ICMAP MOCK EXAM NOV 2018 <MIS>

Question No: 1

Which of the following is related to detective controls implementation in information

system security?

Backup procedures

Contingency planning

Use encryption software

Check points in production jobs

Question No: 2

_____________ evaluate and report on degree of effectiveness of measures in

place and metrics in use.

Steering committee

Board of directors

Audit executives

Executive management

Question No: 3

___________ is one of the element of E-commerce risk, where data (both in transit
 and in storage) could be susceptible to un-authorized alteration or deletion.

Confidentiality

Integrity

Non-repudiation

Availability

Question No: 4

______________ is the time that the helpdesk or vendor takes to fix a problem from
the moment it is logged in.

Response time

Throughput

Turnaround time

System reaction time

Question No: 5

_________ server typically host the software program that provide application
access to client computers, including the processing of the applications, business
logic and communication with application’s database.

Application
 Web

Proxy

File

Question No: 6

___________ are online documents containing underlined phrases or icons that a

user can click in order to move immediately to related parts of the current
documents or the other document with related information.

Cypher text

Plain text

Hypertext

Bold text

Question No: 7

The ____________ is determined based on the acceptable data loss in case of

disruption of operations. It indicates the earliest point in time in which it is acceptable
to recover the data.

Recovery point objective (RPO)

Recovery time objective (RTO)

Mean time to repair (MTTR)

 Mean time between failure (MTBF)

Question No: 8

__________control decision process using logic systems that replace “either-or”

logic with logic based on relative degrees of inclusion in sets.

Fuzzy logic

Case-based reasoning

Expert systems

Simulation

Question No: 9

_____________ provides many types of information for consumers and the general
public, thereby encouraging web users to visit the site each time they use the web.

E-retailer

E-marketplace

Web hosting

Content aggregator

Question No: 10
 ________________ Committee approves project plans and budgets, setting
priorities and milestones of IT projects.

IT Strategy

IT Steering

IT Security

IT Governing

Question No: 11

Which one of the following is related to IT delivery services in IT Service

Management (ITSM)?

Service Desk

Problem Management

Release Management

Service-Level Management

Question No: 12

____________ cloud may available to the general public or a large industry group.

Private
 Public

Hybrid

Community

Question No: 13

___________ provides information and commercial transactions related to specific

group of companies in a specific industry.

E-auction

E-retailer

E-shop

E-marketplace

Question No: 14

UNI Tech is a software house which developed new web based software for
examination system of an IT institute. Online training of staff is under scope of
software project development. This training process lies in ___________ phase of
Software Development Life Cycle (SDLC).

Initiation

development

implementation
 operations & maintenance

Question No: 15

______________ is the combination of probability of an event and its

consequences.

Threat

Vulnerability

Risk

Non compliance

Question No: 16

____________ software is used for design products through computerized

specifications that can be stored, changed and shared conveniently.

Point of sale terminal

Computer aided design

Customer relationship management

Computer aided testing

Question No: 17
 _________ provide detailed procedures to facilitate recovery of capabilities at an
alternate site.

Crisis communication plan

Business continuity plan

Occupant emergency plan

Disaster recovery plan

Question No: 18

An organization decided to purchase accounting software package instead of its in-

house development. In such a case, the design and development phases of
traditional software development lifecycle (SDLC) would be replaced with.

Selection & Configuration phase

Implementation & Testing phase

Feasibility & Requirement phase

Nothing; replacement is not required

Question No: 19

A project ___________ is defined as all the projects being carried out in an

organization at a given point in time (Snapshot).
 Charter

Portfolio

Program

Scope

Question No: 20

_____________ is similar to bridge and switch that link two or more physically
separate network segments of different IP address scheme.

Firewall

Hub

Repeater

Router

Question No: 21

A ___________ is a small text file that a web browser such as Internet explorer
stores in a folder on a web user’s PC which consist of name-value pairs information.

History

Cookie

Add-ons
 Bookmark

Question No: 22

__________ sites are facilities with space and basic infrastructure; and some or all
of the required IT and communication equipment installed. The equipment may be
less capable than the normal production equipment yet still be adequate to sustain
critical applications on an interim basis.

Cold

Hot

Warm

Mirrored

Question No: 23

In a ____________ topology, the nodes are linked directly without a central server,
which means that message between nodes must be re-transmitted by all nodes
between the source and destination.

Ring

Bus

Star

Tree
Question No: 24

Computerized Assisted Audit techniques (CAATs) are import tools for the IS auditor
in gathering information from different environments but _____________ is not
included in CAATs tools and techniques suite.

Generalized audit software (GAS)

utility software

system software

scanning software

Question No: 25

In information quality ______________ defines whether or not use of the information

is legal or culturally appropriate in this situation.

information admissibility

information availability

information format

completeness

Question No: 26

Which one of the following is not related to IT delivery services in IT Service

Management (ITSM)?
 Service-level management

Availability management

Configuration management

IT financial management

Question No: 27

The primary purpose of conducting parallel testing is:

to determine whether the system is cost effective.

to highlight errors in the program interfaces with files.

to enable comprehensive unit and system testing.

to ensure the new system meets user requirements.

Question No: 28

_____________ is a network provider service using modem technology over

existing twisted pair telephone line to transport high bandwidth data such as
multimedia and video.

Digital subscriber line (DSL)

Frame relay (FR)

Multiprotocol label switching (MPLS)

 Virtual private network (VPN)

Question No: 29

___________ device is an example of protocol converter which converts and

connects between Local area networks (LANs) and the mainframe, or between
Local area networks (LANs) and the internet, at the application layer of OSI
reference model.

Switch

Router

Gateways

Hub

Question No: 30

Full Differential Full plus differential Full plus incremental

Question No: 31
 ____________ is a software application that pretends to be a vulnerable server on
the Internet and is not set up to actively protect against break-ins. It acts as a decoy
system that lures/ traps hackers.

Honeypots

Intrusion detection system

Malware

Antivirus

Question No: 32

_____________ fire suppression system releases pressurized Halon gas that

remove oxygen from the air, thus starving the fire without damage equipments.

Halon

Water based

Dry pipe

Carbon dioxide

Question No: 33

Which of the following characteristic is NOT related to information quality?

Accuracy
 Precision

Format

Completeness

Question No: 34

________________ creates and maintains consistent data processing methods and

integrated databases across multiple business functions.

Management Information System (MIS)

Executive Information System (EIS)

Decision Support System (DSS)

Enterprise System

Question No: 35

In information security governance, ____________ oversee a policy of knowledge

management and resource utilization.

Executive management

Steering committee

Board of directors

Chief information security officer

Question No: 36

In Business continuity plan (BCP), ____________ plan provides procedures for

disseminating status reports to personnel and the public.

Crisis communication

Cyber incident response

Occupant emergency

Disaster recovery

Question No: 37

In E-commerce website development, __________ language is commonly used to

write common gateway interface (CGI) scripts that are asked to extend the
functionality of web server application software.

HTML

VB/JAVA Script

COBOL

PROLOG

Question No: 38

For mission critical system, like stock exchange online system with a low tolerance
to interruption and a high cost of recovery, which of the following is BEST recovery
option?
 Mirrored site

Cold site

Warm site

Mobile site

Question No: 39

_____________ server is used by networked computers (clients) to obtain Internet

protocol (IP) addresses and other parameters such as default gateway, subnet mask
and IP of DNS automatically.

Dynamic host configuration protocol (DHCP)

Domain name server (DNS)

HTTP

Authentication, Authorization and Accounting (AAA)

Question No: 40

Shielding is used against ____________ caused by electrical storms or noisy

electrical equipments. This interference may cause computer system to hang or
crash as well as damages similar to those caused by sags, spikes and surges.

Fire
 Electromagnetic interference (EMI)

Spikes

Water

Question No: 41

_________________ is the audit risk that a material error exists which will not be
prevented or detected on a timely basis by the system of internal controls.

Inherent risk

Detection risk

Business risk

Control risk

Question No: 42

A project team with participation by technical support staff and key users should be
created to write a request for proposal (RFP) content or invitation to tender (ITT)
which cannot include:

Product vs system requirements

Acceptance testing of the product

Vendor support
 Business impact analysis

Question No: 43

An IS auditor is performing audit for infrastructure and operations of a company.

Which of the following area is NOT related to operating system review?

System documentation

System software security

Physical Schema

Selection process

Question No: 44

________________ is a subset of larger data warehouse devoted to a particular

business function or departments.

Data Mining

Data Mart

Aggregation

Slicing and dicing

Question No: 45
 ____________ test substantiates the integrity of actual processing .It provides
evidence of the validity and integrity of the balances in the financial statements.

Compliance

Sampling

Substantive

Analytical

Question No: 46

________________ sourcing practices performed by a mix of the organization’s and

vendor’s staffs; can include joint ventures/ supplemental staff.

In sourced

Outsourced

Hybrid

Offshore

Question No: 47

In traditional system development life cycle approach ________________ phase

use the design specifications to begin programming and formalizing supporting
operational processes of the system.
 Development

Testing

Requirement

Configuration

Question No: 48

On ________________ layer error detection is accomplished through the use of

cyclic redundancy check (CRC) that is calculated for and then added to each frame
of data.

Network

Data link

Physical

Presentation

Question No: 49

__________ testing is a preliminary test in SDLC that focuses on specific and

predetermined aspects of a system. It provides limited evaluation of the system.

White box

Parallel
 Functional

Pilot

Question No: 50

________________ is a senior level corporate official responsible for articulating

and enforcing the policies that companies use to protect their information assets.

Chief Information Security Officer (CISO)

Executive Management

Users Chief Privacy Officer (CPO)

Chief Technical Officer (CTO)

Question No: 51

Option (i) is correct Option (ii) is correct Option (iii) is correct Option (iv) is correct

Question No: 52
 In database, _____________ is used to eliminate redundancies or duplication in
records.

normalization

filter

sorting

updating

Question No: 53

_____________ framework is established to issue ,maintain and revoke public key

certificates by a trusted party.

Public key infrastructure

Advanced Encryption standard

Digital envelope

Digital signature

Question No: 54

In disaster recovery methods, _______________ level is used for redundancy and

mirroring of same data in to multiple hard disks.

RAID 0
 RAID 1

RAID 3

RAID 5

Question No: 55

In ________, project can be represented as a network where activities are shown as

branches connected at node immediately preceding and immediately following
activities.

Critical Path Methodology (CPM)

Gantt Chart

Bar Chart

Program Evaluation Review Technique (PERT)

Question No: 56

Which of the following programming languages are used to develop artificial

intelligence (AI) based software?

Visual Basic and VB Script

FORTRON and COBOL

JAVA and Jscript

 LISP and PROLOG

Question No: 57

A ___________ view of data expresses the way the user or the programmer thinks
about the data.

physical

logical

open

closed

Question No: 58

________________ attack is launched by an intruder, using many of the password-

cracking tools available at little or no cost, on encrypted passwords, and it attempts
to gain unauthorized access to an organization's network or host-based systems.

DOS

Botnets

Brute-Force

Spamming

Question No: 59
 Which one of the following is the best preventive measure for reducing the risks of
an IT system associated with possible natural disasters?

Choose a safe location for the facility

Update and store backups offsite

Keep critical systems separate from general systems.

Identify natural threats

Question No: 60

_____________ audit includes specific tests of controls to demonstrate adherence

to specific regulatory or industry standards.

Financial

Information systems

Compliance

Operational

Question No: 61

_____________ provides top management with internal and competitive information

through user friendly interface that can be used with almost no computer related
knowledge.
 Office Support System (OSS)

Executive Information System (EIS)

Transaction Process System (TPS)

Enterprise Collaboration System (ECS)

Question No: 62

______________ are designed to dynamically connect remote devices such as cell

phones, laptops etc.

Ad Hoc Networks

Wireless Local Area Networks (WLANs)

Wireless Personal Area Networks (WPANs)

Wide Area Networks (WANs)

Question No: 63

In final acceptance testing, ___________ focuses on documented specifications and

technology employed. It verifies that the application works as documented by testing
the logical design and the technology itself.

user acceptance testing (UAT)

quality assurance testing (QAT)

 interface testing

pilot testing

Question No: 64

Capacity planning and monitoring includes ____________ element which optimizes

systems for actual or expected workload on the basis of analyzed and interpreted
monitoring data.

tuning

monitoring

modeling

development

Question No: 65

Entity Relationship Diagrams (ERDs) include a/ an ____________ relationship

which means each course may have many sections but could have none.

one-to-one

one-to-many

many-to-many

optional one-to-many
Question No: 66

____________ is a data communication network with dedicated secure lines or to

which error detection, database access, large storage capacity, protocol conversion
and other such features have been added.

Metropolitan Area Network (MAN)

Value Added Network (VAN)

Campus Area Network (CAN)

Virtual Private Network (VPN)

Question No: 67

Option (i) is correct

Option (ii) is correct

Option (iii) is correct

Option (iv) is correct

Question No: 68
 Which one of the followings would allow a company to extends its enterprise intranet
across the internet to its business partners?

Dial up access

Client-server

Virtual private network (VPN)

Value-added network (VAN)

Question No: 69

_______ is a framework of polices, procedures, guidelines and associated

resources to establish, implement, operate, monitors, review, maintain and improve
information security for all types of organizations.

COBIT

ITIL

ISMS

ISO-9000

Question No: 70

In cloud computing service model_________ is used to deploy onto the cloud

infrastructure customer-created or acquired applications created using programming
languages and tools supported by the provider.
 Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

Security as a Service

Question No: 71

A Telecom company decides to purchase a software package instead of developing

it. In such a case ,the design and development phases of a traditional software
development life cycle (SDLC) would be replaced with;

Selection and configuration phases

Feasibility and requirement phases

Implementation and testing phases

Nothing, replacement is not required

Question No: 72

A, B-to-C e-commerce website as part of its information security program wants to

monitor, detect and prevent hacking activities and alert the system administrator
when suspicious activities occur. Which of the following network infrastructure
components could be used for this purpose?

Firewalls

Routers
 Intrusion detection systems

Asymmetric encryption

Question No: 73

In DSS, ____________ summarizes an expert’s view of an area of knowledge in

terms of facts and rules. Apply the facts and rules to a particular situation to help
someone else decide what to do.

Expert systems

Fuzzy logic

OLAP

Intelligent agents

Question No: 74

_________ addresses the some what broader topic of planning, controlling and
scheduling pre-sales and post-sales activities.

CRM

SCM

CIM

OAS
Question No: 75

________ are used when the precise requirements are difficult to visualize and
define because an existing business process must be changed substantially, or
because a proposed business process in a new situation has never been used, as
happens in new e-commerce applications.

Prototypes

System Analysis

Implementation

System design

Question No: 76

_______________ is a simple, very flexible text format, originally designed to meet

the challenges of large-scale electronic publishing.

UML

XML

PHP

WML

Question No: 77

Which one of the following software risk based development model allow for the
need to return to previous work to allow review and rework?
 Spiral

Prototyping

Waterfall

Traditional System Development Life Cycle (SDLC)

Question No: 78

If a problem has occurred in the system, the organization must find out what has
happened so that its effects are minimized. In this case _________________ are
implemented.

corrective measures

administrative measures

detective measures

preventative measures

Question No: 79

________________ analyzes business systems with problems and designs new or

modify systems to solve the problems.

Data architect

Web developer
 Application developer

System analyst

Question No: 80

_______________ network setup purpose is to invite attack so that an attacker’s

activities and methods can be studied and that information used to increase network
security.

Firewall

Public key encryption

Honey net

Intrusion detection system

Question No: 81

_______________ site have only the basic environment to operate an information

processing facility. Activation of the disaster recovery site may take several weeks.

Hot

Cold

Mirrored

Warm
Question No: 82

_______________ errors are bugs that cause a program to perform incorrect

processing even though the program is syntactically correct.

Logic

Syntax

Program

Coding

Question No: 83

What is considered the MOST critical element for the successful implementation of
an Information Security program?

An adequate budgeting process.

An effective enterprise risk management.

Senior management commitment.

Meticulous program planning.

Question No: 84

The FIRST step in planning an audit is to:

 define audit deliverables.

finalize the audit scope and audit objectives.

gain an understanding of the business’ objectives.

develop the audit approach or audit strategy.

Question No: 85

Which one of the following level provides a higher degree of protection in applying
access control software to avoid unauthorized access risks?

Network and operating system level

Application level

Database level

Log file level

Question No: 86

The PRIMARY benefit of data base normalization is the:

minimization of redundancy of information in tables.

ability to satisfy more queries.

maximization of data base integrity.

 minimization of response time.

Question No: 87

Information _______________ is related to a combination of accuracy, precision,

completeness, timeliness, and source of the information.

format

encryption

availability

quality

Question No: 88

_______________ is responsible for maintaining major multiuser computer system,

including LAN, WANS and WLANS.

Data base administrator

System administrator

Quality assurance engineer

Security administrator

Question No: 89

_______________ method was proposed by Visa, Master card and other leading
 credit card companies for secure web based transactions over internet.

Certification authority (CA)

Secure socket layer

E-money

Secure electronic transmission (SET)

Question No: 90

_______________ is the industry-standard programming language for expressing

data access and manipulation in relational databases.

Structured query language

Structured language

Procedural language

Object oriented language

Question No: 91

_______________ testing is the process of feeding test data into two systems: the
modified system and an alternative system and comparing the results.

Pilot
 White box

Validation

Parallel

Question No: 92

When reviewing a network used for internet communication, an IS auditor will first
examine the:

validity of password change occurrences.

architecture of the client-server applications.

network architecture and design.

firewall protection.

Question No: 93

Which one of the following is not included in IT delivery service related to IT Service
management?

Service level management

Capacity management

Availability management

Problem management
Question No: 94

Which of the following type of fire suppression system is best suited for IT Data
centers.

Water-based

Carbon di oxide

Novec

Dry Powder

Question No: 95

One of the major component of Business Continuity Plan is:

Software Project Plan

Financial Recovery Plan

Scheduled Downtime Plan

Disaster Recovery Plan

Question No: 96

An IS/IT Auditor is not responsible for:

 Internal Controls of Company’s Technology Network

Giving Internet and email access to IT Users

Risk Assessment of IT Network

Identifying weakness in System Network

Question No: 97

The correct order of Work System Framework core components is:

Business Process -> Customers -> Products & Services

Customers -> Business Processes -> Products & Services

Products & Services ->Business Processes -> Customers

Customers -> Products & Services -> Business Processes

Question No: 98

Inadequate use of SDLC Methodology results in:

Project Go-live takes longer than usual due to lengthy development process

High risk of project failure due to ineffective problem analysis and requirements

Lower Risk of Project failure due to complete development process

Project Go-live will be earlier than scheduled timeline due to ignoring of SDLC
Question No: 99

The Third & Sixth Layers of OSI Model are:

Presentation & Network

Physical & Application

Network & Presentation

Transport & Session

Question No: 100

______________ is not part of the IT Governance Framework:

Value delivery from IT

Performance Management

Compromised Risk Management

Resource Management

ANSWER BOX
1. D
2. C
3. B
4. C
5. A
6. C
7. A
8. A
9. D
10. B
11. D
12. B
13. D
14. C
15. C
16. B
17. D
18. A
19. B
20. D
21. B
22. C
23. A
24. C
25. A
26. C
27. D
28. A
29. C
30. D
31. A
32. A
33. C
34. D
35. C
36. A
37. B
38. A
39. A
40. B
41. D
42. D
43. C
44. B
45. C
46. C
47. A
48. B
49. D
50. A
51. A
52. A
53. A
54. B
55. A
56. D
57. B
58. C
59. A
60. C
61. B
62. A
63. B
64. A
65. D
66. B
67. A
68. C
69. C
70. B
71. A
72. C
73. A
74. A
75. A
76. B
77. A
78. C
79. D
80. C
81. B
82. A
83. C
84. C
85. A
86. A
87. D
88. B
89. D
90. A
91. D
92. C
93. D
94. C
95. D
96. B
97. D
98. B
99. C
100. C