SET D DIGITAL ECO COMPILER PDF

Ajay Mohan M INSTAGRAM = aju_._3 CHAPTER 1 Governance Basics 1. What does governance primarily focus on? a) Executing day-to-day tasks b) Decision-making and accountability frameworks c) Marketing strategies d) IT system upgrades Answer: b 2. Governance is distinct from management because governance: a) Focuses on execution b) Is limited to IT operations c) Defines decision rights and accountability d) Deals only with financial audits Answer: c 3. Which principle is NOT part of a governance framework? a) Based on a conceptual model b) Aligning to major standards c) Providing rigid, unchangeable structures d) Remaining open and flexible Answer: c 4. The key benefits of governance include: a) Reducing the role of stakeholders b) Improving customer relationships and satisfaction c) Eliminating IT investments d) Decreasing transparency Answer: b Enterprise and Corporate Governance 5. Enterprise governance integrates: a) Compliance and IT audits b) Corporate and business governance c) Stakeholder analysis and IT management d) Strategic and operational planning Answer: b 6. Corporate governance focuses on: a) Internal IT controls exclusively b) Ensuring compliance and shareholder value c) Day-to-day operations management d) IT project approval processes Answer: b 7. Business governance emphasizes: a) Historical financial reporting b) Proactive strategy and value creation c) Reactive compliance management d) Vendor management Answer: b 8. Which is NOT a characteristic of good corporate governance? a) Sustainable economic development b) Sound internal control practices c) Disregard for shareholder interests d) Transparency and accountability Answer: c IT Governance 9. IT governance aligns IT activities with: a) Employee goals b) Industry benchmarks c) Enterprise objectives d) Vendor requirements Answer: c 10. A primary goal of IT governance is to: a) Reduce IT costs b) Increase stakeholder satisfaction c) Monitor enterprise IT investments d) Define IT-related roles and responsibilities Answer: d 11. Benefits of IT governance include all EXCEPT: a) Improved cost performance of IT b) Increased user satisfaction c) Decentralized decision-making d) Enhanced IT transparency Answer: c Frameworks and Standards 12. COBIT stands for: a) Control Objectives for Information and Related Technology b) Comprehensive Oversight of Business and IT c) Centralized Objectives for IT Governance d) Corporate Oversight and IT Tools Answer: a 13. COBIT primarily helps with: a) Designing IT systems b) IT service operations c) Governance and management of IT d) Compliance audits Answer: c 14. ISO 27001 is a standard for: a) Financial risk management b) Information security management systems c) Vendor collaboration d) IT project management Answer: b 15. ITIL focuses on: a) Aligning IT services with business needs b) Risk assessments and audits c) Stakeholder exclusion strategies d) IT system automation Answer: a Governance Practices 16. IT governance requires active participation from: a) IT vendors only b) Board members and senior management c) IT staff exclusively d) External auditors Answer: b 17. The IT steering committee ensures: a) Compliance with legal standards only b) Alignment of IT projects with enterprise goals c) Creation of new IT departments d) Outsourcing IT functions Answer: b 18. A critical governance practice is: a) Delegating decision-making to vendors b) Monitoring IT-related decisions and their outcomes c) Limiting stakeholder involvement d) Ignoring compliance standards Answer: b Strategic Alignment 19. Strategic IT planning aims to: a) Automate all enterprise processes b) Align IT strategy with business objectives c) Eliminate manual processes d) Increase IT infrastructure costs Answer: b 20. A gap analysis identifies: a) Inefficient IT vendors b) Misalignment between current and desired states c) Budget overruns in IT projects d) Redundant IT systems Answer: b 21. The success of IT-business alignment is measured by: a) Stakeholder satisfaction and value realization b) Reduction in IT staff c) Increase in manual workflows d) IT infrastructure expansion Answer: a COBIT Framework 22. COBIT separates governance and management because: a) They require different organizational structures b) Governance is a subset of management c) Management is only IT-specific d) Governance involves operational activities Answer: a 23. COBIT's "Evaluate, Direct, Monitor" (EDM) domain focuses on: a) Operational IT service delivery b) Strategic decision-making and monitoring c) Vendor compliance d) Employee training Answer: b 24. COBIT emphasizes: a) IT architecture design b) Financial auditing c) Enterprise I&T goals alignment d) Vendor management tools Answer: c 25. A major component of COBIT includes: a) Information flows b) Industry-specific compliance mandates c) Legacy system reviews d) Marketing strategies Answer: a ITIL Framework 26. The four ITIL dimensions are: a) Processes, platforms, tools, and strategies b) Organizations and people, technology, partners, and value streams c) Compliance, risk, IT, and operations d) Vendors, policies, stakeholders, and finances Answer: b 27. ITIL practices are categorized into: a) General, technical, and service management practices b) Strategic, operational, and financial practices c) Vendor, compliance, and performance practices d) IT-only processes Answer: a 28. ITIL's primary goal is to: a) Define IT frameworks b) Improve IT service delivery c) Automate compliance processes d) Eliminate manual processes Answer: b ISO 27001 Standard 29. ISO 27001 focuses on: a) Governance structure implementation b) Defining security policies and controls c) Increasing IT infrastructure investments d) Automating risk assessments Answer: b 30. A key benefit of ISO 27001 is: a) Eliminating all IT risks b) Improved trust and credibility with stakeholders c) Reduced vendor dependence d) Increased focus on IT infrastructure Answer: b Governance Integration 31. IT governance integrates with corporate governance by: a) Managing IT audits b) Aligning IT investments with business strategies c) Isolating IT from enterprise strategies d) Outsourcing decision-making processes Answer: b 32. GEIT (Governance of Enterprise IT) ensures: a) IT processes align with governance goals b) IT compliance replaces business goals c) IT functions operate independently of governance d) Financial audits focus solely on IT assets Answer: a IT and Business Strategy 33. Effective IT governance: a) Delegates IT decisions to vendors b) Ensures IT enhances business value c) Eliminates IT staff involvement d) Focuses only on cost-cutting measures Answer: b 34. IT strategy planning involves: a) Defining IT-specific goals independent of business needs b) Aligning IT goals with enterprise strategies c) Delegating decisions to middle management d) Increasing IT complexity Answer: b CHAPTER 2 Governance, Risk, and Compliance (GRC) 1. What does GRC stand for? a) Governance, Regulation, and Compliance b) Governance, Risk, and Compliance c) General Risk Control d) Governance and Regulatory Control Answer: b 2. Which of the following is NOT a component of GRC? a) Risk management b) Data science c) Compliance d) Governance Answer: b 3. Governance in GRC refers to: a) The process of enforcing internal audits b) Setting strategic direction and monitoring outcomes c) Mitigating operational risks d) Conducting compliance assessments Answer: b Risk Fundamentals 4. Assets in risk management are defined as: a) Only physical properties b) Items with substantial value to the organization c) Threat agents targeting the system d) Only software and network infrastructure Answer: b 5. The tenets of information security include: a) Confidentiality, Integrity, and Accuracy b) Availability, Confidentiality, and Integrity c) Availability, Integrity, and Accuracy d) Reliability, Security, and Scalability Answer: b 6. A vulnerability is: a) An inherent risk in operations b) A weakness that could be exploited by a threat c) A deliberate action causing harm to assets d) A system upgrade process Answer: b 7. A threat is defined as: a) A weakness in internal controls b) An entity or event with the potential to harm assets c) The probability of a loss occurring d) A compliance failure Answer: b Risk Classification and Management 8. What is inherent risk? a) Risk after implementing controls b) Risk before any control measures are applied c) Risk mitigated by compliance measures d) Risk assessed by external audits Answer: b 9. Which is NOT a risk mitigation strategy? a) Transfer b) Tolerate c) Terminate d) Suspend Answer: d 10. What does residual risk refer to? a) Risks that arise after external audits b) Risks that remain after applying controls c) Risks related to compliance failure d) Risks identified during risk classification Answer: b Malicious Attacks 11. Which of the following is an example of an active attack? a) Eavesdropping b) Dictionary password attack c) IP spoofing d) Both b and c Answer: d 12. A man-in-the-middle attack is characterized by: a) Infecting software with a virus b) Intercepting and altering communications between two parties c) Performing unauthorized access through eavesdropping d) Crashing a system through brute force Answer: b 13. Phishing primarily aims to: a) Modify software without authorization b) Trick victims into providing sensitive personal information c) Overload network traffic d) Install malware on systems Answer: b Malicious Software 14. A worm differs from a virus because: a) It replicates without user intervention b) It requires a host program to function c) It cannot spread across networks d) It does not harm the host system Answer: a 15. Spyware is mainly designed to: a) Create backups of user data b) Gather information without user knowledge c) Encrypt user files d) Replace system files Answer: b Compliance 16. Regulatory compliance refers to: a) Adhering to internal company policies b) Meeting external laws and industry standards c) Avoiding risks entirely d) Implementing internal audits Answer: b 17. Non-compliance with regulations can result in: a) Loss of data integrity b) Financial penalties and reputational damage c) Employee attrition d) Increased infrastructure costs Answer: b 18. Internal compliance focuses on: a) External audits only b) Adherence to internal rules and controls c) Preventing malicious software attacks d) Eliminating external threats Answer: b Internal Controls 19. Internal controls are designed to: a) Detect only external risks b) Ensure operational and financial reporting effectiveness c) Remove residual risks entirely d) Replace internal audits Answer: b 20. Limitations of internal controls include: a) Complete elimination of fraud b) Management override of controls c) Higher audit complexity d) Untraceable compliance errors Answer: b GRC Tools and Features 21. GRC tools primarily help organizations to: a) Eliminate all risks b) Manage policies, assess risks, and streamline compliance c) Replace governance frameworks d) Automate financial audits only Answer: b 22. Which of the following is NOT a feature of GRC tools? a) Risk data management and analytics b) Workflow management c) Marketing automation d) Document and content management Answer: c 23. A dashboard in GRC tools is used for: a) Identifying external audit requirements b) Monitoring key performance indicators in real-time c) Designing new governance frameworks d) Encrypting sensitive data Answer: b Risk Mitigation Strategies 24. Which strategy involves transferring risk to another party? a) Treat b) Terminate c) Tolerate d) Transfer Answer: d 25. Tolerating risk implies: a) Ignoring the risk completely b) Taking no action while monitoring the risk c) Reducing the likelihood of a threat exploiting a vulnerability d) Eliminating the threat entirely Answer: b 26. Which risk mitigation strategy focuses on reducing the likelihood or impact of a risk? a) Treat b) Transfer c) Terminate d) Tolerate Answer: a Types of Risks 27. Compliance risks arise due to: a) Natural disasters b) Failure to adhere to legal and regulatory requirements c) Employee behavior d) Vendor partnerships Answer: b 28. Hazard risks include: a) Risks with potential positive outcomes b) Situations that may cause harm to objectives c) Strategic changes affecting the organization d) Variability in financial performance Answer: b 29. Opportunity risks are: a) Always guaranteed to result in benefits b) Risks with potential negative effects only c) Risks associated with taking or missing chances for gains d) Risks from natural disasters Answer: c Internal Controls 30. The primary objective of internal controls is to: a) Ensure full compliance with global regulations b) Provide reasonable assurance for operational and reporting objectives c) Prevent any occurrence of risks d) Reduce the need for compliance audits Answer: b 31. Which of the following is a limitation of internal control systems? a) They can completely eliminate fraud b) Collusion among employees can override controls c) They eliminate the need for external audits d) They focus only on operational risks Answer: b Cyber Threats 32. What is a brute-force password attack? a) Using social engineering techniques to guess passwords b) Using software to try all possible combinations of a password c) Spoofing user credentials d) Monitoring network traffic for passwords Answer: b 33. What does IP address spoofing involve? a) Modifying software vulnerabilities b) Disguising a device to appear as another c) Encrypting transmitted data d) Blocking unauthorized users Answer: b 34. A passive attack: a) Eavesdrops on communications without altering them b) Modifies transmitted data maliciously c) Disrupts network availability d) Steals user credentials actively Answer: a Malware Categories 35. A Trojan horse: a) Replicates itself across networks without a host b) Masquerades as legitimate software while executing malicious code c) Encrypts all files on a system d) Only disrupts network availability Answer: b 36. A rootkit is primarily used to: a) Protect operating systems from malware b) Conceal malicious activities from users c) Enhance network traffic monitoring d) Encrypt stored data Answer: b Compliance and Regulatory Frameworks 37. Compliance ensures organizations: a) Develop new governance frameworks b) Adhere to external laws, regulations, and internal policies c) Avoid developing risk mitigation strategies d) Focus only on operational efficiency Answer: b 38. Breaking compliance can result in: a) Improved efficiency b) Legal and reputational consequences c) Increased internal audit frequency d) Reduced dependency on governance frameworks Answer: b GRC Framework Benefits 39. An effective GRC framework helps organizations: a) Automate only operational tasks b) Align business objectives with risk and compliance requirements c) Eliminate all vulnerabilities entirely d) Replace external regulations with internal standards Answer: b 40. Key benefits of GRC tools include: a) Real-time monitoring and risk analytics b) Replacement of all manual processes c) Avoidance of compliance reporting d) Ignoring regulatory changes Answer: a Risk Levels and Classification 41. Current risk refers to: a) Risk that is completely eliminated b) Risk after applying initial controls c) Risk arising from new threats d) Risk with no potential impact Answer: b 42. Strategic risks often arise from: a) Operational inefficiencies b) Changes in macroeconomic or political conditions c) Employee fraud d) IT infrastructure failure Answer: b 43. Marketplace risks are associated with: a) Customer trade or expenditure b) Vendor compliance c) Mismanagement of internal processes d) Leadership risks Answer: a Countermeasures 44. The primary function of a firewall is to: a) Replace anti-malware software b) Regulate traffic between trusted and untrusted networks c) Prevent data loss from storage devices d) Detect vulnerabilities in software Answer: b 45. Anti-malware software is designed to: a) Encrypt all network traffic b) Detect and remove malicious software c) Monitor user activity for suspicious behavior d) Replace compliance measures Answer: b Final Review 46. Governance focuses on: a) Implementing IT tools b) Setting strategic goals and monitoring their achievement c) Managing malicious software threats d) Increasing employee engagement Answer: b 47. The 4Ts of risk management include all EXCEPT: a) Treat b) Terminate c) Transfer d) Trust Answer: d 48. Compliance is considered a: a) One-time activity b) Continuous process of adhering to standards c) Substitute for risk management d) Component of IT governance only Answer: b 49. Risk assessment helps organizations: a) Eliminate external audits b) Identify threats, vulnerabilities, and potential impacts c) Avoid operational risks entirely d) Focus solely on compliance activities Answer: b 50. Integrated GRC frameworks help by: a) Centralizing risk, governance, and compliance functions b) Eliminating internal control requirements c) Reducing operational complexity d) Ignoring emerging regulatory challenges Answer: a CHAPTER 3 Introduction to ERM 1. What is the primary goal of Enterprise Risk Management (ERM)? a) Eliminate all risks b) Align risk with strategy and objectives c) Enhance operational speed d) Increase regulatory compliance only Answer: b 2. Which of the following best defines ERM? a) A set of static rules for compliance b) A dynamic process to identify, assess, and mitigate risks c) A technology framework for IT management d) A risk avoidance mechanism Answer: b 3. ERM provides reasonable assurance regarding: a) Absolute elimination of risks b) Achievement of organizational objectives c) Maximizing profit in all ventures d) Ensuring zero errors in operations Answer: b 4. What does "risk appetite" in ERM refer to? a) The extent of risk an enterprise is willing to accept b) The risks an enterprise has fully mitigated c) The probability of risk occurrence d) The organization's response to crises Answer: a COSO ERM Framework 5. The COSO ERM framework consists of how many interrelated components? a) 6 b) 8 c) 5 d) 4 Answer: b 6. Which of the following is NOT a component of the COSO ERM framework? a) Control Environment b) Organizational Chart c) Event Identification d) Risk Response Answer: b 7. The COSO ERM cube includes how many categories of management objectives? a) 2 b) 3 c) 4 d) 5 Answer: c 8. What does the "Control Environment" component focus on? a) Establishing operational benchmarks b) Defining the tone and ethical culture of an organization c) Ensuring complete elimination of risks d) Automating control systems Answer: b Risk Identification and Assessment 9. Risk identification includes which of the following activities? a) Establishing risk control systems b) Identifying events with potential impact on objectives c) Monitoring operational efficiency d) Reducing risk likelihood Answer: b 10. What are the two bases for assessing risks in ERM? a) Financial impact and operational impact b) Risk likelihood and risk impact c) Organizational culture and resource allocation d) Stakeholder expectations and compliance requirements Answer: b 11. Residual risk is defined as: a) The risk remaining after controls are implemented b) Risks that cannot be identified c) Risks outside the scope of ERM d) Risks eliminated through compliance programs Answer: a Risk Response 12. Which of the following is NOT a risk response strategy? a) Avoidance b) Acceptance c) Suspension d) Sharing Answer: c 13. Risk mitigation primarily involves: a) Eliminating risk entirely b) Reducing the likelihood or impact of risks c) Transferring risk responsibility to external parties d) Ignoring risks with low likelihood Answer: b 14. Sharing risk often involves: a) Delegating risk to middle management b) Establishing partnerships with external entities like insurers c) Discontinuing high-risk activities d) Increasing stakeholder involvement Answer: b ERM Principles 15. One principle of governance and culture is: a) Developing independent operating units b) Defining risk appetite and ethical standards c) Avoiding high-risk ventures d) Decentralizing risk management Answer: b 16. What does "formulating business objectives" in ERM involve? a) Defining objectives that align with strategy and risk appetite b) Establishing control environments for risk assessment c) Monitoring operational units d) Developing new compliance rules Answer: a 17. Portfolio view in ERM helps organizations: a) Evaluate individual risks in isolation b) View collective risks in relation to objectives c) Increase operational independence d) Avoid high-risk strategies Answer: b Performance and Monitoring 18. What is a key principle under the "Performance" component of ERM? a) Implementing rigid compliance rules b) Monitoring stakeholder activities c) Identifying and prioritizing risks d) Reducing all operational controls Answer: c 19. Effective monitoring ensures: a) ERM processes remain static b) Risks are reviewed periodically and updated as needed c) Control activities are applied universally d) Compliance with outdated frameworks Answer: b Strategic Objectives 20. Strategic objectives in COSO ERM are aligned with: a) Operational efficiency goals b) The entity's mission and vision c) Risk appetite exclusively d) Reporting frameworks Answer: b 21. Which of the following is an example of a reporting objective? a) Complying with environmental regulations b) Ensuring reliable financial reporting c) Streamlining operational workflows d) Increasing resource allocation Answer: b ERM Implementation 22. What does the PIML framework in ERM stand for? a) Plan, Innovate, Measure, Learn b) Plan, Implement, Measure, Learn c) Prepare, Investigate, Monitor, Lead d) Perform, Initiate, Mitigate, Launch Answer: b 23. A key step in the "Plan" phase of PIML is: a) Evaluating risk performance b) Identifying intended benefits of ERM initiatives c) Monitoring stakeholder responses d) Establishing compliance frameworks Answer: b ERM Framework 24. The COSO ERM framework uses a multidirectional process to: a) Focus on external regulatory changes only b) Influence and integrate all its components across the organization c) Align operational controls with financial statements d) Eliminate low-impact risks automatically Answer: b 25. Which COSO ERM component is responsible for aligning risk management with the organization's culture? a) Governance and Culture b) Risk Response c) Information and Communication d) Monitoring Answer: a 26. In ERM, risk tolerance refers to: a) The broad level of risk an organization accepts b) The specific amount of risk acceptable in decision-making c) The process of identifying low-priority risks d) The likelihood of risk occurrence Answer: b 27. Risk tolerance and risk appetite are: a) Independent concepts without overlap b) Two sides of the same coin in decision-making c) Mutually exclusive strategies in ERM d) Focused solely on financial risks Answer: b Risk and Performance 28. What is a significant benefit of ERM in minimizing operational surprises? a) Eliminating risks from all processes b) Identifying potential events and preparing responses c) Standardizing global regulations d) Avoiding high-risk strategies Answer: b 29. Risk response strategies include which of the following? a) Avoidance, reduction, sharing, and acceptance b) Reduction, elimination, monitoring, and standardization c) Transfer, escalation, review, and response d) Suppression, avoidance, review, and compliance Answer: a 30. The component "Monitoring" in the ERM framework is designed to: a) Create new risk categories b) Ensure the ERM system adapts dynamically to changing conditions c) Identify outdated operational risks d) Eliminate compliance redundancies Answer: b COSO ERM Enhancements 31. The 2017 COSO ERM update emphasizes: a) Static strategies for addressing risks b) The alignment of risk management with strategy and performance c) Reducing the scope of risk evaluation to internal controls d) Removing risk appetite considerations Answer: b 32. The COSO ERM "Rainbow Double Helix" highlights: a) The role of culture and governance in achieving objectives b) A static structure for monitoring risk performance c) A linear process for risk response implementation d) Exclusively quantitative risk assessments Answer: a Governance and Culture 33. Attracting and retaining capable individuals is a principle of which component? a) Performance b) Governance and Culture c) Risk Response d) Review and Revision Answer: b 34. A risk-aware culture in an organization focuses on: a) Avoiding all potential risks b) Developing proactive risk management behaviors c) Increasing operational complexity d) Shifting risk responsibility to external parties Answer: b Performance Objectives 35. The principle of "Develops Portfolio View" in ERM helps organizations: a) Focus on specific high-risk activities b) Evaluate risk interdependencies and their collective impact c) Eliminate unrelated risks d) Develop financial reporting frameworks Answer: b 36. Prioritizing risks involves criteria such as: a) Recovery time and adaptability b) Historical relevance c) Elimination of compliance challenges d) Redundancy of risk factors Answer: a Review and Revision 37. The "Review and Revision" component focuses on: a) Static compliance frameworks b) Monitoring substantial changes in risk factors c) Isolating risk assessment from strategy d) Avoiding iterative processes in risk management Answer: b 38. Continuous improvement in ERM aims to: a) Develop static strategies for compliance b) Increase organizational resilience and adaptability c) Replace risk assessments with automation d) Focus exclusively on regulatory changes Answer: b Information, Communication, and Reporting 39. Effective communication in ERM should flow: a) Only from the top down b) Across, up, and down the organization c) Exclusively through external stakeholders d) Between regulatory bodies and top management Answer: b 40. Risk reporting in ERM is intended to: a) Increase organizational complexity b) Support decision-making and enable effective oversight c) Focus only on internal communication channels d) Ignore stakeholder inputs Answer: b Benefits of ERM 41. ERM increases resource deployment efficiency by: a) Reducing all resource-related risks b) Prioritizing and aligning resources with objectives c) Eliminating low-risk activities d) Ignoring emerging risks in resource allocation Answer: b 42. Enhanced enterprise resilience through ERM allows organizations to: a) React to changes without evolving b) Adapt and thrive in changing conditions c) Minimize risks by avoiding innovation d) Focus solely on internal risk factors Answer: b ERM Implementation 43. A key step in "Implementing" ERM through PIML includes: a) Establishing common risk language b) Measuring risk performance c) Embedding risk-aware culture d) Reviewing substantial organizational changes Answer: a 44. The "Measuring" phase of PIML focuses on: a) Defining the scope of ERM initiatives b) Evaluating control effectiveness and introducing improvements c) Identifying external risk benchmarks d) Reducing risk occurrence by avoiding innovation Answer: b 45. The "Learning" phase involves: a) Establishing initial risk benchmarks b) Monitoring risk performance and ensuring compliance c) Avoiding unnecessary risk reviews d) Focusing on operational controls only Answer: b Miscellaneous 46. Which principle under "Performance" involves addressing risks arising from external changes? a) Assesses Substantial Change b) Identifies Risk c) Develops Portfolio View d) Reviews Risk and Performance Answer: b 47. The COSO framework addresses compliance objectives related to: a) Operational goals exclusively b) Adhering to laws, regulations, and contracts c) Reporting financial inconsistencies d) Reducing strategic risks Answer: b 48. Which is NOT a primary benefit of integrating ERM? a) Identifying and managing entity-wide risks b) Increasing positive outcomes c) Eliminating performance variability d) Reducing negative surprises Answer: c 49. Governance in ERM includes: a) Establishing oversight responsibilities b) Automating reporting systems c) Avoiding stakeholder inputs d) Eliminating ethical considerations Answer: a 50. Effective ERM implementation is characterized by: a) Static methodologies b) A continuous and iterative process c) Isolated compliance activities d) Exclusive reliance on internal assessments Answer: b CHAPTER 4 Set 1: Principles of Information Security 1. Which of the following is NOT a component of the CIA triad? A. Confidentiality B. Integrity C. Scalability D. Availability Answer: C 2. What does "Confidentiality" in the CIA triad primarily ensure? A. Authorized users have access to accurate data. B. Information is free from unauthorized disclosure. C. Systems are protected from downtime. D. Backup copies of data are available. Answer: B 3. In ISMS, "Integrity" is violated when: A. Data is modified without authorization. B. Data becomes inaccessible due to system failure. C. Data is encrypted with an outdated algorithm. D. Unauthorized users view sensitive information. Answer: A 4. Which principle emphasizes that information should be accessible to authorized users when needed? A. Accountability B. Scalability C. Availability D. Confidentiality Answer: C 5. Which of the following is the primary objective of an Information Security Policy? A. Increase profitability through IT controls. B. Ensure compliance with all global security laws. C. Protect organizational assets from security risks. D. Maximize IT resource allocation. Answer: C Set 2: Risk Management 6. What is the first step in the risk management process? A. Risk mitigation B. Risk identification C. Risk monitoring D. Risk assessment Answer: B 7. When conducting a risk assessment, which factor is considered most critical? A. The organization’s market position B. The probability and impact of risks C. The size of the IT department D. The complexity of encryption protocols Answer: B 8. Which tool is most effective for assessing vulnerabilities in an IT system? A. Encryption software B. Network vulnerability scanners C. Audit checklists D. Firewall configuration guides Answer: B 9. How should a company prioritize risks identified during a risk assessment? A. Alphabetically B. By the cost of mitigation C. By likelihood and potential impact D. By stakeholder preference Answer: C 10. Which of the following is a preventive control in risk management? A. Incident logging system B. Antivirus software C. Regular audits D. Business continuity planning Answer: B Set 3: Compliance and Legal Frameworks 11. What is the main objective of ISO 27001 certification? A. Guaranteeing zero cybersecurity breaches B. Demonstrating compliance with global information security standards C. Enhancing employee satisfaction D. Reducing IT expenditures Answer: B 12. Which of these is NOT a core requirement under GDPR? A. Data encryption for all data transfers B. Right to data portability for users C. Appointment of a Data Protection Officer D. Mandatory data breach notification within 72 hours Answer: A 13. The Indian Information Technology Act, 2000, primarily governs: A. IT infrastructure taxation B. Digital signatures and cybersecurity C. Intellectual property rights D. Import/export of IT hardware Answer: B 14. Under which law are companies mandated to conduct periodic security awareness training? A. SOX Act B. GDPR C. HIPAA D. Both B and C Answer: D 15. Which compliance framework focuses on payment card security? A. GDPR B. PCI DSS C. ISO 27001 D. HIPAA Answer: B Set 4: Incident Management 16. What is the first step in responding to a security incident? A. Isolate affected systems B. Notify stakeholders C. Identify the type and scope of the incident D. Analyze historical logs Answer: C 17. A Distributed Denial of Service (DDoS) attack affects which aspect of the CIA triad? A. Confidentiality B. Integrity C. Availability D. Accountability Answer: C 18. After a ransomware attack, which action should be avoided? A. Paying the ransom B. Restoring systems from backup C. Conducting a forensic investigation D. Informing law enforcement agencies Answer: A 19. Which metric is most relevant in evaluating the success of an incident response plan? A. Time to detect and respond B. Employee satisfaction C. Budget utilization D. Number of training sessions conducted Answer: A 20. The primary goal of incident logging is to: A. Identify the attacker’s location. B. Establish accountability. C. Create an audit trail for investigation. D. Inform employees about policy violations. Answer: C Case Scenario: ABC Technologies Pvt. Ltd., a global leader in fintech, provides end-to-end payment gateway solutions to over 3000 clients across multiple countries. Due to increasing cybersecurity threats, the organization implemented an Information Security Management System (ISMS) aligned with ISO 27001 standards. The company's management faced several challenges: 1. Risk Management: There was no established process for identifying vulnerabilities and threats to IT infrastructure. 2. Compliance: Regulatory audits highlighted weak documentation of security policies. 3. Training and Awareness: Employees frequently fell prey to phishing attacks. 4. Incident Response: A ransomware attack crippled their systems for three days, causing significant financial losses. To address these issues, the company implemented the following measures:  Information Security Policy: Established a robust policy focusing on Confidentiality, Integrity, and Availability.  Risk Assessment: A third-party firm conducted vulnerability assessments every quarter.  Training: Mandatory monthly training sessions on phishing awareness and incident reporting.  Business Continuity Plan (BCP): Introduced periodic drills and documented disaster recovery plans. Despite these initiatives, a recent audit revealed inconsistencies:  Senior management's support was limited to initial stages, and follow-ups lacked rigor.  Some critical systems did not comply with encryption standards.  Employees often bypassed security protocols, citing productivity concerns. Questions Question 1: What was the most significant deficiency in ABC Technologies’ incident response approach before implementing ISMS? A. Lack of regulatory audits. B. Absence of a documented disaster recovery plan. C. Frequent phishing attacks on employees. D. Non-compliance with ISO standards. Answer: B Question 2: Which principle of the CIA triad was compromised when employees bypassed security protocols? A. Confidentiality. B. Integrity. C. Availability. D. Scalability. Answer: A Question 3: If the third-party risk assessment identifies unencrypted sensitive data on a payment gateway, which corrective action aligns best with compliance? A. Immediate encryption of the sensitive data and related systems. B. Dismissing the third-party firm for negligence. C. Disabling the payment gateway temporarily. D. Conducting an internal compliance survey. Answer: A Question 4: What training priority should ABC Technologies implement to mitigate phishing attacks? A. Technical encryption protocols. B. Social engineering awareness programs. C. Advanced software development methodologies. D. Legal consequences of breaches. Answer: B Question 5: Despite implementing the ISMS, ABC Technologies faced inconsistent management follow- ups. What governance model could strengthen compliance? A. Delegating responsibility to mid-level managers. B. Establishing a Security Steering Committee with periodic reviews. C. Outsourcing all security operations to an external vendor. D. Limiting access to only technical staff. Answer: B CHAPTR 5 Introduction to BCM 1. Business Continuity Management (BCM) helps enterprises to: a) Eliminate all risks b) Manage disruptions and reduce potential losses c) Avoid regulatory compliance d) Improve branding only Answer: b 2. Which of the following is a key objective of BCM? a) Maintain uninterrupted availability of all resources b) Develop marketing strategies c) Ensure compliance with customer grievances d) Focus exclusively on IT infrastructure Answer: a 3. The BCM process includes: a) Employee retention strategies b) Planning, testing, and continuous improvement c) Budget allocation only d) Avoidance of all disruptions Answer: b BCP Policy 4. What is the primary goal of a Business Continuity Plan (BCP)? a) Maximize operational downtime b) Minimize losses and reestablish normal business operations c) Ensure exclusivity in vendor contracts d) Automate all manual processes Answer: b 5. A BCP policy document primarily provides: a) Marketing guidelines b) A structure for managing disaster recovery and continuity c) Methods to eliminate external audits d) Automation of all employee tasks Answer: b BCM Advantages 6. One advantage of BCM is: a) Eliminating employee dependencies b) Proactive threat assessment and containment c) Reducing business obligations d) Avoiding all external audits Answer: b 7. Regular testing and training in BCM help organizations: a) Increase operational redundancies b) Strengthen response and recovery mechanisms c) Focus solely on technological solutions d) Avoid budget planning Answer: b Types of Plans 8. What does the Emergency Plan address? a) Routine operational tasks b) Immediate actions during a disaster c) Long-term business strategies d) Marketing failures Answer: b 9. Which plan focuses on resuming full information system capabilities after a disaster? a) Recovery Plan b) Test Plan c) Emergency Plan d) Backup Plan Answer: a 10. A Test Plan is designed to: a) Replace recovery plans b) Identify deficiencies in BCM procedures c) Develop marketing strategies d) Eliminate manual operations Answer: b Types of Backups 11. Which backup captures all files on the disk, regardless of changes? a) Incremental Backup b) Full Backup c) Differential Backup d) Mirror Backup Answer: b 12. Incremental backups: a) Capture all files every time b) Backup only changes since the last backup c) Focus on manual processes d) Require the most storage space Answer: b 13. Differential backups store: a) Files changed since the last incremental backup b) All files, regardless of changes c) Changes since the last full backup d) A mirror image of the source Answer: c 14. Mirror backups differ from full backups because: a) They do not compress files b) They include old and obsolete files c) They are always encrypted d) They backup only new files Answer: a BCP Development Phases 15. What is the first phase in developing a BCP? a) Risk Assessment b) Pre-Planning Activities c) Business Impact Analysis d) Plan Development Answer: b 16. The purpose of a Business Impact Analysis (BIA) is to: a) Automate backup procedures b) Assess the impact of disruptions on business functions c) Monitor external compliance d) Develop marketing strategies Answer: b BCM Process and Cycle 17. What is the first stage of the BCM cycle? a) BCM Strategies b) Information Collection c) Training and Awareness d) Testing and Maintenance Answer: b 18. The BCM cycle emphasizes: a) Training programs exclusively b) Continuous improvement and adaptation c) Avoiding external audits d) Cost-cutting measures Answer: b 19. Testing and maintenance of a BCP ensure: a) Plans are up-to-date and effective b) Elimination of all manual processes c) Increased marketing budgets d) Compliance with customer feedback Answer: a Incident Management Plan (IMP) 20. The Incident Management Plan focuses on: a) Managing long-term strategies b) Initial response to crises c) Automating backup processes d) Developing marketing campaigns Answer: b 21. A key feature of an IMP is: a) Flexibility and relevance b) Exclusivity in vendor agreements c) Automation of manual tasks d) Elimination of risks entirely Answer: a Backup Facilities 22. A cold site: a) Includes all hardware and operational facilities b) Contains minimal facilities for recovery c) Automates all recovery processes d) Includes all applications and data Answer: b 23. A warm site: a) Provides an intermediate level of backup facilities b) Contains no hardware c) Focuses solely on customer satisfaction d) Automates marketing strategies Answer: a 24. Reciprocal agreements involve: a) Contracts with insurance companies b) Mutual backup support between organizations c) Elimination of BCM requirements d) Vendor-specific automation Answer: b Disaster Recovery Procedural Plan 25. Emergency procedures in a disaster recovery plan involve: a) Defining marketing goals b) Immediate actions after a disaster c) Long-term business strategies d) Training customer support teams Answer: b 26. Maintenance schedules in recovery planning: a) Eliminate manual testing requirements b) Outline ongoing testing and updates c) Focus exclusively on IT compliance d) Avoid changes to operational strategies Answer: b Training and Awareness 27. BCM training promotes: a) Awareness of BCM roles and responsibilities b) Focus on external audits exclusively c) Elimination of operational redundancies d) Exclusive reliance on IT systems Answer: a 28. A BCM-aware culture is supported by: a) Marketing campaigns b) Leadership, training, and accountability c) Outsourcing BCM entirely d) Focusing solely on customer experience Answer: b BCM Documentation and Maintenance 29. The BCM documentation process ensures: a) Adherence to document control and record management processes b) Focus on eliminating redundancies exclusively c) Automating compliance with no updates required d) Avoidance of all manual tasks Answer: a 30. BCM maintenance requires organizations to: a) Establish regular reviews of plans and ensure updates after major changes b) Focus only on external compliance standards c) Avoid maintaining outdated records d) Eliminate backup requirements entirely Answer: a 31. Records retained in BCM must: a) Include only critical disruptions b) Be kept for at least one year or per regulatory requirements c) Be automated with no manual interventions d) Include only operational data Answer: b Types of Backups 32. Full backups: a) Capture only changed files b) Require significant storage space compared to other backup types c) Are faster than incremental backups d) Automatically delete old files Answer: b 33. Incremental backups: a) Are slower than full backups b) Include only files changed since the last backup of any type c) Require the most storage space d) Avoid reliance on previous backups Answer: b 34. Differential backups require: a) The last full backup and the most recent differential backup for recovery b) All incremental backups for restoration c) The least amount of storage compared to incremental backups d) No full backups for recovery Answer: a 35. Mirror backups: a) Compress files for additional storage b) Keep an exact replica of the source c) Include multiple versions of old files d) Focus only on cloud-based storage Answer: b 36. Cloud backups offer: a) Dependence on local storage b) Scalability and redundancy c) The least amount of security for critical data d) Exclusivity for smaller organizations Answer: b Alternate Processing Facilities 37. A hot site is: a) A backup facility with all operational capabilities ready b) A facility with minimal resources for recovery c) A temporary storage facility d) Dependent entirely on external organizations Answer: a 38. Reciprocal agreements for backup are: a) Difficult to enforce due to informal nature b) The most reliable backup solution c) Exclusively used by small organizations d) Focused on eliminating cold site requirements Answer: a 39. The main difference between a warm site and a hot site is: a) A warm site includes all critical hardware and software b) A hot site is fully operational while a warm site provides limited functionality c) Warm sites are slower to set up than cold sites d) Warm sites require no additional agreements Answer: b Disaster Recovery Plan 40. The disaster recovery plan must include: a) Maintenance schedules and contingency plan documents b) Marketing budgets for incident response c) Exclusive reliance on IT recovery d) Redundancies in employee roles only Answer: a 41. Fallback procedures in a disaster recovery plan ensure: a) Essential services continue at an alternate location b) Exclusive recovery of hardware c) Avoidance of manual intervention d) Immediate restoration of all operations Answer: a 42. Awareness activities in a disaster recovery plan focus on: a) Training personnel and ensuring readiness b) Reducing marketing efforts c) Avoiding manual updates to documentation d) Establishing marketing campaigns Answer: a BCM Testing 43. A BCP test plan helps organizations: a) Validate recovery procedures and identify deficiencies b) Eliminate all potential risks c) Avoid reliance on backup systems d) Automate disaster recovery without testing Answer: a 44. Regular testing of BCM ensures: a) Plans are current and meet organizational requirements b) Resources are always automated c) No changes to documentation are needed d) External audits are unnecessary Answer: a 45. Which of the following is NOT a purpose of testing BCM plans? a) Evaluate recovery strategies b) Highlight assumptions that need review c) Eliminate all operational redundancies d) Practice incident recovery steps Answer: c BCM Training and Awareness 46. BCM training should: a) Focus only on senior management b) Develop awareness and confidence in stakeholders c) Avoid operational level staff involvement d) Exclusively train IT professionals Answer: b 47. Effective training programs for BCM lead to: a) Increased resilience over time b) Dependence on automated systems c) Avoidance of incident response exercises d) Elimination of organizational reviews Answer: a General BCM Knowledge 48. The BIA helps organizations: a) Identify critical processes and assess potential disruptions b) Avoid documenting contingency plans c) Develop marketing frameworks d) Focus exclusively on IT risks Answer: a 49. BCM strategies should include: a) Proactive measures to reduce incident impact b) Immediate elimination of manual systems c) Focus solely on cloud backups d) Reduction in organizational compliance Answer: a 50. The overall goal of BCM is to: a) Protect brand value and reputation through proactive risk management b) Focus only on disaster recovery c) Eliminate risks through backup systems d) Avoid reliance on compliance frameworks Answer: a CHAPTER 6 Introduction to SDLC 1. The main purpose of the System Development Life Cycle (SDLC) is: a) To eliminate manual systems b) To provide a structured framework for developing or modifying systems c) To focus on IT compliance only d) To minimize documentation Answer: b 2. SDLC phases are essential for: a) Managing business processes b) Defining phases and ensuring deliverables for system development c) Automating software testing d) Avoiding project documentation Answer: b 3. What is a significant characteristic of SDLC? a) Lack of documentation b) Iterative process with clear deliverables at every stage c) Eliminating user input d) Exclusive focus on hardware systems Answer: b 4. Barry Boehm's W5HH principle includes which of the following questions? a) Why is the system being developed? b) What will be done? c) How will it be done? d) All of the above Answer: d Need for SDLC 5. A new system may be developed if: a) Strategic management changes focus b) Existing technology becomes obsolete c) Competitors enhance service quality using automation d) All of the above Answer: d 6. What is a primary advantage of using SDLC? a) Reduced planning and control efforts b) Better compliance with prescribed standards c) Elimination of documentation requirements d) Increased project flexibility without milestones Answer: b 7. Which of the following is a potential limitation of SDLC? a) It is not suitable for small projects b) It emphasizes milestones and documentation c) It may involve prolonged project timelines d) All of the above Answer: d Phases of SDLC 8. Which is the first phase of SDLC? a) System Development b) Preliminary Investigation c) Post-Implementation Review d) System Testing Answer: b 9. The deliverable of the Preliminary Investigation phase is: a) System architecture design b) Feasibility study report c) User manuals d) Source code Answer: b 10. System Requirement Analysis focuses on: a) Documenting user needs and analyzing the current system b) Designing database structures c) Writing program code d) Installing hardware Answer: a 11. System Design phase includes: a) Logical and physical design of the system b) Debugging code c) Analyzing input/output d) System implementation Answer: a 12. The purpose of System Development is to: a) Install hardware and network devices b) Convert design specifications into a functional system c) Train users on system functionality d) Conduct maintenance Answer: b Feasibility Study 13. Economic feasibility assesses: a) The legal implications of the new system b) Return on investment and cost-benefit analysis c) Compatibility with existing systems d) Availability of technical resources Answer: b 14. Which feasibility study evaluates whether the solution adheres to legal regulations? a) Operational feasibility b) Legal feasibility c) Financial feasibility d) Political feasibility Answer: b Testing Phases 15. Unit testing focuses on: a) The entire system as a whole b) Individual components or functions of the software c) End-user requirements d) Integration of subsystems Answer: b 16. Regression testing ensures: a) All modules are unit-tested b) Changes or corrections do not introduce new errors c) The system performs under expected load conditions d) Security of the system remains intact Answer: b 17. The final testing phase before system implementation is: a) Unit testing b) Integration testing c) User Acceptance Testing (UAT) d) Performance testing Answer: c Implementation Phase 18. System implementation involves: a) Conducting a feasibility study b) Deploying the system into the operational environment c) Debugging and writing new code d) Performing post-implementation reviews Answer: b 19. Which is a method of system changeover? a) Direct implementation b) Parallel implementation c) Pilot implementation d) All of the above Answer: d 20. What is a key risk of direct implementation? a) High costs b) Limited user training c) Complete dependency on the new system immediately d) Prolonged changeover duration Answer: c Post-Implementation Review 21. Post-implementation reviews evaluate: a) Development costs only b) Whether the system meets business objectives c) The feasibility of the original design d) The user training process Answer: b 22. A major activity during post-implementation is: a) Conducting UAT b) Reviewing system maintenance needs c) Debugging system modules d) Developing system specifications Answer: b Maintenance Phase 23. Corrective maintenance refers to: a) Fixing defects and bugs found during execution b) Adding new features to the system c) Adapting software to new environments d) Updating documentation Answer: a 24. Adaptive maintenance involves: a) Modifying systems for changes in external environments b) Fixing code errors c) Enhancing user experience d) None of the above Answer: a 25. Preventive maintenance aims to: a) Improve system performance proactively b) Fix errors after they occur c) Adapt software for future hardware upgrades d) Eliminate redundancy in coding Answer: a General Knowledge 26. An SRS document is created during: a) Preliminary Investigation b) System Requirement Analysis c) System Testing d) Implementation Answer: b 27. The primary benefit of using SDLC is: a) Faster project completion without documentation b) Streamlined process ensuring high-quality system development c) Elimination of project timelines d) Avoidance of resource allocation Answer: b Design Phase 28. The logical design of a system focuses on: a) The physical implementation of hardware b) The structure and relationships between system components c) Coding standards for the software d) Integration of modules Answer: b 29. A blueprint for system design includes: a) Software code implementation b) Specifications for hardware, software, data, and user interfaces c) Training schedules for users d) Maintenance schedules Answer: b 30. User interface design considerations include: a) Database indexing methods b) The layout of screens, reports, and input/output devices c) Data backup frequency d) Hardware compatibility Answer: b Development and Testing 31. The primary purpose of coding standards is to: a) Eliminate the need for testing b) Ensure uniformity and simplify future maintenance c) Avoid project documentation d) Automate program debugging Answer: b 32. Debugging involves: a) Testing user interfaces b) Fixing errors in source code identified during compilation c) Analyzing system design diagrams d) Deploying software into production Answer: b 33. Which of the following is a feature of a well-coded application? a) Complexity and extensive user training b) Robustness, usability, and efficiency c) Exclusivity to a single programming language d) Lack of documentation requirements Answer: b 34. Program documentation ensures: a) Automated system upgrades b) Clear understanding of software functions and usage by users c) Faster project completion timelines d) Elimination of testing phases Answer: b Testing Techniques 35. Integration testing validates: a) Individual modules independently b) Communication and interaction between multiple modules c) The end-user experience d) The feasibility of the new system Answer: b 36. System testing involves: a) Assessing system behavior under production conditions b) Isolating and testing individual code units c) Testing only the hardware components d) Avoiding regression issues in the system Answer: a 37. What is the primary focus of Quality Assurance Testing (QAT)? a) Identifying design improvements b) Ensuring that quality standards are met c) Validating database structures d) Testing hardware specifications Answer: b Implementation Phase 38. System changeover strategies include all EXCEPT: a) Phased changeover b) Pilot changeover c) Incremental changeover d) Parallel changeover Answer: c 39. Pilot implementation involves: a) Replacing the old system at once b) Testing the new system in a smaller environment before full-scale implementation c) Running the old and new systems simultaneously d) Avoiding user training Answer: b 40. Parallel changeover is considered secure because: a) The old system is decommissioned immediately b) Both old and new systems run together, ensuring data integrity c) It requires minimal user training d) It eliminates operational downtime Answer: b Post-Implementation and Maintenance 41. Post-implementation review evaluates: a) User satisfaction and system effectiveness b) Code debugging efficiency c) Hardware testing results d) Database maintenance schedules Answer: a 42. Perfective maintenance involves: a) Fixing system bugs b) Enhancing the system to meet new user requirements c) Adapting to external environmental changes d) Preventing risks through scheduled updates Answer: b 43. Which maintenance type deals with unanticipated malfunctions? a) Preventive maintenance b) Rescue maintenance c) Adaptive maintenance d) Corrective maintenance Answer: b Documentation and Standards 44. An SRS document includes: a) System architecture designs b) Functional descriptions, validation criteria, and user expectations c) Post-implementation review guidelines d) Maintenance schedules Answer: b 45. A well-documented SRS ensures: a) Elimination of post-implementation reviews b) Clear understanding between the development team and users c) Faster debugging processes d) Simplified hardware testing Answer: b General Knowledge 46. The main goal of regression testing is to: a) Ensure that new changes have not broken existing functionality b) Test user satisfaction with the interface c) Identify hardware compatibility issues d) Validate compliance with regulatory standards Answer: a 47. SDLC ensures system quality through: a) Structured, well-defined development processes b) Elimination of feasibility studies c) Minimizing project timelines by skipping documentation d) Exclusive focus on technical feasibility Answer: a 48. A phased implementation strategy is useful for: a) Gradually transitioning users to the new system b) Eliminating manual processes immediately c) Reducing the need for testing d) Avoiding parallel system operation Answer: a 49. System testing is performed to: a) Validate the complete integration and functionality of the system b) Identify potential user interface issues c) Automate project documentation d) Replace regression testing Answer: a 50. The SDLC ensures: a) High-quality systems that meet user expectations b) Automated testing throughout the project c) Elimination of operational reviews d) Avoidance of stakeholder involvement Answer: a CHAPTER 7 Topic 1: Introduction to Information Systems 1. Which of the following is a component of an Information System? (a) Hardware (b) Software (c) People (d) All of the above Answer: (d) 2. What does the feedback component in an Information System do? (a) Collect data (b) Modify input or processing activities (c) Store information (d) Disseminate data Answer: (b) 3. What is the primary need for Information Systems in organizations? (a) To replace manual work (b) To improve customer satisfaction and profits (c) To ensure complete automation (d) To reduce employee costs Answer: (b) Topic 2: Information System Acquisition 4. What is the purpose of acquisition standards in system acquisition? (a) To speed up the process (b) To address security and reliability issues (c) To minimize costs (d) To hire a specific vendor Answer: (b) 5. Which of the following is NOT part of acquisition standards? (a) Ensuring vendor reviews (b) Soliciting bids from vendors (c) Selecting programming techniques (d) Ensuring compatibility with existing systems Answer: (c) 6. What is the primary purpose of a Request for Proposal (RFP)? (a) To evaluate user feedback (b) To solicit bids from vendors for requirements (c) To select a project manager (d) To approve project designs Answer: (b) 7. Which of the following is part of the vendor selection process? (a) Benchmarking the problem (b) Evaluating user feedback (c) Technical validation of proposals (d) All of the above Answer: (d) Topic 3: System Development Methodologies 8. Which development model is most suitable for a small and simple project? (a) Agile (b) Spiral (c) Waterfall (d) RAD Answer: (c) 9. What is the key objective of the RAD model? (a) Cost efficiency (b) High-quality system development (c) Fast development and delivery (d) Risk minimization Answer: (c) 10. Which system development methodology is based on iterative and incremental development? (a) Agile (b) Waterfall (c) Spiral (d) RAD Answer: (a) Topic 4: Waterfall Model 11. Which of the following is NOT a characteristic of the Waterfall Model? (a) Sequential phases (b) Focus on iterative design (c) Extensive documentation (d) User approval before next phase Answer: (b) 12. What is a major weakness of the Waterfall Model? (a) Too flexible (b) Encourages user participation (c) Little room for iteration (d) Lack of documentation Answer: (c) Topic 5: Prototyping Model 13. The goal of prototyping is to: (a) Create a detailed and final system early (b) Develop a usable prototype to refine requirements (c) Minimize user involvement (d) Create extensive documentation Answer: (b) 14. What is a major advantage of prototyping? (a) Encourages innovation (b) Reduces system testing (c) Eliminates the need for user feedback (d) Fully replaces the need for traditional methodologies Answer: (a) Topic 6: Incremental Model 15. The incremental model: (a) Combines iterative and linear approaches (b) Avoids delivering partial systems (c) Has no user involvement (d) Is identical to the Waterfall Model Answer: (a) 16. Which of the following is a strength of the incremental model? (a) Lack of clear milestones (b) Early delivery of partial solutions (c) No requirement for written documentation (d) No integration risks Answer: (b) Topic 7: Spiral Model 17. What does the Spiral Model primarily focus on? (a) Risk analysis and iterative development (b) Rapid prototyping (c) Linear progress (d) Minimal documentation Answer: (a) 18. The Spiral Model is best suited for: (a) Simple projects (b) Highly complex and risky projects (c) Projects with minimal user interaction (d) Cost-saving initiatives Answer: (b) Topic 8: RAD Model 19. RAD emphasizes on: (a) Extensive pre-planning (b) Quick delivery and prototyping (c) Eliminating user involvement (d) Document-heavy processes Answer: (b) 20. What is a disadvantage of RAD? (a) Quick reviews are impossible (b) Minimal customer feedback (c) Potential for inconsistent design (d) High development costs Answer: (c) CHAPTER 8 1.What are the main objectives of Information System (IS) controls? a) Safeguarding assets, maintaining data integrity, ensuring resource efficiency b) Increasing operational expenses, reducing control measures, and boosting revenue c) Enhancing customer relationships, developing new software, reducing manual labor d) Training employees, outsourcing services, and increasing system complexity Answer: a) Safeguarding assets, maintaining data integrity, ensuring resource efficiency 2. Which of the following is NOT a characteristic of Preventive Controls? a) Proactive in nature b) Cost-effective compared to detection and correction c) Reactively addressing errors after occurrence d) Requires understanding vulnerabilities and probable threats Answer: c) Reactively addressing errors after occurrence 3. What does the term "Logical Access Controls" refer to? a) Controlling physical access to computers b) Managing environmental risks like fire and water damage c) Restricting use of information to authorized individuals or entities d) Planning emergency evacuation strategies Answer: c) Restricting use of information to authorized individuals or entities 4. What kind of controls are smoke detectors and fire extinguishers classified as? a) Detective Controls b) Directive Controls c) Environmental Controls d) Logical Access Controls Answer: c) Environmental Controls 5. Which type of control is responsible for ensuring compliance with organizational policies and legislation? a) Preventive Controls b) Detective Controls c) Corrective Controls d) Directive Controls Answer: d) Directive Controls 6. Which approach is emphasized for efficient database management in an IT environment? a) Decentralized database planning and control b) Ignoring user input for database updates c) Ensuring data availability, integrity, and modifiability d) Eliminating database administrator roles Answer: c) Ensuring data availability, integrity, and modifiability 7. What is the key feature of Disaster Recovery Planning (DRP)? a) Preventing minor operational losses b) Recovering operations after catastrophic events c) Developing new system software d) Designing application software interfaces Answer: b) Recovering operations after catastrophic events 8. Which of these is an example of Detective Control? a) Firewalls b) Regular budget reviews c) Staff training programs d) Intrusion prevention systems Answer: b) Regular budget reviews 9. What is a common characteristic of Directive Controls? a) They are reactive and minimize threats after incidents occur. b) They are the first response to risk and ensure compliance. c) They are costlier than corrective controls. d) They replace preventive and detective controls. Answer: b) They are the first response to risk and ensure compliance. 10. What is the primary role of Top Management Controls? a) Implementing system utilities b) Determining organizational goals and ensuring IS compliance c) Conducting employee training programs d) Preparing technical support manuals Answer: b) Determining organizational goals and ensuring IS compliance 11. Which of the following is NOT a component of environmental controls? a) Smoke detectors b) Access tokens c) Uninterrupted Power Supply (UPS) d) Fire extinguishers Answer: b) Access tokens 12. What is the primary purpose of Detective Controls? a) Preventing errors before they occur b) Correcting errors after they are detected c) Reporting errors or incidents after they occur d) Directing employees to follow compliance procedures Answer: c) Reporting errors or incidents after they occur 13. What is the focus of Programming Management Controls? a) Managing data repositories b) Ensuring high-quality programs are developed and implemented c) Setting up disaster recovery plans d) Reviewing vendor contracts Answer: b) Ensuring high-quality programs are developed and implemented 14. Which of the following are examples of Logical Access Controls? a) Password protection, encryption, and firewalls b) Fire alarms, CCTV, and physical locks c) Smoke detectors, air conditioning, and surge protectors d) Emergency evacuation plans and manual logging Answer: a) Password protection, encryption, and firewalls 15. What is the main goal of Security Management Controls? a) Reducing operational costs in IT systems b) Ensuring information system assets are secure and recoverable c) Identifying training needs for employees d) Designing new IT policies for future upgrades Answer: b) Ensuring information system assets are secure and recoverable 16. What does the term "Directive Controls" imply in information systems? a) Controls that correct errors after incidents b) Controls that provide formal directions to mitigate risks c) Controls that detect unauthorized system activities d) Controls that safeguard physical resources only Answer: b) Controls that provide formal directions to mitigate risks 17. Which control prevents unauthorized users from accessing sensitive areas like server rooms? a) Logical Access Controls b) Directive Controls c) Physical Access Controls d) Detective Controls Answer: c) Physical Access Controls 18. What does a Disaster Recovery Plan (DRP) primarily address? a) Enhancing employee productivity during crises b) Recovering and restoring critical operations after disruptions c) Monitoring performance of outsourced operations d) Conducting regular internal audits of IT systems Answer: b) Recovering and restoring critical operations after disruptions 19. What is the role of "Concurrency Controls" in database management? a) Ensuring simultaneous access does not compromise data integrity b) Managing employee performance during multitasking c) Restricting unauthorized software installations d) Detecting network intrusions in real-time Answer: a) Ensuring simultaneous access does not compromise data integrity 20. Which of these is a key element of Operations Management Controls? a) Developing software applications b) Managing day-to-day operations of hardware and software c) Conducting employee quality assurance training d) Analyzing future IT system requirements Answer: b) Managing day-to-day operations of hardware and software 21. What is the primary purpose of a Quality Assurance Management Control system? a) To train employees in cybersecurity protocols b) To ensure information systems meet established quality goals and standards c) To eliminate preventive and detective controls d) To conduct cost-benefit analysis of IT systems Answer: b) To ensure information systems meet established quality goals and standards 22. Which of the following is an example of Corrective Control? a) Using firewalls to prevent unauthorized access b) Removing unauthorized users after a security breach c) Monitoring logs for suspicious activities d) Encrypting data for secure transmission Answer: b) Removing unauthorized users after a security breach 23. What is the function of "Access Control Lists" (ACLs) in operating systems? a) Managing access rights for files and directories b) Limiting the duration of system uptime c) Securing physical access to servers d) Automating routine system updates Answer: a) Managing access rights for files and directories 24. What is the first line of defense in terminal login procedures? a) Password authentication b) Logging physical visitor entries c) Using biometric access d) Encrypting user data Answer: a) Password authentication 25. Which of these is a characteristic of Preventive Controls? a) Reactive to threats b) Designed to avoid errors and incidents proactively c) Focused on analyzing errors post-occurrence d) Implemented only in manual environments Answer: b) Designed to avoid errors and incidents proactively 26. What is a key feature of Directive Controls? a) They eliminate errors entirely. b) They provide guidelines to employees to mitigate risks. c) They primarily detect unlawful activities. d) They are reactive in addressing threats. Answer: b) They provide guidelines to employees to mitigate risks. 27. What are examples of Physical Access Controls? a) Firewalls and antivirus software b) Cipher locks, video cameras, and visitor logging c) Cloud backup systems and data encryption d) Network traffic monitoring and alert systems Answer: b) Cipher locks, video cameras, and visitor logging 28. What does "Logical Access Control" ensure? a) That users are logged off after inactivity b) That IT systems meet operational quality standards c) That financial audits are conducted quarterly d) That fire protection systems are operational Answer: a) That users are logged off after inactivity 29. Which of the following is an environmental control for preventing electrical exposure? a) Fire alarms and extinguishers b) Voltage regulators and surge protectors c) Cipher locks and video cameras d) Manual logging of visitor entries Answer: b) Voltage regulators and surge protectors 30. What is the focus of Systems Development Management Controls? a) Managing hardware and software upgrades b) Overseeing daily IT operations c) Analyzing, designing, and maintaining information systems d) Conducting fraud investigations Answer: c) Analyzing, designing, and maintaining information systems 31. What does a "Call Back Device" in network access control do? a) Encrypts network data automatically b) Monitors all user activities on the network c) Disconnects unauthorized access and reconnects to authorized numbers d) Provides detailed network traffic reports Answer: c) Disconnects unauthorized access and reconnects to authorized numbers 32. Which is an example of Detective Control? a) Firewall installation b) Intrusion detection system (IDS) c) Network encryption d) Strong password policy Answer: b) Intrusion detection system (IDS) 33. What is the purpose of terminal timeouts? a) To allow remote access b) To log off inactive users automatically c) To increase the efficiency of system resources d) To maintain continuous session activity Answer: b) To log off inactive users automatically 34. Which control type minimizes the impact of a threat after it has occurred? a) Preventive Control b) Corrective Control c) Detective Control d) Directive Control Answer: b) Corrective Control 35. What is the significance of firewalls in IT systems? a) Preventing physical intrusions b) Ensuring access control between networks c) Managing data repositories d) Detecting unauthorized physical access Answer: b) Ensuring access control between networks 36. What is a primary feature of a Disaster Recovery Plan (DRP)? a) Reducing operational costs during system upgrades b) Providing a backup plan for critical system recovery c) Monitoring staff performance in emergencies d) Designing new hardware for recovery Answer: b) Providing a backup plan for critical system recovery 37. What are “Concurrency Controls” designed to address in databases? a) Errors in manual data entry b) Simultaneous access issues affecting data integrity c) Unauthorized access to physical locations d) Overloading of network systems Answer: b) Simultaneous access issues affecting data integrity 38. Which of the following is an example of Directive Control? a) Installing antivirus software b) Establishing Standard Operating Procedures (SOPs) c) Monitoring suspicious activities in logs d) Scheduling automatic data backups Answer: b) Establishing Standard Operating Procedures (SOPs) 39. What is the key objective of Physical Access Controls? a) Preventing logical attacks b) Ensuring secure access to tangible and intangible resources c) Enhancing user interface designs d) Monitoring software system logs Answer: b) Ensuring secure access to tangible and intangible resources 40. Which process ensures accurate time synchronization across an enterprise network? a) Network encryption b) Clock synchronization c) Terminal timeout d) Role-based access control Answer: b) Clock synchronization 41. What is the primary purpose of a "Privilege Management" system in user access control? a) To allow unrestricted user access to resources b) To align access rights with job responsibilities c) To prevent password sharing d) To enforce biometric authentication Answer: b) To align access rights with job responsibilities 42. Which control ensures that unauthorized updates to a database are prevented? a) Logical Access Controls b) Corrective Controls c) Access Control Lists (ACLs) d) Concurrency Controls Answer: c) Access Control Lists (ACLs) 43. What is the main characteristic of Application Control? a) Securing physical access to IT facilities b) Managing network operations efficiently c) Restricting user actions within a specific application d) Monitoring employee performance in IT operations Answer: c) Restricting user actions within a specific application 44. What is the purpose of environmental controls like water detectors in IT facilities? a) To prevent unauthorized personnel access b) To mitigate risks of water damage to systems c) To ensure logical access to sensitive areas d) To reduce the impact of electrical surges Answer: b) To mitigate risks of water damage to systems 45. Which control mechanism prevents the misuse of unattended user equipment? a) Biometric authentication b) Password sharing policies c) Terminal timeouts d) Encryption protocols Answer: c) Terminal timeouts 46. What is the function of the "Data Preparation and Entry" control? a) Monitoring network traffic b) Managing system utilities c) Promoting speed and accuracy in input environments d) Preventing unauthorized software updates Answer: c) Promoting speed and accuracy in input environments 47. What is the role of a "Firewall" in network security? a) Encrypting transmitted data b) Blocking unauthorized traffic between networks c) Detecting user activity within a system d) Ensuring database integrity Answer: b) Blocking unauthorized traffic between networks 48. What are examples of Output Controls in information systems? a) Report distribution and storage controls b) Monitoring network performance c) Logical access restrictions d) Emergency evacuation plans Answer: a) Report distribution and storage controls 49. Which of the following best describes Quality Assurance (QA) Management Controls? a) Monitoring compliance with established quality standards b) Designing hardware for enhanced performance c) Conducting fraud investigations d) Managing employee training programs Answer: a) Monitoring compliance with established quality standards 50. What is the main objective of "System Development Management Controls"? a) To supervise network traffic b) To analyze, design, and maintain information systems c) To enforce physical security measures d) To train employees on operating systems Answer: b) To analyze, design, and maintain information systems CHAPTER 9 Information Systems and Technology 1. What is the primary component of an Information System? A) People, Process, and Technology B) Hardware, Software, and Cloud Computing C) Networks and Infrastructure D) Data Mining Tools Answer: A) People, Process, and Technology 2. What distinguishes Information Systems from Information Technology? A) Information Systems include only hardware. B) Information Technology focuses on hardware and software, while Information Systems involve processes and people. C) Information Technology excludes communication networks. D) Both are identical in function and definition. Answer: B) Information Technology focuses on hardware and software, while Information Systems involve processes and people. 3. Why is IT auditing essential? A) To automate financial transactions. B) To evaluate internal controls and asset safety. C) To replace manual data processing. D) To generate financial reports automatically. Answer: B) To evaluate internal controls and asset safety. IT Tools and Techniques 4. What is a major advantage of CAATs (Computer-Assisted Audit Techniques)? A) Manual data verification B) Automation in data testing and analysis C) Dependence on physical audits D) Reduced accuracy in audit processes Answer: B) Automation in data testing and analysis 5. What does the Integrated Test Facility (ITF) technique involve? A) Simulating a test environment outside the system. B) Creating a dummy entity within the system to test data processing. C) Conducting audits manually without automation. D) Using outdated system tools for testing. Answer: B) Creating a dummy entity within the system to test data processing. 6. Which tool is used for creating flowcharts and data analysis? A) Microsoft Word B) Audit Command Language (ACL) C) System Control Audit Review File (SCARF) D) Microsoft Access Answer: B) Audit Command Language (ACL) Risks and Controls 7. What is the key risk in the Procure-to-Pay (P2P) process? A) Delays in system updates B) Unauthorized changes to supplier master files C) Slow invoice processing D) Outdated financial reporting Answer: B) Unauthorized changes to supplier master files 8. What is the main objective of control in the Order-to-Cash (O2C) cycle? A) Automating customer data deletion B) Verifying the accuracy of customer orders C) Generating random invoices D) Adjusting credit lines based on manual calculations Answer: B) Verifying the accuracy of customer orders 9. Which risk is associated with the Inventory Cycle? A) Inaccurate shipment records B) Lack of user access restrictions C) Inefficient data visualization D) Delayed master configuration Answer: A) Inaccurate shipment records Auditing Approaches 10. What does the “Blackbox” auditing approach focus on? A) Reviewing internal program logic B) Reconciling inputs with outputs without processing logic examination C) Using embedded audit modules D) Creating custom pseudocode Answer: B) Reconciling inputs with outputs without processing logic examination 11. What is a benefit of auditing through the computer? A) Simplified manual verification B) Continuous evaluation of embedded controls C) Eliminates system reliability concerns D) Reduces the need for test environments Answer: B) Continuous evaluation of embedded controls System-Specific Controls 12. What does transaction tagging in auditing ensure? A) System-wide user access B) Manual processing of tagged data C) Verification of data integrity throughout processing stages D) Inaccurate labeling of transactions Answer: C) Verification of data integrity throughout processing stages 13. What is the focus of Continuous and Intermittent Simulation (CIS)? A) Replacing Database Management Systems B) Detecting and logging transaction exceptions in real-time C) Manual validation of financial transactions D) Generating static financial reports Answer: B) Detecting and logging transaction exceptions in real-time Process-Specific Questions 14. What is the primary function of Human Resource (HR) cycles? A) Configuring user roles in IT systems B) Managing the employee lifecycle within an enterprise C) Conducting financial audits D) Tracking raw materials in production Answer: B) Managing the employee lifecycle within an enterprise 15. What should be restricted in Payroll Management to maintain integrity? A) Access to payroll master files B) Frequency of data backups C) Time spent on data entry D) The number of system users Answer: A) Access to payroll master files Advanced Topics 16. What is a risk in Fixed Asset Management? A) Delayed salary disbursement B) Unauthorized changes to asset records C) Unplanned marketing expenses D) Inconsistent sales reports Answer: B) Unauthorized changes to asset records 17. What is the purpose of SCARF (System Control Audit Review File)? A) Managing unauthorized users B) Continuous monitoring of system transactions C) Storing physical assets for review D) Automating manual calculations Answer: B) Continuous monitoring of system transactions 18. What is the key objective of safeguarding assets in Information Systems Auditing? A) Maximizing storage capacity B) Preventing unauthorized access C) Increasing hardware compatibility D) Reducing operational costs Answer: B) Preventing unauthorized access 19. What is the main focus of system effectiveness in Information Systems Auditing? A) Ensuring optimal hardware usage B) Meeting user requirements and decision-making needs C) Simplifying data entry processes D) Enhancing program compatibility Answer: B) Meeting user requirements and decision-making needs 20. What does improved system efficiency imply? A) Eliminating data redundancy B) Using minimum resources for maximum output C) Reducing employee count in IT departments D) Generating real-time financial statements Answer: B) Using minimum resources for maximum output Process Risks and Controls 21. What is a common risk in the Procure-to-Pay process? A) Incorrect posting of accounts payable amounts B) Unauthorized recruitment in HR processes C) Duplicate payroll entries D) Delayed approval of tax filings Answer: A) Incorrect posting of accounts payable amounts 22. What ensures accuracy in Purchase Orders? A) Proper authorization of requisitions B) Use of manual data entry C) Avoidance of automated tools D) Delegation of approvals to unauthorized staff Answer: A) Proper authorization of requisitions 23. Which control is necessary for the Order-to-Cash cycle? A) Restricting unauthorized customer orders B) Allowing all orders without verification C) Preventing automated data transfer D) Ignoring invalid shipping records Answer: A) Restricting unauthorized customer orders 24. What is an example of a management process in business? A) Manufacturing goods B) Strategic planning and governance C) Shipping customer orders D) Processing supplier invoices Answer: B) Strategic planning and governance 25. How are credit notes issued in the O2C process? A) Based on organizational policies B) Through manual calculations only C) Using handwritten notes D) Without verification Answer: A) Based on organizational policies IT Tools and Techniques 26. What is the purpose of Parallel Simulation in auditing? A) To independently validate processing logic B) To eliminate the need for manual input C) To generate random audit samples D) To track only small-scale transactions Answer: A) To independently validate processing logic 27. Which tool can assist in analyzing data for audit purposes? A) SAP Audit Management B) Notepad C) Adobe Photoshop D) Google Maps Answer: A) SAP Audit Management 28. What does the Test Data technique focus on? A) Providing input transactions to evaluate system performance B) Generating random audit reports C) Simulating manual operations D) Disabling system-generated outputs Answer: A) Providing input transactions to evaluate system performance Risks and Control Objectives 29. What ensures accurate updates in Inventory Management Systems? A) Restricting unauthorized system access B) Allowing unlimited user access C) Ignoring changes in master data D) Limiting transaction approvals Answer: A) Restricting unauthorized system access 30. What is a key risk in Fixed Asset transactions? A) Inaccurate depreciation calculation B) Delayed salary payments C) Unrecorded customer orders D) Mismanaged purchase invoices Answer: A) Inaccurate depreciation calculation 31. What does system configuration involve in business processes? A) Setting initial parameters based on policies B) Completely automating all human interactions C) Eliminating manual verifications D) Ignoring master file updates Answer: A) Setting initial parameters based on policies Auditing Concepts 32. What is the primary purpose of Continuous Auditing? A) Detecting errors at the point of occurrence B) Eliminating the need for manual reports C) Reducing system capacity requirements D) Automating all organizational tasks Answer: A) Detecting errors at the point of occurrence 33. What is a key benefit of Embedded Audit Modules (EAM)? A) Real-time transaction monitoring B) Reduced system security C) Delayed error detection D) Manual testing of transactions Answer: A) Real-time transaction monitoring Specific Controls 34. How should payroll data be managed in HR processes? A) By restricting access to authorized users B) By sharing access widely across teams C) By avoiding automation tools D) By skipping transaction reviews Answer: A) By restricting access to authorized users 35. What risk does SCARF help mitigate? A) Transaction irregularities and policy violations B) Delayed salary disbursements C) Unmonitored asset depreciation D) Manual financial reporting Answer: A) Transaction irregularities and policy violations Business Processes 36. What does the Ordering phase in the Inventory Cycle involve? A) Placing and receiving raw material orders B) Tracking customer complaints C) Configuring financial reports D) Shipping finished goods Answer: A) Placing and receiving raw material orders 37. Which control ensures accurate financial statements? A) Automated reconciliation of ledger accounts B) Allowing unrestricted manual data entry C) Limiting master data updates D) Avoiding reporting tools Answer: A) Automated reconciliation of ledger accounts Advanced Topics 38. What is an essential feature of IT audit tools? A) Real-time data analysis capabilities B) Exclusive focus on manual processes C) Dependency on physical audits D) Ignoring transaction errors Answer: A) Real-time data analysis capabilities 39. What ensures privacy in digital ecosystems? A) Implementing security safeguards under data protection laws B) Sharing user credentials openly C) Allowing unrestricted database access D) Ignoring encryption standards Answer: A) Implementing security safeguards under data protection laws 40. How is data integrity achieved in Information Systems? A) Ensuring completeness, reliability, and accuracy of data B) Relying solely on manual audits C) Limiting data access to one department D) Avoiding data validation steps Answer: A) Ensuring completeness, reliability, and accuracy of data Control and Security 41. What is the key control in the CASA process? A) Restricting unauthorized credit line setups B) Allowing open credit for all customers C) Ignoring master file updates D) Avoiding regular audits Answer: A) Restricting unauthorized credit line setups 42. What does segregation of duties (SoD) aim to achieve? A) Preventing unauthorized transactions B) Simplifying all tasks under one role C) Limiting financial transparency D) Automating user logins Answer: A) Preventing unauthorized transactions System Audit Techniques 43. What is the purpose of a pre-audit survey? A) Collecting background information for focused auditing B) Avoiding interactions with management C) Replacing data analysis processes D) Automating decision-making entirely Answer: A) Collecting background information for focused auditing 44. What is a critical aspect of an auditor's role in continuous simulation? A) Identifying transaction exceptions B) Simplifying configuration steps C) Eliminating test environments D) Ignoring real-time updates Answer: A) Identifying transaction exceptions IT Governance 45. What does an effective governance system in IT ensure? A) Alignment of IT objectives with business goals B) Ignoring user feedback C) Automating unauthorized processes D) Reducing compliance requirements Answer: A) Alignment of IT objectives with business goals Miscellaneous 46. What defines operational business processes? A) Delivering value directly to customers B) Supporting core processes indirectly C) Monitoring management tasks D) Simplifying budgeting activities Answer: A) Delivering value directly to customers 47. What is a key risk in General Ledger transactions? A) Inaccurate account codes B) Over-reliance on automation C) Avoiding periodic reconciliations D) Delayed shipment tracking Answer: A) Inaccurate account codes 48. What does Continuous Audit Techniques rely on? A) Embedded system modules B) Manual input for large datasets C) Limiting automation tools D) Eliminating test environments Answer: A) Embedded system modules 49. What is an objective of the Test Data technique? A) Verifying system processes with valid and invalid inputs B) Eliminating erroneous transactions entirely C) Avoiding transaction tagging methods D) Ignoring invalid inputs during tests Answer: A) Verifying system processes with valid and invalid inputs 50. What does P2P automation achieve? A) A seamless procure-to-pay lifecycle B) Simplified customer order tracking C) Manual processing of invoices D) Reduced vendor data accuracy Answer: A) A seamless procure-to-pay lifecycle CHAPTER 10 Multiple-Choice Questions on Digital Data, Privacy, Security, and Business Intelligence 1. What is the primary goal of data protection?  A) Maximize profits  B) Ensure data availability, privacy, and integrity  C) Replace physical documentation  D) Increase customer engagement Answer: B) Ensure data availability, privacy, and integrity 2. What does the Digital Persona

SET D DIGITAL ECO COMPILER PDF

Document Details

Tags

Related

Summary

Full Transcript