Assessment 1 Gamified Quiz

JACKSON ABRAHAM THEKKEKARA .
(237650@icai.org)
Status : Fail
Assessment Date : 27-04-2023 18:13:08 (GMT+05:30)
Performance Level : Low
31.00 120.00 72.00

Your Total Assessment Cut-Off marks
Score Score (Pass Marks)
25.83 L
Your Performance
Percentage Category
This report helps you to achieve your targets

as per below stated objectives:
Improve your conceptual understanding
Address specific areas of improvement personalized
to you
Performance Categories
Based on the performance of the students, we have framed the following categories to place you in accordance with your performance
Performance Category Definitions
Excellent
Outstanding level of performance indicates that the candidate has done excellent work and mastered the concepts.
High
High level of performance indicates that the candidate has done above average work and mastered almost all the concepts.
Moderate
Acceptable level of performance indicates that the candidate has done average work and has mastered many of the concepts.
Low
Needs improvement in performance indicates that the candidate has done and mastered very few or none of the concepts.
Performance Criteria
PERFORMANCE CATEGORY RANGE
Excellent 91% to 100% of Max Marks
High 81% to 90% of Max Marks
Moderate 61% to 80% of Max Marks
Low Below 60% of Max Marks
Performance Category based on student marks
SECTION (GROUP) EXCELLENT HIGH MODERATE LOW
ISA 3 0 (DAAB) 109.20 and above 97.20 to 108.00 73.20 to 96.00 Below 72.00
Overall Score 109.20 and above 97.20 to 108.00 73.20 to 96.00 Below and equal to 72.00
Where do you stand?
SECTION (GROUP) SCORE PERFORMANCE CATEGORY
ISA 3 0 (DAAB) 31.00 / 120.00 L
Overall Score 31.00 / 120.00 L
Recommendations and Suggestions

1. Based on your overall scores:
Your overall score falls in the L category. Please attain more knowledge and practice more number of questions.
2. Based on your section-wise performance:
You seem to be inadequate in all sections. Please attain more knowledge and practice more number of questions.
3. Some general suggestions to optimize your score:
The best performers plan and allocate equal time to each section.
Overall Performance Analysis

The below table shows section-wise analysis of marks scored by you vs your peers who cleared the assessment, time spent by you vs your peers who cleared the
assessment, your percentage, your accuracy and number of correct, incorrect, unanswered and marked for review questions.
TIME AVERAGE
MARKS AVERAGE SPENT TIME YOUR YOUR MAX NO OF MARKED
SECTION SCORED MARKS BY SPENT SECTION SECTION TOTAL QUESTIONS QUESTIONS CORRECT INCORRECT UNANSWERED FOR
(GROUP) BY YOU OF YOU BY PERCENTAGE ACCURACY QUESTIONS - TO ATTEMPTED REVIEW
OTHERS (IN OTHERS ATTEMPT
MINS) (IN MINS)
ISA 3 0
31.00 53.67 39:22 76:58 25.83% 25.83% 120 120 120 31 89 0 0
(DAAB)
Total 31.00 53.67 39:22 76:58 25.83% 25.83% 120 120 120 31 89 0 0
Note:The percentage (%) and accuracy below the prescribed values (60 %) are shown in red color
Below pie-chart shows section-wise percentage of marks scored and bar graph gives a comparison of your marks with your peers who cleared the assessment
Section-wise marks Your marks Vs Avg marks of others

60
48
36
24
12
ISA 3 0, 31
0
30
ISA
Your marks
Average marks of others who cleared this assessment
ISA 3 0
2020 Online Exam wise Count Analysis 2020 Online Exam wise Score Analysis
30 10
23
8
24 8
7
18
17
6
16
15
18 6
Count
Score
4
12 4
8
7
6
6 2
4
0
0
0
0
0
0
0
0
0
0
0
0 0
..
.
..
...
..
..
I...
..
..
T..
T..
D.
TI.
N.
N.
G.
N.
AC
QU
DI
MA
NA
AU
MA
TIO
IO
LA
T,
AU
AC
AT
GU
OR
MA
EN
EM
LA
EM
RM
EM
T,
RE
NF
GU
PM
ST
EM
ST
EN
FO
ST
I
SY
ND
RE
SY
LO
OF
ST
PM
SY
IN
N
TA
ND
VE
SY
N
LO
IO
OF
IO
DE
TIO
AC
N
IO
TA
AT
VE
AT
IO
N
AT
EM
EC
RM
IT
AC
DE
TIO
RM
AT
RM
OT
C,
ST
FO
RM
IT
EM
FO
EC
GR
SY
FO
PR
C,
IN
OT
IN
ST
FO
GR
IN
SY
PR
IN
Correct Count Incorrect Count
Unanswered Count Marked For Review Count Correct Score Incorrect Score
Impact of Incorrect Responses

Below table provides the marks lost due to incorrect responses.
SECTION(GROUP) NUMBER OF INCORRECT RESPONSES MARKS LOST DUE TO INCORRECT RESPONSES TOTAL SCORE IF INCORRECT RESPONSES WERE NOT MARKED
ISA 3 0(grp1) 89 0 31
Overall 89 0 31.00
In order to attempt more accurately, consider the following suggestions while attempting the questions:
1. If you are not able to solve a question correctly or have doubts in your approach towards the solution, skip it for later.
2. Quickly revise the steps for avoiding calculation or casual mistakes.
3. Avoid guesswork.
Time Management
Below table shows the time you spent in each section and the average time spent by others(students who cleared this assessment).
SECTION (GROUP) TIME SPENT BY YOU (IN MINS) AVERAGE TIME SPENT BY OTHERS (IN MINS)
ISA 3 0 (DAAB) 39:22 76:58
Total time spent 39:22 76:58
Time Level Analysis

2020 Online Exam wise Time Analysis
20
Time (In Mins)
16
19.23
12
8.8
8
1.82
1.75
1.65
1.55
2.8
0.92
0.57
0.28
4
0
0
0
0
0
0
0
0
0
0
0
...
...
...
...
R..
ST
PM
ST
NF
ND
SY
SY
I
LO
OF
TA
N
N
VE
IO
IO
N
AC
DE
TIO
AT
AT
IT
EM
RM
RM
EC
C,
ST
OT
FO
FO
GR
SY
PR
IN
IN
Time spent on correct
Time spent on incorrect
Time spent on unanswered
Time spent on marked for review
Recommendations
1. It is essential for each aspirant to plan and schedule time for each section diligently. This is important to score well in each section and ultimately meet the cut-off.
2. This will also help you in attempting all the questions in each section and hence not missing the opportunity to score more.
Response Change Pattern

Below table provides the number of times you have changed your responses while answering the test and also the nature of those response changes.
SECTION(GROUP) CORRECT TO INCORRECT INCORRECT TO CORRECT INCORRECT TO INCORRECT CORRECT TO UNANSWERED INCORRECT TO UNANSWERED
ISA 3 0 (DAAB) 1 7 3 0 0
Overall 1 7 3 0 0
It is suggested that guesswork should be avoided for any type of response changes. It has been observed that more often than not, guesswork leads to an incorrect
response thereby inviting negative marks which in turn has an adverse effect on the overall rank.
You must use your knowledge, observation and elimination skills to arrive at the correct answer.
Interpretation and Suggestions

1. Incorrect to incorrect response change:
You may need to work more on the concept level, in order to gain confidence.
2. Incorrect to correct response change:
At the first glance you were not very sure about the solution.
You must spend at least 1 minute per question and if you are not able to reach to the solution, you must revisit the question to enhance your score.
Perform this response change only when you are confident or have spotted a mistake in the solution of your first response.
3. Correct to incorrect response change:
You are not sure of the solution and have either applied a wrong concept or made a calculation mistake.
You need to practice more questions on the same concept.
4. Correct to unanswered response change:
You are not sure of the solution
You need to practice more questions on the same concept.
Perform this response change only when you are not confident of your solution.
You must try to spend at least 1 min before leaving it unanswered.
5. Incorrect to unanswered response change:
Your judgment of avoiding negative marks is right.
You must try to spend at least 1 min before leaving it unanswered.
Overview: ISA 3 0
The below table provides your marks in ISA 3 0 along with the average marks scored by the others (students who cleared this assessment) and the marks scored by the
topper.
MARKS SCORED AVERAGE MARKS OF ISA 3 0 HIGHEST ISA 3 0 MARKS SCORED YOUR SECTION YOUR SECTION TIME SPENT BY AVERAGE TIME SPENT BY
BY YOU OTHERS SCORE BY THE TOPPER PERCENTAGE ACCURACY YOU (IN MINS) OTHERS (IN MINS)
112.00 /
31.00 / 120.00 53.67 / 120.00 112.00 / 120.00 25.83% 25.83% 39:22 76:58
120.00
Note:The percentage (%) and accuracy below the prescribed values (60%) are shown in red color
Question wise Analysis
Correct, 31
Marked for Review, 0

UnAnswered, 0
InCorrect, 89
Correct InCorrect UnAnswered Marked for Review
Performance Analysis: ISA 3 0

1. The below table analyzes your performance at question level and presents it in terms of :
isQuestionmandatory
Topic
ExT
Exceltest
Introtest
Legaltest
CAATtest
MTBOS
test
ISA
Chapter Name
Test001
BFSI
New BFSI
BFSI Attempt 2
BFSI ASSESSMENTSample
BFSI A 3
New BFSI A3
Appellate Key
Module 2
IASB Concurrent Assesment
Wealth Key
Final Appeal
Forex Assessment
2020 Online Exam
2. It highlights conceptually strong and improvement areas within the section and areas that require reinforcement of concepts.
3. The accuracy of the response to each question and time spent are correlated and interpreted in terms of expert advice on preparedness level.
Question wise details

Please click on question to view detailed analysis
= Not Evaluated = Evaluated = Correct = Incorrect = Not Attempted = Marked for Review
= Answered = Correct Option = Your Option
Question Details
Q1. Which of the following should an IS auditor do when they find that a critical Disaster Recovery Plan (DRP) does not cover all of the
systems?
2020 Online Exam : INFORMATION SYSTEM AUDIT PROCESS

Status : Correct
Options :
1. Determine the impact of the non-inclusion of a critical system in the DRP

2. Postpone the audit
3. Continue an audit of the existing DRP
4. Call for an explanation from management for not covering all the Systems
Timespent (in sec): 80 Correct to Incorrect: 0 Incorrect to Correct: 0 Incorrect to Incorrect: 0 Correct to unanswered: 0 Incorrect to unanswered: 0
Comments: You are on the right preparation track on this topic.
Q2. The best objective for the creation of an audit charter is to:

Status : Incorrect
Options :
1. Determine the audit resource requirements

2. Document the mission and long-term strategy of the audit department
3. Determine the code of conduct for the audit team
4. Provide the authority and responsibility of the audit function
Comments: You have most probably committed a numerical or conceptual mistake or you would have guessed the answer.
Q3. Which of the following is regarded as the most secure transmission medium?
2020 Online Exam : PROTECTION OF INFORMATION SYSTEM ASSETS

Status : Correct
Options :
1. Fiber optic wires
2. A UTP
3. A twisted-pair wire
4. A copper wire
Q4. The best auditing tool to capture transactions as per the predefined criteria is:

Status : Correct
Options :
1. Embedded Audit Modules (eams)

2. CIS
3. SCARF
4. Audit hooks
Q5. Which of the following is used in an e-commerce application to ensure that a Transaction is enforceable?
2020 Online Exam : GRC, IT ACT AND REGULATIONS, BCM

Status : Correct
Options :
1. Access control
2. Authentication
3. Encryption
4. Non-repudiation
Q6. An advantage of using a bottom-up approach as opposed to a top-down Approach is:
2020 Online Exam : SYSTEM DEVELOPMENT, ACQUISITION, IMPLEMENTATION AND MAINTENANCE, APPLICATION SYSTEM AUDIT
Status : Incorrect
Options :
1. Errors can be found early on in critical modules

2. Testing will only take place after all the systems have been completed
3. Interface errors can be noticed early
4. Confidence is earlier achieved in the method
Q7. Which of the following is the fastest technique for determining data-file Change management controls?
2020 Online Exam : INFORMATION SYSTEM MANAGEMENT AND OPERATIONS

Status : Correct
Options :
1. One-to-one file checking

2. Access confidentiality
3. Transaction logs
4. Backup files
Q8. An inadequate software baseline can result in which of the following?
Status : Correct
Options :
1. Scope creep
2. Inadequate security
3. High resource requirements
4. Inadequate UAT
Q9. The most effective method for conducting stress tests is:
Status : Correct
Options :
1. Using test data within the test environment

2. Using live data within the production environment
3. Using live data within the test environment
4. Using test data within the production environment
Q10. What is the most important aspect for patch updating for an operating system?

Status : Incorrect
Options :
1. Post-update regression testing
2. Approval from the owner of the information system asset
3. Approval from the information security team
4. Adequate training for the system administrator
Q11. What is the first step in the implementation of access control?

Status : Correct
Options :
1. Group IT assets
2. Categorize IT assets
3. Implement an access control list
4. Creating an inventory of IT assets
Q12. An IS auditor’s role in implementing a CSA should be:

Status : Incorrect
Options :
1. They're in charge
2. They're a sponsor
3. They're a reviewer
4. They're a facilitator
Q13. Which of the following should be the first exercise while reviewing data center Security?

Status : Incorrect
Options :
1. The evaluation of the physical security arrangement

2. The evaluation of vulnerabilities and threats to the data center location
3. The evaluation of the business continuity arrangement for the data Center
4. The evaluation of the logical security arrangement
Q14. What is the most important function that IS management performs in such Situations where an organization has outsourced
some of its IS processes?

Status : Incorrect
Options :
1. Ensuring that charges for outsourcing are paid in compliance with the SLA
2. Providing training to the staff of outsourcing vendors
3. Levying a penalty for non-compliance
4. Monitoring the outsourcing provider's performance
Q15. The effectiveness of a BCP can be evaluated by reviewing:

Status : Incorrect
Options :
1. The involvement of various stakeholders

2. Plan test results
3. Employee awareness regarding the plan
4. Offsite controls
Q16. Which of the following options best describes the process of assessing a risk?

Status : Incorrect
Options :
1. Subject-oriented
2. Object-oriented
3. Mathematics-oriented
4. Statistics-oriented
Q17. Need-to-know access control can be best ensured by:

Status : Incorrect
Options :
1. Implementing application-level access control
2. Encrypting databases
3. Enabling HTTPS control
4. Deploying network monitoring control
Q18. An IS auditor notes that several incidents were assigned the wrong priorities And hence were not able to achieve the defined SLA.
Which of the following is The most important concern?

Status : Incorrect
Options :
1. The support model was not documented

2. The support model was not approved
3. The support model was not properly designed and executed
4. The SLA contains an unrealistic resolution time
Q19. Which of the following type of test would be relevant when an organization Needs to determine whether a replacement or
modified system is capable of Functioning in its target environment without affecting other existing systems?
Status : Correct
Options :
1. Regression testing
2. Sociability testing
3. Interface/integration testing
4. Pilot testing
Q20. An organization has implemented two-factor authentication that involves a Token and a PIN. Which of the following is an
important rule to be included in The security policy?

Status : Incorrect
Options :
1. The token should not be taken out of the workplace

2. The token should be kept separate from the user's laptop
3. The PIN should be random
4. The PIN should not be written down anywhere
Q21. The most important consideration when establishing an offsite facility is the Fact that:

Status : Incorrect
Options :
1. The offsite facility is located at a different geographical location and is Not subject to the same risks as the primary site
2. The offsite facility is provided with the same level of protection as the Primary site
3. The offsite facility is managed by a reliable third party
4. The offsite facility is approved by the Board of Directors
Q22. Which audit involves the independent evaluation of software products, Verifying it's configuration items?

Status : Incorrect
Options :
1. Functional audit
2. Integrated audit
3. Specialized audit
4. Compliance audit
Q23. The approach to unit testing is:
Status : Incorrect
Options :
1. Top-down
2. Black box
3. Bottom-up
4. White box
Q24. The technique to evaluate project progression in terms of time, cost, and Schedule, and to determine estimates of these by
completion, is which of the Following?
Status : Correct
Options :
1. EVA
2. FPA
3. PERT
4. CPM
Q25. What is the objective of code signing?

Status : Incorrect
Options :
1. Ensuring that software has not subsequently modified
2. Ensuring smooth integration with other code-signed systems
3. Ensuring the integrity of the private key
4. Ensuring the availability of the system
Q26. The BEST way to schedule a follow-up for audit findings is to:

Status : Incorrect
Options :
1. Schedule a follow-up audit based on closure due dates

2. Schedule a follow-up audit only during the next audit cycle
3. Schedule a follow-up audit on a surprise basis to determine whether remediation is in progress
4. Schedule a follow-up audit when findings escalate to incidents
Q27. The first task in preparing a DRP is:

Status : Correct
Options :
1. To design a recovery strategy

2. To conduct a BIA
3. To make arrangements for an alternate site
4. To test a DRP
Q28. An IS auditor notes that users are granted occasional authority to change a System. What should the IS auditor's first step be?

Status : Incorrect
Options :
1. Determine whether this process is allowed by policy

2. Determine whether the training of the users is adequate
3. Determine whether logs are captured for these changes
4. Determine the availability of compensatory controls for this process
Q29. Which of the following alternate sites is already provisioned with basic Infrastructure, such as electric cabling, heating, ventilation
and AC Arrangements, and flooring, but does not have systems and other Communications equipment?

Status : Correct
Options :
1. A cold site
2. A warm site
3. A hot site
4. A mirrored site
Q30. What is the objective of library control software?

Status : Incorrect
Options :
1. Providing assurance that program changes are authorized

2. Providing assurance that program changes are tested
3. Providing assurance that areas are automatically moved to production
4. Providing assurance that only developers can access a program
Q31. Following the merger of two companies, a new common interface would Replace several self-developed legacy applications.
Which of the following Options constitutes the biggest risk?

Status : Incorrect
Options :
1. Project management and progress reporting is integrated in an External consultant-driven project management department
2. The substitute plan consists of several independent projects without Incorporating resource allocation in an approach to portfolio Management
3. Each organization's resources become inefficiently distributed as they Become acquainted with the legacy systems of the other organization
4. The new platform would push both company's business areas to adjust Their job procedures, resulting in extensive training requirements
Q32. How can the optimal configuration of a server be ensured?

Status : Incorrect
Options :
1. Benchmarking with industry standards
2. Log capturing
3. Server utilization reports
4. Network protocol reports
Q33. An IS auditor noted a system vulnerability. To address all the undetected Vulnerabilities, which of the following tests is
recommended?
Status : Correct
Options :
1. Integration testing
2. Stress testing
3. System testing
4. Security testing
Q34. Which of the following is an important aspect of patch management?

Status : Incorrect
Options :
1. Conducting an impact analysis before the installation of a patch

2. The selection of a well-established vendor for patch management
3. The availability of a documented patch management process
4. The immediate installation of security patches
Q35. To implement access control, which of the following is the first step?

Status : Incorrect
Options :
1. To categorize the IS resources

2. To group the IS resources
3. To implement access control rules
4. To create an inventory of the IS resources
Q36. Which of the following is a major concern regarding the use of the DHCP?

Status : Correct
Options :
1. Use of the application layer firewall
2. Access to the network port is not restricted
3. Antivirus software is updated every month
4. Two-factor authentication is implemented
Q37. An IS auditor noted that a project, which is expected to be completed in 2 Years, has utilized only 25% of the budget after
completion of the first year. The auditor should first determine which of the following?
Status : Incorrect
Options :
1. Work completed compared against the completion schedule

2. Whether the project budget can be reduced
3. The process for estimating project duration
4. The process for estimating project cost
Q38. The most important consideration in a business case is which of the following?
Status : Correct
Options :
1. The cost of the project
2. The resource requirements for the project
3. The ROI of the project
4. The security requirements of the project
Q39. The audit function should be reported to the audit committee of the board Because:

Status : Incorrect
Options :
1. The audit function has few resources

2. The audit function must be independent of the business function and Should have direct access to the audit committee of the board
3. No other function should use the resources of the audit function
4. The audit function can use their own authority to complete the audit On a priority basis
Q40. With respect to the IT security baseline, the IS auditor should first ensure:

Status : Incorrect
Options :
1. The documentation
2. Sufficiency
3. Audit and compliance
4. The process
Q41. To determine whether an organization has complied with a privacy Requirement, the IS auditor should first:

Status : Incorrect
Options :
1. Review the IT architecture

2. Review the standard operating procedure for IT processes
3. Review the legal and regulatory requirements
4. Review the risk register
Q42. A PRIMARY advantage of the CSA program is that it:

Status : Correct
Options :
1. Helps in the early detection of risks

2. Helps in reducing audit activities
3. Helps to reduce the cost of control
4. Helps to reduce audit resources
Q43. Which of the following is considered the best method to prevent unauthorized Access to critical databases?

Status : Correct
Options :
1. Servers are placed in a restricted area

2. Servers are placed under CCTV surveillance
3. Online access is blocked after a specified number of unsuccessful login attempts
4. An access card is required to access online terminals
Q44. Which of the following should be included in an audit charter?

Status : Incorrect
Options :
1. Annual audit planning

2. The audit function's reporting structure
3. Guidelines for drafting audit reports
4. An annual audit calendar
Q45. Which of the following is looked at first by an IS auditor when reviewing the Security of the local area network?

Status : Correct
Options :
1. The authentication factor

2. The penetration testing report
3. A user access review
4. A diagram of the network
Q46. The most effective method to protect the organization from identity theft is:

Status : Incorrect
Options :
1. SSO
2. User-specific terminals
3. User access review
4. Two-factor authentication
Q47. An IS auditor would be primarily influenced by:

Status : Correct
Options :
1. The charter of the audit department

2. The representation by management
3. The structure of the organization
4. The number of outsourcing arrangements
Q48. The BIA determines:

Status : Incorrect
Options :
1. Processes that generate the most financial value

2. Processes that should be recovered as a priority to ensure an organization's survival
3. Processes that are aligned with the business strategy
4. Processes that have a direct impact on customer service
Q49. Which of the following does the use of network performance monitoring tools Directly affect?

Status : Incorrect
Options :
1. The confidentiality of a system

2. The integrity of a system
3. The accuracy of the system
4. The availability of a system
Q50. An IS auditor has observed inadequate controls of remote access for a critical Application. The auditor should:

Status : Incorrect
Options :
1. Revise the finding, considering the management views

2. Withdraw the finding because the IDS controls are in place
3. Withdraw the finding because firewall rules are monitored
4. Document the audit findings in the audit report
Q51. Which of the following changeovers comes with the greatest risk?
Status : Incorrect
Options :
1. Parallel
2. Pilot
3. Phased
4. Direct cutover
Q52. Which of the following is a major concern for an in-house-developed Application?

Status : Incorrect
Options :
1. A delay in implementation due to user acceptance testing

2. An inadequate budget estimate
3. A delay in implementation due to unit testing
4. A change request being initiated and approved by the same employee
Q53. An enterprise is considering investing significantly in infrastructure Improvements. Which of the following are the most critical
options to Consider?

Status : Incorrect
Options :
1. A cost analysis
2. The safety risks associated with the latest technology
3. Compatibility with existing systems
4. A risk analysis
Q54. An IS auditor is conducting a post-implementation review of an ERM system. They are most likely to review:
Status : Incorrect
Options :
1. Access control settings

2. The procedure for unit testing
3. The procedure for system testing
4. Detailed design documentation
Q55. The prime objective of assigning process ownership in a system development Project is to do which of the following?
Status : Incorrect
Options :
1. Help in keeping an eye on the completion of the project

2. Help in efficient and effective UAT
3. Ensure that project requirements are aligned with business needs
4. Minimize the impact of scope creep
Q56. The prime advantage of an audit team directly extracting data from a general Ledger system is:

Status : Correct
Options :
1. No dependency on an auditee
2. Quicker access to information
3. More flexibility in the audit process
4. More reliability of data
Q57. Which of the following is the best way to ensure that the service provider Adheres to the security requirements of the
organization?

Status : Incorrect
Options :
1. By obtaining a sign-off from all the users of the service provider
2. By including an indemnity clause in the SLA with the service provider
3. By providing annual security awareness training for all users
4. By easing the security requirements
Q58. The role of the IT steering committee is:

Status : Correct
Options :
1. To suggest a technology strategy

2. To approve and control funds for IT initiatives
3. To monitor the outsourcing of contracts
4. To review IT frameworks
Q59. To review the adequacy of management’s remediation action plan, the most Important factor is:

Status : Correct
Options :
1. The approval of the remediation action by senior management

2. The man-days required for future audit work
3. Potential cost savings
4. The criticality of the audit findings
Q60. The main reason for meeting with auditees before formally releasing the audit Report is to:

Status : Incorrect
Options :
1. Ensure all the important issues are covered

2. Gain agreement on the findings
3. Obtain feedback on the audit procedures
4. Finalize the structure of the final audit report
Q61. Which of the following is an IS auditor's first step in reviewing access control For client server environments?

Status : Incorrect
Options :
1. Determining the network access point

2. Determining placement of the firewall
3. Determining the authentication system
4. Determining logical access control
Q62. Which of the following is the primary criterion for determining the severity of Service disruption?

Status : Incorrect
Options :
1. The amount of recovery

2. The period of downtime
3. The nature of the disruption
4. Negative market impact
Q63. A dry pipe fire extinguisher contains:

Status : Incorrect
Options :
1. FM-200 gas
2. Nitrogen
3. Water that resides in the pipe with special water-tight sealants
4. Water, but it enters the pipe only when a fire has been detected
Q64. Which of the following is a major concern for an IS auditor reviewing a thirdparty Agreement?

Status : Correct
Options :
1. A "right to audit" clause not being included

2. A penalty clause for adverse performance not being included
3. The agreement with no mention of poor performance for negative Performance
4. The service provider's liability limitation clause not being included
Q65. Which of the following is the most important aspect of planning an audit?

Status : Incorrect
Options :
1. Identifying high-risk processes

2. Identifying the experience and capabilities of audit staff
3. Identifying control testing procedures of the audit
4. Determining the audit schedule
Q66. The most effective tool for obtaining audit evidence through digital data is:

Status : Incorrect
Options :
1. Structured Query Language

2. Extracted reports from applications
3. Risk and control testing tools
4. Caats
Q67. An IS auditor notes that storage resources are continuously added. What Should they review?

Status : Incorrect
Options :
1. The adequacy of offsite storage

2. The capacity management process
3. The data compression process
4. The incident management process
Q68. Which of the following will help to protect a network from acting as a zombie In a denial-of-service attack?

Status : Incorrect
Options :
1. Deny all incoming traffic with the source address of the critical host
2. Deny all incoming traffic with the spoofed source IP
3. Deny all incoming and outgoing traffic for the critical host
4. Deny all outgoing traffic with the external source address
Q69. To ensure an effective DRP, it is most important that:

Status : Correct
Options :
1. The recovery plan is stored at an alternate site

2. The recovery plan is communicated to all users
3. The recovery plan is tested regularly
4. The recovery plan is approved by senior management
Q70. In a risk-focused audit, which of the following is the most critical step?

Status : Incorrect
Options :
1. Determining the high-risk processes

2. Determining the capability of audit resources
3. Determining the audit procedure
4. Determining the audit schedule
Q71. An IS auditor evaluating an IT governance framework will be more concerned About:

Status : Incorrect
Options :
1. The limited involvement of senior management

2. The ROI not being monitored
3. The IT Balanced Scorecard not being implemented
4. The IT risk management process not being documented
Q72. The document that delegates authority to the audit department is:

Status : Correct
Options :
1. The audit planner

2. The audit charter
3. The IT policy
4. The risk assessment and treatment document
Q73. Which of the following is the best reason for a senior audit manager reviewing The work of an auditor?
Status : Incorrect
Options :
1. Quality requirements
2. SLA requirements
3. Professional standards
4. Client requirements
Q74. The IS auditor's primary focus during the post-implementation review is:
Status : Incorrect
Options :
1. To determine appropriate documentation of user feedback

2. To determine whether the return on investment is being measured
3. To determine the operating effectiveness of the controls built into the System
4. To review change management procedures
Q75. A major risk in the Agile development process is which of the following?
Status : Incorrect
Options :
1. Inadequate documentation
2. Inadequate testing
3. Inadequate requirement gathering
4. Inadequate user involvement
Q76. Which of the following is the most important clause to be included in an SLA?

Status : Incorrect
Options :
1. The types of hardware to be used

2. The software configuration to be used
3. The ownership of intellectual property
4. Employee training policies to be implemented
Q77. Which of the following is the first step in the implementation of a problem Management mechanism?

Status : Incorrect
Options :
1. Reporting an exception
2. Root cause analysis
3. Risk analysis
4. Ranking exceptions
Q78. Which of the following is the main objective of the BIA?

Status : Incorrect
Options :
1. To define a recovery strategy

2. To identify an alternate site
3. To define a testing methodology
4. To determine loss expectancy
Q79. In the prototyping method, change control can be impacted by which of the Following?
Status : Incorrect
Options :
1. User participation
2. Frequent changes in requirements and design
3. The trial-and-error method
4. Limited budgets
Q80. Which of the following can be considered most reliable evidence?
Status : Incorrect
Options :
1. Confirmation letter from a relevant third party

2. Information available on open source
3. Assurance from management
4. Ratio prepared by the auditor from data supplied by management
Q81. A review of the change management process indicates that the process is not Fully documented and also that some migration
processes failed. What should The next step for the IS auditor be?

Status : Incorrect
Options :
1. Trying to get further information about the findings through root Cause analysis
2. Report the findings to the audit committee of the board
3. Recommend reframing the change management process
4. Recommend discontinuing the migration process until the change Management process is documented
Q82. Which of the following is considered the most effective access control Mechanism?

Status : Incorrect
Options :
1. A fingerprint scanner
2. A password
3. A cipher lock
4. An electronic access card
Q83. Which of the following is a major concern when IT is not involved in a system Selection procedure?

Status : Incorrect
Options :
1. The application's security checks do not meet requirements

2. The program may not satisfy business users' requirements
3. The application technologies may be incompatible with the Architecture of the organization
4. The program can result in unexpected IT support problems
Q84. The test results of the DRP indicate that server performance at the recovery site Is slow. What should be the next course of action
for an IS auditor?

Status : Incorrect
Options :
1. A review log that captures processes at the recovery site

2. A review process for conducting tests and documenting results
3. Reviewing the DRP from the point of view of adequacy
4. Reviewing the server setting configurations and comparing these with The primary site
Q85. Which of the following is the main objective of a post-implementation review?
Status : Incorrect
Options :
1. Documentation of lessons learned

2. Identification of future enhancements
3. To determine timely delivery of the project
4. To determine whether the project objectives have been met
Q86. Which audit involves specific tests of controls to demonstrate adherence to Specific regulatory or industry standards?

Status : Incorrect
Options :
1. Operational audit
2. Compliance audit
3. Integrated audit
4. Financial audit
Q87. What is the first step after the replacement of hardware?

Status : Correct
Options :
1. Sync the hardware with the hot site

2. Updating the IT asset inventory
3. Identify and assess the vulnerability
4. Conduct risk assessment
Q88. In an EDI environment, which of the following procedures ensures the Completeness of an inbound transaction?

Status : Incorrect
Options :
1. The process for transaction authentication

2. The build segment count coming to the transaction set trailer of the Sender
3. An audit trail
4. The segregation of duties for high-risk transactions
Q89. How is existing database integrity best assured?

Status : Incorrect
Options :
1. Log monitoring
2. Table link checks
3. Query time checks
4. Rollback features
Q90. The effectiveness of an IT governance implementation can be most effectively Determined by:

Status : Incorrect
Options :
1. Ensuring that the objectives are defined

2. Ensuring the involvement of stakeholders
3. The identification of emerging risks
4. Ensuring that relevant enablers are determined
Q91. Which of the following is the greatest concern for an immediate cutover to the New system?
Status : Incorrect
Options :
1. The lack of a backup plan

2. User acceptance testing has not been properly documented
3. The project deadline is extended
4. Users are not trained properly to use the new system
Q92. An IS auditor should use professional judgement primarily to ensure:

Status : Incorrect
Options :
1. Appropriate audit evidence will be collected

2. All deficiencies will be detected
3. Significant risk will be corrected within a reasonable time
4. An audit will be completed within the defined time frame
Q93. The scope, authority, and responsibility of the IS audit function is defined by:

Status : Incorrect
Options :
1. The approved audit charter

2. The head of the IT department
3. The operational head of the department
4. The head of audit
Q94. Which of the following provides the greatest assurance about the control Effectiveness of a third-party service provider?

Status : Incorrect
Options :
1. The clauses in the SLA

2. An independent audit report
3. The Business Continuity Plan (BCP) document of the service provider
4. The number of employees in the information security team of the Service provider
Q95. Which of the following is the best process to use to test program changes?

Status : Incorrect
Options :
1. Reviewing samples of change authorization first and then analyzing The relevant modified programs
2. Conducting a walk-through of the program changes from beginning to End
3. Reviewing samples of change authorization first and then analyzing The supporting change authorization
4. Using automated tools to analyze change authorization for missing Fields
Q96. How is the portability of an application with a database ensured?

Status : Correct
Options :
1. Atomicity
2. Structured Query Language
3. Table link error checks
4. Tracing and tagging
Q97. Which of the following is a major concern for an IS auditor reviewing the General IT controls of an organization?

Status : Incorrect
Options :
1. No restriction for connecting external laptops to the network

2. Multi-factor authentication for user access
3. Standalone terminals are placed at an insecure location
4. The organization takes more than 1 month to close the audit findings
Q98. The technique used by banks for the prevention of transposition and Transcription mistakes, thus ensuring the integrity of bank
account numbers Allotted to customers, is which of the following?
Status : Incorrect
Options :
1. Limit checks
2. Parity bits
3. Check digits
4. Range checks
Q99. Which of the following would be a major concern in the absence of established audit objectives?
Status : Correct
Options :
1. Not being able to determine the audit's budget

2. Not being able to identify key stakeholders
3. Not being able to determine key business risks
4. Not being able to determine previous audit findings
Q100. The use of a CAAT tool will impact which of the following attributes of Evidence?

Status : Incorrect
Options :
1. Appropriateness
2. Sufficiency
3. Reliability
4. Relevance
Q101. Which of the following should be revalidated first when planning to add more Personnel to the project to reduce the completion
time?
Status : Incorrect
Options :
1. The project budget

2. The project manager's performance
3. The critical path of the project
4. The number of existing resources
Q102. What is the most reliable source of evidence for verifying an ISP's compliance With an SLA?

Status : Incorrect
Options :
1. The downtime report produced by the ISP

2. The downtime report maintained by the organization
3. The availability report produced by the ISP
4. The utilization report maintained by the organization
Q103. A default deny access control policy:

Status : Incorrect
Options :
1. Allows approved traffic and rejects all other traffic

2. Denies specific traffic and allows all other traffic
3. Is used for allowing access from a trusted network to a protected System
4. Allows traffic as per the discretion of the network administrator
Q104. The BEST way for an IS auditor to follow up on the closure activities is to:

Status : Incorrect
Options :
1. Provide management with a remediation timeline and verify Adherence

2. Conduct a review of the controls after the projected remediation date
3. Continue to audit the failed controls according to the audit schedule
4. Review the progress of remediation regularly
Q105. To achieve the organization's objective, the most important consideration for an IT department is to have which of the
following:

Status : Incorrect
Options :
1. A budget-oriented philosophy
2. Long- and short-term strategies
3. The latest technology
4. Documented IT processes and guidelines
Q106. The IS auditor notes that the system malfunctioned after the installation of a Security patch. Which of the following is the best
control for such an incident?

Status : Incorrect
Options :
1. Patch installation should be conducted only by the system Administrator

2. The change management procedure should be followed for patch Installation
3. The patch management process should be outsourced to third-party Service providers
4. The approval of the business manager should be obtained for patch Installation
Q107. The most effective and fastest backup strategy for data restoration is:

Status : Incorrect
Options :
1. A full backup
2. A differential backup
3. A grandfather-father-son rotation backup
4. An incremental backup
Q108. The most important factor to be reviewed for an outsourced cloud hosting Service is which of the following?

Status : Incorrect
Options :
1. Whether the vendor agrees to provide an internal audit report every Year
2. Whether the vendor agrees to provide an internal audit completion Certificate every year
3. Whether the vendor agrees to provide management certifications of Compliance to the organization as a policy every year
4. Whether the vendor agrees to provide an external independent audit Report every year
Q109. A test that is conducted when a system is in the development phase is:
Status : Incorrect
Options :
1. A sociability test
2. A functionality test
3. A load test
4. A unit test
Q110. An IS auditor should review the router controls and settings during:

Status : Incorrect
Options :
1. The review of physical security

2. The review of network security
3. The review of the backup process
4. The review of the data center
Q111. The backup strategy that demands the highest media capacity for backup storage Is:

Status : Incorrect
Options :
1. A full backup
3. A grandfather-father-son rotation backup
Q112. Which of the following should be reviewed to determine the level of access Available for different users?

Status : Incorrect
Options :
1. System file configuration

2. Log files
3. Job descriptions
4. User access review
Q113. How should you determine the correctness of individual transaction balances That are migrated from one database to another?

Status : Correct
Options :
1. A hash total should be compared before and after migration

2. You should verify the migrated individual account balance on a Sample basis
3. You should compare the number of records before and after migration
4. The control total should be compared before and after migration
Q114. In which of the following backup strategies is a backup taken of the full database Irrespective of the previous backup?

Status : Incorrect
Options :
1. A full backup
3. A day's end backup
Q115. Which of the following documents will help the most in developing a BCP?

Status : Incorrect
Options :
1. An external audit report

2. A risk assessment
3. A resource analysis
4. A gap analysis
Q116. Controls that predict potential problems before their occurrence are what kind Of controls?

Status : Correct
Options :
1. Preventive controls
2. Detective controls
3. Corrective controls
4. Compensating controls
Q117. For an online transaction processing system's database, what is the integrity of Transactions maintained by?

Status : Incorrect
Options :
1. Tagging and tracking control

2. Commitment and rollback control
3. Access review control
4. Log monitoring control
Q118. The primary control objective of job rotations is to achieve which of the Following?

Status : Incorrect
Options :
1. To provide cross-training
2. To motivate employees
3. To detect improper or illegal employee acts
4. To improve efficiency and productivity
Q119. Which of the following is the next step once the audit findings have been Identified?
Status : Correct
Options :
1. Discuss it with auditee management to find agreement on the findings

2. Determine remedial measures for the findings
3. Inform senior management about the findings
4. Obtain assurance from management to close the findings
Q120. An IS auditor should first review which of the following biometric life cycle Stages?

Status : Incorrect
Options :
1. The termination process

2. The enrollment stage
3. The storage process
4. The identification process
Individual Score Level Analysis

IN
FO Count
RM
AT
0
6
12
18
24
30
IO
N
SY
ST
EM
AU 7
D. 17
GR ..
C,
IT 0
AC
TA 0
ND
RE
GU 6
LA
TI. 15
..
Correct Count
SY
ST 0
EM
DE 0
Unanswered Count
VE
LO
PM
EN
T, 8
AC
IN ... 16
FO
RM 0
AT
IO 0
N
SY
ST
EM
MA 6
N. 18
PR ..
OT
EC 0
TIO
0
Incorrect Count
N
OF
INF
OR 4
MA
2020 Online Exam wise Count Analysis
T..
. 23
Marked For Review Count
0
0
IN
FO
RM Score
AT
IO
0
2
4
6
8
10
N
SY
ST
EM
AU
GR DI
T.. 7
C, .
IT
AC
TA 0
ND
RE
GU
LA
TIO
SY N. 6
ST
EM ..
DE
0
Comparative Score Level Analysis
VE
LO
PM
EN
T,
AC
Correct Score
IN QU 8
FO I...
RM
AT
IO 0
N
SY
ST
EM
MA
PR NA 6
G.
OT ..
EC
TIO
N 0
Incorrect Score
OF
IN
FO
RM
AT
IO 4
2020 Online Exam wise Score Analysis
N.
..
0
2020 Online Exam wise Score Analysis
10
8
8
6
6
Score
4
4
0.55
0.48
0.42
0.38
0.24
2
0
.
..
I...
..
..
T..
N.
G.
N.
QU
DI
NA
TIO
IO
AU
AC
AT
MA
LA
RM
EM
T,
GU
EM
EN
FO
ST
RE
ST
PM
SY
IN
ND
SY
LO
N
OF
N
IO
TA
VE
IO
N
AT
AC
DE
TIO
AT
RM
RM
IT
EM
EC
FO
C,
OT
ST
FO
GR
IN
SY
PR
IN
Marks of yours Average marks of others
Your Response Change Pattern: ISA 3 0

The below table provides the number of times you have changed your responses to the ISA 3 0 questions and also the nature of those response changes.
CORRECT TO INCORRECT INCORRECT TO CORRECT INCORRECT TO INCORRECT CORRECT TO UNANSWERED INCORRECT TO UNANSWERED
1 7 3 0 0
Time Analysis: ISA 3 0
Below graph represent the time you spent in each section and the average time spent by others.

20
Time (In Mins)
16
19.23
12
8.8
8
1.82
1.75
1.65
1.55
2.8
0.92
0.57
0.28
4
0
0
0
0
0
0
0
0
0
0
0
...
...
...
...
R..
ST
PM
ST
NF
ND
SY
SY
I
LO
OF
TA
N
N
VE
IO
IO
N
AC
DE
TIO
AT
AT
IT
EM
RM
RM
EC
C,
ST
OT
FO
FO
GR
SY
PR
IN
IN
Time spent on correct

Time spent on incorrect
Time spent on unanswered
Time spent on marked for review
Comparative Time Level Analysis

1.4K
Time (In Mins)
1.12K
1.32K
840
545
560
88.13
214
192
37.06
30.54
40.3
36.5
280
89
0 .
..
I...
..
..
T..
N.
N.
G.
QU
DI
NA
TIO
IO
AU
AC
AT
MA
LA
RM
EM
T,
GU
EM
EN
FO
ST
RE
ST
PM
SY
IN
ND
SY
LO
N
OF
N
IO
TA
VE
IO
N
AT
AC
DE
TIO
AT
RM
RM
IT
EM
EC
FO
C,
OT
ST
FO
GR
IN
SY
PR
IN
Time spent by you Average time spent by others
Preparedness Analysis: ISA 3 0

The below table represents the percentage accuracy achieved at the analysis level.
Conceptual errors, for which you would require more reading and understanding of concepts.
Minor or careless mistakes, for which you would require a more composed and calm approach towards solving the question paper.
The topics marked in red need your immediate attention.
2020 Online Exam wise analysis.

TOTAL QUESTIONS MARKED FOR %
2020 ONLINE EXAM CORRECT INCORRECT UNANSWERED
QUESTIONS ATTEMPTED REVIEW ACCURACY
INFORMATION SYSTEM AUDIT PROCESS 24 24 7 17 0 0 29.17%

TOTAL QUESTIONS MARKED FOR %
2020 ONLINE EXAM CORRECT INCORRECT UNANSWERED
QUESTIONS ATTEMPTED REVIEW ACCURACY
GRC, IT ACT AND REGULATIONS, BCM 21 21 6 15 0 0 28.57%
SYSTEM DEVELOPMENT, ACQUISITION, IMPLEMENTATION AND

24 24 8 16 0 0 33.33%
MAINTENANCE, APPLICATION SYSTEM AUDIT
INFORMATION SYSTEM MANAGEMENT AND OPERATIONS 24 24 6 18 0 0 25.00%
PROTECTION OF INFORMATION SYSTEM ASSETS 27 27 4 23 0 0 14.81%
Total 120 120 31 89 0 0 25.83%
Note:The percentage (%) and accuracy below the prescribed values (60%) are shown in red color

Assessment 1 Gamified Quiz

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Assessment 1 Gamified Quiz

Uploaded by

Copyright:

Available Formats

JACKSON ABRAHAM THEKKEKARA .

31.00 120.00 72.00

This report helps you to achieve your targets

Performance Category Definitions

PERFORMANCE CATEGORY RANGE

Excellent 91% to 100% of Max Marks

High 81% to 90% of Max Marks

Moderate 61% to 80% of Max Marks

Low Below 60% of Max Marks

Performance Category based on student marks

SECTION (GROUP) EXCELLENT HIGH MODERATE LOW

SECTION (GROUP) SCORE PERFORMANCE CATEGORY

ISA 3 0 (DAAB) 31.00 / 120.00 L

Overall Score 31.00 / 120.00 L

Recommendations and Suggestions

Overall Performance Analysis

Section-wise marks Your marks Vs Avg marks of others

Impact of Incorrect Responses

ISA 3 0 (DAAB) 39:22 76:58

Total time spent 39:22 76:58

Time Level Analysis

Response Change Pattern

Interpretation and Suggestions

Marked for Review, 0

Correct InCorrect UnAnswered Marked for Review

Performance Analysis: ISA 3 0

Question wise details

2020 Online Exam : INFORMATION SYSTEM AUDIT PROCESS

1. Determine the impact of the non-inclusion of a critical system in the DRP

2020 Online Exam : INFORMATION SYSTEM AUDIT PROCESS

1. Determine the audit resource requirements

2020 Online Exam : PROTECTION OF INFORMATION SYSTEM ASSETS

2020 Online Exam : INFORMATION SYSTEM AUDIT PROCESS

1. Embedded Audit Modules (eams)

2020 Online Exam : GRC, IT ACT AND REGULATIONS, BCM

1. Errors can be found early on in critical modules

2020 Online Exam : INFORMATION SYSTEM MANAGEMENT AND OPERATIONS

1. One-to-one file checking

Q8. An inadequate software baseline can result in which of the following?

1. Using test data within the test environment

2020 Online Exam : INFORMATION SYSTEM MANAGEMENT AND OPERATIONS

Q11. What is the first step in the implementation of access control?

2020 Online Exam : INFORMATION SYSTEM MANAGEMENT AND OPERATIONS

2020 Online Exam : INFORMATION SYSTEM AUDIT PROCESS

2020 Online Exam : INFORMATION SYSTEM AUDIT PROCESS

1. The evaluation of the physical security arrangement

2020 Online Exam : GRC, IT ACT AND REGULATIONS, BCM

Q15. The effectiveness of a BCP can be evaluated by reviewing:

2020 Online Exam : GRC, IT ACT AND REGULATIONS, BCM

1. The involvement of various stakeholders

2020 Online Exam : PROTECTION OF INFORMATION SYSTEM ASSETS

Q17. Need-to-know access control can be best ensured by:

2020 Online Exam : PROTECTION OF INFORMATION SYSTEM ASSETS

2020 Online Exam : INFORMATION SYSTEM MANAGEMENT AND OPERATIONS

1. The support model was not documented

2020 Online Exam : PROTECTION OF INFORMATION SYSTEM ASSETS

1. The token should not be taken out of the workplace

2020 Online Exam : GRC, IT ACT AND REGULATIONS, BCM

2020 Online Exam : INFORMATION SYSTEM AUDIT PROCESS

Q23. The approach to unit testing is:

Q25. What is the objective of code signing?

2020 Online Exam : INFORMATION SYSTEM MANAGEMENT AND OPERATIONS

2020 Online Exam : INFORMATION SYSTEM AUDIT PROCESS

1. Schedule a follow-up audit based on closure due dates