Professional Documents
Culture Documents
Q. Self Service assistance to users provided by help desk such as resetting passwords etc. is
1 considered which level of assistence? Ans. Level 0 level 4 level 0 level 2 level 1
Component based Object oriented Web based
Ans. Web based application application software application Sprial
2 Q. Which of the following model user need to know URL to access the app? deveopment. development development development Development
3 Q. Who is responsible for classification of data in a Dept? Ans. Data owner
Engineering Packaged Technical
4 Q. Expert system is an example of‐ Ans. Knowledge Software. Knowledge Software Software Software Software
Q. Which of the following interface testing approach, a tester may start at top or bottom level TOP DOWN BOTTOM UP SANDWICH MIDDLE LEVEL
5 and depending on Situation move downward or upward? Ans. Sandwich Approach APPROACH APPROACH APPROACH APPROACH
CYCLIC
Q.Which of the following tool is considered useful for comparing processing output with INTEGRATED TEST REDUNDANCY
6 independentlycalculated data? Ans. Integrated Test facility FACILITY CHECK DIGIT HASH TOTAL CHECK
Q. The practice of limiting permissions to the minimal level that will allow users to perform SINGILE SIGN
7 their jobs. It is known as Ans. Least privileges Least previligies NEED TO KNOW ON LIMITED ACCESS
design of data integrity
8 Q. Which of the following is an example of external schema in a database mgt system? Ans. User views. user views stores constraints tables
9 Q. Batch total is an example of_ Data entry control
10 Q. Which of the following is one of the imp operations performance metrics? Ans. Incident.
11 Q.Which of the following test is done by the programmer? Ans. Unit test. unit test negative test desk test stress test
12 Q. Which of the following test checks whether programs do what they are supposed to do? Ans. Functional test
Q. Which of the following test is concerned with examining the internal processing logic of a
13 software system? Ans. Structural test
Q. Users have more privileges than they need and may use them to perform actions outside of administrative
14 their job description. It is known as_ Ans. Privilege creep Least previligies override previlige creep super user
Q. Which of the following relates to the accuracy and completeness of info as well as to its
15 validity in accordance with business values and expectations? Ans. Integrity
Q.Which of the following relates to the provision of appropriate info for mgt to operate the
16 entity and exercise its fiduciary and governance responsibilities? Ans. Reliability. Compliance Reliability Authorization Effectiveness
indicate well reduce support
Represent the known headaches,
manufacturers settings which increases
Default settings are used by vendors to help users get the system up and running. What is the indicate well known settings published Save time and money recommended published by operational
17 auditor's primary area of interest regarding default settings? by vendor for the user settings vendor uptime
18 Which of the following software developing methodology primarily focuses on risk avoidance? Sprial SPIRAL RAD AGILE PROTOTYPE
19 Completeness and Accuracy of Data is assured by ? Processing Control Procedures
application
presentataion presentataion presentation
Application physical data link network session network data link
session transport transport session transport transport session
network data link physical network data physical
20 Which of the following is the list of OSI Model levels from the top down ? Application , Presentaion, Session presentation application link physical application
NONE OF THE
21 Performance, Security, user Interface are examples of which of the following testing ? Non Functional FUNCTIONAL NON FUNCTIONAL BOTH A AND B ABOVE
log files need system log files
System needs to be to be consume
configured and then log management configured, valuable disk
System needs to be configured and someone needs to is not required its captured, space and are
then someone needs to read the logs read the logs and considered waste read, and used only by the
22 What is likely to be the biggest issue regarding log management ? and respond respond of time backed up auditor
number of
Which of the following parameters should not be considered for computing function points expected user source lines of Date elements to
23 under function point analysis? number of source lines of code number of inputs actions code be processsed
24 Who amongst the following has the highest stake in benefit realization from the project ? Project Sponsor
25 Which type of network device directs packets through the internet ? Routers
Which of the following testing is used to identify any errors and improvements in the software usability regression
26 by observing the users through their usage and operation ? Usability Testing performance testing load testing testing testing
A user account is terminated by the IT Department , only when the request is approved and
27 sent by the_____ Human Resource Department
28 Which type of Control is representative of Exception Reporting ? Processing Processing Output Database IntegrService Level
to assess
efficiency and
effectiveness
understand standards of each
adopted and followed function to
by the organisation satisfy the
through the process of to determine users goals
inquiry, observation significant phases and
and documentation for the various size organisations
29 Which of the following is the role of IS Auditor in SDLC ? All of the above review and type objectvies all of the above
30 Which of the following methods is designed to permanently destroy data on hard disk ? Disk Wiping / Risk Wiping
Multinational organisation has decided to implement ERP solution across all geographical
31 locations. The Organisation shall initiate a Program Project Program Portfolio Feasibility Study
Project Evaluation
Review Technique Critical Path Software Size
32 Tools not used by Project managers to control the projects Software Size Estimation (PERT) Method (CPM) Gantt Chart Estimation
Plan Risk
Analyze Risk, Plan Response, Plan Risk, Identify
Plan Risk, Plan Risk Risk Response, Plan Risk, Risk, Analysis
Plan Risk, Identify Risk, Analysis Risk, Response, Identify Identify Risk, Plan Analyze Risk, Risk, Plan Risk
33 Arrange the following in the order of activities ? Plan Risk Response Risk, Analyze Risk Risk Identify Risk Response
34 which of the following protocols is likely to be used for monitoring the health of network ? SNMP OSI SNMP SMTP RP
For historic To Collect to find
logging and trend Metrics for inconsistencies
35 why ongoing system monitoring is important ? For historic logging and trend Analysis For Preventive Control Analysis SLA Reports and errors
which of the following categories of maintenance, changes are made to the program(s), when Preventive Corrective Perfective Adaptive
36 a defect or errors arises in working of software? corrective maintenance Maintenance Maintenance Maintenance Maintenance
Difference
b/w space uncompressed
Unused space Disk tracks & allocated & space remaining
Unused space leftover after disk leftover after disk sectors marked as space actually on the disk
37 Which of the following is the best definition of slack space on a hard disk? formatting formatting unusable used partition
Detection of Security function
Filing system for system with event
38 Which of the following is not a function of the Operating System? Detection of system penetration storage & retrivel penetration User interface(slogging
Responsible to
handle the Responsible
Responsibility to integrity and for creation of
Responsible to handle the integrity and understand existing security of user manual Develops test
security of information stored in data problem/system/data information stored and other plan and tests
39 Which among the following is the function of quality assurance personnel base flow in data base documents the code
Server used to
connect
Device for authorized Proxy server to
preventing users to increase the
Server used to connect authorized Special router that authorized users private trusted speed of access
users to private trusted network connects the internet from accessing the network to authorized
40 A critical function of a firewall is to act as a resources to a LAN LAN resources users
plan risk
analyse risk, plan response,plan plan risk, identify
plan risk, plan risk risk response, risk, analyse risk, analyse
plan risk, identify risk, analyse risk,plan response, identify risk, identify risk, plan risk, identifyrisk,plan risk
41 arrange the following in the order of activities risk response, analyse risk risk risk response,
only for auditor's
42 what is security issue regarding packet analysers viewing passwords viewing passwords special training purchase cost use
Find the mailing find the MAC find the domain
43 What is the purpose of address resolution protocol? find the MAC address find the IP address address address name
optimise the ensure the
improve customer number of skilled correct prove that the IT
44 what is the primary objective in problem escalation ensure the correct response satisfaction personnel response staff is competent
in case of an organisation like a bank, which of the following would be the most appropriate gradual parallel
45 software implementation strategy pilot changeover direct changeover changeover changeover pilot changeover
signatures on source management separation of
46 which of the following is not an input authorisation control management review document sequence numbers review duties
object oriented
software re software component based
47 is a process of updating and existing system by reusing design and program components software re engineering reverse engineering engineering development development
which of the following methods is used to make a backup copy of all the data files for a bitstream image logical image full disk nonvolatile
48 forensic investigation bitstream image backup backup backup backup backup
possibility of the developing
location being a appropriate
possibility of the location being a technology crime scheduling of help desk compliance with
49 which of the following is a major issue facing incident response technology crime scene scene internal personnel procudures current IT policies
when separation of duties is not possible, what would be the terminology for forcing compensating transaction
50 employees to take vacation, job rotation, reconciliation and supervision review compensating control preventative control corrective control control control
accepted, review
is not necessary
because it is a
third party and
supplied by an accepted at face reviewed by outside the
performance of a third party should be compared to agreed upon service level metrics and independant employee value by the the customers'
51 must be reviewed by the management of the service provider customer management control
the detaiks of
the employee
have been company property
company staff are all login accounts removed from provided to the
an IS auditor is auditing controls related to an employee termination. which of the following is all login accounts of the employee are notified about the of the employee active payroll employee has
52 the most important aspect to be reviewed terminated termination are terminated files been returned
Column1 QUESTION ANSWER
Q. Self Service assistance to users provided by help desk such as resetting passwords etc. is
1 considered which level of assistence? Ans. Level 0
Q.A MN org. has decided to implement an ERP soln across all geolocations. The org shall initiate
2 a‐ Ans. Program
Ans. Web based application
3 Q. Which of the following model user need to know URL to access the app? deveopment.
4 Q. Who is responsible for classification of data in a Dept? Ans. Data owner
5 Q. Expert system is an example of‐ Ans. Knowledge Software.
Q. Which of the following interface testing approach, a tester may start at top or bottom level
6 and depending on Situation move downward or upward? Ans. Sandwich Approach
Q.Which of the following tool is considered useful for comparing processing output with
7 independentlycalculated data? Ans. Integrated Test facility
Q. The practice of limiting permissions to the minimal level that will allow users to perform their
8 jobs. It is known as Ans. Least privileges
9 Q. Which of the following is an example of external schema in a database mgt system? Ans. User views.
Q. A user Account is terminated by the IT dept, only when the request is approved and sent by
10 the‐ Ans. HR dept
Q. Which of the following categories of maintanance, changes are made to the program(s), when
11 a defect or error arises in working of softwae? Ans. Correcrive maintance
12 Q. Batch total is an example of_ Ans. Processing total
13 Q. Which of the following is one of the imp operations performance metrics? Ans. Incident.
14 Q.Which of the following test is done by the programmer? Ans. Unit test.
15 Q. Which of the following test checks whether programs do what they are supposed to do? Ans. Functional test
Q. Which of the following test is concerned with examining the internal processing logic of a
16 software system? Ans. Structural test
Q. Users have more privileges than they need and may use them to perform actions outside of
17 their job description. It is known as_ Ans. Privilege creep
Q. Which of the following relates to the accuracy and completeness of info as well as to its
18 validity in accordance with business values and expectations? Ans. Integrity
19 Q.Completeness and accuracy of accumulated data is ensured by_ Ans. Processing control Procedures
Q.Which of the following relates to the provision of appropriate info for mgt to operate the
20 entity and exercise its fiduciary and governance responsibilities? Ans. Reliability.
Default settings are used by vendors to help users get the system up and running. What is the
21 auditor's primary area of interest regarding default settings? Save time and money for the user
The practice of limiting permissions to the minimal level that will alow users to perform their
22 jobs. It is known as ? Least Privileges
23 Who is responsible for classification of data in a department? Data owner
24 Which of the following software developing methodology primarily focuses on risk avoidance? Sprial
25 Completeness and Accuracy of Data is assured by ? Processing Control Procedures
26 Which of the following is the list of OSI Model levels from the top down ? Application , Presentaion, Session
27 Performance, Security, user Interface are examples of which of the following testing ? Non Functional
Unused space leftover after disk
28 Which of the following is the best definition of stack space on a hard disk ? formating
Which of the following relates to the provision of appropriate information for management to
29 operate the entity and exercise its fiduciary and governance responsibilities ? Reliability
System needs to be configured and then
someone needs to read the logs and
30 What is likely to be the biggest issue regarding log management ? respond
31 Batch total is an example of ? Processing Total
Which of the following parameters should not be considered for computing function points
32 under function point analysis? Date elements to be processsed
33 Who amongst the following has the highest stake in benefit realization from the project ? Project Sponsor
34 Which type of network device directs packets through the internet ? Routers
Which of the following testing is used to identify any errors and improvements in the software
35 by observing the users through their usage and operation ? Usability Testing
Self Service Assisstance to users provided by help‐desk such as resetting passwords etc is
36 considered which level of assisstance ? level 0
A user account is terminated by the IT Department , only when the request is approved and sent
37 by the_____ Human Resource Department
38 Which type of Control is representative of Exception Reporting ? Processing
39 Which of the following is the role of IS Auditor in SDLC ? All of the above
40 Which of the following methods is designed to permanently destroy data on hard disk ? Risk Wiping
41 Criticial function is to be frewall is to act a Sevice used to connect
42 QIA Personnel Responsible to handle the I ntegrity
Colu PDF Page
mn1 QUESTION ANSWER OP A OP B OP C OP D Module No Column2
Q. Self Service assistance to users provided by help desk such as resetting passwords etc. is
1 considered which level of assistence? Ans. Level 0 level 4 level 0 level 2 level 1 Module 4 39
Component based Object oriented Web based
Ans. Web based application application software application Sprial
2 Q. Which of the following model user need to know URL to access the app? deveopment. development development development Development Module 3 67
3 Q. Who is responsible for classification of data in a Dept? Ans. Data owner Module 4 15
Engineering Packaged Technical
4 Q. Expert system is an example of‐ Ans. Knowledge Software. Knowledge Software Software Software Software Module 4 49
Q. Which of the following interface testing approach, a tester may start at top or bottom level TOP DOWN BOTTOM UP SANDWICH MIDDLE LEVEL
5 and depending on Situation move downward or upward? Ans. Sandwich Approach APPROACH APPROACH APPROACH APPROACH Module 4 50
CYCLIC
Q.Which of the following tool is considered useful for comparing processing output with INTEGRATED TEST REDUNDANCY
6 independentlycalculated data? Ans. Integrated Test facility FACILITY CHECK DIGIT HASH TOTAL CHECK Module 3 129 Question 5
Q. The practice of limiting permissions to the minimal level that will allow users to perform SINGILE SIGN
7 their jobs. It is known as Ans. Least privileges Least previligies NEED TO KNOW ON LIMITED ACCESS Module 4 41 Question 3
design of data integrity
8 Q. Which of the following is an example of external schema in a database mgt system? Ans. User views. user views stores constraints tables Module 4 54
9 Q. Batch total is an example of_ Data entry control Module 3 104 Completeness Check
1) Availability
2) Incident
3) Quality
4) Productivity
5) Return on Investment
10 Q. Which of the following is one of the imp operations performance metrics? Ans. Incident. Module 4 40 6) Value Creation
11 Q.Which of the following test is done by the programmer? Ans. Unit test. unit test negative test desk test stress test Module 4 50
12 Q. Which of the following test checks whether programs do what they are supposed to do? Ans. Functional test Module 3 92
Q. Which of the following test is concerned with examining the internal processing logic of a
13 software system? Ans. Structural test Module 3 93
Q. Users have more privileges than they need and may use them to perform actions outside of administrative
14 their job description. It is known as_ Ans. Privilege creep Least previligies override previlige creep super user Module 4 42 Question 4
Q. Which of the following relates to the accuracy and completeness of info as well as to its
15 validity in accordance with business values and expectations? Ans. Integrity Module 3 120
Q.Which of the following relates to the provision of appropriate info for mgt to operate the
16 entity and exercise its fiduciary and governance responsibilities? Ans. Reliability. Compliance Reliability Authorization Effectiveness Module 3 121
indicate well reduce support
Represent the known headaches, which
manufacturers settings increases
Default settings are used by vendors to help users get the system up and running. What is the indicate well known settings Save time and money recommended published by operational http://www.auditcorner.com/2016/02/cisa‐cia‐cpa‐
17 auditor's primary area of interest regarding default settings? published by vendor for the user settings vendor uptime exam‐information.html
18 Which of the following software developing methodology primarily focuses on risk avoidance? Sprial SPIRAL RAD AGILE PROTOTYPE Module 3 73
Processing Control
19 Completeness and Accuracy of Data is assured by ? Procedures Module 3 128 Question 4
application
presentataion data presentataion
presentation
Application physical link network session network data link
session transport transport session transport transport session
Application , Presentaion, network data link physical network dataphysical http://www.auditcorner.com/2016/02/cisa‐cia‐cpa‐
20 Which of the following is the list of OSI Model levels from the top down ? Session presentation application link physical
application exam‐information.html
NONE OF THE
21 Performance, Security, user Interface are examples of which of the following testing ? Non Functional FUNCTIONAL NON FUNCTIONAL BOTH A AND B ABOVE Module 3 91
log files need
System needs to be to be system log files
System needs to be configured and then log management is configured, consume valuable
configured and then someone needs to not required its captured, disk space and
someone needs to read the read the logs and considered waste read, and are used only by
22 What is likely to be the biggest issue regarding log management ? logs and respond respond of time backed up the auditor
number of
Which of the following parameters should not be considered for computing function points number of source lines of expected user source lines of Date elements to
23 under function point analysis? code number of inputs actions code be processsed Module 3 38
24 Who amongst the following has the highest stake in benefit realization from the project ? Project Sponsor Module 3 31
1) Switches
2) Routers
25 Which type of network device directs packets through the internet ? Routers Module 4 60 3) Servers
Which of the following testing is used to identify any errors and improvements in the software usability
26 by observing the users through their usage and operation ? Usability Testing performance testing load testing testing regression testing Module 3 94
A user account is terminated by the IT Department , only when the request is approved and
27 sent by the_____ Human Resource Department Module 4 37
28 Which type of Control is representative of Exception Reporting ? Processing Processing Output Database Integ Service Level Module 3 118
to assess
efficiency and
understand effectiveness
standards adopted of each
and followed by the function to
organisation through satisfy the
the process of to determine users goals
inquiry, observation significant phases and
and documentation for the various size organisations
29 Which of the following is the role of IS Auditor in SDLC ? All of the above review and type objectvies all of the above Module 3 35
Data erasure (sometimes referred to as data
clearing, data wiping, or data destruction) is a
software‐based method of overwriting the data that
aims to completely destroy all electronic data
residing on a hard disk drive or other digital media by
using zeros and ones to overwrite data onto all
30 Which of the following methods is designed to permanently destroy data on hard disk ? Disk Wiping / Risk Wiping sectors of the device.
Multinational organisation has decided to implement ERP solution across all geographical
31 locations. The Organisation shall initiate a Program Project Program Portfolio Feasibility Study Module 3 43 Question 2
Project Evaluation
Review Technique Critical Path Software Size
32 Tools not used by Project managers to control the projects Software Size Estimation (PERT) Method (CPM) Gantt Chart Estimation Module 3 39
Plan Risk
Analyze Risk, Plan Response, Plan Risk, Identify
Plan Risk, Identify Risk, Plan Risk, Plan Risk Risk Response, Plan Risk, Risk, Analysis
Analysis Risk, Plan Risk Response, Identify Identify Risk, Plan Analyze Risk, Risk, Plan Risk
33 Arrange the following in the order of activities ? Response Risk, Analyze Risk Risk Identify Risk Response Module 3 28
https://www.whatsupgold.com/what‐is‐network‐
monitoring#:~:text=The%20two%20most%20widely
34 which of the following protocols is likely to be used for monitoring the health of network ? SNMP OSI SNMP SMTP RP %20used,and%20the%20devices%20on%20them.
https://books.google.com.bh/books?id=NbTIAgAAQB
AJ&pg=PA409&lpg=PA409&dq=why+ongoing+syste
m+monitoring+is+important+?+For+historic+logging
+and+trend+Analysis&source=bl&ots=hpKrwxF2Ug&
sig=ACfU3U2RFqcNaegXujF‐
Q_6kyJ6GmgsVqg&hl=en&sa=X&ved=2ahUKEwj3ya
mFn8bwAhW4ahUIHc3lA0QQ6AEwEHoECBwQAw#v=
To Collect to find onepage&q=why%20ongoing%20system%20monitori
For historic logging and trend For Preventive For historic logging
Metrics for inconsistencies ng%20is%20important%20%3F%20For%20historic%2
35 why ongoing system monitoring is important ? Analysis Control and trend AnalysisSLA Reports and errors 0logging%20and%20trend%20Analysis&f=false
which of the following categories of maintenance, changes are made to the program(s), when a Preventive Corrective Perfective Adaptive
36 defect or errors arises in working of software? corrective maintenance Maintenance Maintenance Maintenance Maintenance Module 4 51
Difference
b/w space uncompressed
Unused space Disk tracks & allocated & space remaining
Unused space leftover after leftover after disk sectors marked as space actually on the disk 'slack space', is the leftover space on a drive where a
37 Which of the following is the best definition of slack space on a hard disk? disk formatting formatting unusable used partition file is stored (as per Google)
Detection of Security function
Detection of system Filing system for system with event https://www.toppr.com/ask/question/which‐is‐not‐
38 Which of the following is not a function of the Operating System? penetration storage & retrivel penetration User interface(slogging Module 4 46 the‐function‐of‐the‐operating‐system/
Responsible to
handle the Responsible
Responsible to handle the Responsibility to integrity and for creation of
integrity and security of understand existing security of user manual Develops test
information stored in data problem/system/dat information storedand other plan and tests the
39 Which among the following is the function of quality assurance personnel base a flow in data base documents code Module 3 34 Develops test plan and tests the code
Server used to
connect
authorized
Device for users to Proxy server to
preventing private increase the
Server used to connect Special router that authorized users trusted speed of access
authorized users to private connects the internet from accessing the network to authorized Wrong Answer. Asper google, device for preventing
40 A critical function of a firewall is to act as a trusted network resources to a LAN LAN resources users authorized users from accessing the LAN
plan risk
analyse risk, plan response,plan plan risk, identify
plan risk, plan risk risk response, risk, analyse risk, analyse
plan risk, identify risk, analyse response, identify identify risk, plan risk, identify risk,plan risk
41 arrange the following in the order of activities risk,plan risk response, risk, analyse risk risk risk response, Module 3 28 Same as Qn 33
https://www.ukessays.com/essays/information‐
only for auditor's technology/the‐threat‐of‐packet‐sniffers‐
42 what is security issue regarding packet analysers viewing passwords viewing passwords special training purchase cost use information‐technology‐essay.php
https://www.cisco.com/c/en/us/td/docs/ios‐
xml/ios/ipaddr_arp/configuration/15‐s/arp‐15‐s‐
book/Configuring‐Address‐Resolution‐
Protocol.html#:~:text=The%20Address%20Resolution
Find the mailing find the MAC find the domain %20Protocol%20(ARP,are%20mapped%20to%20IP%2
43 What is the purpose of address resolution protocol? find the MAC address find the IP address address address name 0addresses.
optimise the ensure the
improve customer number of skilled correct prove that the IT https://www.mcqadda.com/2017/09/information‐
44 what is the primary objective in problem escalation ensure the correct response satisfaction personnel response staff is competent technology‐audit.html
in case of an organisation like a bank, which of the following would be the most appropriate gradual parallel
45 software implementation strategy pilot changeover direct changeover changeover changeover pilot changeover Module 3 101
signatures on source management separation of
46 which of the following is not an input authorisation control management review document sequence numbers review duties Module 3 117
object oriented
software re software component based
47 is a process of updating and existing system by reusing design and program components software re engineering reverse engineering engineering development development Module 3 62
which of the following methods is used to make a backup copy of all the data files for a forensic bitstream image logical image full disk nonvolatile https://quizlet.com/459659806/practice‐questions‐
48 investigation bitstream image backup backup backup backup backup mis‐415‐final‐exam‐flash‐cards/
possibility of the developing
possibility of the location location being a appropriate
being a technology crime technology crime scheduling of help desk compliance with
49 which of the following is a major issue facing incident response scene scene internal personnel procudures current IT policies
when separation of duties is not possible, what would be the terminology for forcing compensating transaction
50 employees to take vacation, job rotation, reconciliation and supervision review compensating control preventative control corrective control control control Module 3 109
accepted, review
is not necessary
supplied by an because it is a
independant accepted at face reviewed by third party and
performance of a third party should be compared to agreed upon service level metrics and employee of the value by the the outside the
51 must be reviewed by the management service provider customer management customers' control https://blog.masterofproject.com/3‐types‐sla/
https://www.coursehero.com/file/p5mdbkg/An‐IS‐
auditor‐is‐auditing‐the‐controls‐relating‐to‐
the detaiks of employee‐termination‐
the employee
have been company property
Which/#:~:text=19.,important%20aspect%20to%20b
company staff are all login accounts removed from provided to the e%20reviewed%3F&text=Company%20property%20
an IS auditor is auditing controls related to an employee termination. which of the following is all login accounts of the notified about the of the employee active payroll employee has provided%20to%20the,information%20by%20a%20t
52 the most important aspect to be reviewed employee are terminated termination are terminated files been returned erminated%20employee.
Module‐4 :
3. Which of the following training an employee can acquire while working on his/her desk in the
office?
A. E-learning
B. Simulator based training
C. Instructor led training
D. Hands on training
The correct answer is A
E-learning is a learning environment which uses information and communication technologies (ICT's)
as a platform for teaching and learning activities. Rest of the trainings require in person attendance and
cannot be done from the office desk.
7. Which one of the following combinations of roles should be of GREATEST concern for the IS
auditor?
A. Network administrators are responsible for quality assurance
B. Security administrators are system programmers
C. End users are security administrators for critical applications
D. Systems analysts are database administrators
10. Which department is MOST LIKELY to store Personally identifiable information (PII) data ?
A. Management
B. Information System Department
C. Marketing Department
D. Human Resource Department
The correct answer is D
Personally identifiable information (PII) is any information about an individual that can be used to
distinguish or trace an individual's identity, such as name, PAN, Aadhaar Number, date and place of
birth, mother's maiden name, or biometric records. The HRM System stores PII of all employee data.
Choices A, B, C do not store or process employee personal information, they have operations or
transaction data.
Chapter 2
Information Systems Operations
6. Which of the following is the top priority that, companies planning to implement an asset
management system should examine?
A. The visual appeal of websites, internal search pages and marketing collateral
B. Number of videos, audio files and other multimedia assets available
C. Specific data needs and the business problems to be solved
D. All of the above
The correct answer is C
Asset Management is a process used to keep track of the equipment and inventory vital to day-to-day
operation of the business. Asset management requirements should be aligned with the business
objectives. Choice A and B may assist in selection of an appropriate system based on the needs of the
organization but are not top priority requirements.
8. During development of a software system, which of the following will be used to maintain
software integrity?
A. Configuration Management
B. Version Control
C. Change Management
D. None of the above
The correct answer is B
Version Control. Choice A and C are steps before version control
Chapter 3
Software Operations & Management
2. Which of the following test would be carried out when, individual software modules are
combined together as a group?
A. Integration testing
B. Unit testing
C. System testing
D. White box testing
The correct answer is A
Integration testing is a level of software testing where individual units are combined and tested as a
group. The purpose of this level of testing is to expose faults in the interaction between integrated units.
Option B is module testing, while C is complete system testing and Option D is testing of internal logic
as well.
3. Which of the following should be reviewed to provide assurance of the database referential
integrity
A. Field definition
B. Master table definition
C. Composite keys
D. Foreign key structure
The correct answer is D
Referential integrity in a relational database refers to consistency between linked tables. Referential
integrity is usually enforced by the combination of a primary key and a foreign key. For referential
integrity to hold, any field in a table that is declared a foreign key should contain only values from a
parent table’s primary key. Option A Field definitions describe the layout of the table, but are not directly
related to referential integrity. Option B Master table definition describes the structure of the database,
but is not directly related to referential integrity. Option C Composite keys describe how the keys are
created, but are not directly related to referential integrity.
A system downtime log provides information regarding the effectiveness and adequacy of computer
preventive maintenance programs. The log is a detective control, but because it is validating the
effectiveness of the maintenance program, it is validating a preventive control. Option B Vendor’s
reliability figures are not an effective measure of a preventive maintenance program. Option C
Reviewing the log is a good detective control to ensure that maintenance is being done; however, only
the system downtime will indicate whether the preventive maintenance is actually working well. Option
D A schedule is a good control to ensure that maintenance is scheduled and that no items are missed
in the maintenance schedule; however, it is not a guarantee that the work is actually being done..
6. Which of the following will ensure that a column in one table will have a valid value or shall be
“null” in another table’s column?
A. Primary key
B. Secondary key
C. SQL
D. Foreign key
The correct answer is D
Foreign key. Primary key does not represent relation, it is the same key in another table and represents
relation with table where it is the primary key.
7. Database normalization is
A. Data redundancy optimization
B. Data logging and accountability
C. Streamlining data process
D. Deleting temporary files
The correct answer is A
Normalization is a database design technique that organizes tables in a manner that reduces
redundancy and dependency of data. Normalization divides larger tables into smaller tables and links
them using relationships. The purpose of Normalization is to eliminate redundant (useless) data and
ensure data is stored logically. The main idea with this is that a table should be about a specific topic
and only supporting topics included. By limiting a table to one purpose you reduce the number of
duplicate data contained within your database. This eliminates some issues stemming from database
modifications.
10. An organization has recently installed a security patch, which crashed the production
server. To minimize the probability of this occurring again, an IS auditor should:
A. Apply the patch according to the patch's release notes.
B. Ensure that a good change management process is in place.
C. Thoroughly test the patch before sending it to production.
D. Approve the patch after doing a risk assessment.
The correct answer is B.
An IS auditor must review the change management process, including patch management procedures,
and verify that the process has adequate controls and make suggestions accordingly. The other
choices are part of a good change management process but are not an IS auditor's responsibility.
Chapter 4
Incident Response and Management
1. Basic operation of the SIEM tools, on the logs collected from the devices is
A. Correlating the log
B. Collecting the log
C. Analyzing the log
D. Live Correlating the log
The correct answer is D
Log correlation is about constructing rules that look for sequences and patterns in log events that are
not visible in the individual log sources. The basic function of an SIEM is to correlate logs online and
perform analysis that would otherwise be done by repetitive human analysis.
5. The computer security incident response team (CSIRT) of an organization publishes detailed
descriptions of recent threats. An IS auditor's GREATEST concern should be that the users
may:
A. Use this information to launch attacks
B. Forward the security alert
C. Implement individual solutions
D. Fail to understand the threat
10. Within an Incident Response Management program, the Containment phase aims to
A. Block the event
B. Reduce the impact
C. Remove the event
D. Rise the event
The correct answer is B
When a breach is first discovered, in the containment phase, the Incident Response team after having
gathered the information and gained an understanding of the incident, will begin to combat the threat by
taking actions to prevent further damage, such as closing ports or blocking IPs. Hence Option B is the
correct answer.
Q. Self Service assistance to users provided by help desk such as resetting passwords etc. is considered which level of assistence?
Ans. Level 0
Q.A MN org. has decided to implement an ERP soln across all geolocations. The org shall initiate a-
Ans. Program
Q. Which of the following model user need to know URL to access the app?
Ans. Web based application deveopment.
Q. Who is responsible for classification of data in a Dept?
Ans. Data owner
Q. Expert system is an example of-
Ans. Knowledge Software.
Q. Which of the following interface testing approach, a tester may start at top or bottom level and depending on Situation move downward or upward?
Ans. Sandwich Approach
Q.Which of the following tool is considered useful for comparing processing output with independentlycalculated data?
Ans. Integrated Test facility
Q. The practice of limiting permissions to the minimal level that will allow users to perform their jobs. It is known as
Ans. Least privileges
Q. Which of the following is an example of external schema in a database mgt system?
Ans. User views.
Q. A user Account is terminated by the IT dept, only when the request is approved and sent by the-
Ans. HR dept
Q. Which of the following categories of maintanance, changes are made to the program(s), when a defect or error arises in working of softwae?
Ans. Correcrive maintance
Q. Batch total is an example of_
Ans. Processing total
Q. Which of the following is one of the imp operations performance metrics?
Ans. Incident.
Q.Which of the following test is done by the programmer?
Ans. Unit test.
Q. Which of the following test checks whether programs do what they are supposed to do?
Ans. Functional test
Q. Which of the following test is concerned with examining the internal processing logic of a software system?
Ans. Structural test
Q. Users have more privileges than they need and may use them to perform actions outside of their job description. It is known as_
Ans. Privilege creep
Q. Which of the following relates to the accuracy and completeness of info as well as to its validity in accordance with business values and expectations?
Ans. Integrity
Q.Completeness and accuracy of accumulated data is ensured by_
Ans. Processing control Procedures
Q.Which of the following relates to the provision of appropriate info for mgt to operate the entity and exercise its fiduciary and governance responsibilities?
Ans. Reliability.
1. Which of following may help to establish accuracy and completeness of data?
- Hash value
2. Which of following types of attacks may be prevented by input validation?
- SQL injection
3. Which of following is central storage for all kinds of structured, semi structured or unstructured raw data collected from multiple sources?
- Data lake
4. After major earthquake a business decides to shift to location of data center from earthquake zone 5 to earthquake zone 2 which type of risk respond option it has exercise?
- Avoid
5. Which of following is not example of ai platform?
- Microsoft power bi
6. Which of following is a cloud deployment model is highly scalable?
- Public
7. Use of license software, patch updates, disabling default users and using anti-malware software are the control against?
- Back door
8. Which of the following types of attacks may be prevented by using anti-malware and application from trusted source?
- Logic bomb
9. At that strives for natural, human like interaction with machine is known as?
- Cognitive computing
10. Which of the following provides secure connection between two end points?
- Transport mode
11. Which of the block chain principals state that each node stores and forwards information to all other nodes?
- Peer to peer
12. Which of the following types of smart card enables card reader to send the card in possession of user in the general area and allow access?
- Wireless proximity reader
13. Which of the following is a type of malware that takes control of administrative rights for execution of malicious codes?
- Trojan
14. Which of the following is example of robotic process automation?
- Cross application macros
15. Which of the following is a sense of minor attacks those together results in larger attack?
- salami theft
16. Which of the following enable hackers to exploit system vulnerabilities including human element?
- Attack vector
17. Which of the following cloud deployment model, customer hold the control of operating system?
- Iaas
18. Which of the following analytics assist in identifying the best option to choose to achieve the desire out come through optimization techniques and machine learning?
- prescriptive analytics
19. which of the following is primary requirement of granting users access to information asset?
- Identification
20. Primary purpose of access control dead man door, turnstile, mantrap is to?
-prevent unauthorized entry