
a. Definition Control
b. Concurrency control
Q.3 (b) Explain any three objectives of information systems auditing. (03)
OR
Q.3 (a) In context to Information system assets, identify two sources of threat that are external (04)
to organization and two sources of threats that are internal to an organization. Give an
example of a threat that might eventuate from each source.
Q.3 (b) Differentiate between Big Bang Testing & Incremental Testing (03)
Q.4 For each of the following threats, give a control that might reduce exposures: (09)
a. Pirated software
b. Violation of the licensing conditions pertaining to a proprietary database
c. Employee use of an organization‘s computer time for private purpose.

Page 1 of 2
 SECTION B -
Q.1 (a) Multiple Choice Questions: (03)
1. DES is an example of a:
a) Short-key cipher system
b) Weak-algorithm cipher system
c) long-key cipher system
d) Non-parity cipher system
2. A check for missing data is an example of a:
a) Record check
b) Set membership check
c) Field check
d) Batch check
3. Which of the following transmission media is most resistant to wiretapping?
a) Optical fibre
b) Satellite microwave
c) Twisted-pair wire
d) Infrared
Q.1 (b) Define the following terms: (03)
a. Digital Signature
b. Cryptography
c. Differential file
Q.2 What is a check digit? Calculate the check digit for the number 82936 using the (08)
weights 1-2-1-2-1 & modulus 10. Show also that the check digit you have calculated is
correct.
Q.3 (a) Discuss any two types of data input validation checks. (04)
Q.3 (b) What is the purpose of accounting audit trail in communication subsystem? List four (03)
items that might be contained in the accounting audit trail in communication
subsystem.
OR
Q.3 (a) Distinguish between the following discretionary access control policies that are (04)
exercised in the database subsystem:
a. Name-dependent access control
b. Content-dependent access control
c. Context-dependent access control
d. History-dependent access control
Q.3 (b) Briefly explain the nature of the following types of application program validation (03)
checks in the processing subsystem with example:
i. Range check
ii. Sign check
Q.4 Why should plastic cards and PIN mailers never be mailed at the same time to a (09)
customer? What is the purpose of using premailers prior to mailing a PIN or a card?
What actions should be taken by the issuing institution when a card is returned
because the customer’s address is no longer current?

Page 2 of 2