These are the basic Question you need to have a proper understanding form the Study material for your reference and understanding . Credit for this goes to Ajay Mohan M.
CHAPTER 1
Governance Basics
- What does governance primarily focus on?
a) Executing day-to-day tasks
b) Decision-making and accountability frameworks
c) Marketing strategies
d) IT system upgrades
Answer: b - Governance is distinct from management because governance:
a) Focuses on execution
b) Is limited to IT operations
c) Defines decision rights and accountability
d) Deals only with financial audits
Answer: c - Which principle is NOT part of a governance framework?
a) Based on a conceptual model
b) Aligning to major standards
c) Providing rigid, unchangeable structures
d) Remaining open and flexible
Answer: c - The key benefits of governance include:
a) Reducing the role of stakeholders
b) Improving customer relationships and satisfaction
c) Eliminating IT investments
d) Decreasing transparency
Answer: b
Enterprise and Corporate Governance - Enterprise governance integrates:
a) Compliance and IT audits
b) Corporate and business governance
c) Stakeholder analysis and IT management
d) Strategic and operational planning
Answer: b - Corporate governance focuses on:
a) Internal IT controls exclusively
b) Ensuring compliance and shareholder value
c) Day-to-day operations management
d) IT project approval processes
Answer: b - Business governance emphasizes:
a) Historical financial reporting
b) Proactive strategy and value creation
c) Reactive compliance management
d) Vendor management
Answer: b - Which is NOT a characteristic of good corporate governance?
a) Sustainable economic development
b) Sound internal control practices
c) Disregard for shareholder interests
d) Transparency and accountability
Answer: c
IT Governance - IT governance aligns IT activities with:
a) Employee goals
b) Industry benchmarks
c) Enterprise objectives
d) Vendor requirements
Answer: c - A primary goal of IT governance is to:
a) Reduce IT costs
b) Increase stakeholder satisfaction
c) Monitor enterprise IT investments
d) Define IT-related roles and responsibilities
Answer: d - Benefits of IT governance include all EXCEPT:
a) Improved cost performance of IT
b) Increased user satisfaction
c) Decentralized decision-making
d) Enhanced IT transparency
Answer: c
Frameworks and Standards - COBIT stands for:
a) Control Objectives for Information and Related Technology
b) Comprehensive Oversight of Business and IT
c) Centralized Objectives for IT Governance
d) Corporate Oversight and IT Tools
Answer: a - COBIT primarily helps with:
a) Designing IT systems
b) IT service operations
c) Governance and management of IT
d) Compliance audits
Answer: c - ISO 27001 is a standard for:
a) Financial risk management
b) Information security management systems
c) Vendor collaboration
d) IT project management
Answer: b - ITIL focuses on:
a) Aligning IT services with business needs
b) Risk assessments and audits
c) Stakeholder exclusion strategies
d) IT system automation
Answer: a
Governance Practices - IT governance requires active participation from:
a) IT vendors only
b) Board members and senior management
c) IT staff exclusively
d) External auditors
Answer: b - The IT steering committee ensures:
a) Compliance with legal standards only
b) Alignment of IT projects with enterprise goals
c) Creation of new IT departments
d) Outsourcing IT functions
Answer: b - A critical governance practice is:
a) Delegating decision-making to vendors
b) Monitoring IT-related decisions and their outcomes
c) Limiting stakeholder involvement
d) Ignoring compliance standards
Answer: b
Strategic Alignment - Strategic IT planning aims to:
a) Automate all enterprise processes
b) Align IT strategy with business objectives
c) Eliminate manual processes
d) Increase IT infrastructure costs
Answer: b - A gap analysis identifies:
a) Inefficient IT vendors
b) Misalignment between current and desired states
c) Budget overruns in IT projects
d) Redundant IT systems
Answer: b - The success of IT-business alignment is measured by:
a) Stakeholder satisfaction and value realization
b) Reduction in IT staff
c) Increase in manual workflows
d) IT infrastructure expansion
Answer: a
COBIT Framework - COBIT separates governance and management because:
a) They require different organizational structures
b) Governance is a subset of management
c) Management is only IT-specific
d) Governance involves operational activities
Answer: a - COBIT’s “Evaluate, Direct, Monitor” (EDM) domain focuses on:
a) Operational IT service delivery
b) Strategic decision-making and monitoring
c) Vendor compliance
d) Employee training
Answer: b - COBIT emphasizes:
a) IT architecture design
b) Financial auditing
c) Enterprise I&T goals alignment
d) Vendor management tools
Answer: c - A major component of COBIT includes:
a) Information flows
b) Industry-specific compliance mandates
c) Legacy system reviews
d) Marketing strategies
Answer: a
ITIL Framework - The four ITIL dimensions are:
a) Processes, platforms, tools, and strategies
b) Organizations and people, technology, partners, and value streams
c) Compliance, risk, IT, and operations
d) Vendors, policies, stakeholders, and finances
Answer: b - ITIL practices are categorized into:
a) General, technical, and service management practices
b) Strategic, operational, and financial practices
c) Vendor, compliance, and performance practices
d) IT-only processes
Answer: a - ITIL’s primary goal is to:
a) Define IT frameworks
b) Improve IT service delivery
c) Automate compliance processes
d) Eliminate manual processes
Answer: b
ISO 27001 Standard - ISO 27001 focuses on:
a) Governance structure implementation
b) Defining security policies and controls
c) Increasing IT infrastructure investments
d) Automating risk assessments
Answer: b - A key benefit of ISO 27001 is:
a) Eliminating all IT risks
b) Improved trust and credibility with stakeholders
c) Reduced vendor dependence
d) Increased focus on IT infrastructure
Answer: b
Governance Integration - IT governance integrates with corporate governance by:
a) Managing IT audits
b) Aligning IT investments with business strategies
c) Isolating IT from enterprise strategies
d) Outsourcing decision-making processes
Answer: b - GEIT (Governance of Enterprise IT) ensures:
a) IT processes align with governance goals
b) IT compliance replaces business goals
c) IT functions operate independently of governance
d) Financial audits focus solely on IT assets
Answer: a
IT and Business Strategy - Effective IT governance:
a) Delegates IT decisions to vendors
b) Ensures IT enhances business value
c) Eliminates IT staff involvement
d) Focuses only on cost-cutting measures
Answer: b - IT strategy planning involves:
a) Defining IT-specific goals independent of business needs
b) Aligning IT goals with enterprise strategies
c) Delegating decisions to middle management
d) Increasing IT complexity
Answer: b
CHAPTER 2
Governance, Risk, and Compliance (GRC) - What does GRC stand for?
a) Governance, Regulation, and Compliance
b) Governance, Risk, and Compliance
c) General Risk Control
d) Governance and Regulatory Control
Answer: b - Which of the following is NOT a component of GRC?
a) Risk management
b) Data science
c) Compliance
d) Governance
Answer: b - Governance in GRC refers to:
a) The process of enforcing internal audits
b) Setting strategic direction and monitoring outcomes
c) Mitigating operational risks
d) Conducting compliance assessments
Answer: b
Risk Fundamentals - Assets in risk management are defined as:
a) Only physical properties
b) Items with substantial value to the organization
c) Threat agents targeting the system
d) Only software and network infrastructure
Answer: b - The tenets of information security include:
a) Confidentiality, Integrity, and Accuracy
b) Availability, Confidentiality, and Integrity
c) Availability, Integrity, and Accuracy
d) Reliability, Security, and Scalability
Answer: b - A vulnerability is:
a) An inherent risk in operations
b) A weakness that could be exploited by a threat
c) A deliberate action causing harm to assets
d) A system upgrade process
Answer: b - A threat is defined as:
a) A weakness in internal controls
b) An entity or event with the potential to harm assets
c) The probability of a loss occurring
d) A compliance failure
Answer: b
Risk Classification and Management - What is inherent risk?
a) Risk after implementing controls
b) Risk before any control measures are applied
c) Risk mitigated by compliance measures
d) Risk assessed by external audits
Answer: b - Which is NOT a risk mitigation strategy?
a) Transfer
b) Tolerate
c) Terminate
d) Suspend
Answer: d - What does residual risk refer to?
a) Risks that arise after external audits
b) Risks that remain after applying controls
c) Risks related to compliance failure
d) Risks identified during risk classification
Answer: b
Malicious Attacks - Which of the following is an example of an active attack?
a) Eavesdropping
b) Dictionary password attack
c) IP spoofing
d) Both b and c
Answer: d - A man-in-the-middle attack is characterized by:
a) Infecting software with a virus
b) Intercepting and altering communications between two parties
c) Performing unauthorized access through eavesdropping
d) Crashing a system through brute force
Answer: b - Phishing primarily aims to:
a) Modify software without authorization
b) Trick victims into providing sensitive personal information
c) Overload network traffic
d) Install malware on systems
Answer: b
Malicious Software - A worm differs from a virus because:
a) It replicates without user intervention
b) It requires a host program to function
c) It cannot spread across networks
d) It does not harm the host system
Answer: a - Spyware is mainly designed to:
a) Create backups of user data
b) Gather information without user knowledge
c) Encrypt user files
d) Replace system files
Answer: b
Compliance - Regulatory compliance refers to:
a) Adhering to internal company policies
b) Meeting external laws and industry standards
c) Avoiding risks entirely
d) Implementing internal audits
Answer: b - Non-compliance with regulations can result in:
a) Loss of data integrity
b) Financial penalties and reputational damage
c) Employee attrition
d) Increased infrastructure costs
Answer: b - Internal compliance focuses on:
a) External audits only
b) Adherence to internal rules and controls
c) Preventing malicious software attacks
d) Eliminating external threats
Answer: b
Internal Controls - Internal controls are designed to:
a) Detect only external risks
b) Ensure operational and financial reporting effectiveness
c) Remove residual risks entirely
d) Replace internal audits
Answer: b - Limitations of internal controls include:
a) Complete elimination of fraud
b) Management override of controls
c) Higher audit complexity
d) Untraceable compliance errors
Answer: b
GRC Tools and Features - GRC tools primarily help organizations to:
a) Eliminate all risks
b) Manage policies, assess risks, and streamline compliance
c) Replace governance frameworks
d) Automate financial audits only
Answer: b - Which of the following is NOT a feature of GRC tools?
a) Risk data management and analytics
b) Workflow management
c) Marketing automation
d) Document and content management
Answer: c - A dashboard in GRC tools is used for:
a) Identifying external audit requirements
b) Monitoring key performance indicators in real-time
c) Designing new governance frameworks
d) Encrypting sensitive data
Answer: b
Risk Mitigation Strategies - Which strategy involves transferring risk to another party?
a) Treat
b) Terminate
c) Tolerate
d) Transfer
Answer: d - Tolerating risk implies:
a) Ignoring the risk completely
b) Taking no action while monitoring the risk
c) Reducing the likelihood of a threat exploiting a vulnerability
d) Eliminating the threat entirely
Answer: b - Which risk mitigation strategy focuses on reducing the likelihood or impact of a risk?
a) Treat
b) Transfer
c) Terminate
d) Tolerate
Answer: a
Types of Risks - Compliance risks arise due to:
a) Natural disasters
b) Failure to adhere to legal and regulatory requirements
c) Employee behavior
d) Vendor partnerships
Answer: b - Hazard risks include:
a) Risks with potential positive outcomes
b) Situations that may cause harm to objectives
c) Strategic changes affecting the organization
d) Variability in financial performance
Answer: b - Opportunity risks are:
a) Always guaranteed to result in benefits
b) Risks with potential negative effects only
c) Risks associated with taking or missing chances for gains
d) Risks from natural disasters
Answer: c
Internal Controls - The primary objective of internal controls is to:
a) Ensure full compliance with global regulations
b) Provide reasonable assurance for operational and reporting objectives
c) Prevent any occurrence of risks
d) Reduce the need for compliance audits
Answer: b - Which of the following is a limitation of internal control systems?
a) They can completely eliminate fraud
b) Collusion among employees can override controls
c) They eliminate the need for external audits
d) They focus only on operational risks
Answer: b
Cyber Threats - What is a brute-force password attack?
a) Using social engineering techniques to guess passwords
b) Using software to try all possible combinations of a password
c) Spoofing user credentials
d) Monitoring network traffic for passwords
Answer: b - What does IP address spoofing involve?
a) Modifying software vulnerabilities
b) Disguising a device to appear as another
c) Encrypting transmitted data
d) Blocking unauthorized users
Answer: b - A passive attack:
a) Eavesdrops on communications without altering them
b) Modifies transmitted data maliciously
c) Disrupts network availability
d) Steals user credentials actively
Answer: a
Malware Categories - A Trojan horse:
a) Replicates itself across networks without a host
b) Masquerades as legitimate software while executing malicious code
c) Encrypts all files on a system
d) Only disrupts network availability
Answer: b - A rootkit is primarily used to:
a) Protect operating systems from malware
b) Conceal malicious activities from users
c) Enhance network traffic monitoring
d) Encrypt stored data
Answer: b
Compliance and Regulatory Frameworks - Compliance ensures organizations:
a) Develop new governance frameworks
b) Adhere to external laws, regulations, and internal policies
c) Avoid developing risk mitigation strategies
d) Focus only on operational efficiency
Answer: b - Breaking compliance can result in:
a) Improved efficiency
b) Legal and reputational consequences
c) Increased internal audit frequency
d) Reduced dependency on governance frameworks
Answer: b
GRC Framework Benefits - An effective GRC framework helps organizations:
a) Automate only operational tasks
b) Align business objectives with risk and compliance requirements
c) Eliminate all vulnerabilities entirely
d) Replace external regulations with internal standards
Answer: b - Key benefits of GRC tools include:
a) Real-time monitoring and risk analytics
b) Replacement of all manual processes
c) Avoidance of compliance reporting
d) Ignoring regulatory changes
Answer: a
Risk Levels and Classification - Current risk refers to:
a) Risk that is completely eliminated
b) Risk after applying initial controls
c) Risk arising from new threats
d) Risk with no potential impact
Answer: b - Strategic risks often arise from:
a) Operational inefficiencies
b) Changes in macroeconomic or political conditions
c) Employee fraud
d) IT infrastructure failure
Answer: b - Marketplace risks are associated with:
a) Customer trade or expenditure
b) Vendor compliance
c) Mismanagement of internal processes
d) Leadership risks
Answer: a
Countermeasures - The primary function of a firewall is to:
a) Replace anti-malware software
b) Regulate traffic between trusted and untrusted networks
c) Prevent data loss from storage devices
d) Detect vulnerabilities in software
Answer: b - Anti-malware software is designed to:
a) Encrypt all network traffic
b) Detect and remove malicious software
c) Monitor user activity for suspicious behavior
d) Replace compliance measures
Answer: b
Final Review - Governance focuses on:
a) Implementing IT tools
b) Setting strategic goals and monitoring their achievement
c) Managing malicious software threats
d) Increasing employee engagement
Answer: b - The 4Ts of risk management include all EXCEPT:
a) Treat
b) Terminate
c) Transfer
d) Trust
Answer: d - Compliance is considered a:
a) One-time activity
b) Continuous process of adhering to standards
c) Substitute for risk management
d) Component of IT governance only
Answer: b - Risk assessment helps organizations:
a) Eliminate external audits
b) Identify threats, vulnerabilities, and potential impacts
c) Avoid operational risks entirely
d) Focus solely on compliance activities
Answer: b - Integrated GRC frameworks help by:
a) Centralizing risk, governance, and compliance functions
b) Eliminating internal control requirements
c) Reducing operational complexity
d) Ignoring emerging regulatory challenges
Answer: a
CHAPTER 3
Introduction to ERM - What is the primary goal of Enterprise Risk Management (ERM)?
a) Eliminate all risks
b) Align risk with strategy and objectives
c) Enhance operational speed
d) Increase regulatory compliance only
Answer: b - Which of the following best defines ERM?
a) A set of static rules for compliance
b) A dynamic process to identify, assess, and mitigate risks
c) A technology framework for IT management
d) A risk avoidance mechanism
Answer: b - ERM provides reasonable assurance regarding:
a) Absolute elimination of risks
b) Achievement of organizational objectives
c) Maximizing profit in all ventures
d) Ensuring zero errors in operations
Answer: b - What does “risk appetite” in ERM refer to?
a) The extent of risk an enterprise is willing to accept
b) The risks an enterprise has fully mitigated
c) The probability of risk occurrence
d) The organization’s response to crises
Answer: a
COSO ERM Framework - The COSO ERM framework consists of how many interrelated components?
a) 6
b) 8
c) 5
d) 4
Answer: b - Which of the following is NOT a component of the COSO ERM framework?
a) Control Environment
b) Organizational Chart
c) Event Identification
d) Risk Response
Answer: b - The COSO ERM cube includes how many categories of management objectives?
a) 2
b) 3
c) 4
d) 5
Answer: c - What does the “Control Environment” component focus on?
a) Establishing operational benchmarks
b) Defining the tone and ethical culture of an organization
c) Ensuring complete elimination of risks
d) Automating control systems
Answer: b
Risk Identification and Assessment - Risk identification includes which of the following activities?
a) Establishing risk control systems
b) Identifying events with potential impact on objectives
c) Monitoring operational efficiency
d) Reducing risk likelihood
Answer: b - What are the two bases for assessing risks in ERM?
a) Financial impact and operational impact
b) Risk likelihood and risk impact
c) Organizational culture and resource allocation
d) Stakeholder expectations and compliance requirements
Answer: b - Residual risk is defined as:
a) The risk remaining after controls are implemented
b) Risks that cannot be identified
c) Risks outside the scope of ERM
d) Risks eliminated through compliance programs
Answer: a
Risk Response - Which of the following is NOT a risk response strategy?
a) Avoidance
b) Acceptance
c) Suspension
d) Sharing
Answer: c - Risk mitigation primarily involves:
a) Eliminating risk entirely
b) Reducing the likelihood or impact of risks
c) Transferring risk responsibility to external parties
d) Ignoring risks with low likelihood
Answer: b - Sharing risk often involves:
a) Delegating risk to middle management
b) Establishing partnerships with external entities like insurers
c) Discontinuing high-risk activities
d) Increasing stakeholder involvement
Answer: b
ERM Principles - One principle of governance and culture is:
a) Developing independent operating units
b) Defining risk appetite and ethical standards
c) Avoiding high-risk ventures
d) Decentralizing risk management
Answer: b - What does “formulating business objectives” in ERM involve?
a) Defining objectives that align with strategy and risk appetite
b) Establishing control environments for risk assessment
c) Monitoring operational units
d) Developing new compliance rules
Answer: a - Portfolio view in ERM helps organizations:
a) Evaluate individual risks in isolation
b) View collective risks in relation to objectives
c) Increase operational independence
d) Avoid high-risk strategies
Answer: b
Performance and Monitoring - What is a key principle under the “Performance” component of ERM?
a) Implementing rigid compliance rules
b) Monitoring stakeholder activities
c) Identifying and prioritizing risks
d) Reducing all operational controls
Answer: c - Effective monitoring ensures:
a) ERM processes remain static
b) Risks are reviewed periodically and updated as needed
c) Control activities are applied universally
d) Compliance with outdated frameworks
Answer: b
Strategic Objectives - Strategic objectives in COSO ERM are aligned with:
a) Operational efficiency goals
b) The entity’s mission and vision
c) Risk appetite exclusively
d) Reporting frameworks
Answer: b - Which of the following is an example of a reporting objective?
a) Complying with environmental regulations
b) Ensuring reliable financial reporting
c) Streamlining operational workflows
d) Increasing resource allocation
Answer: b
ERM Implementation - What does the PIML framework in ERM stand for?
a) Plan, Innovate, Measure, Learn
b) Plan, Implement, Measure, Learn
c) Prepare, Investigate, Monitor, Lead
d) Perform, Initiate, Mitigate, Launch
Answer: b - A key step in the “Plan” phase of PIML is:
a) Evaluating risk performance
b) Identifying intended benefits of ERM initiatives
c) Monitoring stakeholder responses
d) Establishing compliance frameworks
Answer: b
ERM Framework - The COSO ERM framework uses a multidirectional process to:
a) Focus on external regulatory changes only
b) Influence and integrate all its components across the organization
c) Align operational controls with financial statements
d) Eliminate low-impact risks automatically
Answer: b - Which COSO ERM component is responsible for aligning risk management with the
organization’s culture?
a) Governance and Culture
b) Risk Response
c) Information and Communication
d) Monitoring
Answer: a - In ERM, risk tolerance refers to:
a) The broad level of risk an organization accepts
b) The specific amount of risk acceptable in decision-making
c) The process of identifying low-priority risks
d) The likelihood of risk occurrence
Answer: b - Risk tolerance and risk appetite are:
a) Independent concepts without overlap
b) Two sides of the same coin in decision-making
c) Mutually exclusive strategies in ERM
d) Focused solely on financial risks
Answer: b
Risk and Performance - What is a significant benefit of ERM in minimizing operational surprises?
a) Eliminating risks from all processes
b) Identifying potential events and preparing responses
c) Standardizing global regulations
d) Avoiding high-risk strategies
Answer: b - Risk response strategies include which of the following?
a) Avoidance, reduction, sharing, and acceptance
b) Reduction, elimination, monitoring, and standardization
c) Transfer, escalation, review, and response
d) Suppression, avoidance, review, and compliance
Answer: a - The component “Monitoring” in the ERM framework is designed to:
a) Create new risk categories
b) Ensure the ERM system adapts dynamically to changing conditions
c) Identify outdated operational risks
d) Eliminate compliance redundancies
Answer: b
COSO ERM Enhancements - The 2017 COSO ERM update emphasizes:
a) Static strategies for addressing risks
b) The alignment of risk management with strategy and performance
c) Reducing the scope of risk evaluation to internal controls
d) Removing risk appetite considerations
Answer: b - The COSO ERM “Rainbow Double Helix” highlights:
a) The role of culture and governance in achieving objectives
b) A static structure for monitoring risk performance
c) A linear process for risk response implementation
d) Exclusively quantitative risk assessments
Answer: a
Governance and Culture - Attracting and retaining capable individuals is a principle of which component?
a) Performance
b) Governance and Culture
c) Risk Response
d) Review and Revision
Answer: b - A risk-aware culture in an organization focuses on:
a) Avoiding all potential risks
b) Developing proactive risk management behaviors
c) Increasing operational complexity
d) Shifting risk responsibility to external parties
Answer: b
Performance Objectives - The principle of “Develops Portfolio View” in ERM helps organizations:
a) Focus on specific high-risk activities
b) Evaluate risk interdependencies and their collective impact
c) Eliminate unrelated risks
d) Develop financial reporting frameworks
Answer: b - Prioritizing risks involves criteria such as:
a) Recovery time and adaptability
b) Historical relevance
c) Elimination of compliance challenges
d) Redundancy of risk factors
Answer: a
Review and Revision - The “Review and Revision” component focuses on:
a) Static compliance frameworks
b) Monitoring substantial changes in risk factors
c) Isolating risk assessment from strategy
d) Avoiding iterative processes in risk management
Answer: b - Continuous improvement in ERM aims to:
a) Develop static strategies for compliance
b) Increase organizational resilience and adaptability
c) Replace risk assessments with automation
d) Focus exclusively on regulatory changes
Answer: b
Information, Communication, and Reporting - Effective communication in ERM should flow:
a) Only from the top down
b) Across, up, and down the organization
c) Exclusively through external stakeholders
d) Between regulatory bodies and top management
Answer: b - Risk reporting in ERM is intended to:
a) Increase organizational complexity
b) Support decision-making and enable effective oversight
c) Focus only on internal communication channels
d) Ignore stakeholder inputs
Answer: b
Benefits of ERM - ERM increases resource deployment efficiency by:
a) Reducing all resource-related risks
b) Prioritizing and aligning resources with objectives
c) Eliminating low-risk activities
d) Ignoring emerging risks in resource allocation
Answer: b - Enhanced enterprise resilience through ERM allows organizations to:
a) React to changes without evolving
b) Adapt and thrive in changing conditions
c) Minimize risks by avoiding innovation
d) Focus solely on internal risk factors
Answer: b
ERM Implementation - A key step in “Implementing” ERM through PIML includes:
a) Establishing common risk language
b) Measuring risk performance
c) Embedding risk-aware culture
d) Reviewing substantial organizational changes
Answer: a - The “Measuring” phase of PIML focuses on:
a) Defining the scope of ERM initiatives
b) Evaluating control effectiveness and introducing improvements
c) Identifying external risk benchmarks
d) Reducing risk occurrence by avoiding innovation
Answer: b - The “Learning” phase involves:
a) Establishing initial risk benchmarks
b) Monitoring risk performance and ensuring compliance
c) Avoiding unnecessary risk reviews
d) Focusing on operational controls only
Answer: b
Miscellaneous - Which principle under “Performance” involves addressing risks arising from external
changes?
a) Assesses Substantial Change
b) Identifies Risk
c) Develops Portfolio View
d) Reviews Risk and Performance
Answer: b - The COSO framework addresses compliance objectives related to:
a) Operational goals exclusively
b) Adhering to laws, regulations, and contracts
c) Reporting financial inconsistencies
d) Reducing strategic risks
Answer: b - Which is NOT a primary benefit of integrating ERM?
a) Identifying and managing entity-wide risks
b) Increasing positive outcomes
c) Eliminating performance variability
d) Reducing negative surprises
Answer: c - Governance in ERM includes:
a) Establishing oversight responsibilities
b) Automating reporting systems
c) Avoiding stakeholder inputs
d) Eliminating ethical considerations
Answer: a - Effective ERM implementation is characterized by:
a) Static methodologies
b) A continuous and iterative process
c) Isolated compliance activities
d) Exclusive reliance on internal assessments
Answer: b
CHAPTER 4
Set 1: Principles of Information Security - Which of the following is NOT a component of the CIA triad? A. Confidentiality
B. Integrity
C. Scalability
D. Availability
Answer: C - What does “Confidentiality” in the CIA triad primarily ensure? A. Authorized users
have access to accurate data.
B. Information is free from unauthorized disclosure.
C. Systems are protected from downtime.
D. Backup copies of data are available.
Answer: B - In ISMS, “Integrity” is violated when: A. Data is modified without authorization.
B. Data becomes inaccessible due to system failure.
C. Data is encrypted with an outdated algorithm.
D. Unauthorized users view sensitive information.
Answer: A - Which principle emphasizes that information should be accessible to authorized users
when needed? A. Accountability
B. Scalability
C. Availability
D. Confidentiality
Answer: C - Which of the following is the primary objective of an Information Security Policy? A.
Increase profitability through IT controls.
B. Ensure compliance with all global security laws.
C. Protect organizational assets from security risks.
D. Maximize IT resource allocation.
Answer: C
Set 2: Risk Management - What is the first step in the risk management process? A. Risk mitigation
B. Risk identification
C. Risk monitoring
D. Risk assessment
Answer: B - When conducting a risk assessment, which factor is considered most critical? A. The
organization’s market position
B. The probability and impact of risks
C. The size of the IT department
D. The complexity of encryption protocols
Answer: B - Which tool is most effective for assessing vulnerabilities in an IT system? A.
Encryption software
B. Network vulnerability scanners
C. Audit checklists
D. Firewall configuration guides
Answer: B - How should a company prioritize risks identified during a risk assessment? A.
Alphabetically
B. By the cost of mitigation
C. By likelihood and potential impact
D. By stakeholder preference
Answer: C - Which of the following is a preventive control in risk management? A. Incident
logging system
B. Antivirus software
C. Regular audits
D. Business continuity planning
Answer: B
Set 3: Compliance and Legal Frameworks - What is the main objective of ISO 27001 certification? A. Guaranteeing zero
cybersecurity breaches
B. Demonstrating compliance with global information security standards
C. Enhancing employee satisfaction
D. Reducing IT expenditures
Answer: B - Which of these is NOT a core requirement under GDPR? A. Data encryption for all
data transfers
B. Right to data portability for users
C. Appointment of a Data Protection Officer
D. Mandatory data breach notification within 72 hours
Answer: A - The Indian Information Technology Act, 2000, primarily governs: A. IT infrastructure
taxation
B. Digital signatures and cybersecurity
C. Intellectual property rights
D. Import/export of IT hardware
Answer: B - Under which law are companies mandated to conduct periodic security awareness
training? A. SOX Act
B. GDPR
C. HIPAA
D. Both B and C
Answer: D - Which compliance framework focuses on payment card security? A. GDPR
B. PCI DSS
C. ISO 27001
D. HIPAA
Answer: B
Set 4: Incident Management - What is the first step in responding to a security incident? A. Isolate affected systems
B. Notify stakeholders
C. Identify the type and scope of the incident
D. Analyze historical logs
Answer: C - A Distributed Denial of Service (DDoS) attack affects which aspect of the CIA triad?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
Answer: C - After a ransomware attack, which action should be avoided? A. Paying the ransom
B. Restoring systems from backup
C. Conducting a forensic investigation
D. Informing law enforcement agencies
Answer: A - Which metric is most relevant in evaluating the success of an incident response plan?
A. Time to detect and respond
B. Employee satisfaction
C. Budget utilization
D. Number of training sessions conducted
Answer: A - The primary goal of incident logging is to: A. Identify the attacker’s location.
B. Establish accountability.
C. Create an audit trail for investigation.
D. Inform employees about policy violations.
Answer: C
Case Scenario:
ABC Technologies Pvt. Ltd., a global leader in fintech, provides end-to-end payment
gateway solutions to over 3000 clients across multiple countries. Due to increasing
cybersecurity threats, the organization implemented an Information Security Management
System (ISMS) aligned with ISO 27001 standards.
The company’s management faced several challenges: - Risk Management: There was no established process for identifying vulnerabilities and
threats to IT infrastructure. - Compliance: Regulatory audits highlighted weak documentation of security policies.
- Training and Awareness: Employees frequently fell prey to phishing attacks.
- Incident Response: A ransomware attack crippled their systems for three days, causing
significant financial losses.
To address these issues, the company implemented the following measures:
Information Security Policy: Established a robust policy focusing on Confidentiality,
Integrity, and Availability.
Risk Assessment: A third-party firm conducted vulnerability assessments every quarter.
Training: Mandatory monthly training sessions on phishing awareness and incident
reporting.
Business Continuity Plan (BCP): Introduced periodic drills and documented disaster
recovery plans.
Despite these initiatives, a recent audit revealed inconsistencies:
Senior management’s support was limited to initial stages, and follow-ups lacked rigor.
Some critical systems did not comply with encryption standards.
Employees often bypassed security protocols, citing productivity concerns.
Questions
Question 1:
What was the most significant deficiency in ABC Technologies’ incident response approach
before implementing ISMS?
A. Lack of regulatory audits.
B. Absence of a documented disaster recovery plan.
C. Frequent phishing attacks on employees.
D. Non-compliance with ISO standards.
Answer: B
Question 2:
Which principle of the CIA triad was compromised when employees bypassed security
protocols?
A. Confidentiality.
B. Integrity.
C. Availability.
D. Scalability.
Answer: A
Question 3:
If the third-party risk assessment identifies unencrypted sensitive data on a payment gateway,
which corrective action aligns best with compliance?
A. Immediate encryption of the sensitive data and related systems.
B. Dismissing the third-party firm for negligence.
C. Disabling the payment gateway temporarily.
D. Conducting an internal compliance survey.
Answer: A
Question 4:
What training priority should ABC Technologies implement to mitigate phishing attacks?
A. Technical encryption protocols.
B. Social engineering awareness programs.
C. Advanced software development methodologies.
D. Legal consequences of breaches.
Answer: B
Question 5:
Despite implementing the ISMS, ABC Technologies faced inconsistent management follow
ups. What governance model could strengthen compliance?
A. Delegating responsibility to mid-level managers.
B. Establishing a Security Steering Committee with periodic reviews.
C. Outsourcing all security operations to an external vendor.
D. Limiting access to only technical staff.
Answer: B
CHAPTR 5
Introduction to BCM - Business Continuity Management (BCM) helps enterprises to:
a) Eliminate all risks
b) Manage disruptions and reduce potential losses
c) Avoid regulatory compliance
d) Improve branding only
Answer: b - Which of the following is a key objective of BCM?
a) Maintain uninterrupted availability of all resources
b) Develop marketing strategies
c) Ensure compliance with customer grievances
d) Focus exclusively on IT infrastructure
Answer: a - The BCM process includes:
a) Employee retention strategies
b) Planning, testing, and continuous improvement
c) Budget allocation only
d) Avoidance of all disruptions
Answer: b
BCP Policy - What is the primary goal of a Business Continuity Plan (BCP)?
a) Maximize operational downtime
b) Minimize losses and reestablish normal business operations
c) Ensure exclusivity in vendor contracts
d) Automate all manual processes
Answer: b - A BCP policy document primarily provides:
a) Marketing guidelines
b) A structure for managing disaster recovery and continuity
c) Methods to eliminate external audits
d) Automation of all employee tasks
Answer: b
BCM Advantages - One advantage of BCM is:
a) Eliminating employee dependencies
b) Proactive threat assessment and containment
c) Reducing business obligations
d) Avoiding all external audits
Answer: b - Regular testing and training in BCM help organizations:
a) Increase operational redundancies
b) Strengthen response and recovery mechanisms
c) Focus solely on technological solutions
d) Avoid budget planning
Answer: b
Types of Plans - What does the Emergency Plan address?
a) Routine operational tasks
b) Immediate actions during a disaster
c) Long-term business strategies
d) Marketing failures
Answer: b - Which plan focuses on resuming full information system capabilities after a disaster?
a) Recovery Plan
b) Test Plan
c) Emergency Plan
d) Backup Plan
Answer: a - A Test Plan is designed to:
a) Replace recovery plans
b) Identify deficiencies in BCM procedures
c) Develop marketing strategies
d) Eliminate manual operations
Answer: b
Types of Backups - Which backup captures all files on the disk, regardless of changes?
a) Incremental Backup
b) Full Backup
c) Differential Backup
d) Mirror Backup
Answer: b - Incremental backups:
a) Capture all files every time
b) Backup only changes since the last backup
c) Focus on manual processes
d) Require the most storage space
Answer: b - Differential backups store:
a) Files changed since the last incremental backup
b) All files, regardless of changes
c) Changes since the last full backup
d) A mirror image of the source
Answer: c - Mirror backups differ from full backups because:
a) They do not compress files
b) They include old and obsolete files
c) They are always encrypted
d) They backup only new files
Answer: a
BCP Development Phases - What is the first phase in developing a BCP?
a) Risk Assessment
b) Pre-Planning Activities
c) Business Impact Analysis
d) Plan Development
Answer: b - The purpose of a Business Impact Analysis (BIA) is to:
a) Automate backup procedures
b) Assess the impact of disruptions on business functions
c) Monitor external compliance
d) Develop marketing strategies
Answer: b
BCM Process and Cycle - What is the first stage of the BCM cycle?
a) BCM Strategies
b) Information Collection
c) Training and Awareness
d) Testing and Maintenance
Answer: b - The BCM cycle emphasizes:
a) Training programs exclusively
b) Continuous improvement and adaptation
c) Avoiding external audits
d) Cost-cutting measures
Answer: b - Testing and maintenance of a BCP ensure:
a) Plans are up-to-date and effective
b) Elimination of all manual processes
c) Increased marketing budgets
d) Compliance with customer feedback
Answer: a
Incident Management Plan (IMP) - The Incident Management Plan focuses on:
a) Managing long-term strategies
b) Initial response to crises
c) Automating backup processes
d) Developing marketing campaigns
Answer: b - A key feature of an IMP is:
a) Flexibility and relevance
b) Exclusivity in vendor agreements
c) Automation of manual tasks
d) Elimination of risks entirely
Answer: a
Backup Facilities - A cold site:
a) Includes all hardware and operational facilities
b) Contains minimal facilities for recovery
c) Automates all recovery processes
d) Includes all applications and data
Answer: b - A warm site:
a) Provides an intermediate level of backup facilities
b) Contains no hardware
c) Focuses solely on customer satisfaction
d) Automates marketing strategies
Answer: a - Reciprocal agreements involve:
a) Contracts with insurance companies
b) Mutual backup support between organizations
c) Elimination of BCM requirements
d) Vendor-specific automation
Answer: b
Disaster Recovery Procedural Plan - Emergency procedures in a disaster recovery plan involve:
a) Defining marketing goals
b) Immediate actions after a disaster
c) Long-term business strategies
d) Training customer support teams
Answer: b - Maintenance schedules in recovery planning:
a) Eliminate manual testing requirements
b) Outline ongoing testing and updates
c) Focus exclusively on IT compliance
d) Avoid changes to operational strategies
Answer: b
Training and Awareness - BCM training promotes:
a) Awareness of BCM roles and responsibilities
b) Focus on external audits exclusively
c) Elimination of operational redundancies
d) Exclusive reliance on IT systems
Answer: a - A BCM-aware culture is supported by:
a) Marketing campaigns
b) Leadership, training, and accountability
c) Outsourcing BCM entirely
d) Focusing solely on customer experience
Answer: b
BCM Documentation and Maintenance - The BCM documentation process ensures:
a) Adherence to document control and record management processes
b) Focus on eliminating redundancies exclusively
c) Automating compliance with no updates required
d) Avoidance of all manual tasks
Answer: a - BCM maintenance requires organizations to:
a) Establish regular reviews of plans and ensure updates after major changes
b) Focus only on external compliance standards
c) Avoid maintaining outdated records
d) Eliminate backup requirements entirely
Answer: a - Records retained in BCM must:
a) Include only critical disruptions
b) Be kept for at least one year or per regulatory requirements
c) Be automated with no manual interventions
d) Include only operational data
Answer: b
Types of Backups - Full backups:
a) Capture only changed files
b) Require significant storage space compared to other backup types
c) Are faster than incremental backups
d) Automatically delete old files
Answer: b - Incremental backups:
a) Are slower than full backups
b) Include only files changed since the last backup of any type
c) Require the most storage space
d) Avoid reliance on previous backups
Answer: b - Differential backups require:
a) The last full backup and the most recent differential backup for recovery
b) All incremental backups for restoration
c) The least amount of storage compared to incremental backups
d) No full backups for recovery
Answer: a - Mirror backups:
a) Compress files for additional storage
b) Keep an exact replica of the source
c) Include multiple versions of old files
d) Focus only on cloud-based storage
Answer: b - Cloud backups offer:
a) Dependence on local storage
b) Scalability and redundancy
c) The least amount of security for critical data
d) Exclusivity for smaller organizations
Answer: b
Alternate Processing Facilities - A hot site is:
a) A backup facility with all operational capabilities ready
b) A facility with minimal resources for recovery
c) A temporary storage facility
d) Dependent entirely on external organizations
Answer: a - Reciprocal agreements for backup are:
a) Difficult to enforce due to informal nature
b) The most reliable backup solution
c) Exclusively used by small organizations
d) Focused on eliminating cold site requirements
Answer: a - The main difference between a warm site and a hot site is:
a) A warm site includes all critical hardware and software
b) A hot site is fully operational while a warm site provides limited functionality
c) Warm sites are slower to set up than cold sites
d) Warm sites require no additional agreements
Answer: b
Disaster Recovery Plan - The disaster recovery plan must include:
a) Maintenance schedules and contingency plan documents
b) Marketing budgets for incident response
c) Exclusive reliance on IT recovery
d) Redundancies in employee roles only
Answer: a - Fallback procedures in a disaster recovery plan ensure:
a) Essential services continue at an alternate location
b) Exclusive recovery of hardware
c) Avoidance of manual intervention
d) Immediate restoration of all operations
Answer: a - Awareness activities in a disaster recovery plan focus on:
a) Training personnel and ensuring readiness
b) Reducing marketing efforts
c) Avoiding manual updates to documentation
d) Establishing marketing campaigns
Answer: a
BCM Testing - A BCP test plan helps organizations:
a) Validate recovery procedures and identify deficiencies
b) Eliminate all potential risks
c) Avoid reliance on backup systems
d) Automate disaster recovery without testing
Answer: a - Regular testing of BCM ensures:
a) Plans are current and meet organizational requirements
b) Resources are always automated
c) No changes to documentation are needed
d) External audits are unnecessary
Answer: a - Which of the following is NOT a purpose of testing BCM plans?
a) Evaluate recovery strategies
b) Highlight assumptions that need review
c) Eliminate all operational redundancies
d) Practice incident recovery steps
Answer: c
BCM Training and Awareness - BCM training should:
a) Focus only on senior management
b) Develop awareness and confidence in stakeholders
c) Avoid operational level staff involvement
d) Exclusively train IT professionals
Answer: b - Effective training programs for BCM lead to:
a) Increased resilience over time
b) Dependence on automated systems
c) Avoidance of incident response exercises
d) Elimination of organizational reviews
Answer: a
General BCM Knowledge - The BIA helps organizations:
a) Identify critical processes and assess potential disruptions
b) Avoid documenting contingency plans
c) Develop marketing frameworks
d) Focus exclusively on IT risks
Answer: a - BCM strategies should include:
a) Proactive measures to reduce incident impact
b) Immediate elimination of manual systems
c) Focus solely on cloud backups
d) Reduction in organizational compliance
Answer: a - The overall goal of BCM is to:
a) Protect brand value and reputation through proactive risk management
b) Focus only on disaster recovery
c) Eliminate risks through backup systems
d) Avoid reliance on compliance frameworks
Answer: a
CHAPTER 6
Introduction to SDLC - The main purpose of the System Development Life Cycle (SDLC) is:
a) To eliminate manual systems
b) To provide a structured framework for developing or modifying systems
c) To focus on IT compliance only
d) To minimize documentation
Answer: b - SDLC phases are essential for:
a) Managing business processes
b) Defining phases and ensuring deliverables for system development
c) Automating software testing
d) Avoiding project documentation
Answer: b - What is a significant characteristic of SDLC?
a) Lack of documentation
b) Iterative process with clear deliverables at every stage
c) Eliminating user input
d) Exclusive focus on hardware systems
Answer: b - Barry Boehm’s W5HH principle includes which of the following questions?
a) Why is the system being developed?
b) What will be done?
c) How will it be done?
d) All of the above
Answer: d
Need for SDLC - A new system may be developed if:
a) Strategic management changes focus
b) Existing technology becomes obsolete
c) Competitors enhance service quality using automation
d) All of the above
Answer: d - What is a primary advantage of using SDLC?
a) Reduced planning and control efforts
b) Better compliance with prescribed standards
c) Elimination of documentation requirements
d) Increased project flexibility without milestones
Answer: b - Which of the following is a potential limitation of SDLC?
a) It is not suitable for small projects
b) It emphasizes milestones and documentation
c) It may involve prolonged project timelines
d) All of the above
Answer: d
Phases of SDLC - Which is the first phase of SDLC?
a) System Development
b) Preliminary Investigation
c) Post-Implementation Review
d) System Testing
Answer: b - The deliverable of the Preliminary Investigation phase is:
a) System architecture design
b) Feasibility study report
c) User manuals
d) Source code
Answer: b - System Requirement Analysis focuses on:
a) Documenting user needs and analyzing the current system
b) Designing database structures
c) Writing program code
d) Installing hardware
Answer: a - System Design phase includes:
a) Logical and physical design of the system
b) Debugging code
c) Analyzing input/output
d) System implementation
Answer: a - The purpose of System Development is to:
a) Install hardware and network devices
b) Convert design specifications into a functional system
c) Train users on system functionality
d) Conduct maintenance
Answer: b
Feasibility Study - Economic feasibility assesses:
a) The legal implications of the new system
b) Return on investment and cost-benefit analysis
c) Compatibility with existing systems
d) Availability of technical resources
Answer: b - Which feasibility study evaluates whether the solution adheres to legal regulations?
a) Operational feasibility
b) Legal feasibility
c) Financial feasibility
d) Political feasibility
Answer: b
Testing Phases - Unit testing focuses on:
a) The entire system as a whole
b) Individual components or functions of the software
c) End-user requirements
d) Integration of subsystems
Answer: b - Regression testing ensures:
a) All modules are unit-tested
b) Changes or corrections do not introduce new errors
c) The system performs under expected load conditions
d) Security of the system remains intact
Answer: b - The final testing phase before system implementation is:
a) Unit testing
b) Integration testing
c) User Acceptance Testing (UAT)
d) Performance testing
Answer: c
Implementation Phase - System implementation involves:
a) Conducting a feasibility study
b) Deploying the system into the operational environment
c) Debugging and writing new code
d) Performing post-implementation reviews
Answer: b - Which is a method of system changeover?
a) Direct implementation
b) Parallel implementation
c) Pilot implementation
d) All of the above
Answer: d - What is a key risk of direct implementation?
a) High costs
b) Limited user training
c) Complete dependency on the new system immediately
d) Prolonged changeover duration
Answer: c
Post-Implementation Review - Post-implementation reviews evaluate:
a) Development costs only
b) Whether the system meets business objectives
c) The feasibility of the original design
d) The user training process
Answer: b - A major activity during post-implementation is:
a) Conducting UAT
b) Reviewing system maintenance needs
c) Debugging system modules
d) Developing system specifications
Answer: b
Maintenance Phase - Corrective maintenance refers to:
a) Fixing defects and bugs found during execution
b) Adding new features to the system
c) Adapting software to new environments
d) Updating documentation
Answer: a - Adaptive maintenance involves:
a) Modifying systems for changes in external environments
b) Fixing code errors
c) Enhancing user experience
d) None of the above
Answer: a - Preventive maintenance aims to:
a) Improve system performance proactively
b) Fix errors after they occur
c) Adapt software for future hardware upgrades
d) Eliminate redundancy in coding
Answer: a
General Knowledge - An SRS document is created during:
a) Preliminary Investigation
b) System Requirement Analysis
c) System Testing
d) Implementation
Answer: b - The primary benefit of using SDLC is:
a) Faster project completion without documentation
b) Streamlined process ensuring high-quality system development
c) Elimination of project timelines
d) Avoidance of resource allocation
Answer: b
Design Phase - The logical design of a system focuses on:
a) The physical implementation of hardware
b) The structure and relationships between system components
c) Coding standards for the software
d) Integration of modules
Answer: b - A blueprint for system design includes:
a) Software code implementation
b) Specifications for hardware, software, data, and user interfaces
c) Training schedules for users
d) Maintenance schedules
Answer: b - User interface design considerations include:
a) Database indexing methods
b) The layout of screens, reports, and input/output devices
c) Data backup frequency
d) Hardware compatibility
Answer: b
Development and Testing - The primary purpose of coding standards is to:
a) Eliminate the need for testing
b) Ensure uniformity and simplify future maintenance
c) Avoid project documentation
d) Automate program debugging
Answer: b - Debugging involves:
a) Testing user interfaces
b) Fixing errors in source code identified during compilation
c) Analyzing system design diagrams
d) Deploying software into production
Answer: b - Which of the following is a feature of a well-coded application?
a) Complexity and extensive user training
b) Robustness, usability, and efficiency
c) Exclusivity to a single programming language
d) Lack of documentation requirements
Answer: b - Program documentation ensures:
a) Automated system upgrades
b) Clear understanding of software functions and usage by users
c) Faster project completion timelines
d) Elimination of testing phases
Answer: b
Testing Techniques - Integration testing validates:
a) Individual modules independently
b) Communication and interaction between multiple modules
c) The end-user experience
d) The feasibility of the new system
Answer: b - System testing involves:
a) Assessing system behavior under production conditions
b) Isolating and testing individual code units
c) Testing only the hardware components
d) Avoiding regression issues in the system
Answer: a - What is the primary focus of Quality Assurance Testing (QAT)?
a) Identifying design improvements
b) Ensuring that quality standards are met
c) Validating database structures
d) Testing hardware specifications
Answer: b
Implementation Phase - System changeover strategies include all EXCEPT:
a) Phased changeover
b) Pilot changeover
c) Incremental changeover
d) Parallel changeover
Answer: c - Pilot implementation involves:
a) Replacing the old system at once
b) Testing the new system in a smaller environment before full-scale implementation
c) Running the old and new systems simultaneously
d) Avoiding user training
Answer: b - Parallel changeover is considered secure because:
a) The old system is decommissioned immediately
b) Both old and new systems run together, ensuring data integrity
c) It requires minimal user training
d) It eliminates operational downtime
Answer: b
Post-Implementation and Maintenance - Post-implementation review evaluates:
a) User satisfaction and system effectiveness
b) Code debugging efficiency
c) Hardware testing results
d) Database maintenance schedules
Answer: a - Perfective maintenance involves:
a) Fixing system bugs
b) Enhancing the system to meet new user requirements
c) Adapting to external environmental changes
d) Preventing risks through scheduled updates
Answer: b - Which maintenance type deals with unanticipated malfunctions?
a) Preventive maintenance
b) Rescue maintenance
c) Adaptive maintenance
d) Corrective maintenance
Answer: b
Documentation and Standards - An SRS document includes:
a) System architecture designs
b) Functional descriptions, validation criteria, and user expectations
c) Post-implementation review guidelines
d) Maintenance schedules
Answer: b - A well-documented SRS ensures:
a) Elimination of post-implementation reviews
b) Clear understanding between the development team and users
c) Faster debugging processes
d) Simplified hardware testing
Answer: b
General Knowledge - The main goal of regression testing is to:
a) Ensure that new changes have not broken existing functionality
b) Test user satisfaction with the interface
c) Identify hardware compatibility issues
d) Validate compliance with regulatory standards
Answer: a - SDLC ensures system quality through:
a) Structured, well-defined development processes
b) Elimination of feasibility studies
c) Minimizing project timelines by skipping documentation
d) Exclusive focus on technical feasibility
Answer: a - A phased implementation strategy is useful for:
a) Gradually transitioning users to the new system
b) Eliminating manual processes immediately
c) Reducing the need for testing
d) Avoiding parallel system operation
Answer: a - System testing is performed to:
a) Validate the complete integration and functionality of the system
b) Identify potential user interface issues
c) Automate project documentation
d) Replace regression testing
Answer: a - The SDLC ensures:
a) High-quality systems that meet user expectations
b) Automated testing throughout the project
c) Elimination of operational reviews
d) Avoidance of stakeholder involvement
Answer: a
CHAPTER 7
Topic 1: Introduction to Information Systems - Which of the following is a component of an Information System?
(a) Hardware
(b) Software
(c) People
(d) All of the above
Answer: (d) - What does the feedback component in an Information System do?
(a) Collect data
(b) Modify input or processing activities
(c) Store information
(d) Disseminate data
Answer: (b) - What is the primary need for Information Systems in organizations?
(a) To replace manual work
(b) To improve customer satisfaction and profits
(c) To ensure complete automation
(d) To reduce employee costs
Answer: (b)
Topic 2: Information System Acquisition - What is the purpose of acquisition standards in system acquisition?
(a) To speed up the process
(b) To address security and reliability issues
(c) To minimize costs
(d) To hire a specific vendor
Answer: (b) - Which of the following is NOT part of acquisition standards?
(a) Ensuring vendor reviews
(b) Soliciting bids from vendors
(c) Selecting programming techniques
(d) Ensuring compatibility with existing systems
Answer: (c) - What is the primary purpose of a Request for Proposal (RFP)?
(a) To evaluate user feedback
(b) To solicit bids from vendors for requirements
(c) To select a project manager
(d) To approve project designs
Answer: (b) - Which of the following is part of the vendor selection process?
(a) Benchmarking the problem
(b) Evaluating user feedback
(c) Technical validation of proposals
(d) All of the above
Answer: (d)
Topic 3: System Development Methodologies - Which development model is most suitable for a small and simple project?
(a) Agile
(b) Spiral
(c) Waterfall
(d) RAD
Answer: (c) - What is the key objective of the RAD model?
(a) Cost efficiency
(b) High-quality system development
(c) Fast development and delivery
(d) Risk minimization
Answer: (c) - Which system development methodology is based on iterative and incremental
development?
(a) Agile
(b) Waterfall
(c) Spiral
(d) RAD
Answer: (a)
Topic 4: Waterfall Model - Which of the following is NOT a characteristic of the Waterfall Model?
(a) Sequential phases
(b) Focus on iterative design
(c) Extensive documentation
(d) User approval before next phase
Answer: (b) - What is a major weakness of the Waterfall Model?
(a) Too flexible
(b) Encourages user participation
(c) Little room for iteration
(d) Lack of documentation
Answer: (c)
Topic 5: Prototyping Model - The goal of prototyping is to:
(a) Create a detailed and final system early
(b) Develop a usable prototype to refine requirements
(c) Minimize user involvement
(d) Create extensive documentation
Answer: (b) - What is a major advantage of prototyping?
(a) Encourages innovation
(b) Reduces system testing
(c) Eliminates the need for user feedback
(d) Fully replaces the need for traditional methodologies
Answer: (a)
Topic 6: Incremental Model - The incremental model:
(a) Combines iterative and linear approaches
(b) Avoids delivering partial systems
(c) Has no user involvement
(d) Is identical to the Waterfall Model
Answer: (a) - Which of the following is a strength of the incremental model?
(a) Lack of clear milestones
(b) Early delivery of partial solutions
(c) No requirement for written documentation
(d) No integration risks
Answer: (b)
Topic 7: Spiral Model - What does the Spiral Model primarily focus on?
(a) Risk analysis and iterative development
(b) Rapid prototyping
(c) Linear progress
(d) Minimal documentation
Answer: (a) - The Spiral Model is best suited for:
(a) Simple projects
(b) Highly complex and risky projects
(c) Projects with minimal user interaction
(d) Cost-saving initiatives
Answer: (b)
Topic 8: RAD Model - RAD emphasizes on:
(a) Extensive pre-planning
(b) Quick delivery and prototyping
(c) Eliminating user involvement
(d) Document-heavy processes
Answer: (b) - What is a disadvantage of RAD?
(a) Quick reviews are impossible
(b) Minimal customer feedback
(c) Potential for inconsistent design
(d) High development costs
Answer: (c)
CHAPTER 8
1.What are the main objectives of Information System (IS) controls?
a) Safeguarding assets, maintaining data integrity, ensuring resource efficiency
b) Increasing operational expenses, reducing control measures, and boosting revenue
c) Enhancing customer relationships, developing new software, reducing manual labor
d) Training employees, outsourcing services, and increasing system complexity
Answer: a) Safeguarding assets, maintaining data integrity, ensuring resource efficiency - Which of the following is NOT a characteristic of Preventive Controls?
a) Proactive in nature
b) Cost-effective compared to detection and correction
c) Reactively addressing errors after occurrence
d) Requires understanding vulnerabilities and probable threats
Answer: c) Reactively addressing errors after occurrence - What does the term “Logical Access Controls” refer to?
a) Controlling physical access to computers
b) Managing environmental risks like fire and water damage
c) Restricting use of information to authorized individuals or entities
d) Planning emergency evacuation strategies
Answer: c) Restricting use of information to authorized individuals or entities - What kind of controls are smoke detectors and fire extinguishers classified as?
a) Detective Controls
b) Directive Controls
c) Environmental Controls
d) Logical Access Controls
Answer: c) Environmental Controls - Which type of control is responsible for ensuring compliance with organizational policies
and legislation?
a) Preventive Controls
b) Detective Controls
c) Corrective Controls
d) Directive Controls
Answer: d) Directive Controls - Which approach is emphasized for efficient database management in an IT environment?
a) Decentralized database planning and control
b) Ignoring user input for database updates
c) Ensuring data availability, integrity, and modifiability
d) Eliminating database administrator roles
Answer: c) Ensuring data availability, integrity, and modifiability - What is the key feature of Disaster Recovery Planning (DRP)?
a) Preventing minor operational losses
b) Recovering operations after catastrophic events
c) Developing new system software
d) Designing application software interfaces
Answer: b) Recovering operations after catastrophic events - Which of these is an example of Detective Control?
a) Firewalls
b) Regular budget reviews
c) Staff training programs
d) Intrusion prevention systems
Answer: b) Regular budget reviews - What is a common characteristic of Directive Controls?
a) They are reactive and minimize threats after incidents occur.
b) They are the first response to risk and ensure compliance.
c) They are costlier than corrective controls.
d) They replace preventive and detective controls.
Answer: b) They are the first response to risk and ensure compliance. - What is the primary role of Top Management Controls?
a) Implementing system utilities
b) Determining organizational goals and ensuring IS compliance
c) Conducting employee training programs
d) Preparing technical support manuals
Answer: b) Determining organizational goals and ensuring IS compliance - Which of the following is NOT a component of environmental controls?
a) Smoke detectors
b) Access tokens
c) Uninterrupted Power Supply (UPS)
d) Fire extinguishers
Answer: b) Access tokens - What is the primary purpose of Detective Controls?
a) Preventing errors before they occur
b) Correcting errors after they are detected
c) Reporting errors or incidents after they occur
d) Directing employees to follow compliance procedures
Answer: c) Reporting errors or incidents after they occur - What is the focus of Programming Management Controls?
a) Managing data repositories
b) Ensuring high-quality programs are developed and implemented
c) Setting up disaster recovery plans
d) Reviewing vendor contracts
Answer: b) Ensuring high-quality programs are developed and implemented - Which of the following are examples of Logical Access Controls?
a) Password protection, encryption, and firewalls
b) Fire alarms, CCTV, and physical locks
c) Smoke detectors, air conditioning, and surge protectors
d) Emergency evacuation plans and manual logging
Answer: a) Password protection, encryption, and firewalls - What is the main goal of Security Management Controls?
a) Reducing operational costs in IT systems
b) Ensuring information system assets are secure and recoverable
c) Identifying training needs for employees
d) Designing new IT policies for future upgrades
Answer: b) Ensuring information system assets are secure and recoverable - What does the term “Directive Controls” imply in information systems?
a) Controls that correct errors after incidents
b) Controls that provide formal directions to mitigate risks
c) Controls that detect unauthorized system activities
d) Controls that safeguard physical resources only
Answer: b) Controls that provide formal directions to mitigate risks - Which control prevents unauthorized users from accessing sensitive areas like server
rooms?
a) Logical Access Controls
b) Directive Controls
c) Physical Access Controls
d) Detective Controls
Answer: c) Physical Access Controls - What does a Disaster Recovery Plan (DRP) primarily address?
a) Enhancing employee productivity during crises
b) Recovering and restoring critical operations after disruptions
c) Monitoring performance of outsourced operations
d) Conducting regular internal audits of IT systems
Answer: b) Recovering and restoring critical operations after disruptions - What is the role of “Concurrency Controls” in database management?
a) Ensuring simultaneous access does not compromise data integrity
b) Managing employee performance during multitasking
c) Restricting unauthorized software installations
d) Detecting network intrusions in real-time
Answer: a) Ensuring simultaneous access does not compromise data integrity - Which of these is a key element of Operations Management Controls?
a) Developing software applications
b) Managing day-to-day operations of hardware and software
c) Conducting employee quality assurance training
d) Analyzing future IT system requirements
Answer: b) Managing day-to-day operations of hardware and software - What is the primary purpose of a Quality Assurance Management Control system?
a) To train employees in cybersecurity protocols
b) To ensure information systems meet established quality goals and standards
c) To eliminate preventive and detective controls
d) To conduct cost-benefit analysis of IT systems
Answer: b) To ensure information systems meet established quality goals and standards - Which of the following is an example of Corrective Control?
a) Using firewalls to prevent unauthorized access
b) Removing unauthorized users after a security breach
c) Monitoring logs for suspicious activities
d) Encrypting data for secure transmission
Answer: b) Removing unauthorized users after a security breach - What is the function of “Access Control Lists” (ACLs) in operating systems?
a) Managing access rights for files and directories
b) Limiting the duration of system uptime
c) Securing physical access to servers
d) Automating routine system updates
Answer: a) Managing access rights for files and directories - What is the first line of defense in terminal login procedures?
a) Password authentication
b) Logging physical visitor entries
c) Using biometric access
d) Encrypting user data
Answer: a) Password authentication - Which of these is a characteristic of Preventive Controls?
a) Reactive to threats
b) Designed to avoid errors and incidents proactively
c) Focused on analyzing errors post-occurrence
d) Implemented only in manual environments
Answer: b) Designed to avoid errors and incidents proactively - What is a key feature of Directive Controls?
a) They eliminate errors entirely.
b) They provide guidelines to employees to mitigate risks.
c) They primarily detect unlawful activities.
d) They are reactive in addressing threats.
Answer: b) They provide guidelines to employees to mitigate risks. - What are examples of Physical Access Controls?
a) Firewalls and antivirus software
b) Cipher locks, video cameras, and visitor logging
c) Cloud backup systems and data encryption
d) Network traffic monitoring and alert systems
Answer: b) Cipher locks, video cameras, and visitor logging - What does “Logical Access Control” ensure?
a) That users are logged off after inactivity
b) That IT systems meet operational quality standards
c) That financial audits are conducted quarterly
d) That fire protection systems are operational
Answer: a) That users are logged off after inactivity - Which of the following is an environmental control for preventing electrical exposure?
a) Fire alarms and extinguishers
b) Voltage regulators and surge protectors
c) Cipher locks and video cameras
d) Manual logging of visitor entries
Answer: b) Voltage regulators and surge protectors - What is the focus of Systems Development Management Controls?
a) Managing hardware and software upgrades
b) Overseeing daily IT operations
c) Analyzing, designing, and maintaining information systems
d) Conducting fraud investigations
Answer: c) Analyzing, designing, and maintaining information systems - What does a “Call Back Device” in network access control do?
a) Encrypts network data automatically
b) Monitors all user activities on the network
c) Disconnects unauthorized access and reconnects to authorized numbers
d) Provides detailed network traffic reports
Answer: c) Disconnects unauthorized access and reconnects to authorized numbers - Which is an example of Detective Control?
a) Firewall installation
b) Intrusion detection system (IDS)
c) Network encryption
d) Strong password policy
Answer: b) Intrusion detection system (IDS) - What is the purpose of terminal timeouts?
a) To allow remote access
b) To log off inactive users automatically
c) To increase the efficiency of system resources
d) To maintain continuous session activity
Answer: b) To log off inactive users automatically - Which control type minimizes the impact of a threat after it has occurred?
a) Preventive Control
b) Corrective Control
c) Detective Control
d) Directive Control
Answer: b) Corrective Control - What is the significance of firewalls in IT systems?
a) Preventing physical intrusions
b) Ensuring access control between networks
c) Managing data repositories
d) Detecting unauthorized physical access
Answer: b) Ensuring access control between networks - What is a primary feature of a Disaster Recovery Plan (DRP)?
a) Reducing operational costs during system upgrades
b) Providing a backup plan for critical system recovery
c) Monitoring staff performance in emergencies
d) Designing new hardware for recovery
Answer: b) Providing a backup plan for critical system recovery - What are “Concurrency Controls” designed to address in databases?
a) Errors in manual data entry
b) Simultaneous access issues affecting data integrity
c) Unauthorized access to physical locations
d) Overloading of network systems
Answer: b) Simultaneous access issues affecting data integrity - Which of the following is an example of Directive Control?
a) Installing antivirus software
b) Establishing Standard Operating Procedures (SOPs)
c) Monitoring suspicious activities in logs
d) Scheduling automatic data backups
Answer: b) Establishing Standard Operating Procedures (SOPs) - What is the key objective of Physical Access Controls?
a) Preventing logical attacks
b) Ensuring secure access to tangible and intangible resources
c) Enhancing user interface designs
d) Monitoring software system logs
Answer: b) Ensuring secure access to tangible and intangible resources - Which process ensures accurate time synchronization across an enterprise network?
a) Network encryption
b) Clock synchronization
c) Terminal timeout
d) Role-based access control
Answer: b) Clock synchronization - What is the primary purpose of a “Privilege Management” system in user access control?
a) To allow unrestricted user access to resources
b) To align access rights with job responsibilities
c) To prevent password sharing
d) To enforce biometric authentication
Answer: b) To align access rights with job responsibilities - Which control ensures that unauthorized updates to a database are prevented?
a) Logical Access Controls
b) Corrective Controls
c) Access Control Lists (ACLs)
d) Concurrency Controls
Answer: c) Access Control Lists (ACLs) - What is the main characteristic of Application Control?
a) Securing physical access to IT facilities
b) Managing network operations efficiently
c) Restricting user actions within a specific application
d) Monitoring employee performance in IT operations
Answer: c) Restricting user actions within a specific application - What is the purpose of environmental controls like water detectors in IT facilities?
a) To prevent unauthorized personnel access
b) To mitigate risks of water damage to systems
c) To ensure logical access to sensitive areas
d) To reduce the impact of electrical surges
Answer: b) To mitigate risks of water damage to systems - Which control mechanism prevents the misuse of unattended user equipment?
a) Biometric authentication
b) Password sharing policies
c) Terminal timeouts
d) Encryption protocols
Answer: c) Terminal timeouts - What is the function of the “Data Preparation and Entry” control?
a) Monitoring network traffic
b) Managing system utilities
c) Promoting speed and accuracy in input environments
d) Preventing unauthorized software updates
Answer: c) Promoting speed and accuracy in input environments - What is the role of a “Firewall” in network security?
a) Encrypting transmitted data
b) Blocking unauthorized traffic between networks
c) Detecting user activity within a system
d) Ensuring database integrity
Answer: b) Blocking unauthorized traffic between networks - What are examples of Output Controls in information systems?
a) Report distribution and storage controls
b) Monitoring network performance
c) Logical access restrictions
d) Emergency evacuation plans
Answer: a) Report distribution and storage controls - Which of the following best describes Quality Assurance (QA) Management Controls?
a) Monitoring compliance with established quality standards
b) Designing hardware for enhanced performance
c) Conducting fraud investigations
d) Managing employee training programs
Answer: a) Monitoring compliance with established quality standards - What is the main objective of “System Development Management Controls”?
a) To supervise network traffic
b) To analyze, design, and maintain information systems
c) To enforce physical security measures
d) To train employees on operating systems
Answer: b) To analyze, design, and maintain information systems
CHAPTER 9
Information Systems and Technology - What is the primary component of an Information System?
A) People, Process, and Technology
B) Hardware, Software, and Cloud Computing
C) Networks and Infrastructure
D) Data Mining Tools
Answer: A) People, Process, and Technology - What distinguishes Information Systems from Information Technology?
A) Information Systems include only hardware.
B) Information Technology focuses on hardware and software, while Information Systems
involve processes and people.
C) Information Technology excludes communication networks.
D) Both are identical in function and definition.
Answer: B) Information Technology focuses on hardware and software, while Information
Systems involve processes and people. - Why is IT auditing essential?
A) To automate financial transactions.
B) To evaluate internal controls and asset safety.
C) To replace manual data processing.
D) To generate financial reports automatically.
Answer: B) To evaluate internal controls and asset safety.
IT Tools and Techniques - What is a major advantage of CAATs (Computer-Assisted Audit Techniques)?
A) Manual data verification
B) Automation in data testing and analysis
C) Dependence on physical audits
D) Reduced accuracy in audit processes
Answer: B) Automation in data testing and analysis - What does the Integrated Test Facility (ITF) technique involve?
A) Simulating a test environment outside the system.
B) Creating a dummy entity within the system to test data processing.
C) Conducting audits manually without automation.
D) Using outdated system tools for testing.
Answer: B) Creating a dummy entity within the system to test data processing. - Which tool is used for creating flowcharts and data analysis?
A) Microsoft Word
B) Audit Command Language (ACL)
C) System Control Audit Review File (SCARF)
D) Microsoft Access
Answer: B) Audit Command Language (ACL)
Risks and Controls - What is the key risk in the Procure-to-Pay (P2P) process?
A) Delays in system updates
B) Unauthorized changes to supplier master files
C) Slow invoice processing
D) Outdated financial reporting
Answer: B) Unauthorized changes to supplier master files - What is the main objective of control in the Order-to-Cash (O2C) cycle?
A) Automating customer data deletion
B) Verifying the accuracy of customer orders
C) Generating random invoices
D) Adjusting credit lines based on manual calculations
Answer: B) Verifying the accuracy of customer orders - Which risk is associated with the Inventory Cycle?
A) Inaccurate shipment records
B) Lack of user access restrictions
C) Inefficient data visualization
D) Delayed master configuration
Answer: A) Inaccurate shipment records
Auditing Approaches - What does the “Blackbox” auditing approach focus on?
A) Reviewing internal program logic
B) Reconciling inputs with outputs without processing logic examination
C) Using embedded audit modules
D) Creating custom pseudocode
Answer: B) Reconciling inputs with outputs without processing logic examination - What is a benefit of auditing through the computer?
A) Simplified manual verification
B) Continuous evaluation of embedded controls
C) Eliminates system reliability concerns
D) Reduces the need for test environments
Answer: B) Continuous evaluation of embedded controls
System-Specific Controls - What does transaction tagging in auditing ensure?
A) System-wide user access
B) Manual processing of tagged data
C) Verification of data integrity throughout processing stages
D) Inaccurate labeling of transactions
Answer: C) Verification of data integrity throughout processing stages - What is the focus of Continuous and Intermittent Simulation (CIS)?
A) Replacing Database Management Systems
B) Detecting and logging transaction exceptions in real-time
C) Manual validation of financial transactions
D) Generating static financial reports
Answer: B) Detecting and logging transaction exceptions in real-time
Process-Specific Questions - What is the primary function of Human Resource (HR) cycles?
A) Configuring user roles in IT systems
B) Managing the employee lifecycle within an enterprise
C) Conducting financial audits
D) Tracking raw materials in production
Answer: B) Managing the employee lifecycle within an enterprise - What should be restricted in Payroll Management to maintain integrity?
A) Access to payroll master files
B) Frequency of data backups
C) Time spent on data entry
D) The number of system users
Answer: A) Access to payroll master files
Advanced Topics - What is a risk in Fixed Asset Management?
A) Delayed salary disbursement
B) Unauthorized changes to asset records
C) Unplanned marketing expenses
D) Inconsistent sales reports
Answer: B) Unauthorized changes to asset records - What is the purpose of SCARF (System Control Audit Review File)?
A) Managing unauthorized users
B) Continuous monitoring of system transactions
C) Storing physical assets for review
D) Automating manual calculations
Answer: B) Continuous monitoring of system transactions - What is the key objective of safeguarding assets in Information Systems Auditing?
A) Maximizing storage capacity
B) Preventing unauthorized access
C) Increasing hardware compatibility
D) Reducing operational costs
Answer: B) Preventing unauthorized access - What is the main focus of system effectiveness in Information Systems Auditing?
A) Ensuring optimal hardware usage
B) Meeting user requirements and decision-making needs
C) Simplifying data entry processes
D) Enhancing program compatibility
Answer: B) Meeting user requirements and decision-making needs - What does improved system efficiency imply?
A) Eliminating data redundancy
B) Using minimum resources for maximum output
C) Reducing employee count in IT departments
D) Generating real-time financial statements
Answer: B) Using minimum resources for maximum output
Process Risks and Controls - What is a common risk in the Procure-to-Pay process?
A) Incorrect posting of accounts payable amounts
B) Unauthorized recruitment in HR processes
C) Duplicate payroll entries
D) Delayed approval of tax filings
Answer: A) Incorrect posting of accounts payable amounts - What ensures accuracy in Purchase Orders?
A) Proper authorization of requisitions
B) Use of manual data entry
C) Avoidance of automated tools
D) Delegation of approvals to unauthorized staff
Answer: A) Proper authorization of requisitions - Which control is necessary for the Order-to-Cash cycle?
A) Restricting unauthorized customer orders
B) Allowing all orders without verification
C) Preventing automated data transfer
D) Ignoring invalid shipping records
Answer: A) Restricting unauthorized customer orders - What is an example of a management process in business?
A) Manufacturing goods
B) Strategic planning and governance
C) Shipping customer orders
D) Processing supplier invoices
Answer: B) Strategic planning and governance - How are credit notes issued in the O2C process?
A) Based on organizational policies
B) Through manual calculations only
C) Using handwritten notes
D) Without verification
Answer: A) Based on organizational policies
IT Tools and Techniques - What is the purpose of Parallel Simulation in auditing?
A) To independently validate processing logic
B) To eliminate the need for manual input
C) To generate random audit samples
D) To track only small-scale transactions
Answer: A) To independently validate processing logic - Which tool can assist in analyzing data for audit purposes?
A) SAP Audit Management
B) Notepad
C) Adobe Photoshop
D) Google Maps
Answer: A) SAP Audit Management - What does the Test Data technique focus on?
A) Providing input transactions to evaluate system performance
B) Generating random audit reports
C) Simulating manual operations
D) Disabling system-generated outputs
Answer: A) Providing input transactions to evaluate system performance
Risks and Control Objectives - What ensures accurate updates in Inventory Management Systems?
A) Restricting unauthorized system access
B) Allowing unlimited user access
C) Ignoring changes in master data
D) Limiting transaction approvals
Answer: A) Restricting unauthorized system access - What is a key risk in Fixed Asset transactions?
A) Inaccurate depreciation calculation
B) Delayed salary payments
C) Unrecorded customer orders
D) Mismanaged purchase invoices
Answer: A) Inaccurate depreciation calculation - What does system configuration involve in business processes?
A) Setting initial parameters based on policies
B) Completely automating all human interactions
C) Eliminating manual verifications
D) Ignoring master file updates
Answer: A) Setting initial parameters based on policies
Auditing Concepts - What is the primary purpose of Continuous Auditing?
A) Detecting errors at the point of occurrence
B) Eliminating the need for manual reports
C) Reducing system capacity requirements
D) Automating all organizational tasks
Answer: A) Detecting errors at the point of occurrence - What is a key benefit of Embedded Audit Modules (EAM)?
A) Real-time transaction monitoring
B) Reduced system security
C) Delayed error detection
D) Manual testing of transactions
Answer: A) Real-time transaction monitoring
Specific Controls - How should payroll data be managed in HR processes?
A) By restricting access to authorized users
B) By sharing access widely across teams
C) By avoiding automation tools
D) By skipping transaction reviews
Answer: A) By restricting access to authorized users - What risk does SCARF help mitigate?
A) Transaction irregularities and policy violations
B) Delayed salary disbursements
C) Unmonitored asset depreciation
D) Manual financial reporting
Answer: A) Transaction irregularities and policy violations
Business Processes - What does the Ordering phase in the Inventory Cycle involve?
A) Placing and receiving raw material orders
B) Tracking customer complaints
C) Configuring financial reports
D) Shipping finished goods
Answer: A) Placing and receiving raw material orders - Which control ensures accurate financial statements?
A) Automated reconciliation of ledger accounts
B) Allowing unrestricted manual data entry
C) Limiting master data updates
D) Avoiding reporting tools
Answer: A) Automated reconciliation of ledger accounts
Advanced Topics - What is an essential feature of IT audit tools?
A) Real-time data analysis capabilities
B) Exclusive focus on manual processes
C) Dependency on physical audits
D) Ignoring transaction errors
Answer: A) Real-time data analysis capabilities - What ensures privacy in digital ecosystems?
A) Implementing security safeguards under data protection laws
B) Sharing user credentials openly
C) Allowing unrestricted database access
D) Ignoring encryption standards
Answer: A) Implementing security safeguards under data protection laws - How is data integrity achieved in Information Systems?
A) Ensuring completeness, reliability, and accuracy of data
B) Relying solely on manual audits
C) Limiting data access to one department
D) Avoiding data validation steps
Answer: A) Ensuring completeness, reliability, and accuracy of data
Control and Security - What is the key control in the CASA process?
A) Restricting unauthorized credit line setups
B) Allowing open credit for all customers
C) Ignoring master file updates
D) Avoiding regular audits
Answer: A) Restricting unauthorized credit line setups - What does segregation of duties (SoD) aim to achieve?
A) Preventing unauthorized transactions
B) Simplifying all tasks under one role
C) Limiting financial transparency
D) Automating user logins
Answer: A) Preventing unauthorized transactions
System Audit Techniques - What is the purpose of a pre-audit survey?
A) Collecting background information for focused auditing
B) Avoiding interactions with management
C) Replacing data analysis processes
D) Automating decision-making entirely
Answer: A) Collecting background information for focused auditing - What is a critical aspect of an auditor’s role in continuous simulation?
A) Identifying transaction exceptions
B) Simplifying configuration steps
C) Eliminating test environments
D) Ignoring real-time updates
Answer: A) Identifying transaction exceptions
IT Governance - What does an effective governance system in IT ensure?
A) Alignment of IT objectives with business goals
B) Ignoring user feedback
C) Automating unauthorized processes
D) Reducing compliance requirements
Answer: A) Alignment of IT objectives with business goals
Miscellaneous - What defines operational business processes?
A) Delivering value directly to customers
B) Supporting core processes indirectly
C) Monitoring management tasks
D) Simplifying budgeting activities
Answer: A) Delivering value directly to customers - What is a key risk in General Ledger transactions?
A) Inaccurate account codes
B) Over-reliance on automation
C) Avoiding periodic reconciliations
D) Delayed shipment tracking
Answer: A) Inaccurate account codes - What does Continuous Audit Techniques rely on?
A) Embedded system modules
B) Manual input for large datasets
C) Limiting automation tools
D) Eliminating test environments
Answer: A) Embedded system modules - What is an objective of the Test Data technique?
A) Verifying system processes with valid and invalid inputs
B) Eliminating erroneous transactions entirely
C) Avoiding transaction tagging methods
D) Ignoring invalid inputs during tests
Answer: A) Verifying system processes with valid and invalid inputs - What does P2P automation achieve?
A) A seamless procure-to-pay lifecycle
B) Simplified customer order tracking
C) Manual processing of invoices
D) Reduced vendor data accuracy
Answer: A) A seamless procure-to-pay lifecycle
CHAPTER 10
Multiple-Choice Questions on Digital Data, Privacy, Security, and Business
Intelligence - What is the primary goal of data protection?
A) Maximize profits
B) Ensure data availability, privacy, and integrity
C) Replace physical documentation
D) Increase customer engagement
Answer: B) Ensure data availability, privacy, and integrity - What does the Digital Personal Data Protection Act, 2023 primarily address?
A) The rights of corporations over data
B) The processing of digital personal data within India
C) Cybersecurity standards
D) Regulation of international trade
Answer: B) The processing of digital personal data within India - What is a Digital Asset?
A) Any physical asset stored in warehouses
B) Any file created and stored digitally with ownership rights
C) A company’s IT infrastructure
D) Financial assets stored digitally
Answer: B) Any file created and stored digitally with ownership rights - Which of the following is NOT a key principle of Fair Information Practices?
A) Collection limitation
B) Data profiling
C) Data quality
D) Use limitation
Answer: B) Data profiling - What is the purpose of data encryption?
A) To increase the size of stored data
B) To conceal information and protect it from unauthorized access
C) To format data for user readability
D) To prevent system crashes
Answer: B) To conceal information and protect it from unauthorized access - What is the relationship between data privacy and data security?
A) Data privacy is a prerequisite for data security
B) Data security is a prerequisite for data privacy
C) Both are independent and unrelated
D) Data security always follows data privacy
Answer: B) Data security is a prerequisite for data privacy - Which law governs electronic transactions and cybersecurity in India?
A) Digital Commerce Act, 2019
B) Information Technology Act, 2000
C) Cyber Protection Act, 2021
D) Data Privacy Act, 2023
Answer: B) Information Technology Act, 2000 - What does Section 43A of the IT Act address?
A) Cyber terrorism
B) Protection against data breaches
C) Identity theft penalties
D) Computer hacking penalties
Answer: B) Protection against data breaches - Which tool is widely used for creating data dashboards?
A) Python
B) Tableau
C) Excel
D) R
Answer: B) Tableau - What is the purpose of Data Loss Prevention (DLP) systems?
A) To analyze customer preferences
B) To monitor and secure data against unwanted access
C) To encrypt network connections
D) To organize data for analysis
Answer: B) To monitor and secure data against unwanted access - What does predictive analytics aim to achieve?
A) Understanding why an event occurred
B) Predicting future outcomes based on historical data
C) Visualizing past trends
D) Recommending the best action to take
Answer: B) Predicting future outcomes based on historical data - Which key right is granted to individuals under the Digital Personal Data Protection
Act, 2023?
A) Right to publish sensitive information
B) Right to be forgotten
C) Right to prosecute third-party processors
D) Right to deny encryption
Answer: B) Right to be forgotten - What is a key feature of third-generation firewalls?
A) They only monitor incoming traffic
B) They use in-line deep packet inspection
C) They restrict email communications
D) They focus exclusively on physical device protection
Answer: B) They use in-line deep packet inspection - What are the four types of data analytics?
A) Prescriptive, Descriptive, Exploratory, Interpretive
B) Descriptive, Diagnostic, Predictive, Prescriptive
C) Predictive, Interactive, Diagnostic, Visual
D) Exploratory, Statistical, Prescriptive, Predictive
Answer: B) Descriptive, Diagnostic, Predictive, Prescriptive - What does Data Governance ensure?
A) Immediate deletion of old records
B) The availability, integrity, and security of data
C) Promotion of free data sharing across networks
D) Automatic encryption of all stored files
Answer: B) The availability, integrity, and security of data - Which section of the IT Act addresses penalties for identity theft?
A) Section 66C
B) Section 43
C) Section 67A
D) Section 66E
Answer: A) Section 66C - What is a primary application of prescriptive analytics?
A) Analyzing historical data
B) Recommending the best course of action
C) Identifying existing system vulnerabilities
D) Generating statistical reports
Answer: B) Recommending the best course of action - What is the focus of the Digital Personal Data Protection Act, 2023 regarding data
fiduciaries?
A) Increasing revenue
B) Data minimization and security
C) Encouraging global data sharing
D) Eliminating consent for data use
Answer: B) Data minimization and security - Which practice ensures the quality of business data?
A) Data Encryption
B) Data Profiling
C) Data Loss Prevention
D) Firewall Implementation
Answer: B) Data Profiling - What does the term “Data at Rest” refer to?
A) Data being analyzed
B) Data stored in databases or devices
C) Data being transmitted
D) Data being visualized
Answer: B) Data stored in databases or devices - What is Business Intelligence (BI)?
A) Collecting financial records for auditing purposes
B) Turning organizational data into actionable insights
C) Managing physical assets within a company
D) Designing websites for e-commerce
Answer: B) Turning organizational data into actionable insights - Which tool is known for its strong data visualization capabilities?
A) Power BI
B) Excel
C) QlikSense
D) Tableau
Answer: D) Tableau - What is the primary function of dashboards in BI tools?
A) Create complex database queries
B) Display visual summaries and performance metrics
C) Automate software updates
D) Manage customer feedback
Answer: B) Display visual summaries and performance metrics - Which phase in the BI lifecycle involves creating metadata?
A) Design data model
B) Building data warehouse
C) Creation of BI project structure
D) Development of BI objects
Answer: C) Creation of BI project structure - What is predictive modeling used for in BI?
A) Managing financial transactions
B) Generating trend forecasts using statistical methods
C) Creating interactive dashboards
D) Storing unstructured data
Answer: B) Generating trend forecasts using statistical methods - What does OLAP stand for?
A) Online Analytical Processing
B) On-demand Analytical Program
C) Open Logic Application Processing
D) Operational Level Analytics Program
Answer: A) Online Analytical Processing - What distinguishes BI from Data Analytics?
A) BI focuses on historical data, while analytics predicts future trends
B) Analytics is only used by non-technical personnel
C) BI tools cannot generate dashboards
D) Analytics is purely for data storage
Answer: A) BI focuses on historical data, while analytics predicts future trends - What is a key feature of Sisense BI tool?
A) Interactive mobile reports
B) End-to-end analytics with drag-and-drop functionality
C) Exclusive focus on financial data
D) High hardware requirements
Answer: B) End-to-end analytics with drag-and-drop functionality - What chart type in Power BI is best for displaying proportions?
A) Line Chart
B) Pie Chart
C) Funnel Chart
D) Bar Chart
Answer: B) Pie Chart - What is the significance of predictive modeling in retail BI?
A) Automating inventory management
B) Identifying customer purchase trends
C) Restricting market competition
D) Eliminating product diversity
Answer: B) Identifying customer purchase trends
CHAPTER 11
Business Intelligence (BI) Concepts - What is the primary purpose of Business Intelligence (BI)?
o (a) Store large amounts of data
o (b) Turn organizational data into actionable insights
o (c) Replace manual labor with automation
o (d) Increase employee productivity
o Answer: (b) Turn organizational data into actionable insights - Which of the following is a key functionality of BI tools?
o (a) Real-time monitoring
o (b) Predictive modeling
o (c) Data visualization
o (d) All of the above
o Answer: (d) All of the above - Which BI technique involves exploring data to extract trends and insights?
o (a) Data mining
o (b) Dashboards
o (c) Analytics
o (d) OLAP
o Answer: (c) Analytics - What does ETL stand for in the context of BI?
o (a) Extract, Transform, Load
o (b) Export, Translate, List
o (c) Examine, Transfer, Log
o (d) Enable, Test, Load
o Answer: (a) Extract, Transform, Load - Which phase of the BI lifecycle involves creating a project structure or
metadata?
o (a) Analyze Business Requirements
o (b) Develop BI Objects
o (c) Create BI Project Structure
o (d) Design Data Model
o Answer: (c) Create BI Project Structure
o
BI Tools and Techniques - Which popular BI tool was used by Heathrow Airport for operational
improvements?
o (a) Tableau
o (b) Microsoft Power BI
o (c) QlikSense
o (d) Sisense
o Answer: (b) Microsoft Power BI - What is a primary feature of Tableau as a BI tool?
o (a) Drag-and-drop analytics interface
o (b) Built-in AI capabilities
o (c) Advanced cloud integration
o (d) Real-time monitoring
o Answer: (a) Drag-and-drop analytics interface - Which BI tool emphasizes self-service analytics?
o (a) QlikSense
o (b) Sisense
o (c) Tableau
o (d) Dundas BI
o Answer: (a) QlikSense - What is the main advantage of using BI dashboards?
o (a) Store unstructured data
o (b) Provide real-time insights and visualizations
o (c) Replace ETL processes
o (d) Perform manual analysis
o Answer: (b) Provide real-time insights and visualizations - Which functionality allows BI tools to uncover patterns in large datasets?
o (a) OLAP
o (b) Data Mining
o (c) Real-time Monitoring
o (d) Reporting
o Answer: (b) Data Mining
BI Life Cycle - Which step comes first in the BI Life Cycle?
o (a) Build the Data Warehouse
o (b) Design Data Model
o (c) Analyze Business Requirements
o (d) Develop BI Objects
o Answer: (c) Analyze Business Requirements - What does the Design Data Model phase achieve in BI?
o (a) Develop dashboards
o (b) Analyze historical data
o (c) Establish relationships within data entities
o (d) Maintain project changes
o Answer: (c) Establish relationships within data entities - What is the primary objective of administering and maintaining the BI project?
o (a) Data storage
o (b) Security and performance monitoring
o (c) Create dashboards
o (d) Forecast trends
o Answer: (b) Security and performance monitoring
BI Chart Types - Which chart type is best suited for showing proportions?
o (a) Line Chart
o (b) Pie Chart
o (c) Funnel Chart
o (d) Bar Chart
o Answer: (b) Pie Chart - What does a funnel chart typically represent?
o (a) Numerical propositions across phases
o (b) Historical data trends
o (c) Distribution of data points
o (d) Key performance indicators
o Answer: (a) Numerical propositions across phases - What is the distinguishing feature of a Doughnut Chart compared to a Pie
Chart?
o (a) It uses more colors
o (b) It has a central hole for additional details
o (c) It only shows negative values
o (d) It represents real-time data
o Answer: (b) It has a central hole for additional details
Advanced BI Applications - Which BI functionality enables businesses to solve analytical problems with
multiple dimensions?
o (a) ETL
o (b) OLAP
o (c) Predictive Modeling
o (d) Reporting
o Answer: (b) OLAP - What is predictive modeling used for in BI?
o (a) Visualizing current data
o (b) Generating probabilities and trend models
o (c) Cleaning and storing data
o (d) Sharing reports with stakeholders
o Answer: (b) Generating probabilities and trend models - Which feature of BI tools facilitates mobile access to dashboards and reports?
o (a) Real-time monitoring
o (b) Mobile Business Intelligence
o (c) Collaborative BI
o (d) Data Mining
o Answer: (b) Mobile Business Intelligence - Which BI tool feature allows seamless sharing of information with stakeholders?
o (a) Predictive Analytics
o (b) Collaborative BI
o (c) ETL
o (d) Data Visualization
o Answer: (b) Collaborative BI - How did Heathrow Airport benefit from using BI?
o (a) Reduced employee count
o (b) Improved passenger flow management
o (c) Eliminated flight delays
o (d) Increased operational costs
o Answer: (b) Improved passenger flow management - What challenge did SkullCandy solve using BI tools?
o (a) Automating payroll systems
o (b) Consolidating data from multiple sources
o (c) Enhancing customer service chatbots
o (d) Reducing manufacturing costs
o Answer: (b) Consolidating data from multiple sources - Which advantage of BI tools helps retailers update prices in real-time?
o (a) Predictive modeling
o (b) Scorecards
o (c) Mobile BI
o (d) ETL processes
o Answer: (a) Predictive modeling - What is a major benefit of BI in retail?
o (a) Increased paperwork
o (b) Improved customer experience
o (c) Limited access to data
o (d) Reduced data transparency
o Answer: (b) Improved customer experience - Which of the following BI tools offers end-to-end data encryption?
o (a) Tableau
o (b) Microsoft Power BI
o (c) Sisense
o (d) QlikSense
o Answer: (b) Microsoft Power BI - Which of the following charts is best for analyzing trends over time?
o (a) Line Chart
o (b) Funnel Chart
o (c) Doughnut Chart
o (d) Pie Chart
o Answer: (a) Line Chart - What is the role of dashboards in BI?
o (a) Storing data
o (b) Visualizing data for decision-making
o (c) Writing ETL scripts
o (d) Managing employee performance
o Answer: (b) Visualizing data for decision-making
o - What is a primary focus of BI scorecards?
o (a) Predicting customer behavior
o (b) Monitoring Key Performance Indicators (KPIs)
o (c) Cleaning raw data
o (d) Storing historical data
o Answer: (b) Monitoring Key Performance Indicators (KPIs) - Which BI feature supports real-time decision-making?
o (a) Data mining
o (b) Real-time monitoring
o (c) Predictive modeling
o (d) OLAP
o Answer: (b) Real-time monitoring - Which BI tool capability allows for insights from historical and real-time data?
o (a) Scorecards
o (b) Reporting
o (c) Dashboards
o (d) Predictive Analytics
o Answer: (c) Dashboards - What is the main advantage of using automated reports in BI tools?
o (a) Reduced manual effort
o (b) Increased operational costs
o (c) Limited scalability
o (d) Decreased accuracy
o Answer: (a) Reduced manual effort - How does BI improve customer experience in retail?
o (a) By automating payroll systems
o (b) By analyzing customer preferences and trends
o (c) By increasing data redundancy
o (d) By limiting product options
o Answer: (b) By analyzing customer preferences and trends - What is the key use of OLAP in BI?
o (a) Creating reports
o (b) Analyzing data across multiple dimensions
o (c) Storing raw data
o (d) Enhancing mobile access
o Answer: (b) Analyzing data across multiple dimensions - Which BI feature helps identify anomalies in real-time?
o (a) ETL
o (b) Data Mining
o (c) Real-time monitoring
o (d) Scorecards
o Answer: (c) Real-time monitoring - Which BI tool feature provides visual tools for measuring KPIs?
o (a) Dashboards
o (b) ETL
o (c) Scorecards
o (d) Data Mining
o Answer: (c) Scorecards - What makes predictive analytics valuable in BI?
o (a) Real-time data visualization
o (b) Forecasting future trends based on historical data
o (c) Reducing ETL processes
o (d) Limiting operational scope
o Answer: (b) Forecasting future trends based on historical data - How do BI tools facilitate agile decision-making?
o (a) By centralizing data for quicker access
o (b) By limiting data processing
o (c) By reducing reporting accuracy
o (d) By increasing operational costs
o Answer: (a) By centralizing data for quicker access - What does a Line Chart primarily depict?
o (a) Distribution of data
o (b) Trends over time
o (c) Proportional data
o (d) Key performance metrics
o Answer: (b) Trends over time - Which BI process transforms raw data into meaningful insights?
o (a) Data Visualization
o (b) ETL
o (c) Data Mining
o (d) Predictive Modeling
o Answer: (b) ETL - Which chart type is ideal for visualizing stages in a process?
o (a) Funnel Chart
o (b) Doughnut Chart
o (c) Pie Chart
o (d) Bar Chart
o Answer: (a) Funnel Chart - Which BI tool capability provides insights for both historical and real-time data?
o (a) Reporting
o (b) Dashboards
o (c) Predictive Analytics
o (d) Collaborative BI
o Answer: (b) Dashboards - What role does Collaborative BI play in organizations?
o (a) Restricting data access
o (b) Facilitating team-based decision-making
o (c) Enhancing predictive models
o (d) Replacing dashboards
o Answer: (b) Facilitating team-based decision-making - What is a key advantage of BI tools for businesses?
o (a) Improved data-driven decision-making
o (b) Increased data storage costs
o (c) Limited data accessibility
o (d) Enhanced manual processing
o Answer: (a) Improved data-driven decision-making - How does BI support operational efficiency?
o (a) By creating redundant processes
o (b) By analyzing process bottlenecks
o (c) By reducing collaboration
o (d) By increasing complexity
o Answer: (b) By analyzing process bottlenecks - Which BI feature is used to generate ad-hoc reports?
o (a) Dashboards
o (b) Reporting
o (c) Data Mining
o (d) OLAP
o Answer: (b) Reporting - What is the role of Mobile BI in organizations?
o (a) Improving employee satisfaction
o (b) Enabling access to BI tools on mobile devices
o (c) Replacing traditional BI tools
o (d) Reducing report generation time
o Answer: (b) Enabling access to BI tools on mobile devices - Which BI application helps optimize product pricing?
o (a) ETL
o (b) Predictive Modeling
o (c) Data Visualization
o (d) Collaborative BI
o Answer: (b) Predictive Modeling - How does BI improve financial forecasting?
o (a) By reducing data entry errors
o (b) By providing historical and trend-based insights
o (c) By automating payroll systems
o (d) By limiting analytics scope
o Answer: (b) By providing historical and trend-based insights - What is a common use of BI in marketing?
o (a) Identifying customer segments
o (b) Creating data warehouses
o (c) Reducing data redundancy
o (d) Enhancing operational delays
o Answer: (a) Identifying customer segments - Which BI tool feature allows for evidence-based decision-making?
o (a) Data Mining
o (b) Predictive Analytics
o (c) Reporting
o (d) Scorecards
o Answer: (b) Predictive Analytics
CHAPTER 12 - What does FinTech stand for?
A) Financial Technology
B) Financial Terminology
C) Financial Transactions
D) Financial Tactics
Answer: A) Financial Technology - Which technology is NOT commonly associated with FinTech?
A) Artificial Intelligence
B) Blockchain
C) Cloud Computing
D) Nuclear Physics
Answer: D) Nuclear Physics - What is a key advantage of Blockchain?
A) Centralized control
B) Immutability of records
C) Slow transaction processing
D) High operational costs
Answer: B) Immutability of records - Which of the following is an example of limited memory AI?
A) Self-driving cars
B) Chatbots
C) Human-like robots
D) Bitcoin mining
Answer: A) Self-driving cars - What is a major characteristic of Public Cloud?
A) Exclusive use by one organization
B) Highly scalable and affordable
C) Completely secure
D) Requires private networks
Answer: B) Highly scalable and affordable - Which of the following is a FinTech product?
A) Peer-to-peer lending
B) Cloud Storage Services
C) Traditional Banking
D) Social Media
Answer: A) Peer-to-peer lending - What is the role of Robo-Advisors in FinTech?
A) Human-driven customer service
B) Algorithm-driven financial planning
C) Manual data processing
D) Stock trading on paper
Answer: B) Algorithm-driven financial planning - What technology powers cryptocurrency transactions?
A) Blockchain
B) Cloud Computing
C) Artificial Intelligence
D) Big Data
Answer: A) Blockchain - What does AI stand for?
A) Artificial Integration
B) Automated Intelligence
C) Artificial Intelligence
D) Advanced Interface
Answer: C) Artificial Intelligence - Which is NOT a benefit of Big Data in FinTech?
A) Improved customer insights
B) Faster decision-making
C) Higher transaction fees
D) Better fraud detection
Answer: C) Higher transaction fees - What is the primary goal of FinTech?
A) To replace traditional banks
B) To simplify and enhance financial transactions
C) To eliminate the use of currency
D) To focus only on cryptocurrency
Answer: B) To simplify and enhance financial transactions - Which is an example of Distributed Ledger Technology?
A) Credit Card Transactions
B) Blockchain
C) Data Encryption
D) Cloud Storage
Answer: B) Blockchain - What is the key feature of Blockchain?
A) Centralized database
B) Tamper-proof records
C) Dependency on third parties
D) Slow processing speed
Answer: B) Tamper-proof records - Which of the following is NOT a type of AI?
A) Weak AI
B) Narrow AI
C) General AI
D) Smart AI
Answer: D) Smart AI - What is the main advantage of cloud computing for businesses?
A) High upfront cost
B) Scalability
C) Dependency on hardware
D) Limited storage options
Answer: B) Scalability - What does GDPR stand for?
A) General Data Processing Regulation
B) General Data Protection Regulation
C) Global Data Privacy Regulation
D) Government Data Processing Rules
Answer: B) General Data Protection Regulation - Which organization regulates financial technology in India?
A) SEBI
B) RBI
C) NPCI
D) All of the above
Answer: D) All of the above - What is a Hybrid Cloud?
A) A mix of public and private clouds
B) A decentralized network
C) A cloud owned by multiple companies
D) A single-tenant cloud
Answer: A) A mix of public and private clouds - Which of the following is a Blockchain application?
A) Supply chain management
B) Video streaming
C) Online gaming
D) Travel bookings
Answer: A) Supply chain management - What is a key challenge for FinTech adoption?
A) Lack of internet
B) Regulatory compliance
C) High customer satisfaction
D) Excessive transparency
Answer: B) Regulatory compliance - What is the full form of AI?
A) Analytical Intelligence
B) Artificial Intelligence
C) Automated Interaction
D) Advanced Intelligence
Answer: B) Artificial Intelligence - Which type of Blockchain does NOT require permission to join?
A) Private Blockchain
B) Public Blockchain
C) Consortium Blockchain
D) Hybrid Blockchain
Answer: B) Public Blockchain - What is an advantage of Distributed Ledger Technology?
A) Centralized authority
B) Improved traceability
C) Slower processing times
D) High transaction costs
Answer: B) Improved traceability - Which FinTech product uses AI for financial planning?
A) Blockchain
B) Robo-Advisors
C) P2P Lending Platforms
D) Cryptocurrency Wallets
Answer: B) Robo-Advisors - What is the key feature of Cloud Computing?
A) Dependency on local hardware
B) Pay-as-you-go pricing model
C) Limited accessibility
D) High maintenance cost
Answer: B) Pay-as-you-go pricing model - Which technology ensures data cannot be tampered with?
A) Artificial Intelligence
B) Blockchain
C) Cloud Computing
D) Big Data
Answer: B) Blockchain - What is the role of NPCI in India?
A) Regulating cryptocurrency
B) Managing payment systems
C) Providing loans
D) Supervising data privacy
Answer: B) Managing payment systems - What does SaaS stand for in Cloud Computing?
A) Software as a Service
B) Storage as a Service
C) Systems and Applications Software
D) Server and Application Services
Answer: A) Software as a Service - Which of the following is a FinTech use case?
A) Automated Teller Machines
B) Mobile Payments
C) Manual Financial Audits
D) Handwritten Cheques
Answer: B) Mobile Payments - What is the role of Big Data in FinTech?
A) Reduce customer interaction
B) Predict market trends
C) Eliminate internet dependency
D) Increase manual processing
Answer: B) Predict market trends - Which is NOT a challenge for Blockchain adoption?
A) Scalability issues
B) Lack of transparency
C) High energy consumption
D) Regulatory uncertainty
Answer: B) Lack of transparency - What is the purpose of Distributed Ledger Technology?
A) Centralized financial record-keeping
B) Peer-to-peer transaction verification
C) Manual transaction reconciliation
D) Dependency on intermediaries
Answer: B) Peer-to-peer transaction verification - What is a common feature of AI and ML in FinTech?
A) Manual data entry
B) Predictive analysis
C) Physical server dependency
D) Increased fraud rates
Answer: B) Predictive analysis - Which Blockchain feature ensures data security?
A) Open access
B) Cryptographic hashing
C) Manual verification
D) Centralized storage
Answer: B) Cryptographic hashing - What is a benefit of Cloud Computing for startups?
A) Reduced capital investment
B) Increased maintenance cost
C) Limited storage options
D) Dependency on physical servers
Answer: A) Reduced capital investment - What is the key characteristic of Narrow AI?
A) Performs a single task efficiently
B) Matches human intelligence
C) Manages multiple tasks simultaneously
D) Exhibits emotional intelligence
Answer: A) Performs a single task efficiently - What is the role of UPI in FinTech?
A) Facilitating online shopping
B) Enabling instant digital payments
C) Providing insurance services
D) Managing stock investments
Answer: B) Enabling instant digital payments - Which is NOT an example of Cloud Computing?
A) Google Drive
B) Amazon Web Services
C) Local hard disk storage
D) Microsoft Azure
Answer: C) Local hard disk storage - Which AI type is still under development?
A) Weak AI
B) General AI
C) Reactive AI
D) Limited Memory AI
Answer: B) General AI - What is the advantage of using Blockchain for supply chain management?
A) Centralized data control
B) Improved traceability
C) Increased intermediaries
D) Manual tracking
Answer: B) Improved traceability - What does “Tamper-proof” in Blockchain mean?
A) Data can be easily edited
B) Data cannot be altered once recorded
C) Data is visible to a single user
D) Data is stored offline
Answer: B) Data cannot be altered once recorded - Which cloud type combines private and public clouds?
A) Community Cloud
B) Hybrid Cloud
C) Private Cloud
D) Public Cloud
Answer: B) Hybrid Cloud - What is a limitation of Public Cloud?
A) High scalability
B) Security concerns
C) Low availability
D) High setup cost
Answer: B) Security concerns - What powers smart contracts in Blockchain?
A) Cryptography
B) Human supervision
C) Manual verification
D) Data redundancy
Answer: A) Cryptography - Which is a disadvantage of Cloud Computing?
A) Requires internet connectivity
B) Reduces scalability
C) Increases maintenance cost
D) Requires on-premise servers
Answer: A) Requires internet connectivity - What is the function of Machine Learning in FinTech?
A) Storing customer data
B) Automating financial processes
C) Managing physical branches
D) Eliminating fraud
Answer: B) Automating financial processes - What is the primary goal of Big Data in finance?
A) Manual customer analysis
B) Predicting financial patterns
C) Increasing paperwork
D) Reducing digital transactions
Answer: B) Predicting financial patterns - Which Blockchain type is open to anyone?
A) Private Blockchain
B) Public Blockchain
C) Consortium Blockchain
D) Hybrid Blockchain
Answer: B) Public Blockchain - What is the main purpose of AI in fraud detection?
A) Identify patterns of irregular transactions
B) Increase manual intervention
C) Delay fraud detection
D) Eliminate all digital transactions
Answer: A) Identify patterns of irregular transactions - Which FinTech service improves insurance accessibility?
A) PolicyBazaar
B) UPI
C) Google Pay
D) Bitcoin
Answer: A) PolicyBazaar
CHAPTER 13
Digital Payments - Which organization operates retail payments and settlement systems in India?
o (a) Securities Exchange Board of India (SEBI)
o (b) Reserve Bank of India (RBI)
o (c) National Payments Corporation of India (NPCI)
o (d) Indian Banks’ Association (IBA)
o Answer: (c) National Payments Corporation of India (NPCI) - What is the upper limit per UPI transaction?
o (a) ₹ 50,000
o (b) ₹ 1,00,000
o (c) ₹ 1,50,000
o (d) ₹ 2,00,000
o Answer: (b) ₹ 1,00,000 - Which of the following is NOT a type of digital payment?
o (a) Immediate Payment Service (IMPS)
o (b) Aadhar Enabled Payment Service (AEPS)
o (c) Unified Payments Interface (UPI)
o (d) Real-Time Gross Settlement (RTGS)
o Answer: (d) Real-Time Gross Settlement (RTGS) - Which of these is an example of a mobile wallet?
o (a) Paytm
o (b) RuPay
o (c) IMPS
o (d) BHIM
o Answer: (a) Paytm - What is the primary authentication factor in UPI transactions?
o (a) Biometric authentication only
o (b) PIN only
o (c) Two-factor authentication
o (d) Single-click login
o Answer: (c) Two-factor authentication - Which digital payment mode allows transactions without internet?
o (a) UPI
o (b) USSD
o (c) IMPS
o (d) Mobile Wallet
o Answer: (b) USSD - Which of the following is a feature of RuPay cards?
o (a) High international transaction fees
o (b) Reversal of disputed transactions
o (c) Limited ATM withdrawal
o (d) No merchant acceptance
o Answer: (b) Reversal of disputed transactions - What is the primary advantage of e-RUPI?
o (a) Physical issuance of vouchers
o (b) Purpose-specific digital vouchers
o (c) High transaction charges
o (d) Requires a smartphone
o Answer: (b) Purpose-specific digital vouchers
Internet of Things (IoT) - What is the main goal of IoT?
o (a) Enable wireless payments
o (b) Create a global interconnected network of devices
o (c) Improve smartphone battery life
o (d) Enhance e-commerce operations
o Answer: (b) Create a global interconnected network of devices - Which of the following applications of IoT helps in debt collection?
o (a) Personalized offering
o (b) Fraud prevention
o (c) Monitoring supply chain activities
o (d) Capacity building
o Answer: (c) Monitoring supply chain activities - What is a major challenge in IoT implementation?
o (a) Excessive hardware requirements
o (b) Data connectivity issues
o (c) Limited applications in banking
o (d) Lack of customer interest
o Answer: (b) Data connectivity issues - Which industry benefits most from IoT applications?
o (a) Agriculture
o (b) Financial services
o (c) Retail
o (d) Manufacturing
o Answer: (b) Financial services
Quantum Computing - What is the primary difference between bits and qubits?
o (a) Qubits can exist in multiple states simultaneously.
o (b) Qubits are slower than bits.
o (c) Bits use quantum superposition.
o (d) Qubits are restricted to binary values.
o Answer: (a) Qubits can exist in multiple states simultaneously. - Which sector is expected to benefit the most from quantum computing?
o (a) Agriculture
o (b) Financial services
o (c) Retail
o (d) Manufacturing
o Answer: (b) Financial services - What makes quantum computing a potential threat to financial organizations?
o (a) Reduced processing power
o (b) Incompatibility with traditional algorithms
o (c) Ability to break cryptographic protocols
o (d) High costs of implementation
o Answer: (c) Ability to break cryptographic protocols - Which of the following is NOT a feature of quantum computing?
o (a) Faster data processing
o (b) Solving optimization problems
o (c) Limited computational capacity
o (d) High accuracy in financial modeling
o Answer: (c) Limited computational capacity
RegTech - What is the main purpose of RegTech?
o (a) Improve internet speed
o (b) Facilitate automated regulatory compliance
o (c) Manage cryptocurrency transactions
o (d) Enhance physical security
o Answer: (b) Facilitate automated regulatory compliance - Which of the following technologies does RegTech rely on?
o (a) Artificial Intelligence (AI)
o (b) Blockchain
o (c) Big Data
o (d) All of the above
o Answer: (d) All of the above - How does RegTech contribute to financial inclusion?
o (a) By reducing the cost of compliance
o (b) By limiting access to certain markets
o (c) By introducing complex financial instruments
o (d) By enforcing strict regulations
o Answer: (a) By reducing the cost of compliance - Which is a key application of RegTech in financial institutions?
o (a) Customer service management
o (b) Anti-money laundering
o (c) Retail marketing
o (d) Hardware upgrades
o Answer: (b) Anti-money laundering
Mobile Computing - What is the key benefit of mobile computing?
o (a) Improved customer relationships
o (b) Flexibility to work from any location
o (c) Enhanced physical security measures
o (d) Better hardware compatibility
o Answer: (b) Flexibility to work from any location - Which component of mobile computing ensures reliable communication?
o (a) Mobile hardware
o (b) Mobile software
o (c) Mobile communication
o (d) Mobile applications
o Answer: (c) Mobile communication - Which mobile operating system is most commonly used?
o (a) Windows Mobile
o (b) Android
o (c) BlackBerry OS
o (d) Symbian
o Answer: (b) Android - What is NOT an advantage of mobile computing?
o (a) Increased flexibility
o (b) Enhanced productivity
o (c) Improved information flow
o (d) Reduced dependency on communication networks
o Answer: (d) Reduced dependency on communication networks
E-Business - What is the major benefit of e-business to businesses?
o (a) Increased paperwork
o (b) Improved accessibility and global reach
o (c) High costs of operation
o (d) Limited market expansion
o Answer: (b) Improved accessibility and global reach - Which of the following is NOT a disadvantage of e-business?
o (a) Internet connectivity issues
o (b) High start-up costs
o (c) Enhanced customer interaction
o (d) Legal and security concerns
o Answer: (c) Enhanced customer interaction - How does e-business improve efficiency?
o (a) By reducing rework and overhead costs
o (b) By increasing dependency on manual processes
o (c) By eliminating digital transactions
o (d) By restricting geographical reach
o Answer: (a) By reducing rework and overhead costs - Which of the following is NOT a benefit of e-business?
o (a) Time savings
o (b) Cost reduction
o (c) Limited access to customers
o (d) Wide range of product options
o Answer: (c) Limited access to customers - Which risk is associated with e-business?
o (a) Enhanced transparency
o (b) Platform downtime
o (c) Increased physical inventory
o (d) Faster customer service
o Answer: (b) Platform downtime - What is a critical control for data privacy in e-business?
o (a) Strong passwords
o (b) Two-factor authentication
o (c) Regular system updates
o (d) All of the above
o Answer: (d) All of the above
General Questions - What does UPI stand for?
o (a) Universal Payment Infrastructure
o (b) Unified Payment Interface
o (c) Unique Payment Identifier
o (d) Universal Pay Identification
o Answer: (b) Unified Payment Interface - Which technology helps improve anti-money laundering processes?
o (a) Mobile hardware
o (b) RegTech
o (c) Quantum computing
o (d) Internet of Things
o Answer: (b) RegTech - Which payment mode allows Aadhaar-based transactions?
o (a) IMPS
o (b) AEPS
o (c) UPI
o (d) BHIM
o Answer: (b) AEPS - What is a key feature of quantum computing?
o (a) Linear processing
o (b) Superposition of states
o (c) High hardware costs
o (d) Limited applications
o Answer: (b) Superposition of states - Which digital payment system is specifically designed for feature phones?
o (a) e-RUPI
o (b) USSD
o (c) BHIM
o (d) IMPS
o Answer: (b) USSD - Which of these is a benefit of mobile computing?
o (a) Reduced travel time
o (b) Increased physical storage
o (c) Higher paper usage
o (d) Limited communication access
o Answer: (a) Reduced travel time - Which technology is integral to IoT?
o (a) Blockchain
o (b) Wireless sensors
o (c) Smart contracts
o (d) Quantum algorithms
o Answer: (b) Wireless sensors - Which financial tool uses Big Data for customer profiling?
o (a) Quantum computing
o (b) IoT
o (c) RegTech
o (d) UPI
o Answer: (c) RegTech - Which is NOT a type of card used in digital payments?
o (a) Debit card
o (b) Smart card
o (c) RuPay card
o (d) Internet card
o Answer: (d) Internet card - What does e-RUPI primarily use?
o (a) NFC technology
o (b) QR codes
o (c) Blockchain
o (d) SMS verification
o Answer: (b) QR codes - What is a key advantage of digital payments?
o (a) High transaction fees
o (b) Increased environmental impact
o (c) Transparency and ease of tracking
o (d) Limited adoption by businesses
o Answer: (c) Transparency and ease of tracking - Which is NOT a benefit of IoT in financial services?
o (a) Fraud prevention
o (b) Collection of debts
o (c) Limiting customer base
o (d) Personalized offerings
o Answer: (c) Limiting customer base - Which RegTech application focuses on customer verification?
o (a) AML
o (b) KYC
o (c) UDAAP
o (d) Synthetic identity fraud detection
o Answer: (b) KYC - What is a major concern with quantum computing?
o (a) High accuracy
o (b) Breaking existing encryption
o (c) Limited processing speed
o (d) Low computational capacity
o Answer: (b) Breaking existing encryption - Which IoT application benefits banking services the most?
o (a) Wearable technology
o (b) Predictive analysis
o (c) Automated checkouts
o (d) Blockchain integration
o Answer: (b) Predictive analysis - What ensures secure online transactions?
o (a) Use of antivirus software
o (b) Strong encryption protocols
o (c) Regular password updates
o (d) All of the above
o Answer: (d) All of the above - Which is NOT a component of mobile computing?
o (a) Mobile communication
o (b) Mobile hardware
o (c) Desktop software
o (d) Mobile software
o Answer: (c) Desktop software - What is a characteristic of mobile wallets?
o (a) Linked to physical cash only
o (b) Requires a debit card for use
o (c) Stores payment details securely
o (d) Does not offer rewards
o Answer: (c) Stores payment details securely - Which emerging technology aids in capacity building?
o (a) IoT
o (b) Quantum computing
o (c) Mobile computing
o (d) RegTech
o Answer: (a) IoT - What is the purpose of e-business?
o (a) Restrict market expansion
o (b) Enhance customer reach and efficiency
o (c) Increase legal complexities
o (d) Focus solely on local markets
o Answer: (b) Enhance customer reach and efficiency
