• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

HERE are a few multiple-choice questions on information systems audit (ISA).

Information processing infrastructure:1) An agreement between two computer systems related to methods of data transmission that is packed and interpreted is called: a) communication channel; b) communication protocol; c) synchronous mode of transmission; d) asynchronous mode of transmission

2) An electronic device that combines data from several low speed communication lines into a single high-speed line is a: a) modem; b) multiplexer; c) channel; d) link editor

3) It is essential to monitor telecommunication processes and ensure that data transmission is complete and accurate. Which of the following automated processes/reports measure this? a) turn around time reports; b) help desk response monitoring reports; c) breakdowns/downtime reports; d) online monitoring tools

4) The main DISADVANTAGE of using a PBX-based communication network for establishing a local area network is: a) rewiring is to be done using coaxial cabling; b) large volumes of data cannot be handled; c) system maintenance will have to be entrusted to outsiders; d) any relocation of the devices at a later stage is almost impossible.

5) Electronic methods of data transfer are involved in all of the following except: a) remote batch processing; b) standalone data processing; c) message switching; d) time sharing

6) Organisations that are unable to create and maintain their own private networks are more likely to use: a) a wide area network; b) vendor delivered electronic mail system; c) fast-packet switching; d) public switched network

OSI model: 1) Confidentiality and data integrity services are provided in a network in which of the following layers of the ISO/OSI model? a) physical layer; b) data link layer; c) presentation layer; d) application layer

2) Which of the following functions cannot be performed using a communications network control terminal: a) resetting message queue lengths; b) starting and terminating lines and processes; c) generating a control total for a point-of-sale device; d) correcting a hardware error in a modem

3) Which one of the following pairs of protocols greatly conflict with each other in the same pair of protocols? a) ISO/OSI and GOSIP; b) TCP/IP and ISO/OSI; c) ISO/OSI and SNA; d) SNA and TCP/IP

4) Every protocol communicates with: a) a protocol in the same layer on a remote computer; b) a layer with the same function as of the protocol on a remote computer; c) an implementation of the same protocol in the equivalent layer on a remote computer; d) the same protocol in the equivalent layer on a remote computer

5) A session is: a) a link between two network nodes; b) series of transmission without any disconnection; c) a specific connection place in a system; d) bi-directional dataflow between two network nodes

Firewalls: 1) The science of cryptography provides all of the following safeguards except: a) system availability; b) data confidentiality; c) message authentication; d) message integrity

2) A PIN is stored for reference purposes, and must be stored in: a) plain text form in the eventuality that it has to be reissued at a later stage, if customers forget their PIN; b) ciphertext form produced only from an reversible encryption algorithm; c) ciphertext form produced only from an irreversible encryption algorithm; d) ciphertext form that is a function of the account number

3) Which of the following is used to append a digital signature?: a) public key; b) private key; c) trusted key or third party key; d) any digital key

4) Which of the following is an application level firewall?: a) packet filtering routers; b) proxy systems; c) stateful inspection; d) circuit layer gateways

5) A firewall cannot do one of the following: a) protect against unauthorised logins from external networks; b) protect the network against users connecting to Internet by dialling to their ISP using their office telephone and modem; c) appear transparent to their users; d) log traffic to and from the network

Internet technologies: 1) In an Internet environment, firewall acts as a: a) modem; b) brouter; c) router; d) bridge

2) Which of the following is a component of Internet?: a) routers to strengthen the attenuated signals; b) repeaters to establish physical connection between various LANs; c) gateways to allow a network to use the resources of another mainframe; d) bridges to optimise the transmission path of messages

3) A good e-mail policy should state that: a) all mails sent and received should be monitored; b) all messages should be encrypted; c) e-mails should be used only for official purpose; d) all personal mails should be labelled

4) Which of the mail processing technologies given below affects message storage at the client end?: a) POP (Post Office Protocol); b) MAPI (Messaging Application Programming Interface); c) IMAP (Internet Message Access Protocol); d) SMTP (Simple Mail Transfer Protocol)

5) A security management system with regard to Internet should undertake: a) local data reduction; b) event correction; c)

low resource utilisation; d) all the above

TCP/IP: 1) Connection establishment and termination in transmission control protocol do not require?: a) `connect' and `disconnect' request; b) confirmation of request; c) acknowledgement of confirmation; d) encryption of connection establishment message

2) The IP address 135.0.0.2 (in decimal octet notation) belongs to which IP address classes?: a) Class A; b) Class 8; c) Class C; d) Class E

3) Which of the following statement is not a benefit of using the voice-over Internet protocol?: a) high quality voice; b) security; c) use of vocoder; d) use of TDMA

4) Which of the following provides mobile user network access over an air interface in wireless IP?: a) core network; b) end-user services network; c) radio access network; d) GSM (global system for mobile communication)

5) Which of the following is incorrect with regard to IP multicasting?: a) it distributes large amount of data; b) it reduces the choking of bandwidth, due to high data traffic; c) it requires additional resources for efficient delivery of data; d) it is a group concept

Answers: Information processing infrastructure: 1) b; 2) b; 3) d; 4) b; 5) b; 6) d

OSI model: 1) d; 2) d; 3) d; 4) c; 5) b

Firewalls: 1) a; 2) d; 3) b; 4) c; 5) b

Internet technologies: 1) c; 2) c; 3) d; 4) a; 5) d

TCP/IP: 1) d; 2) b; 3) c; 4) c; 5) c

Information systems logical access: 1) Which one of the following computer fraud methods relates to obtaining information that may be left in or around a computer system after the execution of a job?: a) scavenging; b) data diddling; c) salami technique; d) piggybacking

2) Which of the following terms best define a computer program looking `normal' but containing harmful code?: a) Trojan horse; b) trapdoor; c) worm; d) time bomb

3) Information system crimes and abuses in comparison to those of the general category are likely to be: a) of less serious nature; b) unaffected by stringent legal and/or organisational controls; c) of higher volume and of bigger size; d) punishable by law relatively easily

4) The control practice of installing and using anti-virus software is classified as: a) detective control practices; b) preventive control practices; c) corrective control practices; d) compensating control practices

5) A computer virus is a malicious code that can `infect' a computer system. Which of the following statements is true about computer viruses?: a) It can attach to a data field; b) it can attach to an executable program; c) it can attach to a data file; d) it can attach to a data record

Environmental access controls: 1) A `dry pipe', which is an arrangement to extinguish fires is: a) a sprinkler system where the water is in the pipe, but the outside of the pipe is dry; b) A Halon gas system that contains a dry pipe; c) a carbon dioxide (CO{-2}) gas system that has a dry chemical to extinguish a fire; d) a sprinkler system where the water does not enter the pipes until the automatic sensor indicates that there is a fire in the area

2) All of the following are the environmental controls employed in an IS department, except: a) external file header label on storage device; b) fire extinguishers; c) good housekeeping procedures; d) UPS

3) All the following statements are true regarding a water-based fire extinguishing system, except: a) water cools the equipment relatively quickly; b) the release of water can be localised to where it is needed; c) water and Halon gas systems cannot co-exist; d) jet sprayers can be an alternative to water sprinklers

4) While evaluating the IT control environment for obtaining an understanding of the management's control over IT activities, the auditor should consider: a) the functions of the IT steering committee; b) the security policy; c) the IT strategy of the management; d) the user's perception of IT

5) Which of this is not an external access control mechanism?: a) port protection devices; b) secure gateways; c) security labels; d) host-based authentication

Solution: Information systems logical access: 1) a; 2) a; 3) c; 4) b; 5) b

Environmental access controls: 1) d; 2) a; 3) c; 4) b; 5) c

Auditors' responsibilities: 1) The primary responsibility of an IS auditor does not include: a) responsibility for review and the expression of an opinion on the control systems; b) recommend changes and improvements in controls; c) make final decision to implement the required changes; d) provide workable recommendation for cost effective change.

2) In an applications audit, the most critical control is related to: a) transaction authorisation; b) transaction recording; c) access to menus; d) access to parameters

3) The most critical organisational control technique that needs to be documented is: a) reporting responsibility and authority of each function; b) definition of responsibilities and objectives of each function; c) job descriptions; d) segregation of duties

4) Which of the following is a policy?: a) all requests for changes to existing programs must be approved by user and IS management before programmers and analyst can work on them; b) documented instructions for filling out a standard change request form; c) documents relating to costs of the change; d) documents specifying how to obtain approvals for changes;

5) In reviewing job descriptions, the key concern for an IS auditor is that they: a) communicate the management's specific expectations for job performance; b) establish instructions on how to do the job and the policies define the authority of the employee; c) are current, documented and readily available to the employee; d) establish responsibility and the accountability of the employee's actions

Solution: 1) c; 2) d; 3) c; 4) a; 5) d

Solution: 1) d; 2) d;

(Concluded)

(Edited extracts from Comprehensive Guide on Information Systems Audit Volume II of the ICAI.)

Article E-Mail :: Comment :: Syndication

Stories in this Section
Ticking time for ISA aspirants

Copyright © 2003, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line