DISA AT Mock Test Papers - Institute Of Chartered .
DISA AT Mock Test PapersThe Institute of Chartered Accountants of India(Set up by an Act of Parliament)New Delhi
The Institute of Chartered Accountants of IndiaAll rights reserved. No part of this publication may be reproduced, stored in a retrieval system, ortransmitted, in any form, or by any means, electronic mechanical, photocopying, recording, orotherwise, without prior permission, in writing, from the publisher.DISCLAIMERThe views expressed in this material are those of author(s). The Institute of Chartered Accountantsof India (ICAI) may not necessarily subscribe to the views expressed by the author(s).The information in this material has been contributed by various authors based on their expertiseand research. While every effort have been made to keep the information cited in this material errorfree, the Institute or its officers do not take the responsibility for any typographical or clerical errorwhich may have crept in while compiling the information provided in this material. There are nowarranties/claims for ready use of this material as this material is for educational purpose. Theinformation provided in this material are subject to changes in technology, business and regulatoryenvironment. Hence, members are advised to apply this using professional judgement. Please visitCIT portal for the latest updates. All copyrights are acknowledged. Use of specifichardware/software in the material is not an endorsement by ICAI.Edition:October, 2015Committee/Department:Committee on Information TechnologyEmail:cit@icai.inWebsite:www.icai.org http://cit.icai.orgPrice: ISBN No:978-81-8441-Published by:The Publication Department on behalf of the Institute of CharteredAccountants of India, ICAI Bhawan, Post Box No. 7100,Indraprastha Marg, New Delhi-110 002.Printed by:Sahitya Bhawan Publications, Hospital Road,Agra - 282 003.
ContentsMock Assessment Test Paper 11-79Mock Assessment Test Paper 280-167Mock Assessment Test Paper 3168-247Mock Assessment Test Paper 4248-303Mock Assessment Test Paper 5304-383Mock Assessment Test Paper 6384-448Mock Assessment Test Paper 7449-526
Mock Assessment Test Paper 11.In switching over to an Electronic Fund Transfer (EFT) environment, which of thefollowing risks DOES NOT occur?A.Increased access violationsB.Increased cost per transactionC.Inadequate backup and recovery proceduresD.Duplicate transaction processingThe correct answer is: B. Increased cost per transactionExplanation: Automation Leads to decrease in cost and increase in performance.Choices A, C and D are not applicable in the given context.2.Which of the following is NOT TRUE about a database management systemapplication environment?A.Multiple users use data concurrentlyB.Data are shared by passing files between programs or systemsC.The physical structure of the data is independent of user needsD.Each request for data made by an application program must be analyzed byDBMS.The correct answer is B. Data are shared by passing files between programs orsystemsExplanation: In DBMS data exchange is facilitated through SQL hence Option B is nottrue Files are not used for data exchange. Option A, C and D are features of DBMS.3.Which one of the following network architectures is designed to provide dataservices using physical networks that are more reliable and offer greaterbandwidth?A.Transmission control protocol/Internet Protocol (TCP/IP)B.File transfer protocolC.Permanent Virtual Circuit (PVC) Integrated services digital network (ISDN)The correct answer is: D. Integrated services digital network (ISDN)Explanation: Integrated Services for Digital Network (ISDN) is a set of communicationstandards for simultaneous digital transmission of voice, video, data, and other networkservices over the traditional circuits of the public switched telephone network. Option A,B and C are not applicable.
DISA AT Mock Test Papers4.Which of the following decisions most likely cannot be made on the basis ofperformance monitoring statistics that are calculated:A.whether new hardware/system software resources are neededB.whether unauthorized use is being made of hardware/system software resourcesC.whether the system being monitored has provided users with a strategicadvantage over their competitors.D.whether there is any abnormal work load during a particular shift which may bebecause of private use of resources by some staffThe correct answer is: C. whether the system being monitored has provided userswith a strategic advantage over their competitors.Explanation: Only Option C is a kind of decision that is subjective in nature and in notbased on statistics as Option A, B and D are.5.Control over data preparation is important because:A.it is often a major cost area taking about 50% of the data processing budgetB.unauthorized changes to data and program can take placeC.the work is boring so high turnover always occursD.it can be a major bottleneck in the work flow in a data processing installationThe correct answer is: D. it can be a major bottleneck in the work flow in a dataprocessing installation.Explanation: Data Preparation is very critical for various operations that needs data soit may result in bottlenecks and affects performance. Option A may also be a reason butnot the most important. Option B is not applicable as we are considering data only notprograms. Option C is not applicable in the given context.6.During a review of a customer master file, an IS auditor discovered numerouscustomer name duplications arising from variations in customer first names. Todetermine the extent of the duplication, the IS auditor would use:A.test data to validate data inputB.test data to determine system sort capabilitiesC.generalized audit software to search for address field duplicationsD.generalized audit software to search for account field duplicationsThe correct answer is: C. generalized audit software to search for address fieldduplications.Explanation: Since the name is not the same (due to name variations), one method to2
Mock Assessment Test Paper-1detect duplications would be to compare other common fields, such as addresses.Subsequent review to determine common customer names at these addresses couldthen be conducted. Searching for duplicate account numbers would not likely findduplications, since customers would most likely have different account numbers foreach variation. Test data would not be useful to detect the extent of any datacharacteristic, but simply to determine how the data were processed.7.The IS department of an organization wants to ensure that the computer filesused in the information processing facility are adequately backed up to allow forproper recovery. This is a(n):A.control procedureB.control objectiveC.corrective controlD.operational controlThe correct answer is: B. control objective.Explanation: IS control objectives specify the minimum set of controls to ensureefficiency and effectiveness in the operations and functions within an organization.Control procedures are developed to provide reasonable assurance that specificobjectives will be achieved. A corrective control is a category of controls that aims tominimize the threat and/or remedy problems that were not prevented or were not initiallydetected. Operational controls address the day-to-day operational functions andactivities, and aid in ensuring that the operations are meeting the desired businessobjectives.8.During a security audit of IT processes, an IS auditor found that there were nodocumented security procedures. The IS auditor should:A.create the procedures documentB.terminate the auditC.conduct compliance testingD.identify and evaluate existing practices.The correct answer is: D. identify and evaluate existing practices.Explanation: One of the main objectives of an audit is to identify potential risks;therefore, the most proactive approach would be to identify and evaluate the existingsecurity practices being followed by the organization. IS auditors should not preparedocumentation, and doing so could jeopardize their independence. Terminating theaudit may prevent achieving one of the basic audit objectives, i.e., identification ofpotential risks. Since there are no documented procedures, there is no basis againstwhich to test compliance.3
DISA AT Mock Test Papers9.When implementing continuous monitoring systems, an IS auditor's first step isto identify:A.reasonable target thresholdsB.high-risk areas within the organizationC.the location and format of output filesD.applications that provide the highest potential paybackThe correct answer is: B. high-risk areas within the organization.Explanation: The first and most critical step in the process is to identify high-risk areaswithin the organization. Business department managers and senior executives are in thebest positions to offer insight into these areas. Once potential areas of implementation havebeen identified, an assessment of potential impact should be completed to identifyapplications that provide the highest potential payback to the organization. At this point,tests and reasonable target thresholds should be determined prior to programming. Duringsystems development, the location and format of the output files generated by themonitoring programs should be defined.10.In an IS audit of several critical servers, the IS auditor wants to analyze audittrails to discover potential anomalies in user or system behavior. Which of thefollowing tools is MOST suitable for performing that task?A.CASE toolsB.Embedded data collection toolsC.Heuristic scanning toolsD.Trend/variance detection toolsThe correct answer is: D. Trend/variance detection tools.Explanation: Trend/variance detection tools look for anomalies in user or system behavior,for example, determining whether the numbers for pre-numbered documents are sequentialor increasing. CASE tools are used to assist software development. Embedded (audit) datacollection software is used for sampling and to provide production statistics. Heuristicscanning tools can be used to scan for viruses to indicate possible infected code.11.Computer viruses could be detected by which one of the following actions?A.Maintain backups of program and data.B.Monitor usage of the device.C.Use write-protect tabs on disks.D.Examine the creation date and file size.The correct answer is: D. Examine the creation date and file size4
Mock Assessment Test Paper-1Explanation: Viruses can be detected by examining file content and other attributes of filehence option D is applicable. Option A, B and C are not applicable.12.Before disposing off the PC used for storing confidential data the most importantprecautionary measure to be taken isA.mid-level formatting of hard diskB.deleting all the files in the hard diskC.deleting all the data on the hard diskD.demagnetizing the hard disk.The correct answer is: B. vulnerabilities and threats are identified.Explanation: Demagnetizing is reduction or elimination of the magnetic moment in anobject; that is, the reverse of magnetization. This results in complete erase of hard diskcontent. Option A, B and C are not as effective as Demagnetizing.13.The vice president of human resources has requested an audit to identify payrolloverpayments for the previous year. Which would be the BEST audit technique touse in this situation?A.Test dataB.Generalized audit softwareC.Integrated test facilityD.Embedded audit moduleThe correct answer is: B. Generalized audit software.Explanation: Generalized audit software features include mathematical computations,stratification, statistical analysis, sequence checking, duplicate checking and recomputations. The IS auditor, using generalized audit software, could design appropriatetests to recompute the payroll and, thereby, determine if there were overpayments and towhom they were made. Test data would test for the existence of controls that might preventoverpayments, but it would not detect specific, previous miscalculations. Neither anintegrated test facility nor an embedded audit module would detect errors for a previousperiod.14.Which of the following would be the BEST population to take a sample from whentesting program changes?A.Test library listingsB.Source program listingsC.Program change requestsD.Production library listings5
DISA AT Mock Test PapersThe correct answer is: D. Production library listingsExplanation: The best source from which to draw any sample or test of system informationis the automated system. The production libraries represent executables that are approvedand authorized to process organizational data. Source program listings would be timeintensive. Program change requests are the documents used to initiate change; there is noguarantee that the request has been completed for all changes. Test library listings do notrepresent the approved and authorized executables.15.Which of the following normally would be the MOST reliable evidence for anauditor?A.A confirmation letter received from a third party verifying an account balanceB.Assurance from line management that an application is working as designedC.Trend data obtained from World Wide Web (Internet) sourcesD.Ratio analysis developed by the IS auditor from reports supplied by linemanagementThe correct answer is: A. A confirmation letter received from a third party verifying anaccount balanceExplanation: Evidence obtained from independent third parties almost always is consideredto be the most reliable. Choices B, C and D would not be considered as reliable.16.During a review of the controls over the process of defining IT service levels, anIS auditor would MOST likely interview the:A.systems programmerB.legal staffC.business unit managerD.application programmerThe correct answer is: C. business unit manager.Explanation: Understanding the business requirements is key in defining the service levels.While each of the other entities listed may provide some definition, the best choice here isthe business unit manager because of this pe
Mock Assessment Test Paper 1 1-79 Mock Assessment Test Paper 2 80-167 Mock Assessment Test Paper 3 168-247 Mock Assessment Test Paper 4 248-303 Mock Assessment Test Paper 5 304-383 Mock Assessment Test Paper 6 384-448 Mock Assessment Test Paper 7 449-526
2.1.1 DISA UC Services High-level Process The DISA UC services process ensures that UC service requests are captured validated and fulfill. DISA will work with the requestor to efficiently and expeditiously deliver and verify UC services. Error! Reference source not found.The following is a graphical depiction of the
DISA brand Guidelines Welcome Welcome to the DISA brand guideline We have created this document as a guide and inspiration for anyone who is commissioning, writing, designing, or producing DISA branded communication. This document contains a summary of the thinking behind our brand, an overview of our creative style, and an explanation of the
(DoD’s) Defense Information Systems Agency (DISA). To date DISA has issued more than 450 STIGs, and one of them focuses on application security. This Application Security and Development (ASD) STIG is derived from National Institute of Standards and Technology’s (NIST) 800-53 and
Address needs with innovative concept and mature technology Provide capability solution with operational concepts and tactics, techniques & . funding source, capability maturity and transition strategy against . DISA's programs, projects, and services DISA CTO ACE representatives coordinate with the C2 Governance Board
problem and wrote the 2008, 2009, and 2010 mock trial problems. Mr. Kaufman was a four-time Delaware state champion mock trialer in high school. Mr. Kaufman, who is not only a member of the Pennsylvania State Mock Trial Executive Committee, but also the Chair of the National Mock Trial Committee, would like to thank his wife, Sarah, who puts up .
Mock Paper – Set 1 Pearson Edexcel GCSE In Mathematics (1MA1) Higher (Calculator) Paper 2H . Mark scheme GCSE (9 – 1) Mathematics Mock Paper 1MA1: 2H Question Working Answer Mark Notes 1 (a) . Mock Paper 1MA1: 2H Question Working Answer Mark Notes 17 (a) 21.4 3 M1 for using values 3.6 and 9.6 .
AP Calculus AB Name_ Mock AP Exam #3 Review The Mock AP Exam Thursday- Multiple Choice There will be 5 Calculator Multiplice Choice Questions and 15 Non-Calculator Multiple Choice Questions. This portion of the Mock AP Exam
Text and illustrations 22 Walker Books Ltd. Trademarks Alex Rider Boy with Torch Logo 22 Stormbreaker Productions Ltd. MISSION 3: DESIGN YOUR OWN GADGET Circle a word from each column to make a name for your secret agent gadget, then write the name in the space below. A _ Draw your gadget here. Use the blueprints of Alex’s past gadgets on the next page for inspiration. Text and .
