Exam Questions, Answers,
All the questions were
from www.4exam.com study material. I got 90 % marks.
That’s sufficient for me. I am satisfied with
it. I hereby submit some questions.
Question No 1
IS management has decided to rewrite a legacy customer
relations system using fourth- generation languages
(4GLs). Which of the following risks is MOST often
associated with system development using 4GLs?
A. Inadequate screen/report design facilities
B. Complex programming language subsets
C. Lack of portability across operating systems
D. Inability to perform data intensive operations
4GLs are usually not suitable for data intensive operations.
Instead, they are used mainly for graphic user interface
(GUI) design or as simple query/report generators.
A,B. Screen/report design facilities are one of the
main advantages of
4GLs, and 4GLs have simple programming language subsets.
C. Portability is also one of the main advantages
Question No 2
Which of the following systems-based approaches would
a financial processing company employ to monitor spending
patterns to identify abnormal patterns and report
A. A neural network
B. Database management software
C. Management information systems
D. Computer assisted audit techniques
A neural network will monitor and learn patterns,
reporting exceptions for investigation.
B. Database management software is a method of storing
and retrieving data.
C. Management information systems provide management
statistics but do not normally have a monitoring and
D. Computer-assisted audit techniques detect specific
situations, but are not intended to learn patterns
and detect abnormalities.
Question No 3
A hardware control that helps to detect errors when
data are communicated from one computer to another
is known as a:
A. duplicate check.
B. table lookup.
C. validity check.
D. parity check.
A parity check will help to detect data errors when
data are read from memory or communicated from one
computer to another. A one-bit digit (either 0 or
1) is added to a data item to indicate whether the
sum of that data item's bit is odd or even. When the
parity bit disagrees with the sum of the other bits,
an error report is generated.
Choices A, B and C are types of data validation and
Question No 4
For which of the following applications would rapid
recovery be MOST crucial?
A. Point-of-sale system
B. Corporate planning
C. Regulatory reporting
D. Departmental chargeback
A point-of-sale system is a critical online system
that when inoperable will jeopardize the ability of
Abc .com to generate revenue and track inventory properly.
Question No 5
The initial step in establishing an information security
program is the:
A. development and implementation of an information
security standards manual.
B. performance of a comprehensive security control
review by the IS auditor.
C. adoption of a corporate information security policy
D. purchase of security access control software.
A policy statement reflects the intent and support
provided by executive management for proper security
and establishes a starting point for developing the
Question No 6
A malicious code that changes itself with each file
it infects is called a:
A. logic bomb.
B. stealth virus.
C. trojan horse.
D. polymorphic virus.
A polymorphic virus has the capability of changing
its own code, enabling it to have many different variants.
Since they have no consistent binary pattern, such
viruses are hard to identify.
A. A logic bomb is code that is hidden in a program
or system which will cause something to happen when
the user performs a certain action or when certain
conditions are met. A logic bomb, which can be downloaded
along with a corrupted shareware or freeware program,
may destroy data, violate system security, or erase
the hard drive.
B. A stealth virus is a virus that hides itself by
intercepting disk access requests. When an antivirus
program tries to read files or boot sectors to find
the virus, the stealth virus feeds the antivirus program
a clean image of the file or boot sector.
C. A trojan horse is a virus program that appears
to be useful and harmless but which has harmful side
effects such as destroying data or breaking the security
of the system on which it is run.
Question No 7
Which of the following is a continuity plan test that
uses actual resources to simulate a system crash to
cost-effectively obtain evidence about the plan's
A. Paper test
B. Post test
C. Preparedness test
A preparedness test is a localized version of a full
test, wherein resources are expended in the simulation
of a system crash. This test is performed regularly
on different aspects of the plan and can be a cost-effective
way to gradually obtain evidence about the plan's
effectiveness. It also provides a means to improve
the plan in increments.
A. A paper test is a walkthrough of the plan, involving
major players in the plan's execution who attempt
to determine what might happen in a particular type
of service disruption. A paper test usually precedes
the preparedness test.
B. A post-test is actually a test phase and is comprised
of a group of activities, such as returning all resources
to their proper place, disconnecting equipment, returning
personnel and deleting all company data from third-
D. A walk-through is a test involving a simulated
disaster situation that tests the preparedness and
understanding of management and staff, rather than
the actual resources.
Question No 8
An organization having a number of offices across
a wide geographical area has developed a disaster
recovery plan (DRP). Using actual resources, which
of the following is the MOST cost-effective test of
A. Full operational test
B. Preparedness test
C. Paper test
D. Regression test
A preparedness test is performed by each local office/area
to test the adequacy of the preparedness of local
operations for the disaster recovery.
A. A full operational test is conducted after the
paper and preparedness test.
C. A paper test is a structured walkthrough of the
DRP and should be conducted before a preparedness
D. A regression test is not a DRP test and is used
in software maintenance.
Question No 9
The IS auditor learns that when equipment was brought
into the data center by a vendor, the emergency power
shutoff switch was accidentally pressed and the UPS
was engaged. Which of the following audit recommendations
should the IS auditor suggest?
A. Relocate the shut off switch.
B. Install protective covers.
C. Escort visitors.
D. Log environmental failures.
A protective cover over the switch would allow it
to be accessible and visible, but would prevent accidental
A. Relocating the shut off switch would defeat the
purpose of having it readily accessible.
C. Escorting the personnel moving the equipment may
not have prevented this incident.
D. Logging of environmental failures would provide
management with a report of incidents, but reporting
alone would not prevent a reoccurrence.
Question No 10
Abc .com has contracted with an external consulting
firm to implement a commercial financial system to
replace its existing in-house developed system. In
reviewing the proposed development approach, which
of the following would be of GREATEST concern?
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on
D. Prototyping is being used to confirm that the system
meets business requirements.
A quality plan is an essential element of all projects.
It is critical that the contracted supplier be required
to produce such a plan. The quality plan for the proposed
development contract should be comprehensive and encompass
all phases of the development and include which business
functions will be included and when. Acceptance is
normally managed by the user area, since they must
be satisfied that the new system will meet their requirements.
If the system is large, a phased-in approach to implementing
the application is a reasonable approach. Prototyping
is a valid method of ensuring that the system will
meet business requirements.