A Ambition

cA Ambition CA Nikhil Jain

cA Ambition ------- youtube channel

4 Information System

Control & Audit

MCQs

by

CA Nikil Jain & CA Ankit Taprania

Published by

cA Ambition

Copyright © 2019 by CA Ambition owned by CA Ankit Taprania. All rights reserved. No

part of this publication may be reproduced in any form without the written permission of

the publisher.



Governance & Management of information system MCQs -1

Q1. Which of the following factors are most likely to influence your view on whether the damage to a

building due to a natural disaster will be high?

1. The history of natural disasters in the vicinity of the production unit.

2. The standard of construction of your building.

3. Whether you have a disaster recovery plan.

4. The products you produce.

A. 1 and 2.

B. 3 and 4.

C. 2 and 3.

d. 1,2,3

Q2. Management processes of the complete COBIT 5 enabler model provides for 13 APO processes . what

does APO stands for

a) Acquire , process and order

b) Acquire, plan and Organize

c) Align, Plan and Organize

d) Align, process and order

Q3.The complete COBIT 5 enabler model include a total of ________ governance and management processes

a) 13

b) 5

c) 27

d) 37

Q4. The risk remain even after implementation of countermeasures is termed a________

a. Likelihood

b. Risk

c. Residual risk

d. Vulnerability

Q5. What comes first Threat , Vulnerabity , or Likelihood?

a. Threat

b. Vulnerability

c. Likelihood

d. None



Q6. What reduces the Vulnerability of the system

a. Risk

b. Exposure

c. Counter measures

d. Residual risk

Q7. Which one is not the characteristic of Risk

a. Existence of potential loss

b. Uncertainty of loss

c. Probability

d. Vulnerability of system

Q8. Clause 49 of listing agreement and SOX held _______responsible for implementation of ERM and Internal

Controls.

a. Steering committee

b. Managing director

c. Senior management

d. Shareholders

Q9. Implementation of internal control is mandatory for all companies ( listed and unlisted)

a. True

b. False

Q10. Internal control as per COSO does not cover which of the following aspect ?

a) Control activities

b) Risk assessment

c) Internal audit

d) Monitoring

Q11. Who’s responsibility is it to take all key decisions of IT Deployments and implementations.

a. Top management

b. Managing director

c. Steering committee

d. Stakeholders



Q12. What quantify the extent of loss to organisation

a. Vulnerability

b. Risk

c. Exposure

d. Likelihood

Q13. “COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and

management system for enterprise “. The statement is made in reference with which pricple of COBIT 5.

a. Separating governance from management

b. Enabling holistic approach

c. Covering enterprise end to end

d. Meeting stakeholders needs

Q14. Which Enabler of COBIT 5 provide a way to translate the desired behaviour into practicable set of

guidance for day to day management

a. Processes

b. Organisation structure

c. Principles , policies and framework

d. Culture , ethics and behaviour

Q15. Key Governance Practices of GEIT does not include?

a) Evaluate the governance system

b) Direct the governance system

c) Monitor the governance system

d) Improve the governance system

Q16. How many Enablers are provided by COBIT 5.

a. 4

b. 5

c. 6

d. 7

Q17.The COBIT 5 Goal cascade is ___

a. a mechanism to transform stakeholders needs to specific , customised enterprise goal , it

related goal and enabler goals.

b. a mechanism to transform IT goal into set of practices and processes to deliver maximum

value

c. a mechanism to enable a holistic approach

d. a measure for covering enterprise end to end



Q18 In Risk management, Risk Assessment consist of

a. Risk Identification

b. Risk Analysis

c. Risk Prioritization

d. All of The Above

Q19. What does COSO stands for?

A. Committee of sponsoring organisation

B. Committee of Sarbanes Oxley

C. Control objective for sponsoring organisation

D. Control objective for Sarbanes Oxley

Q20. What COBIT stands for?

a. Control organisation Business Information technology

b. Control objective for information technology

c. Control organisation Business Information and related technology

d. Control objective for information and related technology

Q21. Which aspect relates to the COBIT 5 principle 'Meting Stakeholder Needs?

A. Aligns with the latest views on Governance

B. Translates stakeholder requirements into strategy

C. Provides a simple architecture

D. Defines relationship between Governance and Management

Q22. What enabler describes the key decision-making enties in an organization?

A. Organizational structures

B. Proceses

C. People, skils and competencies

D. Principles, policies and frameworks

Q23.Which item describes a key component of a Governance System?

A. Setting the Governance Framework

B. Identifying responsibilities for governance

C. Ensuring compliance with regulations

D. Optimization of IT asets, resources and capabilities



Q24. Which principle is key for the governance and management of enterprise IT?

A. Managing IT Operations

B. Insure Resource Optimization

C. Enabling a Holistic Approach

D. Managing Information

Q25. What help management in monitoring the process and practices of IT risk management

a. Metrics of risk management

b. GEIT

c. COSO

d. COBIT

Q26. Level of IT Strategy planning does not include

a. Strategic planning

b. Management control

c. Operational control

d. Tactical control

Q27. Management control Level of IT Strategy planning defines:

a. Overall purpose and long term objective

b. Specific tasks to be carried out

c. Process to assure that resources are obtained and used effectively and efficiently

d. How internal controls are to be implemented

Q28. operational control Level of IT Strategy planning defines:

a. Overall purpose and long term objective

b. Specific tasks to be carried out

c. Process to assure that resources are obtained and used effectively and efficiently

d. How internal controls are to be implemented

Q29.. Which Risk management practice used to provide information to stakeholders on current state of IT

Exposures .

a. Analyse Risk

b. Define the risk management action portfolio

c. Articulate the risk

d. Respond to risk



Q30. Enterprise Risk Management (ERM) is considered to have a significant differences in comparison with

traditional risk management approaches because ERM

A. ensures that an organisation’s objectives will be achieved.

B. takes an integrated or holistic approach.

C. addresses strategic, tactical and operational risk management.

D. none

Q31. Which of the following would you expect to see in the context of the risk strategy of an organisation?

1. The risk and audit team report to the board quarterly.

2. The tolerance level of risk is clearly defined.

3. Ownership of risk is delegated to business units.

4. The organisation has a defined risk appetite.

A. 2 and 3.

B. 1, 2 and 4.

C. 2 and 4.

D. 1 and 2

Q32. Risk Strategy to be adaptable where probability and occurrence of risk is negligible .

a. Transfer the risk

b. Tolerate the risk

c. Mitigate the risk

d. Turnback

Q33. Risk Strategy to be adaptable where probability and occurrence of risk is low and risk is considered

minor .

a. Transfer the risk



d. Turnback

Q34. Management of ABC ltd is considering of shifting the IT Central server from its delhi branch to Mumbai

branch , for which it has hired TCS for providing all the consulting and job performance . this can be

categorised into which risk management strategy

a. Terminate the risk



d. Share the Risk



Solution

1 a 8 c 15 d 22 a 29 c

2 c 9 a 16 d 23 a 30 b

3 d 10 c 17 a 24 c 31 c

4 c 11 c 18 d 25 a 32 d

5 b 12 c 19 a 26 d 33 b

6 c 13 b 20 d 27 c 34 d

7 d 14 c 21 b 28 b 35 ----



Governance & Management of information system MCQs – 2

Q1.According to COSO , each of the following is an example of an appropriate ongoing MONITORING activity

, except

(a) Follow-up of customer and vendor complaints regarding amount due and owed.

(b) Periodic variance analysis

(c) comparisons of information from various sources within the company

(d) Approval of high value transaction by supervisor

Q2. The determination of whether a specific risk is tolerable will involve consideration of

1. the size of the residual risk.

2. history of losses.

3. risk appetite for that risk.

A. 1 and 2.

B. 1, 2 ,3.

C. 1,and 3

d. 2 and 3

Q3. Every risk has 100% likelihood .

a) True

b) False

Q4. A level of risk that the organisation views as acceptable , given the business objectives and resources

a) Exposure

b) Risk

c) Risk appetite

d) risk tolerance

Q5. The acceptable variation with respect to achieving a particular objective is _________

a) Exposure

b) Risk

c) Risk appetite

d)Risk tolerance

Q6. The consequence of a failure to identify all significant risks that an organisation faces is likely to be

1. Business objectives may not be achieved.

2. Operating costs may increase.



3. Opportunities may be overlooked.

4. Risks will be better identified in future.

A. 1 and 2.

B. 1, 3 and 4.

C. 1, 2 and 3.

D. 1,2,3 and 4

Q7. Which risk management strategy is the last resort where all other strategies can’t be implemented

a. Terminate the risk



d. Share the Risk

Q8. Which internal control of COSO provides for the management, mitigation and reduction of the risk

associated with the each business process?

a. Control environment

b. Risk assessment

c. Control activities

d. Information and communication

Q9. Choose the correct option according to the given statements regarding Risk Management.

Statement 1: A risk is a potential problem - it might happen, it might not.

Statement 2: Managers, software engineers, and customers participate in Risk Analysis and Management.

Statement 3: Only Managers participate in Risk Analysis and Management.

a. Statement 1 and 2 are correct

b. Only statement 1 is correct

c. Only statement 3 is correct

d. Statement 1 and 3 are correct

Q10. Mr cobit has been asked by governance body to complete SWOT analysis for his solution scope . what

does SWOT analysis means

a) stakeholder weakness and organisational threat

b) strength , weakness ,opportunities , threat

c) strength , weakness ,opportunities , time

d) stakeholder weakness and organisational time

Q11. What is a very important enterprise communication mechanism for corporate values and desired

behaviour?



a) Process outcomes

b) Principles and policies

c) Organisational structures

d) Rules and norms

Q12. What is a benefit of the Goals Cascade?

a. Consider the inputs and outputs of an IT process in the enterprise

b. Define relevant and tangible goals and objectives at various levels of responsibility

c. Define and implement the enterprise architecture

d. Support the definition of clear roles and responsibilities in an enterprise

Q13. Which enabler describes an organised set of practices and activities to achieve certain objectives?

a. Culture, Ethics and Behaviour

b. Principles, Policies and Frameworks

c. Processes

d. People, Skills and Competencies

Q14.. Which is a vehicle to translate desired behaviour into practical guidance for day-to-day management?

a. Organisational structures

b. Principles, policies and framework

c. Processes

d. Rules and norms

Q15. Which enabler can be structured or unstructured, formalised?

a. Process

b. Policies

c. Enablers

d. Information

Q16.. Which is one of the ways of meeting the Governance Objective of 'Value Creation'?

a. By optimising resources

b. By providing incentives

c. By hiring SMEs

d. By providing free service

Q17. When are policies said to be effective?

a. When they are limited in number



b. When they express the core values of the enterprise

c. When they achieve the stated purpose

d. When they provide a logical flow for staff who have to comply with them

Q18. Which aspect relates to the COBIT 5 key principle of 'meeting stakeholder needs'?

a. Aligns with the latest views on governance

b. Provides a simple architecture

C. Translates stakeholder needs into strategy

d. Defines the relationship between governance and management

Q19. Who is an internal stakeholder?

a. A staff member

b. A shareholder

c. A business partner

d. A regulator

Q20. Identify the missing word(s) in the following sentence.

Governance ensures that [?] are evaluated to determine balanced, agreed-on enterprise objectives to be

achieved.

a. Processes

b. Stakeholder needs

c. IT-Related goals

d. Enterprises

Q21. Identify the missing word(s) in the following sentence.

Business processes generate and process [?], transforming them into information.

a. Value

b. Knowledge

c. Policies

d.Data

Q22. RE stands for

a) Risk expense

b) Risk experience

c) Risk exposure



d) Risk Evaluation

Q23. As a tester which of the following will come under product risk if you are testing an e-commerce

website?

a) Shortage of tester

b) many changes in SRS that caused changes in test cases

c) Delay in fixing defects by development team

d) Failure to transfer a user to secure gateway while paying

Q24. What assess the risk and your plans for mitigation and revise these when you learn more about the

risk?

a)Risk monitoring

b)Risk planning

c)risk analysis

d)Risk identification

Q25. “Provide information on current state of IT related exposure and opportunities to all stakeholders in

timely manner.”

(a) Analyse Risk

(b) Articulate Risk

(c) Define risk management action portfolio

(d) respond to risk

Q26. Gap between need to protect information system and degree of protection applied arise due to .

(a) Devolution of management and control

(b) widespread use of technology

(c) interconnectivity of system

(d) All of the above

Q27. Component of COBIT 5 does not include

(a) Framework

(b) Process description

(c) Control description

(d) process reference model

Q28. Which statement is not correct about COBIT 5



(a) can be implemented by big organisations only

(b) support compliance of relevant laws and regulations

(c) cover full end to end business and IT functions

(d) Consider IT related risk of internal as well as external stakeholders

Q29. Risk management consists of which of the following?

(a) Identifying potential dangers of all kinds

(b) Maintaining a safe environment from a physical and legal viewpoint

(c) Responding to incidents that may give rise to litigation

(d) All of the above

Q30. Organization need to have IT governance as an integral part of its overall risk management program in

order to implement appropriate __________ based upon the appropriately defined Risk appetite .

(a) Risk management strategies

(b) Risk Mitigation strategies

(c) Risk measurement Strategies

(d) Risk analysis strategies

Q31. Which of the following component of COSO Framework require to have an ethically sound and

competent management , efficient board of directors etc

(a) Control Environment

(b) Control Activities

(c) Corporate governance

(d) IT governance

Q32. Which of the following component is considered the foundation of the internal control established by

the organization ?

(a) control activities

(b) Monitoring

(c) The control environment

(d) the audit committee

Q33. SOX have used_______ as one of the important guidelines for implementing risk management and

internal control .

(a) COBIT 3.1

(b) COBIT 5



(c) GRC

(d) COSO

Q34. Management of Taprania Ltd has decided to respond to a particular risk by hedging risk with futures

contract. This is an example of Risk _____

(a) Acceptance

(b) Mitigation

(c) Elimination

(d) Sharing

Q35.Which one is not an example of control Activities

1. Authorization

2. Segregation of duties

3. Safeguarding

4. Asset accountabilities

(a) 2 and 4

(b) 3 and 4

(c) 1 and 2

(d) none

Q36. The control objectives for information and related technologies (COBIT ) framework has been

established by

(a) The Information System Audit and control Association

(b) The institute of Information Technologies

(c) The American Institute of Certified Public accountant

(d) The committee of sponsoring organisation

Q37. A framework of Enterprise risk management was developed by

(a) The Information System Audit and control Association

(b) The institute of Information Technologies

(c) The American Institute of Certified Public accountant

(d) The committee of sponsoring organisation

Q38. Which of the following group has the least amount of responsibility for corporate governance ?

(a) Board of directors

(b) operational management



(c) internal auditor

(d) executive manager

Q39. Which of the following statements are true

1. Vulnerabilities may be reduced by countermeasures.

2. Threat agents give rise to threats

3. Threat exploits vulnerabilities

4. Vulnerabilities leads to threats

5. Countermeasures may possess vulnerabilities

(a) 1,2,3,5

(b) 1,2,3,4

(c) 1,2,3,5

(d) 1,2,3

Solution

1 d 9 a 17 c 25 b 33 d

2 b 10 b 18 c 26 d 34 d

3 b 11 b 19 a 27 d 35 d

4 c 12 b 20 b 28 a 36 a

5 d 13 c 21 d 29 d 37 d

6 c 14 b 22 c 30 b 38 c

7 c 15 d 23 d 31 a 39 c

8 c 16 a 24 a 32 b 40 ---



Information System Concepts 1 - MCQs Q1. Which is the important characteristic of information system ?

a) Pre-determined objective

b) Interrelated subsystems

c) Interdependent subsystem

d) All the above

Q2. Which is not the feature of CBS ?

a) Opening new accounts

b) Customer Relationship

c) Interest Calculation

d) Manual Recording

Q3.Management information systems (MIS)

a). create and share documents that support day-today office activities

b). process business transactions (e.g., time cards, payments, orders, etc.)

c) capture and reproduce the knowledge of an expert problem solver

d) use the transaction data to produce information needed by managers to run the business

Q4 An information system that supports the planning and assessment needs of executive management is

a). DSS

b) ERP

c) MIS

d) none of the above

Q5 A spreadsheet is one type of___________ support tool.

a) operational

b) decision

c) success

d) simulation

Q6 Which category of computer-based information systems are concerned with improving efficiency by

applying information technology to common administrative tasks, such as creating business documents?

a) Expert systems



b) Business information systems

c) Strategic information system

d) Office automation systems

Q7 The decision-making environment of an executive level manager can be characterized as:

a) structured.

b) semistructured.

c) unstructured.

d) None of the above.

Q8 The decision-making environment of an operational level manager can be characterized as:

a) structured.

b) semistructured.

c) unstructured.


Q9 A drill-down capability is often included in a(n):

a) transaction processing system.

b) decision support system.

c) executive information system.

D) All of the above.

Q10 Which of the following is true of management information systems?

a) They use TPS data.

b) They produce standard reports on a regular basis.

c) They assist managers in routine decision making.

d) All of the above

Q11 Which of the following is NOT a characteristic of an ERP system? They:

a) are large in scope.

b) integrate many applications into one system.

c) can span an entire company.

d) are easy to implement.

Q12 Part of software which process data and generate report :



a) Front End

b) Back End

c) Internal system

d) None of these

Q13 Which statement is false

a) Top management support is a pre-requisite of an effective MIS

b) MIS is all about computer is a misconception

c) MIS is very useful in making non programmed decisions

d) Non availability of cooperation from staff is a constraint in operating MIS

Q14 Data mining is used for

a. Text mining

b. Web analysis

c. Customer profiling

d. All of the above

Q15 Data has to be _____ before it can be converted into information.

a) transformed

b) processed

c) changed

d) engineered

Q16 _____ attempt to provide the same judgmental advice that human experts such as doctors provide.

a.ES

b.AI

c.KMS

d.DSS

Q17 ACID test in a Transaction processing system (TPS) stands for

a. Atomicity , confidentiality , isolation , Durability

b. Authenticity , confidentiality ,integrity , Durability

c. Authenticity , consistency , integrity , Durability

d. Atomicity , consistency , , isolation , Durability



Q18 The basic component(s) of DSS is (are)

a. Database

b. Model base

c. DSS software system

d. All of the above

Q19 Information system model does not comprises

a. input

b. process

c. output

d. storage

Q20 Component of TPS does not include :

a. Input

b. Process

c. Output

d. Feedback

Q21 Susan woke up and went to the bank to take money out of the ATM. She then went coffee cafe to buy a

coffee and paid with her debit card. She finished off her day by going to school and registered online for her

computer class. Susan has had multiple contacts with what kind of information systems throughout her day?

a) TPS

b) MIS

c) EIS


Q22 In an expert system, the process of matching a question to the information in the knowledge base is

called:

a) deduction.

b) inferencing.

c) inclusion.


Q23 Decision makers who are concerned with tactical information and decision making are

a) middle managers

b) . executive managers



c) . supervisors

d) mobile managers

Q24 Decision makers who are concerned with Strategic information and decision making are

a) middle managers

b) executive managers

c) supervisors

d) mobile managers

Q25 The back bone of any organization is

a) information

b) employee

c) management

d) capital

Q26 System providing information to help management to launch a new product shall be best classified as..

(a) Management Level System

(b) Operational Level System

(c) Knowledge Level System

(d) Strategic Level System

Q27 Documented and easily formalized knowledge is termed as

a. Data

b. Information

c. Tacit knowledge

d. Explicit knowledge

Q28 Correctness of information , is best classifiable into

a. Validity

b. Adequacy

c. Quality

d. Reliability



Q29 OAS can be classifiable into

a. Operational level System

b. Knowledge level System

c. Strategic level system

d. Management level system

Q30 IT has a impact on information system of following sectors, other than

a. Wholesale & retailing

b. Financial sector

c. Construction

d. E-Business

Q31 Unarticulated Knowledge is termed as

a. Information

b. Explicit Knowledge

c. Tacit knowledge

d. None of the above

Q32 Which one is not a component of ERP

a. Software component

b. Process flow

c. Change customer

d. Change management

Q33 Identify the odd one

a. Any computer based system id MIS

b. Any reporting g system is MIS

c. Expert faces the problem of selecting subsystem

d. More data means more information

Q34 MIS can be manual

a. True

b. False

c. Irrelevant

d. None



Q35. What must a system do to qualify as a true ERP solution?

A) Be flexible

B) Be modular and closed

C) Extend within the company

D) All of the above

Q36 Which one is not Prerequisite of an effective MIS

a. Database

b. Support from Staff

c. Control and maintenance of MIS

d. Qualified staff and managent

Q37 The traditional business system is called as _________.

A. modern method.

B. advanced method.

C. effective method.

D. legacy method

Q38 Orderly arrangement of interdependent ideas can be termed as

a. Open system

b. Automated system

c. Deterministic system

d. Abstract system

Q39 The main drawback of legacy system is ________.

A. less effectiveness.

B. high cost.

C. no integration.

D. more modules

Q40 A computer-based information system

a. may require some tasks to be done manually

b. should not have any manual tasks



c. is always fully automated

d. may use only computers

Solutions.

1 d 9 c 17 d 25 a 33 c

2 d 10 d 18 d 26 d 34 a

3 d 11 d 19 d 27 d 35 a

4 d 12 b 20 d 28 c 36 b

5 b 13 c 21 a 29 b 37 d

6 d 14 d 22 b 30 c 38 d

7 c 15 b 23 a 31 c 39 c

8 a 16 a 24 b 32 c 40 a



Information System Concepts MCQs – 2 Q1. In respect of “ Value of information “ . which one is correct

a. result value minus cost of information

b. tangible cost +intangible cost

c. value addition minus cost of information

d. benefit of changing result of information

Q2. Organization Doomdoma Ltd is facing employees resistance to use new system . suggest how

organization should approach here to incorporate new system

a. it should modify new system as per employees needs

b. it should hire new employees in place of employees showing resistance

c. it should educate employees through lectures , films

d. it should not use new system

Q3. ERP make sure to provide realtime and integrated information to the user of all department . which

component of ERP describe how information flows among different modules so that most updated

information can be provided

a. software component

b. process flow

c. customer mindset

d. change management

Q4. Mr Bola an employee of the big organization is provided the task of preparing MIS report of online sales

and orders on hourly basis for the manager so that pricing policies can be updated by the end of the day but

bola provide the MIS reports on every 3 hour basis due to which manager was unable to take pricing

decisions . this example of non-existence of which of the attribute of information?

a. availability

b. Validity

c. Frequency

d. Rate

Q5. Development of MIS starts from the

a. appraisal of management needs

b. appraisal of stakeholders requirements

c. understanding the old system

d. setting up the scope



Q6. Priyanka attached a PDF of bank statement and past employer salary slips with email send to the HR

team of the xyz ltd for the purpose of job switching . this is shows which one important feature of the Email .

a. Portability

b. Electronic transmission

c. broadcasting and rerouting

d. integration with other information system

Q7. After clearing CA Mr Gabru sends enquiry email consisting of his biodata details to many companies to

get interview call . this is shows which one important feature of the Email .

a. Portability

b. Electronic transmission

c. broadcasting and rerouting

d. integration with other information system

Q8. Book publisher wants to implement a system for his employees for the purpose for formatting and

management of the softcopies of the book provided by the various book authors . what information system

should be implemented

a. Text processing system

b. OAS

c. TPS

d. Electronic document management system

Q9.Manager of the small organization needs a system for analyzing the the future investment in plant

machinery . suggest the suitable system

a. EIS

b. MIS.

c. DSS.

d. KMS

Q10.Mr sham , manager of DSS LTD , obtained a new system , which help him making important decisions by

using the information from organizations TPS and information from the world media. What information

system is used by the MR sham

a. EIS

b. MIS.

c. DSS.

d. KMS

Q11. Mr High temperature needs a information system which can be used for unstructured decision making



, provide only the essential details by considering the information from mostly informal sources . please

suggest the system to MR high temprature

a. EIS

b. MIS.

c. DSS.

d. KMS

Q12.Mr bhukad , is a renounced writer till now he used typwiter for writing his novels but now he needs a

system for writing novels , please suggest a system to him for writing novels .

a. TPS

b. Electronic document management system

c. Text processing system

d. KMS

Q13 Which type of user of DSS is capable of using the complex system in their day to day work ?

a.End user

b. Manager

c.Backend User

d. staff specialist

Q14. MIS uses the information produced by which system

a. TPS

b. DSS

c. ES

d. EIS

Q15. Among alternative solutions for an information system one may consider

a. PC based solutions only

b. an improved manual system

c. only client-server based solutions as they are popular now-a-days

d. whatever management decides

Q16. _________ is an organized portfolio of formal systems for obtaining processing and delivering information in

support of the business operations and management of an organization.



A. MIS

B. DSS

C. EIS

D.KMS

Q17. Which level of management require operational information

a. Top level management

b. Middle level management

c. Lower level management


Q18. ________ processing, involves duplicating, sorting and filling data.______ processing with electronic scanners

involves transforming and entering the data into an electronic form.

a) 1. Manual, electronic

b) 2. Electronic, manual

c) 3. Transforming

d) 4. None of the above

Q19. What is at the heart of any ERP system?

A) Information

B) Employees

C) Customers

D) Database

Q20. Which of the following describes an ERP system?

A) ERP systems provide a foundation for collaboration between departments

B) ERP systems enable people in different business areas to communicate

C) ERP systems have been widely adopted in large organisations to store critical knowledge used to make

the decisions that drive the organisation's performance

D) All of the above

Q21. Who are the primary users of ERP systems?

A) Sales, marketing, customer service

B) Accounting, finance, logistics, and production

C) Customers, resellers, partners, suppliers, and distributors



D) All of the above

Q22. The ________ should be a replica of the organisation’s ________ processes. a. MIS, Financial b. ERP, Business c. TPS , Financial D. DSS , Business

Q23. Which of the following method is used to produce reports about data.

A. Decision Support Systems.

B. Executive Information Systems.

C. Query/Report Writing Tool.

D. All the above

Q24. The information of MIS comes from the

a. Internal source

b. External source

c. Both internal and external source


Q25. A _____ provides a set of integrated computer tools that allow a decision maker to interact directly with

computers in order to retrieve information useful for semistructured and unstructured decisions,

a.DDS

b.DBMS

c.MIS

d.Control

Q26. Office automation is a process that involves?

a) People, paper and procedure

b) people, procedure and technology

c) Man, machine and management

d) people, procedure and production

Q27. Which is used to provide the right information to the right person at the right time for proper decision making?

a) DBMS

b) MIS

c) ISO

d) PSO



Q28. Element of CORE banking does not include

a. Making & servicing of loan

b. Establishing interest rates

c. Customer relationship management


Q29. _________level of Database defines schema which is sub divided into sub-schema

a. Physical

b. Logical

c. External

d. None

Q30. Which component of ERP defines the way information flow among different modules

a. Software component

b. Process flow

c. Customer mindset

d. Change management

Q31. Which of the following systems is used to present high-level overview information as well as the ability to drill

down to details for high-level managers?

a. Decision support system

b. Executive support system

c. Expert support system

d. Management information system

Q32. Which of the following are used to support decision making in situations in which the situation is only partly

structured or known in advance?

a. Decision support system

b. Executive support system

c. Management information system

d. Transaction processing system

Q33. Which of the following are true of Exception Reports?

a. They list unusual transactions or results.

b. They document errors in transactions.



c. They report unacceptable transactions.

d. All of the above

Q34. In TPS systems, an output that signifies that a specific transaction has taken place is called a(n):

a. action document.

b. detail report.

c. exception report.

d. summary report

Q35. The decision-making level of an organization that is most concerned with daily operations is the

a) operational level.

b) managerial level.

c) executive level.


Q36. The decision-making level of an organization that is most concerned with optimizing

organizational efficiency is the:

a. operational level.

b. managerial level.

c. executive level.


Q37. Which of these applications is most likely to be implemented using an online transaction

processing system?

a. Payroll processing

b. Airline reservations

c. Bank check processing

d. None of the above.

Q38. A decision support system uses _______ to manipulate data.

a. formulas

b. algorithms

c. models

d. heuristics

Q39. The MacDonald's fast food chain is experiencing slow growth because of over saturation of MacDonald's outlets

across North America. They are looking for ways to increase growth in their organization by diversifying into the hotel



industry. This is an example of a decision that is _________________.

a. structured

b. semi-structured

c. unstructured

d. None of the above.

Q40. Which of the following are true of transaction processing systems?

a. They are shared systems.

b. They can use a combination of IT and manual procedures.

c. They are used to process data and information about transactions.

d. All of the above

Q41. Which of the following is a component of an expert system?

a) a.explanation module

b) b.knowledge base

c) c.natural language interface for the user

d) d.All of the above

Q42. Which of the following is not true about expert systems?

a.Expert systems are collections of human knowledge

b.Export systems are expensive to design.

c.export systems are usually designed to run on small general-purpose computers

d.Maintenance support may be difficult to obtain for an expert system.

Q43 Application that helps most in health care enterprises calculating product costs for individual

procedures and services .

e. Expert system

f. MIS

g. EIS

h. DSS

Q44 “Application and technology that are used to collect and provide access and analyze data and

information about companies operation “ are which IT tool used in business

e. Business website

f. Software and packages



g. Business Intelligence

h. Intranet and Extranet

Q45 Infosys Finacle , Nucleus FinnOne and Oracle’s Flexcube are example of

e. DSS

f. ERP

g. CBS

h. EIS

Q46 Business manager should have the knowledge of “what are components of system and their functions”

is known as knowledge of

e. Business Application

f. Development processes

g. Management challenges

h. Foundation Concepts

Q47 Knowledge of “ Development processes “ means

e. What competitive strategies are required

f. How end users and IS specialists develop and executes business solution to problem

g. How function and IT resources are maintained

h. Major uses of IT in business

Q48. A ‘throw-away’ type sealed digital watch , which composed of a number of components that worked in

a cooperative fashion designed to perform some specific task . is an example of

A) Manual system , Deterministic system

B) Probabilistic system , open system

C) closed system , Automated system

D) Abstract system , Closed system

Q49. Benefit of OAS does not include

a. Reduce message cycle time

b. Ensure accuracy of communication flow

c. Improve communication within & between organization

d. Ensure message is communicated to right person



Q50. The general transformation cycle for information is:

a. information to data to knowledge.

b knowledge to data to information.

c. data to knowledge to information.

d. data to information to knowledge.

Q51. Matching the frequency of transmitting message at which receiver wants to receive it , is which attribute of

information

a. Adequacy

b. Availability

c. Rate

d. Validity

Q52. Which system provide Dashboard for the decision maker as a way to create generalized environment

a. MIS

b. ES

c. EIS

d. DSS

Q53. The most important attribute of information quality that a manager requires is:

a. relevance.

b. media.

c. presentation.

d. timeliness

Q54. What is the BRAIN of the DSS?

a. user intelligence

b. planning language

c. model base

d. Database



Solutions.

1 c 10 a 19 d 28 d 37 b 46 d

2 c 11 a 20 d 29 c 38 c 47 b

3 b 12 c 21 b 30 b 39 c 48 c

4 d 13 d 22 b 31 b 40 d 49 d

5 a 14 a 23 d 32 a 41 d 50 d

6 d 15 b 24 c 33 d 42 d 51 c

7 c 16 a 25 a 34 a 43 d 52 c

8 d 17 c 26 b 35 a 44 c 53 a

9 c 18 a 27 b 36 a 45 c 54 c



Protection of information system MCQs - 1

Q1. Which of the following is a strong password ?

a) 19thAugust88

b) Delhi88

c) P@assw0rd

d) !augustdelhi

Q2. Which happens first , authorization or authentication ?

a) Authorization

b) Authentication

c) Authorization & Authentication are same

d) None of the mentioned

Q3. Organisation Pajama ltd has a policy that Internet accessed by the employees will always be routed

through a firewall and proxy . this is an example of which network access control?

a. Segregation of network

b. Network connection and routing control

c. Firewall

d. Enforced path

Q4. Organisation Pajama ltd has a policy to ensure that network connection between the heads of two

branches must be through a secured VPN instead of general network service to ensure the integrity of the

message communicated . This control of network access is an example of which control .



c. Firewall

d. Enforced path

Q5. Organisation Pajama ltd has a policy to ensure that employees are not allowed to establish a connection to specified web sites for example facebook , twitter , etc . This control of network access is an example of

which control .



c. Call back devices

d. Security of network service



Q6. From the following, which is not a common file permission ?

a) Write

b) Execute

c) Stop

d) Read

Q7. Which of the following is a good practice ?

a) Give full permission for remote transferring

b) Grant read only permission

c) Grant limited permission to specified account

d) Give both read and write permission but not execute

Q8. Which of the following is least secure method of authentication ?

a) Key card

b) fingerprint

c) retina pattern

d) Password

Q9. What forces the user to change password at first logon ?

a) Default behavior of OS

b) Part of AES encryption practice

c) Devices being accessed forces the user

d) Account administrator

Q10. Firewall is an example of

a. Preventive control

b. Detective control

c. Corrective control

d. Compensatory control

Q11. Security guard of ATM is a example of







Q12. Security guard of bank building is a example of_______ control to information system

a. Preventive

b. Detective

c. Corrective

d. Compensatory

Q13. Audit trail is an example of





Q14. BCP is an example of





Q15. Mechanism to provide logical access include

a. Identification , authentication and encryption

b. Authentication , authorization and password

c. Identification , Authentication , authorization

d. Encryption , password and identification

Q16. Detailed steps to be followed to accomplish security related tasks

a. Standards

b. Guidelines

c. Procedures

d. None

Q17. What technology and method to be used to secure the system

a. Standards

b. Guidelines

c. Procedures



d. None

Q18. Encryption is required to

(i) protect business information from eavesdropping when it is transmitted on internet

(ii)efficiently use the bandwidth available in PSTN

(iii) to protect information stored in companies’ databases from retrieval

(iv) to preserve secrecy of information stored in databases if an unauthorized person retrieves it

a. i and ii

b. ii and iii

c. iii and iv

d. i and iv

Q19. DES stands for

a. Digital Evaluation System

b. Digital Encryption Standard

c. Digital Encryption System

d. Double Encryption Standard

Q20. The pattern that can be used to identify a virus is known as

a) stealth

b) virus signature

c) armoured

d) multipartite

Q21. Which one of the following is a process that uses the spawn mechanism to damage the system

performance?

a) worm

b) Trojan

c) threat

d) virus

Q22. What is a trap door in a program?

a) a security hole, inserted at programming time in the system for later use

b) a type of antivirus

c) security hole in a network

d) none of the mentioned



Q23. File virus attaches itself to the

a) source file

b) object file

c) executable file

d) all of the mentioned

Q24. What is regarded as a form of social engineering?

A) Cryptoware

B) Denial of Service (DOS) attack

C) Phishing

D) Spam

Q25. Which of the following is a malicious program that hide in a host program and cause illegitimate

actions ?

a.Worm

b.Trojan horse

c.Time bomb

d.Logic bomb

Q26. The ................... is code embedded in some legitimate program that is set to “explode” when certain

conditions are met.

a.Trap doors

b.Trojan horse

c.Logic Bomb

d.Virus

Q27. Which of the following malicious program do not replicate automatically?

a.Trojan Horse

b.Virus

c.Worm

d.Zombie

Q28. State whether true of false.

i) A worm do not need a host program.

ii) A worm executes a copy of itself over several places on network

a.True, False



b.False, True

c.True, True

d.False, False

Q29. What is a firewall?

a.An antivirus software

b.Software that logs Internet activity

c.A filter for an Internet connection

d.A wall which is burning

Q30. What is a proxy server?

A. A server that retrieves data from host servers before sending it to a computer

B. A virtual server that can behave like a mail server, Web server or FTP server

C. A waiter who never seems to be in the restaurant when your water glass is empty

D. None of these

Q31. Firewall as part of a router program

a. filters only packets coming from internet

b. filters only packets going to internet

c. filters packets travelling from and to the intranet from the internet

d. ensures rapid traffic of packets for speedy e-Commerce

Q32. A firewall may be implemented in

a. routers which connect intranet to internet

b. bridges used in an intranet

c. expensive modem

d. user’s application programs

Q33. The major objectives of control are

(i)guard against frauds in data entry/processing

(ii)check clerical handling of data before it enters a computer

(iii)to provide a method to trace the steps and find where error has occurred

(iv) to address to technological advancements

a. i, ii and iv

b. i, ii, iii and iv



c. i, ii and iii

d. i and iii

Q34. Authorization can be

a. Only Ticket oriented

b. Only list oriented

c. Both Ticket oriented and list oriented

d. None

Q35. Which type of lock provide a 10 digit number panel mounted near/on door?

a. Cipher door LOCK

b. Electronic door lock

c. Bolting door lock

d. Biometric door lock

Q36. Scavenging to commit cyber crime means.

a. Using back door to bypass normal security controls

b. Tricking employees to give away login information

c. Gaining access to system by pretending to be a authorised user

d. Gaining access of information by searching discarded files

Q37. Masquerading involves





Q38. Trap door is a way of





Q39. Identify the odd one

a. Identification badges



b. Manual logging

c. Perimeter fencing

d. Encryption of data

Q40. BCP controls include

a. DRP and insursance

b. Outsoursing and backup

c. BCM and BCP policy

d. Cloud and grid

Q41. What is the process of encoding information in a way so that only someone with a key can decode it?

a. Compression

b.Systemic variation

c.Encryption

d.Decryption

Q42. What is phishing?

a.A decryption method that uses complex algorithms

b.A method of online identity theft

c.A way to send spam mail to millions of people at once

d.Fishing

Q43. The .................... uses a special system program to bypass normal system login procedures.

a. Trap doors

b.Trojan horse

c.Logic Bomb

d.Super zapping

Q44. ................... programs can be used to accomplish functions indirectly that an unauthorized user could not

accomplish directly.

a.Zombie

b.Worm

c.Trojan Horses

d.Logic Bomb



Q45. Why is one time password safe ?

a) It is easy to generated

b) It cannot be shared

c) It is different for every access

d) It is a complex encrypted password

Solution

1 c 10 a 19 b 28 c 37 c

2 a 11 a 20 b 29 c 38 a

3 d 12 d 21 a 30 a 39 d

4 a 13 b 22 a 31 c 40 a

5 b 14 c 23 c 32 a 41 c

6 c 15 c 24 c 33 c 42 b

7 c 16 c 25 b 34 c 43 a

8 d 17 a 26 c 35 a 44 c

9 d 18 d 27 a 36 d 45 c



Protection of information system MCQs – 2 Q1. Which one may not be considered as best practice for password policy ?

a) Deciding maximum age of password

b) Restriction on password reuse and history

c) Password encryption

d) Having change password every 2 years

Q2. What are major components of intrusion detection system ?

a) Analysis Engine

b) Event provider

c) Alert Database

d) All of the mentioned

Q3. User responsibility as a logical access control include

a. Using of strong password and VPN for transmitting messages

b. Maintain electronic logs and not to access social networking sites

c. Never leaving system under their responsibility unattended and use encryption technology

d. Using of strong password of system and Never leaving system under their responsibility unattended

Q4. The clerk of the organisation was going to issue invoice from a system and from discount instead of

pressing plus (+) sign he pressed minus (-) sign , even after this mistake the system took minus (-) sign for

discount .which system input control is referred here ?

a. Check digit

b. Valid sign

c. Picture check

d. Arithmetic check

Q5. Bank issued a credit card whose number is generated by computer program through a formula except

the last digit . which is added to ensure the integrity and validity of credit card number. This last digit is an

example of which control

a. Limit Check

b. Picture check

c. Valid code check

d. Check digit

Q6. While registering on income tax site didn’t allowed the user Ram to enter last character of PAN as

numeric . this control is an example of.



a. Limit Check

b. Picture check

c. Valid code check

d. Check digit

Q7. While registering on income tax site It allowed the user Ram to enter only 10 PAN . this control is an

example of.

a. Limit Check

b. Picture check

c. Valid code check

d. Check digit

Q8. When an attempt is to make a machine or network resource unavailable to its intended users, the attack

is called

a) denial-of-service attack

b) slow read attack

c) spoofed attack

d) starvation attack

Q9. In computer security, ……………………. means that computer system assets can be modified only

by authorized parities.

A) Confidentiality

B) Integrity

C) Availability

) Authenticity

Q10. In computer security, …………………….. means that the information in a computer system only

be accessible for reading by authorized parities

A) Confidentiality

B) Integrity

C) Availability

) Authenticity

Q11. Some security measures commonly used are

(i)data encryption

(ii)logging of all accesses to an information system and recording changes made (if any)

(iii)data compression



(iv)copying of files

a. ii and iii

b. i and iii

c. i and ii

d. ii and iv

Q12. In asymmetric encryption

a) same key is used for encryption and decryption

b) different keys are used encryption and decryption

c) no key is required for encryption and decryption


Q13. Internetworking control does not include

a. Bridge

b. Router

c. Gateway


Q14. Picture check and limit check are

a. Source data control

b. Input validation control

c. Data processing and storage control

d. Output control

Q15 For system protection, a process should access

a) all the resources

b) only those resources for which it has authorization

c) few resources but authorization is not required


Q16. As a function of Top manager must prepare

a. Strategic plan and operational plan

b. Strategic plan and tactical plan

c. Operational plan and system plan

d. Tactical plan and operational plan



Q17. Application and monitoring system access control does not include

a. Event logging

b. Clock synchronization

c. Sensitive system isolation

d. Duress alarm system

Q18. The following measures are taken to ensure security of information systems:

(i)duplicate copies of data/programs are kept in a different place preferably in fire-proof vault

(ii)password protection is used to prevent unauthorized access

(iii)database once prepared should never be allowed to change

(iv)printed copies should be accessed by authorised persons only

a. i and ii

b. i, ii, iii

c. ii, iii, iv

d. iii and iv

Q19. To protect a system from viruses one should

(i)not allow unauthorized use of floppy disks

(ii)scan viruses in files received via a network or floppies

(iii)isolate a system from networks

(iv)install a roll-back recovery program in the system

a. i and iii

b. i and ii

c. ii and iv

d. i, iii, iv

Q20 For system protection, a process should access

a) all the resources

b) few resources but authorization is not required

c) only those resources for which it has authorization


Q21. A firewall is used in a system connected to a wide area network to

a. prevent spread of fire in the network

b. prevent unauthorized access by hackers

c. to scan for viruses in files



d. to extinguish fire spreading via network cables

Q22. Cracker and hackers can never be same person

a. True

b. False

Q23. Arithmetic check means

a. calculates the same quantity in two different ways and compares them for equality

b. calculates the quantities and compares them for equality

c. checks a data item in two different ways

d. enters data two times and cross-checks them

Q24. A program can never be categorized into Time bomb as well as Logic Bomb

a. True

b. False

Q25. The internal code of any software that will set of a malicious function when specified conditions are

met, is called

a) code stacker

b) trap door

c) logic bomb


Q26. Which of the following are forms of malicious attack ?

a) Theft of information

b) Modification of data

c) Wiping of information


Q27. Your supervisor is very busy and asks you to log into the HR Server using her user-ID and password to

retrieve some reports. What should you do?

a) It’s your boss, so it’s okay to do this.

b) Ignore the request and hope she forgets.

c) Decline the request and remind your supervisor that it is against UC policy.

d)None



Q28. Control in design of an information system is used to

a. inspect the system and check that it is built as per specifications

b. protect data from accidental or intentional loss

c. ensure that the system processes data as it was designed to and that the results are reliable

d. ensure privacy of data processed by it

29. Gap arise between need of protection and degree of protection of information systems due to

(i) Regulatory requirements

(ii) interconnectivity of system

(iii) protection from system from virus attack

(iv) data may be lost due to disk crashes

a. i and ii

b. i and iii

c. i and iv

d. ii and iii

Q30 controls can be categorised on basis of audit function as

a) Managerial and Application

b) Physical and logical

c) Data integrity and Data security

d) Boundary and data integrity

Q31 Topological control includes:

a) Star and ring based Topological control

b) bridge , gateway and router based Topological control

c) star , bus and ring Topological control

d) LAN and WAN Topological control

Q32 It is necessary to protect information system from the following

(i)natural disasters like fire, floods etc

(ii)disgruntled employees

(iii)poorly trained employees

(iv)hackers

(v)industrial spies

(vi)data entry operators



a. ii,iv,i,iii

b. I,ii,iii,vi

c. I,ii,iii,iv,v

d. i,ii,iii,iv,v,vi

Q33 It is necessary to protect information system from various logical access violators which may be

(i)Authorized employes

(ii)IS personnel

(iii)vendors and consultants

(iv)hackers

(v)former employees

(vi)government

a. ii,iv,i,iii

b. I,ii,iii,vi

c. i,ii,iii,iv,v

d. i,ii,iii,iv,v,vi

Q34 Subversive threats are

a) invasive and inductive tap

b) sabotage and spoofing

c) bomb and worm

d) round down and salami technique

Q35. Kalu executed a command to print the document of 2500 pages , __________ control allow him to work

even if the printer is still printing the documents .

a) Logging

b) Retention

c) Spooling

d) Router

Q36. Which one is not a logical acces path

a) online terminal

b) dial-up ports

c) Telecommunication network

d) Router



Q37. Identify the odd one

a) password

b) PIN

c) Biometric Devices

d) identification badges

Q38. Which of the following step is not involved in an Application Access Control mechanism process?

(a) Identification

(b) Authentication

(c) Confidentiality

(d) Authorization

Q39. During an audit of financial transactions in an enterprise XYZ, it was found that simple errors of

data entry were occurring when two digits that were either individual or part of larger

sequence of numbers were reversed when posting a transaction. Which type of error is this?

(a) Addition Error

(b) Truncation Error

(c) Substitution Error

(d) Transposition Error

Q40. One amongst the list is a not a threat.

(a) Virus

(b) Trojan

(c) Worm

(d) Firewall

Q41. Under Asynchronous attacks in telecommunication network systems, _____________ involves

spying on information being transmitted over communication network.

a) Wire-tapping

(b) DataLeakage

(c) Subversive attacks

(d) Piggybacking

Q42. Which are the controls that are responsible for maintaining a chronology of the events from the

time a sender dispatches a message to the time a receiver obtains themessage?



a) BoundaryControls

b) CommunicationControls

c) InputControls

d) DatabaseControls

Q43. Change of data before or after they entered the system, This technical exposure is known as ______ . a) Data Diddling b) Data Bomb c) Christmas card d) Rounding Down

Q44. Which error occur when a digit or character is removed from the end of as code ?OR 83276 is recorded as 8327. which type of error is it ?

a) Addition Error b) Truncation Errors c) Substitution Error d) None of these

Q45. Which error occur when one digit in a code is replaced with another?OR 98975is recorded as 99975.

which type of error is it ?

a) Addition Error

b) Truncation Errors

c) Substitution Error

d) None of these

Q46. Which errors occur when two adjacent digits are reversed? OR is recorded as 89975. which type of

error is it?

a) Single Transposition errors

b) Multiple transposition errors

c) Truncation Errors occur

d) None of these

Q47. Which control has a pair of doors that are typically found in entries to facilities such as computer

rooms and document stations .

a) Controlled visitor access

b) Computer Terminal Locks

c) Bonded Personnel

d) Dead man door



Q48. Motivating, guiding & communicating with personal is known as _______?

a) Lending

b) Organizing

c) Planning

d) Controlling

Q49. Auditors examine variables that often indicate when motivation problems exist or suggest poor

leadership known as ____ .

a) Lending

b) Planning

c) Controlling

d) Organizing

Q50. Which error occur when an extra digit or character is added to code ? OR 83276 is recorded as 832766.

which type of error is it?

a) Addition Error

b) Truncation Errors

c) Substitution Error

d) None of these

Q51. In which data processing control two or more fields can be compared and cross verified to ensure their

correctness?

a) Run-to-Run totals

b) Edit Checks

c) Exception Reports

d) Reasonableness Verification

Q52. TALLY accounting software gives a warning when cash balance may turn negative on updating a

voucher. This is good example of

(a) Compensatory Control

(b) Detective Control

(c) Corrective Control

(d) Preventive Control

Q53. Which of the following is not a biometric characteristic?

(a) Finger prints



(b) Retina scans

(c) thumb impression

(d) password

Q54. In order to use Gas based suppression system to control fire , what need to be assured first

(a) data is properly backed up

(b) hardware is removed

(c) humans are evacuated

(d) police has been called

Solution

1 d 10 a 19 b 28 c 37 d 46 a

2 d 11 c 20 c 29 a 38 c 47 d

3 d 12 b 21 b 30 a 39 d 48 a

4 b 13 d 22 b 31 d 40 d 49 a

5 d 14 b 23 a 32 d 41 a 50 a

6 b 15 b 24 a 33 c 42 b 51 d

7 a 16 a 25 c 34 a 43 a 52 d

8 a 17 d 26 d 35 c 44 b 53 d

9 b 18 a 27 c 36 d 45 c 54 c



BCM , BCP & DRP MCQs

Q1. How often should BCM policies be reviewed?

A. Annually

B. Monthly

C. Quarterly

D. Regularly

Q2. When should the BCP be reviewed?

A. Whenever encountering a disaster

B. At least annually or whenever significant changes occur

C. Whenever the company gets audited

D. Whenever the legal department declares it is time

Q3. Rahul had a server crash on Thursday morning. Rahul performed a backup in which he used the

complete backup from Sunday and several other tapes from Monday, Tuesday, and Wednesday. Which tape-

backup method was used?

A. Full restore

B. Mirror restore

C. Differential restore

D. Incremental restore

Q4.Which is a separate fully equipped facility where the company can move immediately after the disaster

and resume business

A. Disaster recovery plan

B. Hot site

C. Cold site

D. Warm site

Q5.Which is a separate facility that does not have any computer equipment but is a place where the

knowledge workers can move after the disaster ?

A. Disaster recovery plan

B. Hot site

C. Cold site

D. Warm site

Q6. What should the scope of the BCM be to understand the needs and expectations of interested parties?

A. At least the main business processes



B. Only services including the IT department

C. All of the organization’s profitable services

D. only the activities that are highly prone to disaster

Q7. Of which process should Business Continuity programs be a part?

A. Incident Management process

B. Compliance process

C. Governance process

D. Problem Management process

Q8. What is the most important aspect of disaster recovery?

A. A complete damage assessment

B. Control of critical assets

C. Restoration of business functions

D. Protection of individual life

Q9. What is one of the purposes of the Business Impact Analysis (BIA)?

A. to determine the maximum level at which activities need to be performed

B. to determine minimal acceptable outage

C. to identify risks

D. assess the impact of disruptions for a longer period

Q10. When determining the scope of the BCM, what is true?

A. The scope only relates to the internal needs of the organization.

B. The scope should always cover the whole organization.

C. The scope should document and explain any exclusions.

D. The scope should never be changed.

Q11. Arrange the following in correct order in reference to BCP:

1.Vulnerability Assessment

2.Project Initiation

3.Detailed Requirement

4.BIA

5.Plan development

6.Implement plan

7.Test program

8.Maintenance Program



A. 1,2,3,4,5,6,7,8

B. 1,2,4,3,5,7,8,6

C. 2,1,4,3,5,7,8,6

D.2,1,4,3,5,6,7,8

Q12.BCP does not include

a) Crisis Management

b) Business continuity Management

c) Business resumption planning

d) Disaster recovery planning

Q13. How should the top management demonstrate its commitment to the BCM?

A. appoint a business continuity manager

B. conduct effective management reviews of the BCMS

C. ensure that BCM objectives are aligned to the strategic goals of the business

D. hire external expertise regarding BCM

Q14. Which plan typically focuses on restoring systems after disasters occur?

a. Incident Response Plan.

b. Disaster Recovery Plan.

c. Business Continuity Plan.

d. Risk Management Plan

Q15. Incremental backup is a backup taken from Last back up.Here what kind of backup could be the “Last

Backup” ?

A. Full back up

B. differential backup

C. Full back up or differential back up

D. Full back or Incremental back up

Q16.When identifying risks of disruptive incidents, how are single points of failure (SPOF), inadequacies in

fire protection, electrical resilience, staffing levels, IT security and IT resilience considered?

A. Impacts

B. Risks

C. Threats

D. Vulnerabilities

Q17. There are several reasons why a company would develop and implement a business continuity plan.



Which of the following properly describes the best reason?

A. To increase liability

B. The continuation of a company

C. Compliancy with regulations

D. Properly react to disasters

Q18. What is not one of the outcomes indicative of an effective Business Continuity program?

A. The impact of a disruption on the organization’s key services is limited.

B. The likelihood of a disruption is reduced.

C. The period of disruption is shortened.

D. The organization’s supply chain record is secured

Q19. The organization should identify nonconformities, take action to control, contain and correct them,

deal with the consequences and evaluate the need for action.

What should be the basis for determining the priority of corrective actions?

A. Results of the Incident log

B. Results of an Internal audit

C. Results of the Management review

D. Results of the risk assessment and impact analysis

Q20. What do we call the process of seeking out and studying practices in other organizations that one’s own

organization desires to duplicate?

a. Baselining

b. Benchmarking

c. Best practices

d. Due diligence

Q21. BIA is a part of

a) Development process of BCM

b) Strategy process of BCM

c) Management process of BCM

d) Information Collection process of BCM

Q22.Which of the following groups is responsible for project initiation?

A. Functional business units

B. Senior management

C. BCP team members



D. Middle management

Q23. Which BCM document contains a set of principles?

A. Standard

B. Stakeholder analysis

C. Procedure

D. Policy

Q24.Which of the following does not describe a reciprocal agreement?

A. Since not alternative resources has to be maintained , it is a most efficient arrangement.

B. It is a cheap solution.

C. It may be able to be implemented right after a disaster.

D. It could overwhelm a current data processing site.

Q25.Which Alternative processing facility is most efficient to support processing

A. Reciprocal agreement

B. Cold site

C. Warm site

D. Hot Site

Q26.Which of the following backup technique is most space efficient?

a) Full backup

b) Incremental backup

c) Differential backup


Q27.Which of the following statements are true with reference to BCP?

a) A good recovery is dependent upon good backup plan

b) Prior notice should be given to people who will be affected by the test of BCP

c) More than one person should have knowledge of backup tasks


Q28. Which of the following qualifies as best DR (Disaster Recovery) site?

a) DR site in the same campus

b) DR site in the same city

c) DR site in the same country



d) DR site in a different country

Q29. Which of the following is false?

a) The more important the data, the greater the need for backing it up

b) A backup is as useful as its associated restore strategy

c) Storing the backup copy near to its original site is best strategy

d) Automated backup and scheduling is preferred over manual operations

Q30. Which one is the most time consuming Back type

A. Full back up

B. Incremental back up

C. Differential back up

D. Mirror back up

Q31.In which back up type data is backed up without encryption

A. Full backup

B. Incremental back up

C. Differential back up

D. Mirror back up

Q32. Which process can prevent data from lose due to computer problems or human errors?

A.backup

B.recovery

C.benchmarking

D.data cleansing

Solutions.

1 d 9 d 17 b 25 d

2 b 10 c 18 d 26 b

3 d 11 c 19 d 27 d

4 b 12 b 20 b 28 d

5 c 13 c 21 d 29 c

6 a 14 b 22 b 30 a

7 c 15 c 23 d 31 d

8 d 16 d 24 a 32 a



System development life cycle (SDLC) MCQs - 1

Q1. Whose responsibility it is to conduct interviews with the users and understand their requirements ?

a) Steering committee

b) Project managers

c) Business Analyst

d) Domain Specialist

Q2. “Consider a system where, a heat sensor detects an intrusion and alerts the security company.” What

kind of a requirement the system is providing ?

a) Functional

b) Non-Functional

c) Known Requirement


Q3. Which one of the following models is not suitable for accommodating changes?

a) spiral model

b) Prototyping Model

c) RAD Model

d) Waterfall Model

Q4. The work associated with software development can be categorized into three generic phases ,

regardless of application area, project size, or complexity ,namely the__________ phase which focuses on what,

the_________ phase which focuses on how and the_________ phase which focuses on change.

i. support

ii. development

iii. definition

a) 1, 2, 3

b) 2, 1, 3

c) 3, 2, 1

d) 3, 1, 2

Q5. "Using CASE Tools”. CASE stands for

a) Cost Aided Software Engineering

b) Computer Aided Software Engineering

c) Control Aided Software Engineering




Q6. Which one of the following is a functional requirement ?

a) Maintainability

b) Portability

c) Robustness


Q7. Which of the following is not the primary objectives in the Preliminary investigation of system

development?

a) Assess cost and benefit of alternative approces

b) determining the size of the project

c) Preparing the SRS to cover all the system specifications

d)Report finding to the management with recomendation to accept or reject the proposal

Q8. _________ and _________ are not the subject matter of Requirement Analysis.

a) Performance, modelling present system

b) Stakeholder knowledge of computers , Developer’s staff

c) Functional, Non-Functional

d) internal controls , present system work load

Q9. Arrange the given sequence to form a SRS Prototype outline as per SRS Standard.

i. General description

ii. Introduction

iii. Review

iv. Appendices

v. Specific Requirements

a) iii, i, ii,v, iv

b) iii, ii, i, v, iv

c) ii, i, v, iv, iii

d) iii, i, ii,v,iv

Q10. “Robustness” answers which of the following description?

a) CASE tools be used to support the process activities



b) Process errors are avoided or trapped before they result in product errors

c) Defined process is acceptable and usable by the engineers responsible for producing the software

d) Process continues in spite of unexpected problems

Q11. Software Testing with real data in real environment is known as

a) alpha testing

b) beta testing

c) regression testing


Q12. Which of the following is not included in SRS ?

a) Performance

b) Functionality

c) Design solutions

d) External Interfaces

Q13. If you were a lead developer of a software company and you are asked to submit a project /product

within a stipulated time-frame but within cost barriers, which model would you select?

a) Waterfall

b) Spiral

c) RAD

d) Incremental

Q14. Which of the following statements about SRS is/are true ?

i. SRS is written by customer

ii. SRS is written by a developer

iii. SRS serves as a contract between customer and developer

a) Only i is true

b) Both ii and iii are true

c) All are true


Q15. Risk analysis of a project is done in :

A. System Analysis phase

B . Feasibility Study



C. Implementation phase

D. Maintenance phase

Q16. Which two of the following models will not be able to give the desired outcome if user’s participation is

not involved?

a) Waterfall & Spiral

b) RAD & Spiral

c) RAD & Waterfall

d) RAD & Prototyping

Q17. RAD stands for

a) Relative Application Development

b) Rapid Application Development

c) Rapid Application Document


Q18. Choose the correct combination of good coaded program:

a) Usability, Reliability, Robustness, Flexibility

b) Availability, Reliability, Maintainability, Usability

c) readability, robustness, Usability, Accuracy

d) Accuracy, robustness, Testability, Usability

Q19. The modification of the software to match changes in the ever changing environment, falls under which

category of software maintenance?

a) Corrective

b) Adaptive

c) Perfective

d) Preventive

Q20. Which model can be selected if user is involved in all the phases of SDLC?

a) Waterfall Model

b) Prototyping Model

c) RAD Model

d) both Prototyping Model & RAD Model



Q21 Which one is not considered during Technical Feasibility :

a) Expandability

b) Existence of technology

c) Suitability of technology

d) human resource to use the technology

Q22. Which of the following life cycle model can’t be chosen if the development team has less experience on

similar projects?

a) Spiral

b) Waterfall

c) RAD

d) Iterative Model

Q23. A step by step instruction used to solve a problem is known as

a) Sequential structure

b) A List

c) A plan

d) An Algorithm

Q24. Which of the following property does not correspond to a good Software Requirements Specification

(SRS) ?

a) Verifiable

b) Ambiguous

c) Complete

d) Traceable

Q25. Which of the following is not a part of Decision Table?

a) Condition Stub

b) Preferences Stub

c) Action Stub

d) Action Entries

Q26. Software Maintenance includes

a) Error corrections

b) Enhancements of capabilities



c) Deletion of obsolete capabilities


Q27. Identify the disadvantage of Spiral Model.

a) Doesn’t work well for smaller projects

b) High amount of risk analysis

c) Strong approval and documentation control

d) Additional Functionality can be added at a later date

Q28. Beta Testing is done by

a) Developers

b) Testers

c) Users


Q29. Requirements analysis is critical to the success of a development project.

a) True

b) False

c) Depends upon the size of project


Q30. _________ test is not included in unit testing

a) Stress

b) Structural

c) Functional

d) Security

Q31. An iterative process of system development in which requirements are converted to a working system

that is continually revised through close work between an analyst and user is called

A. Waterfall modeling

B. Iterative modeling

C. Spiral modeling

D. None of these above

Q32. Which of the following does not apply to agility to a software process?



a) Uses incremental product delivery strategy

b) Only essential work products are produced

c) Eliminate the use of project planning and testing


Solution

1 c 9 c 17 b 25 b

2 a 10 d 18 c 26 d

3 d 11 b 19 b 27 a

4 c 12 c 20 c 28 c

5 b 13 c 21 d 29 a

6 d 14 c 22 a 30 d

7 c 15 b 23 d 31 c

8 b 16 d 24 b 32 c



SDLC MCQs - 2 Q1. In a proposed system, entity finds that system does not have an option to modify rates of TDS. The need may arise

whenever law changes in future. This failure may be defined as failure of…

(a) Economic Feasibility

(b) Legal Feasibility

(c) Operational Feasibility

(d) Schedule Feasibility

Q2. A task of developing a technical blueprint and specifications for a solution that fulfills the business requirements is

undertaken in the following phase of the system development process

A. system implementation

B. system Requirement analysis

C. system design

D. feasibility study

Q3. Project Management ensures that

A. project’s risk is assessed

B. project’s feasibility is assessed

C. system is developed at minimum cost

D. both A and B

Q4. Which one is NOT a phase of the systems development life cycle?

A. problem analysis

B. requirements analysis

C. post-implementation review

D. Customer analysis

Q5. Prototypes are used in

A. model-driven analysis

B. traditional approaches

C. accelerated systems analysis

D. structured analysis

Q6. Which of the following is NOT a feasibility analysis criterion?



A. technical feasibility

B. schedule feasibility

C. operational feasibility

D. Hardware feasibility

Q7. The task of identifying and expressing system requirements is performed in which phase of systems analysis?

A. problem analysis phase

B. scope definition phase

C. requirements analysis phase

D. System Development phase

Q8. Cause-and-effect analysis is performed in which of the following phase of systems development

A. scope definition phase

B. requirements analysis phase

C. design phase

D. System testing phase

Q9. It is necessary to design an information system to easily accommodate change, because

a. new computers are introduced every year

b. new computer languages become popular every year

c. organizations’ requirements change over a period of time

d. systems need continuous debugging

Q10. System analysts have to interact with

i) managers of organizations

ii) users in the organization

iii) programming team

iv) data entry operator

a. iii and iv

b. i, ii and iii

c. ii, iii and iv

d. ii and iii

Q11. The primary responsibility of a systems analyst is to



a. specify an information system which meets the requirements of an organization

b. write programs to meet specifications

c. maintain the system

d. meet managers of the organization regularly

Q12. By technical feasibility of a solution we mean that

a. technology is available to implement it

b. persons are available to implement it

c. persons have technical ability to implement it

d. funds are available to implement it

Q13. By Financial feasibility of a system we mean that

a. it is economical to operate

b. it is expensive to operate

c. it will be profitable to implement

d. finances are available to implement the system and it will be cost-effective

Q14. By operational feasibility we mean

a. the system can be operated nicely

b. the system is unusable by operators

c. the system can be adapted by an organization without major disruptions

d. the system can be implemented

Q15. A cost-benefit analysis is performed to assess

a. economic feasibility

b. operational feasibility

c. technical feasibility

d. all of the above

a. i and ii

b. ii and iii

c. iii and iv

d. i and iii

Q17. The intangible benefits in the following list are



(i)savings due to reducing investment

(ii)savings due to sending bills faster and consequent early collection

(iii)providing better service to the customers

(iv)improving quality of company’s products

a. i and ii

b. ii and iii

c. iii and iv

d. i and iii

Q18. The primary objective of cost-benefit analysis is

a. to find out direct and indirect cost of developing the information system

b. to determine the tangible benefits of the information system

c. to determine if it is economically worthwhile to invest in developing the information system

d. to determine the intangible benefits of the information system

Q19 .Managers in organizations should not design their own systems as

a. systems have to interact with other systems

b. they do not have the special skills necessary to design systems

c. it is not their job

d. they are always very busy

Q20. The responsibilities of a system analyst include

i) defining and prioritizing information requirement of an organization

ii) gathering data, facts and opinions of users in an organization

iii) drawing up specifications of the system for an organization

iv) designing and evaluating the system

a. i and ii

b. i, ii and iv

c. i, ii, iii and iv

d. i, ii and iii

Q21. Changing an operational information system entirely is

a. impossible

b. expensive and done selectively



c. never required

d. usually done

Q22. To easily modify the existing system it is necessary to

a. use good software tools

b. use the best hardware available

c. design the system which can be changed at low cost

d. keep the programming team happy

Q23. The main objective of system modification is

a. to use the latest software tools

b. to meet the user’s new/changed needs

c. to use the latest hardware

d. to have the most modern system

Q24. Systems are modified whenever

a. user’s requirements change

b. new computers are introduced in the market

c. new software tools become available in the market

d. other similar organization modify these system

Q25. The main objective of Perfective maintenance is

a. to see whether the system met specification

b. to improve the system based on user changed requirements

c. to remove bugs in the programs

d. to improve the efficiency of the system

Q26. System evaluation is carried out

a. after the system has been operational for a reasonable time

b. during system implementation

c. whenever managers of user organization want it

d. whenever operational staff want it

Q27. During system implementation the following are done



i) system changeover activities are carried out

ii) user documentation is created and users trained

iii) programmers are recruited and trained

iv) system evaluation is performed

a. i and iii

b. ii and iii

c. ii and iv

d. i, ii & iv

Q28. The primary objective of system design is to

a. design the programs, databases and test plan

b. design only user interfaces

c. implement the system

d. find out how the system will perform

Q29. System design is carried out

a. as soon as system requirements are determined

b. whenever a system analyst feels it is urgent

c. after final system specifications are approved by the organization

d. whenever the user management feels it should be done

Q30. Which is the most secure method to change over from old system to new system

a. direct implementation

b. phased changeover

c. pilot changeover

d. parallel changeover

Q31. Hardware study is required

a. to find out cost of computer system needed

b. to determine the type of computer system and software tools needed to meet the final system

specification

c. to make sure that the system does not become obsolete

d. to find how to implement the system

Q32. When system needs to be developed within specified time schedule , which development methodology can’t be



used .

a. waterfall

b. Agile

c. RAD

d. Spiral

Q33. System approval criteria are specified

a. when the final specifications are drawn up

b. during feasibility study

c. during the requirements specifications stage

d. during system study stage

Q34. The system implementation involve

i) to build a system prototype

ii) to train users to operate the system

iii) to implement designed system using computers

iv) write programs, create databases and test with live data

a. i

b. i

c. ii

d. ii

Q35. The final specifications are arrived at

a. after feasibility study

b. during feasibility study

c. just before implementation phase

d. when the system is being designed

Q36. The main goal of arriving at a final specification is

a. to tell the organization’s managers how the system will function

b. to tell the organization’s managers what the proposed system will achieve in a language understood

by them

c. to compute the cost of implementing the system

d. to assist in designing the system



Q37. Final specifications are drawn up by

a. system analyst in consultation with the management of the organization

b. the managers of user organization

c. system analyst in consultation with programmers

d. system designers along with users

Q38. The main objective of feasibility study is

a. to assess whether it is possible to meet the requirements specifications

b. to assess if it is possible to meet the requirements specified subject to constraints of budget, human

resource and hardware

c. to assist the management in implementing the desired system

d. to remove bottlenecks in implementing the desired system

Q39. A feasibility study is carried out

a. after final requirements specifications are drawn up

b. during the period when requirements specifications are drawn up

c. before the final requirements specifications are drawn up

d. at any time

Q40. It is necessary to consult the following while drawing up requirement specification

a. only top managers

b. only top and middle management

c. only top, middle and operational managers

d. top, middle and operational managers and also all who will use the system

Q41. The role of a system analyst drawing up a requirements specification is similar to

a. architect designing a building

b. a structural engineer designing a building

c. a contractor constructing a building

d. the workers who construct a building

Q42.system Requirement specification is prepared

a. after requirements are determined

b. before requirements are determined



c. simultaneously with requirements determination

d. independent of requirements determination

Q43. It is necessary to carry out a feasibility study as

a. top management can not ensure that a project is feasible before calling a system analyst

b. top management is not sure what they want from the system

c. even though top management is in favor of the system, technology may not be mature for

implementation

d. all organizations do it

Q44. Information requirements of an organization can be determined by

a. interviewing managers and users and arriving at the requirements based on consensus

b. finding out what similar organizations do

c. telling organization what they need based on your experience

d. sending a questionnaire to all employees of the organization

Q45. The major goal of requirement determination phase of information system development is

a. determine whether information is needed by an organization

b. determine what information is needed by an organization

c. determine how information needed by an organization can be provided

d. determine when information is to be given

Q46. A form used to record data about a transaction is a(n)

A. batch document

B. source document

C. on-line document

D. none of the above

Q47. Which of the following is(are) the inputs to the Systems Construction phase?

A. design prototypes

B. physical design specifications

C. documentation

D. all of the above

Q48. Which of the following is(are) the deliverables of the Systems Implementation phase?



A. training materials

B. physical design specification

C. operational system

D. none of the above

Q49. Which of the tests is a final system test performed by end users using real data over an extended period of time?

A. final test

B. complete test

C. systems acceptance test

D. parallel test

Q50. All of the following are examples of requirements problems, except

A. missing requirements

B. costly requirements

C. conflicting requirements

D. ambiguous requirements

Q51. Which one is NOT a common fact-finding technique?

A. Questionnaire

B. interviews

C. Documentation

D. Desk check

Q52. An ongoing activity of systems support is

A. assisting users

B. adapting the system to new requirements

C. recovering the system

D. all of the above

Q53. The process of requirements discovery consists of the following activities, except

A. requirements management

B. requirements discovery

C. problem discovery and analysis in new system

D. documenting and analyzing requirements



Q54. In Which one of the following fact-finding techniques large amount of information is collected easily ?

A. observations

B. Questionnaire

C. interviews

D. Documentation

Q55. In Which one of the following fact-finding techniques Exact requirement of user is collected obtained ?

A. observations

B. Questionnaire

C. interviews

D. Documentation

Q56. In Which one of the following fact-finding techniques system analyst actually visits the organization to collected

obtained ?

A. observations

B. Questionnaire

C. interviews

D. Documentation

Q57. Which is the best system development methodology involve joint development workshop

A) Traditional Approach

B) Prototype arrpoach

C) spiral approach

D) RAD approach

Q58 Which is the best system development methodology for risk identification and removal



C) spiral approach

D) RAD approach

Q59 Which is the best system development methodology is best suitable to obtain exact requirements at early stage of

the system development





C) spiral approach

D) RAD approach

Q60 Which is the best system development methodology is best suitable for developing regular system



C) spiral approach

D) RAD approach

Solutions.

1 b 11 a 21 b 31 b 41 a 51 d

2 c 12 a 22 c 32 d 42 a 52 d

3 d 13 d 23 b 33 a 43 c 53 c

4 d 14 c 24 a 34 d 44 a 54 b

5 c 15 a 25 b 35 a 45 b 55 c

6 d 16 a 26 a 36 b 46 b 56 a

7 c 17 c 27 d 37 a 47 d 57 d

8 d 18 c 28 a 38 b 48 c 58 c

9 c 19 b 29 c 39 c 49 c 59 b

10 b 20 d 30 d 40 d 50 b 60 a



IT Audit MCQs Q 1.With the help of what tools, IT auditor can plan for 100% substantive testing

A. CAAT

B. ERP

C. COBIT

D. Manual

Q 2. CAAT tools are used by the Auditor to perform Substantive Testing. CAAT stands for.

A. Computer Aided Audit Technique

B. Computer Aided Audit Tools

C. Computer Assisted Audit Technique

D. Computer Accounting and Auditing Technique

Q 3. By auditing around the computer we mean

a. the inputs and the corresponding outputs are compared and checked for correctness

b. the programs and procedures are checked for correctness

c. special synthetic data is input and outputs checked for correctness

d. programs are written to check the functioning of the computer hardware

Q 4. By auditing with a computer we mean





Q 5. By auditing through the computer we mean





Q6. How systemic Error help Auditor in Evidence Evaluation

A. Systemic Error raise audit flags on system errors to auditor against which auditor can easily take

action



B. Systemic errors are the errors made by system in processing thus auditor only required to

evaluate system processing

C. Systemic errors are made on all the transactions processed thus it reduces auditor time to evaluate evidence

D. All of the above

Q 7. In an organisation Auditor wants to collect evidences based on system user profiles ; which CATT can be

used by the auditor to achive the objective

a) CIS

b) Audit Hooks

c) Audit Trails

d) SCARF

Q 8. To perform IS audit IS Auditor must possess a good skills set ;in reference to this identify the wrong

statment

A. Should have Knowledge of IT policies

B. Should have Knowledge of IT ACT

C. Should be Able to understand BCP controls to organisation

D. Must possess CA degree

Q 9. Risk-control-Matrix is developed in which step of IS audit

A. Analysis

B. Planning

C. Fieldwork

D. Reporting

Q10. Which CAT tool facilitate real time notification display of messages on the auditor terminal

A. Snapshot

B. SCRAF

C. CIS

D. Audit Hook

Q11. Which one is not the objective of Audit Trail.

A. Audit trail promote Personal Accountability

B. Audit detect Unauthorized Access

C. to promote good internal control



D. Audit trail facilitate reconstruction of events

Q 12. Auditor uses SCARF to collect various information; what does SCARF stands for

a) System Control Audit review file

b) System Control Audit review facility

c) Software control Auditor’s review file

d) Software contol Auditors’s review facility

Q13. Which one is not Audit preformed during system development process

A. Concurrent audit

B. Pre-implementation Audit

C. Post-Implementation Audit

D. General Audit

Q14. IT audit is the process of collecting and evaluating evidence to determine

A. Whether a computer system safeguards assets

B. Whether maintains data integrity

C. Whether allows organisational goals to be achieved effectively and uses resources efficiently

D. All of the above

Q15. The objectives of IT audit include

A. Ensures asset safeguarding

B. Ensures that the attributes of data or information are maintained

C. Both (a) and (b)

D. None of the above

Q16.Failing to detect a material error would represent which type of risk?

A. Overall Audit Risk

B. Detection Risk

C. Inherent Risk

D. Control Risk

Q17. Which is one of the bigger concerns regarding asset disposal?

A. Residual Asset Value



B. Employees taking disposed property home

C. Standing data

D. Environmental Regulations

Q18. Audit Trail is an example of _______ control

A. Detective

B. Application

C. Preventive

D. Correction

Q 19. Which one is not a Boundary control audit trail :

a) Resources requested

b) No of sign on attempts

c) Authentication of information supplied

d) Time and date of printing output

Q20. Which among the following is not a compliance test as related to IT environment

a. Determining whether passwords are changed periodically.

b. Determining whether systems logs are reviewed

c. Determining whether program changes are authorised.

d. Reconciling account balances

Q.21. Which among the following is not a limitation in IT Audit

A. Data used not from production environment

B. If these is only production environment and audit could not test dummy data

C. “Read only Access” given to audit


Q22. The type of audit evidence which the auditor should consider using in IT audit includes

A. Observed process and existence of physical items

B. Documentary audit evidence excluding electronic records

C. Analysis excluding IT enabled analysis


Q 23. What is the commonly used example of generalised audit software?



A. CAAT

B. IDEA

C. COBIT


Q 24.A higher risk of system violation happens where

A. The audit module is not operational

B. The audit module has been disabled

C. The audit module is not periodically reviewed

D. All of the above

Q25. Auditing of information systems is primarily required to ensure the

(i)all input records are correct and are included in processing

(ii)the system has ample protection against frauds

(iii)the processing performance is reliable

(iv)the system is developed at low cost

A. i and ii

B. iii and iv

C. ii and iii

D. i , ii and iii

Q 26. In which type of IT Audit Auditor ensure that it management has developed a controlled environment

for information processing

A. System and Application

B. System development

C. Information processing facility

D. Management of IT and Enterprise Architecture

Q27. Which among the following is true as to Audit Reporting

A. Normal reporting format is not adhered to in the case of IT Audit

B. In IT audit, the base of the focus is the system

C. In IT audit the audience for the report should normally be ignored


Q 28. In case of outsourcing IT activities the IT auditor should



A. Review the policies and procedures which ensure the security of the financial data

B. Obtain a copy of the contract to determine if adequate controls have been specified

C. Ensure that audit needs are taken into account and included in the contracts

D. All of the above

Q 29. What is the characteristic of ‘detective control’

A. Minimise the impact of a threat

B. Use controls that detect and report the occurrence of an error, omission or malicious act.

C. Detect problems before they occur


Q30. Which one is not a continuous audit technique

A. Continuous ans intermittent simulation

B. SCRAF

C. Cobit

D. snapshot

Q31. The security goals of the organization does not cover

A. Confidentiality

B. Probability and impact of occurrence of Risk

C. Availability

D. Integrity

Q32. Identify the correct order of IT audit steps

(1) planning

(2)scoping

(3) Fieldwork

(4) close

(5) Analysis

(6)report

a. 1,2,3,4,5,6

b. 1,2,3,5,6,4

c. 2,1,3,5,4,6



d. 2,1,3,5,6,4

Solutions.

1 a 9 b 17 d 25 d

2 c 10 d 18 a 26 d

3 a 11 c 19 d 27 b

4 c 12 a 20 d 28 d

5 b 13 b 21 c 29 b

6 c 14 d 22 a 30 c

7 d 15 c 23 a 31 b

8 d 16 b 24 d 32 d



IT ACT 2000 - MCQs Q1. When IT Act 2000 came into effect?

A. 17 October,2000

B. 11 November,2000

C. 17 October,2001

D. 11 November,2001

Q2. IT Act 2000 amended various sections of which of the following Acts?

A. Indian Penal Code 1860

B. Reserve Bank of India Act 1934

C. Indian Evidence Act 1872

D. All of the above

Q3. Which one of the following is outside the scope of IT Act 2000

A. Electronic gift

B. Power of Attorney with digital signature

C. Electronic message

D. Electronic Evidence

Q4. Which is outside the scope of IT ACT?

A. Will

B. Negotiable instrument except cheque

C. Power of attorney

D. All of the above

Q5. Which one is within the scope of IT ACT?

A. Trust

B. Electronic Agreement of sale of immovable property with digital signature

C. Will

D. Truncated Cheque

Q6. Ram has a office in Kolkata , from where he accessed server of google situated in New York and hacked password

file . Is IT Act applicable on him



A. Yes

B. No

Q7. Ram has a office in New York , from where he accessed server of google situated in Kolkata and hacked password


A. Yes

B. No

Q8. Ram has a office in New York , from where he accessed server of google situated in canada and hacked password


A. Yes

B. No

Q9. Which of the following is an example of Intellectual property ?

A. Trade Marks

B. Copyright

C. Patent

D. All of the above

Q10. IT (Amendment )Act 2008 with amend IT Act 2000 , become effective from

A. 27 oct 2008

B. 27 oct 2009

C. 21 july 2008

D. 21 may 2009

Q11. Which Act casts responsibility on body corporate to protect sensitive personal information and

provide punishment for offences by companies.

A. IT Act 2000

B. IT (Amendment )Act 2008

C. Indian penal code

D. none

Q12. The section deals with legal recognition of electronic records

A. Section 6

B. Section 3

C. Section 4



D. Section 5

Q13. The section deals with legal recognition of digital signature

A. Section 3

B. Section 5

C. Section 6

D. Section 4

Q14. Which Act in India focuses on data protection and Data privacy ?

A. Banking Regulation Act 1949

B. IT Act 2000

C. Indian Penal Code

D. IT (amendment) Act 2008

Q15. Which section of IT Act deals with Child pornography and punishment provided by it for first conviction ?

A. Section 27A , imprisonment upto 5 years plus fine upto 1000000

B. Section 67D , imprisonment upto 3 years plus fine upto 500000

C. Section 67C , imprisonment upto 3 years plus fine upto 500000

D. Section 67B , imprisonment upto 5 years plus fine upto 1000000

Q16. Which section of IT Act deals with publishing sexually explicit contect in e form and punishment

provided by it for first conviction ?

A. Section 67A , imprisonment upto 5 years plus fine upto 1000000

B. Section 67A , imprisonment upto 3 years plus fine upto 500000

C. Section 67B , imprisonment upto 5 years plus fine upto 1000000

D. Section 67B , imprisonment upto 3 years plus fine upto 500000

Q17 Which of the following Act is not amended by IT Act 2000

A. Indian Penal Code 1860

B. Reserve Bank of India Act 1934

C. Bankers Book Evidence Act 1891

D. Income tax Act 1961

Q18. What is the proposed punishment for Cyber Terrorism in IT Act?

A. 1 crore rupees penalty

B. Life Imprisonment



C. 10 year imprisonment

D. 6 year imprisonment

Q19. Which section of IT Act 2000 proposes a punishment of life imprisonment?

A. Section 66F

B. Section 66C

C. Section 66B

D. Section 66A

Q20. What is the penalty(max) for destroying computer source code?

A. Three year imprisonment or 3 lakh rupees penalty or both

B. Two year imprisonment or 2 lakh rupees penalty or both

C. Three year imprisonment or 5 lakh rupees penalty or both

D. Three year imprisonment or 2 lakh rupees penalty or both

Q21. What is the time limit for filing appeal against the order of Cyber appellate tribunal?

A. 30 days

B. 90 days

C. 60 days

D. 45 days

Q22. What is the penalty for publishing images of a person's private parts without consent, as per IT Act 2000?

A. upto 5 years imprisonment or upto 5 lakh rupees penalty or both

B. Life imprisonment

C. upto 3 years imprisonment or upto 2 lakh rupees penalty or both


Q23. Which section of IT Act deals with Cyber terrorism?

A. Section 66C

B. Section 66B

C. Section 66F

D. Section 66A

Q24. Penalty of not filing a document within prescribed time

A. upto 2000 per day



B. upto 3000 per day

C. upto 4000 per day

D. upto 5000 per day

Q25. What is the punishment for hacking of computers?

A. upto Three year imprisonment or upto 10 lakh rupees penalty or both

B. Life Imprisonment

C. upto Three year imprisonment or upto 5 lakh rupees penalty or both

D. upto Three year imprisonment or upto 2 lakh rupees penalty or both

Q26. What is the punishment for identity theft in IT Act?

A. Upto Five year imprisonment & upto 5 lakh rupees

B. Upto Three year imprisonment & upto 1 lakh rupees

C. Upto Three year imprisonment or 1 lakh rupees penalty or both

D. Upto Five year imprisonment or upto 5 lakh rupees or both

Q27. What is/are component of IT Act 2000 ?

A. Regulation of Certification Authorities.

B. Digital Certificates

C. Legal Recognition to Digital Signatures

D. All of the above

Q28. Controller of Certifying Authorities (CCA) work under ?

A. Autonomous body

B. Prime Minister office

C. Ministry of Communication & IT

D. Reserve Bank of India

Q29. Which section of IT Act deals with the appointment of Controller of certifying authorities?

A. Section 5

B. Section 15

C. Section 10

D. Section 17

Q30. Which Act which provides legal framework for e-Governance in India?

A. Indian Penal Code



B. IT (amendment) Act 2008

C. IT Act - 2000


Q31. How many schedules are there in IT Act 2000?

A. 3

B. 4

C. 6

D. 2

Q32. As per SEBI norms Auditor must have __________years of experience to perform Audit

A. 5

B. 10

C. 3

D. 4

Q33. Audit schedules must be submitted to SEBI in _______advance

A. 5 months

B. 6 months

C. 3months

D. 2 months

Q34. Each Non-Conformities must be corrected by auditee management within a period of ________ and reported to

SEBI.

A. 1 month

B. 2 month

C. 3 month

D. 4 month

Q35. As per IRDA all insurer must get their system & processes audited once in ______ years by a CA

A. 3

B. 5

C. 4

D. 6

Q36. What enable enterprise to get certified by an independent certification body which confirms that IS security is



implemented in best possible manner?

A. ITIL

B. SA 402

C. ISO27001

D. BS47001

Q37. The authentication to be affected by use of asymmetric crypto system and hash function is known as

A) Public key

B) Private Key

C) Digital signature

D) E governance

Q38 Digital signature created and verified using

A. Program

B. Graphical coding

C. HTML

D. Cryptography

Q39 Private key is used to

e. Digitally sign

f. Verify the sign

g. Verify the document

h. coding

Q40. Public key is used to

A. Digitally sign

B. Verify the sign

C. Verify the document

D. coding

Q41 Verification of electronic record is possible through

e. Public key

f. Private key

g. Digital signature

h. Qualified staff and managent

Q42. the central government may appoint a _________ of certifying authority who shall exercise supervision over the



activities of certifying Authorities .

a. Commissioner

b. Controller

c. Executive

d. President

Q43. The certifying authority empowered to issue a Digital Signature certificate shall have to procure a

licence from the _________ to issue a Digital Signature certificate

A. Controller of certifying authority

B. Central government

C. State government

D. Commissioner of certifying authority

Q44 . ____________ is the person in whose name the digital signature certificate is issued

A. Certified authority

B. subscriber

C. holder

D. Controller

Q45. the _________ has the power to suspend or revoke Digital Signature certificate .

A. Certified authority

B. subscriber

C. commissioner

A. Controller

Q46. Which is the appeal court on the orders issued by Cyber appellate tribunal?

A. Muncipal court

B. District Court

C. High Court

D. Supreme Court

Q47. As per IT Act 2000 if you fail to maintain books of accounts you will be penalized upto

A. 5000 per day

B. 50000

C. rs 10000 per day

D. NIL



Q48 E-record and Digital Signature are used to

A. Filing of any form in government

B. Issue of grant

C. Make payment

D. All of the above

Q49 As per IT Act 2000 those who fail to furnish documents will be penalized upto

A. 5000 per day

B. 50000

C. 25000

D. 150000

Q50 How many volumes does ITIL v3 provide

A. 3

B. 4

C. 5

D. 6

Q51. What provide set of practices for IT Service Management with focus on aligning IT service with

business needs?

A. Cobit 5

B. ISO27001

C. SA402

D. ITIL

Q52. How many phase of ISMS are provided by ISO27001

A. 4

B. 5

C. 6

D. 8

Q53. What does ISMS stands for .

A. Information system manage secuity

B. Information system management security

C. Information security management system



D. none

Q54. Which phase of ISMS review the effectiveness of ISMS

A Plan phase

B. Do phase

C. Check phase

D. Act phase

Q55. Which phase of ISMS provide for the implementation of identified improvements

A. Plan phase

B. Do phase

C. Check phase

D. Act phase

Q56. Which phase of ISMS determine the scope of ISMS

A. Plan phase

B. Do phase

C. Check phase

D. Act phase

Q57. Which Volume of ITIL provide guidance on measurement of service performance throughout the life

cycle and improvements to ensure service deliver maximum benefits ?

A. Service strategy

B. Service transition

C. Service operation

D. Continual service improvement

Q58. As per IRDA guidelines who is not eligible to perform system audit

A. CA with less than 4 years of experience

B. Last year Auditor

C. Statutory auditor

D. Cost Auditor

Q59. Section 67,67A,67B applies in reference of clidren who have not completed _________years of age ?

A. 12

B. 14

C. 16



D. 18

Q60. Which SA provide the responsibilities of auditor to obtain sufficient audit evidences when entity uses

the service of one or more service organisation

A. SA402

B. SA406

C. SA408

D. SA410

Q61. Where company commits a offence under IT Act , who shall be punished ?

A. Company

B. Directors

C. Person incharge

D. Company and every person incharge

Solutions.

1 a 10 b 19 a 28 c 37 c 46 c 55 d

2 d 11 b 20 d 29 d 38 d 47 c 56 a

3 b 12 c 21 c 30 c 39 a 48 d 57 d

4 d 13 b 22 c 31 b 40 b 49 d 58 c

5 d 14 d 23 c 32 c 41 c 50 c 59 d

6 a 15 d 24 d 33 d 42 b 51 d 60 a

7 a 16 a 25 c 34 c 43 a 52 a 61 d

8 b 17 d 26 b 35 a 44 b 53 c 62 ---

9 d 18 b 27 d 36 c 45 a 54 c 63 ---



Cloud computing MCQs Part 1

Q1. You can’t count on a cloud provider maintaining your _____ in the face of government actions. a) scalability b) reliability c) privacy d) none of the mentioned

Q2. Which of the following is Cloud Platform by Amazon ? a) Azure b) AWS c) Cloudera d) All of the mentioned

Q3. SWIGGY.IN formed a cloud for its all branches but due to its limited resources it obtained the services of AWS for extended provisioning and thus modified its cloud ; The cloud so formed is the example of ______ a) Private cloud b) Public cloud c) Hybrid cloud d) community cloud

Q4. Which of the following is best known service model ? a) SaaS b) IaaS c) PaaS d) All of the mentioned

Q5. Point out the wrong statement : a) The vendor is responsible for all the operational aspects of the service b) The customer is responsible only for his interaction with the platform. c) Google’s App Engine platform is PaaS offering d) SaaS require specific application to be accessed globally over the internet.

Q6. _______ provides virtual machines, virtual storage, virtual infrastructure, and other hardware assets. a) IaaS b) SaaS c) PaaS d) All of the mentioned

Q7 .Usually methods like RAID strategies are used in cloud computing to maintain integrity. What RAID stands for ?

a) Redundant array of independent disks b) Redundant arrangements of independent disks c) Removal of array in independent disks d) Remove array for integrity dependent

Q8. Point out the wrong statement : a) in cloud computing user don’t have to worry about data backup and recovery b) cloud computing can be used by small as well as big organisation c) Cloud offer almost unlimited storage capacity



d) All applications benefit from deployment in the cloud

Q9. Which of the following is owned by an organization selling cloud services ? a) Public b) Private c) Community d) Hybrid

Q10 . Point out the wrong statement : a) Except for tightly managed SaaS cloud providers, the burden of resource management is still in the hands of the user b) Cloud computing vendors run higly reliable networks c) All cloud computing applications combine their resources into pools that can be assigned on demand to users d) none of the above

Q11. All cloud computing applications suffer from the inherent _______ that is intrinsic in their WAN connectivity. a) propagation b) latency c) noise d) None of the mentioned

Q12. Which of the following is specified parameter of SLA ? a) Response times b) Responsibilities of each party c) Warranties d) All of the mentioned

Q13. Which of the following should be replaced with the question mark in the following figure ?

a) Abstraction b) Virtualization c) Mobility Pattern d) All of the mentioned

Q14. What is the biggest disadvantage of community cloud ? a) Collaboration has to be maintained with other participants b) Less security features c) Cloud is used by many organisation for different purposes d) Organisation losses business autonomy

Q15. _______ enables batch processing, which greatly speeds up high-processing applications. a) Scalability b) Reliability c) Elasticity d) Utility



Q16. Cloud computing shifts capital expenditures into ________ expenditures. a) operating b) service c) local d) none of the mentioned

Q17. Cloud computing is also a good option when the cost of infrastructure and management is ______ a) low b) high c) moderate d) none of the mentioned

Q18. Which of the architectural layer is used as backend in cloud computing ? a) client b) cloud c) software d) Network

Q19. Which of the following is most important area of concern in cloud computing ? a) Security b) Storage c) Scalability d) All of the mentioned

Q20. ________ refers to the location and management of the cloud’s infrastructure. a) Service b) Deployment c) Application d) None of the mentioned

Q21. SaaS supports multiple users and provides a shared data model through _________ model. a) single-tenancy b) multi-tenancy c) multiple-instance d) all of the mentioned

Q22. Which of the following can be considered PaaS offering ? a) Google Maps b) Gmail c) Google Earth d) All of the mentioned

Q23. Point out the wrong statement : a) Due to vast number of users in public cloud SLA can’t be strictly followed. b) A community cloud may be managed by the constituent organization(s) or by a third Party c) Private clouds may be either on- or off-premises d) None of the mentioned

Q24. IaaS offer non-standard machine to customers. a) true b) false c) it depends upon use d) none of the above



Q25 . Which of the architectural layer is used as front end in cloud computing ? a) client b) cloud c) soft d) all of the mentioned

Q26 . _________ as a Service is a cloud computing infrastructure that creates a development environment upon which applications may be build. a) Infrastructure b) Service c) Platform d) All of the mentioned

Q27 Which cloud is deployed when there is a budget constraint but business autonomy is most essential ? a) Private cloud b) Public cloud c) Hybrid cloud d) Community cloud

Q28 CaaS vendor offer guaranteed QOS in SLA to their clients .what does QOS stands for ? a) Quality operating system b) Quality in other services c) Quality of service d) Quality object oriented service

Q29.__________ cloud is one where the cloud has been organized to serve a common function or purpose by

many organisation .

a) Public

b) Private

c) Community


Q30. ______ offering provides the tools and development environment to deploy applications on another

vendor’s application.

a) PaaS

b) IaaS

c) CaaS


Q31.Which is not a characteristics od SaaS? a) Multi device support b) Web Access c) one to Many d) offline Acess

Q32. Which is not an advantage of Grid?



a) Scalable

b) uses unused computing power

c) provide standard and high cpu

d) multi-tenancy

Solution

1 c 9 a 17 b 25 a

2 b 10 a 18 b 26 c

3 c 11 b 19 a 27 a

4 d 12 d 20 b 28 c

5 d 13 b 21 b 29 c

6 a 14 d 22 a 30 b

7 a 15 a 23 a 31 d

8 d 16 a 24 b 32 c



Cloud computing MCQs - 2 Q1. Which of these is a software solution that fulfills the need of supercomputer in an organization ?

a) Grid Computing

b) Cloud Computing

c) Virtualization

d) Green Computing

Q2. In which of the following unused power of the hardware owners are borrowed and let out to others ?

A. Cloud Computing

B. BYOD

C. Mobile Computing

D. Grid Computing

Q3. Grid computing enables ___________resources of computers to work collaboratively to solve a complex

problem

A. Owned

B. Homogeneous

C. Heterogeneous

D. Old

Q4.. Which technology allows use of read/write web, blogs & interactive web application etc. ?

a) Mobile Computing

b) Grid Computing

c) Cloud Computing

d) Web 2.0

Q5. What Baas Stands for?

A. Backup as a service

B. Backend as a service

C. Block as a service

D. Blockage as a service

Q6. Which is not a benefit of BYOD?

a) Lower IT Budget



b) IT Reduces Support Requirement

c) Dynamic Load Balances

d) Increased Employee Efficiency

Q7. What allow data to be readily intercepted by machines so that data can be reused ?

A. Ajax

B. RSS generated syndication

C. Semantic web

D. Web services

Q8.Which is not a characteristic of private cloud

A secure

B. Central control

C weak SLA

D. scalable

Q9. Which instance of SaaS Provide users with an integrated system of office automation, records

management, Migration, integration services with archiving, spam blocking, Malware protection &

Compliance feature ?

a) Testing as a service

b) Communication as a service

c) Desktop as a service

d) Email as a Service

Q10. Web 3.0 is also known as ________ :

a) Semantic Web

b) Systematic Web

c) Supportive Web

d) Segmented Web

Q11.Which risk of BYOD involves ‘Weak BYOD Policy’ ?

a) Network Risk

b) Device Risk

c) Implementation Risk

d) Application Risk



Q12. Which component of web 2.0 allow reloading a part of webpage without reloading the whole page ?

A. Folksonomy

B. Ajax

C. Mash up

D. RSS generated Syndication

Q13. Which is not the component of mobile computing ?

a) Communication

b) Software

c) Hardware

d) Database

Q14. Which is not a benefit of mobile computing ?

a) Update workload status

b) remote access of corporate database

c) improve management effectivness

d) Provide better guidance for project

Q15. Which is not a limitation of Mobile Computing ?

a) Potential health hazards

b) Transmission interferences

c) Power Consumption

d) Less Maintenance tools

Q16. Which components of Web 3.0 provides user a common framework that could be used to share & reuse the data

across various application ?

a) Semantic Web

b) Web Services

c) Supportive Web

d) Systematic Web

Q17. _______ Allows servers and stogare devices to increasingly share and utilise applications by easy migration from

one server to another.

a) Virtualization

b) Grid Computing



c) Artificial Intelligence

d) Web 3.0

Q18. Which type of cloud is the combination of two other clouds ?

a) Private

b) Public

c) Hybrid

d) Community

Q19. Private Cloud is not known as :

a) Internal cloud

b) Corporate loud

c) Supportive Cloud

d) None of these

Q20. A company is using Google Cloud Service for hosting its data / application. This use by the company of Google

cloud can be classified as..

(a) Public Cloud

(b) Private Cloud

(c) Hybrid Cloud

(d) Community Cloud

Q21. SaaS model in cloud computing is a good example of..

(a) Custom Built Application

(b) Leased Application

(c) Packaged Software

(d) Bought out Application

Q22. Under emerging BYOD (Bring your Own Device) Threats, _______________ risk refers to the data ost from stolen

or lost devices.

(a) Network

(b) Application

(c) Device

(d) Implementation



Q23.Which type of risk a company becomes vulnerable to when it adopts Bring Your Own Device (BYOD)?

(a) Confidentiality Risk

(b) Device Risk

(c) Application Risk

(d) Implementation Risk

Q24. Which components of Web 3.0 supports computer-to-computer interaction over internet.

a) Web Services

b) Supportive Web

c) Systematic Web

d) None of these

Q25. What is the full form of S.L.A. ?

a) Service Level Agreement

b) Strong legal Agreement

c) Security layout Agreement

d) Simplified Lawful Agreement

Q26. Which has meaning that employees are welcomed to use their personal computer in an organization ?

a) BYOD

b) Grid

c) Cloud

d)none

Q27. Which of the following is not a characteristics of Private Cloud?

A. Secured

B. Central Control

C. Scalable

D. Weak Service Level Agreements (SLAs)

Q28. Which of the following is not a Characteristics of Cloud Computing?

A. High Scalability

B. Virtualization

C. Multi-sharing



D. Interoperability

Q29. Which of the following is not a Components of Mobile Computing?

A. Mobile Communication

B. Mobile Hardware

C. BYOD

D. Mobile Software

Q30. Risk Emerge in BYOD are:-

A. Password leak Risk

B. Copy of information Risk

C. Network Risk

D. Virus Risk

Q31. Which one is not an application of Web 2.0?

A. Marketing

B. Social Media

C. Education

D. sementic web

Q32. Which of the following is a instances of SaaS?

A. Desktop as a Service (DTaaS):

B. Backend as a Service (BaaS):

C. Testing as a Service (TaaS)

D. Logistic as a service ( LaaS)

Q33. Which of the following is a instances of IaaS?


B. Backup as a Service (BaaS):


D. Email as a service ( EaaS)

Q34. Which of the following cloud offer data on demand to a diverse users , system , application?




B. Data as a Service (DaaS):


D. Logistic as a service ( LaaS)

Q35. which cloud offer service of moving cloud security features into cloud itself?

A. Communication as a Service (CaaS)

B. Security as a Service (SECaaS)

C. Identity as a Service (IDaaS)

D. Data as a Service (DaaS)

Q36. Which cloud have better scalibilty?

A. Community cloud

B. Hybrid cloud

C. Both A and B

D. None

Q37. Which of the following is Advantage of Community Clouds?

A. sharing of maintenance among the organizations.

B Strict SLAs

C. central control

D. Highest level of security

Q38. . Which is not a benefit of cloud computing ?

a) Streamline business processes

b) Pervasive accessibility

c) Economic of scale

d) Program debugging

Q39. Which of the following is Advantage of Hybrid Cloud?

A. better security than private cloud

B. Highly scalable

C. Strict SLAs are followed

D. Complex management



Q40. which one is the most cost effective cloud to form.

A. Private cloud

B. Public cloud

C. Community cloud

D. Hybrid cloud

Q41. Which cloud offer highest level of freedom to use cloud

A. Private cloud

B. Public cloud

C. Community cloud

D. Hybrid cloud

Q42.. In Cloud Computing, which of the following instance of Software as a Service (SaaS) allows users to

explore functionality of Web services such as Google Maps, Payroll Processing, and credit card processing

services.

(a) API as a Service (APIaaS)

(b) Testing as a Service (TaaS)

(c) Email as a Service (EaaS)

(d) Data as a Service (DaaS)

Q43. Which cloud offer Highest level of security features ?

A. Private cloud

B. Public cloud

C. Community cloud

D. Hybrid cloud

Q44. If a university sets up a web-based information system that faculty could access to record student

grades and to advise students, that would be an example of a/an

a) CRM

b) intranet

c) ERP

d)extranet

Q45. What allow feeding of freshly published web content to the users

A. Ajax



B. RSS generated syndication

C. Semantic web

D. Web services

Q46. …………………… refers to the study and practice of environmentally sustainable computing or IT.

A. Green computing

B. Cloud Computing

C. Grid Computing

D. Mobile Computing

Q47. Which one is not a security issue of mobile computing

A. Integrity

B. Legitimate

C. Accountability

D. Insufficient bandwidth

Q48. Which one is not a limitation of mobile computing

A. Power consumption

B. Health hazards

C. Business challenges

D. Security standards

Q49. which is not a service of Iaas ?

A. Compute

B. Storage

C. Network

D. Mail service

Q50. Which cloud is characterised of offering its service by way of offline access?

A. Iaas

B. Paas

C. Saas

D. Caas



Q51. Which one of the following is ‘computing that allows continuous access to remote resources even with the physical mobility of small computing devices such as laptops’?

a. Soft computing

b. Mobile computing

c.Remote computing

d.Ubiquitous computing

Q52. How do you dispose of your old computers or electronic devices ?

A. Throw them in the trash

B. Always sold them away (never disposed of it yourself)

C.Look for a recycling centre and dispose of it properly

D. none of above

Solution.

1 a 10 a 19 c 28 d 37 a 46 a

2 d 11 c 20 a 29 c 38 d 47 d

3 c 12 b 21 b 30 c 39 b 48 c

4 d 13 d 22 c 31 d 40 c 49 d

5 b 14 d 23 a 32 c 41 a 50 b

6 c 15 d 24 a 33 a 42 a 51 b

7 c 16 a 25 a 34 b 43 a 52 c

8 d 17 a 26 a 35 b 44 b 53 ---

9 d 18 c 27 c 36 b 45 b 54 ---

Documents

A Ambition