ISCA MCQ v1.

1
NOTE: These questions are in Random format, irrespective of any
chapter. Basic questions are avoided & more of Conceptual Questions are
added. To understand the same you need to have clarity on your concepts
which will help you in understanding the MCQs better. These are sample
100 Questions, more will be added in future versions.

Lecture for MCQs will be held at A. T. Academy – Mumbai in first week of

April ’19, Video Lectures will also be available for sale in mid-April’19 on
[Link]

1. During an audit of financial transactions in an enterprise XYZ, it was found that simple errors of
data entry were occurring when two digits that were either individual or part of larger
sequence of numbers were reversed when posting a transaction. Which type of error is this?
(a) AdditionError
(b) TruncationError
(c) SubstitutionError
(d) TranspositionError

2. While Auditing the Input Controls in an enterprise ABC, which of the following controls will not
fall under the purview of InputControls?
a) Source DocumentControls
b) Data CodingControls
c) BoundaryControls
d) BatchControls

3. Which are the controls that are responsible for maintaining a chronology of the events from the
time a sender dispatches a message to the time a receiver obtains themessage?
a) BoundaryControls
b) CommunicationControls
c) InputControls
d) DatabaseControls

4. In ABC, financial institution, the authorised officials identified existence of numerous accounts
numbers of inactive accounts in their usage data of active customers. Complaint was reported to
their IT team. Which type of controls can be exercised by the IT Team in the givencase?

a) CorrectiveControls
b) DetectiveControls
c) Preventive Controls
d) CompensatoryControls
5. Under Data Resource Management Control________controls are designed to prevent unauthorized
individual from viewing, retrieving, computing or destroying the entity's data in any organization.
(a) Access
(b) Backup
(c) Concurrency
(d) Quality

6. "InstallationofFirewalls"inatelecommunicationnetworkisaclassicexampleof ____________ controls

under Information Systems ‘Controls.

a) Managerial
b) Application
c) Preventive
d) Corrective

7. UnderAsynchronousattacks in telecommunication network systems, _____________involves

spying on information being transmitted over communication network.
(a) Wire-tapping
(b) DataLeakage
(c) Subversive attacks
(d) Piggybacking

8. Provide the correct sequence of phases of Program Development Life Cycle.

(1) Operations and Maintenance, (2) Coding, (3) Control, (4) Design,
(5) Testing and (6)Planning
(a)(4)-(6)-(2)-(3)-(1)-(5)
(b)(6)-(3)-(4)-(2)-(5)-(1)
(c)(1)-(6)-(3)-(5)-(4)-(2)
(d)(3)-(5)-(2)-(1)-(6)-(4)

9. In ABC, financial institution, the authorized officials identified existence of numerous accounts
numbers of inactive accounts in their usage data of active customers. Complaint was reported to
their IT team. Which type of controls can be exercised by the IT Team in the givencase?
(a) CorrectiveControls
(b) Preventive Controls
(c) DetectiveControls
(d) CompensatoryControls

10. Which of the following statement is not true for Internal ControlSystem?
(a) Facilitates the effectiveness and efficiency ofoperations.
(b) Helps safeguarding the assets of theentity.
(c) Assists compliance with applicable laws andregulations.
(d) Helps ensure the reliability of only Internal Financial Reporting and not External
Financial Reporting.
11. Which of the following is not a technique ofCryptography?
(a) Transposition
(b) Substitution
(c) ProductCipher
(d) Transcription

12. Which of the following is not a type of Data Resource Management Controls under
managerial Controls?
(a) Existence Controls
(b) ConcurrencyControls
(c) ProductionControls
(d) QualityControls

13. Which of the following does not fit into best practices while dealing with passwords in
order to avoid systemfailures?
(a) Periodic change ofpasswords
(b) Unlimited number of entryattempts
(c) Minimum passwordlength
(d) Hashing ofpasswords

14. Under emerging BYOD (Bring your OwnDevice)Threats, risk refers to the
data lost from stolen or lostdevices.
(a) Network
(b) Application
(c) Device
(d) Implementation

15. In Cloud Computing, which of the following instance of Software as a Service (SaaS) allows
users to explore functionality of Web services such as Google Maps, Payroll Processing, and
credit card processingservices.
(a) API as a Service(APIaaS)
(b) Testing as a Service(TaaS)
(c) Email as a Service(EaaS)
(d) Data as a Service(DaaS)

16. Which activity is not incorporated during audit of EnvironmentalControls?

(a) BackupPower
(b) WaterDetection
(c) Fire detection andSuppression
(d) Guards andDogs

17. As an Information Systems Auditor, mention the activity that does not form part of
audit of Logical AccessControls?
(a) AccessViolations
(b) Intrusion Detection andPrevention
(c) BackupPower
(d) SharedAccounts

18. Suggest the control required to address the concerns raised with the following risk ‐
"As everybody is connected to a single system and central database, in case of failure of
system, the whole business may come to stand still and may get affectedbadly."
(a) This can be controlled and monitored by having proper and updated backup of data as
well as alternate hardware/internetarrangements.
(b) This can be controlled by removing redundant data, using techniques like data
warehousing and updating hardware on a continuousbasis.
(c) Access rights need to be defined carefully and to be given on "Need to know" and
"Need to do" basisonly.
(d) This can be controlled and minimized with the help of proper staff training system,
 having help manuals, having backup plans for staff turnoveretc.

19. A Business Continuity Plan (BCP) is anexampleof .

(a) Managerial
(b) Application
(c) Preventive
(d) Corrective

20. One amongst the list is a not athreat.

(a) Virus
(b) Trojan
(c) Worm
(d) Firewall

21. Which type of risk a company becomes vulnerable to when it adopts Bring Your
Own Device(BYOD)?
(a) ConfidentialityRisk
(b) Device Risk
(c) ApplicationRisk
(d) ImplementationRisk

22. Business application system/software is designed to support a specific organizational

service, function or process, such as inventory management, payroll, market analysis or e-
commerce. What is the goal of such a business application?

(a) To enhance the targets and goals of an organization

(b) To deal with problems relating to business processes
(c) To enhance quality of services
(d) To turn data into information

23. Which of the following is the role of an IS Auditor in the detailed design phase of SDLC?
(a) Analyze the justification for going in for a development or acquisition
(b) Review input, processing and output controls
(c) Ensure that the documentation is complete
(d) Review QA report on adopting coding standards by developers.

24. Whatarethecharacteristicsofaverywellcodedapplicationprogram?
(a) Good coding standards, Accuracy and Speed
(b) Reliability, Robustness, Accuracy, Efficiency, Usability, Readability
(c) Flexibility, Speed, Coding Standards
(d) Reliability, Flexibility and Speed

25. Whoisresponsiblefordeliveryofaprojectwithinthetimeandbudget?
(a) Module/Team leader
(b) System Analyst
(c) Project Manager
(d) DBA

26. Which of the following is the feature of awaterfall model?

(a) The designers create an initial base model and give little or no consideration to internal
controls, but instead emphasize system characteristics such as simplicity, flexibility, and
ease of use.
(b) Project is divided into sequential phases, with some overlap and splash back acceptable
between phases.
(c) This is an iterative model where each iteration helps in optimizing the intended solution.
(d) This model of development helps to ease the traumatic effect of introducing completely
new system all at once.

27. In this model, a series of mini-waterfalls are performed, where all phases of the
 waterfall development model are completed for a small part of the system, before proceeding
to the next increment. What SDLC model isthis?
(a) Waterfall model
(b) Prototype model
(c) Spiral model
(d) Incrementalmodel

28. This model is especially useful for resolving unclear objectives and requirements;
developing and validating user requirements; experimenting with or comparing various
design solutions, or investigating both performance and the human computerinterface.
(a) Waterfall model
(b) Prototyping model
(c) Spiral Model
(d) Incremental model

29. Which of the following is a weakness ofthe spiral model?

(a) It is criticized to be Inflexible, slow, costly, and cumbersome due to significant structure
and tight controls.
(b) Approval process and control are not formal.
(c) Sometimes there are no firm deadlines, cycles continue till requirements are clearly
identified.
(d) Problems may arise pertaining to system architecture because not all requirements are
gathered up front for the entire software life cycle.

30. WhichofthefollowingisaKEYfeatureofRapidApplicationDevelopment?
(a) fast development and delivery of a high quality system at a relatively low investment cost,
(b) Use of small, time-boxed subprojects or iterations where each iteration forms basis for
planning next iteration.
(c) Customer satisfaction by rapid delivery of useful software;
(d) Welcome changing requirements, even late indevelopment

31. Which of the following is the weakness of the Agile Software development
methodology?
(a) Fast speed and lower cost may affect adversely the system quality.
(b) The project may end up with more requirements than needed (gold-plating).
(c) Potential for feature creep where more and more features are added to the system during
development.
(d) There is lack of emphasis on necessary designing and documentation due to time
management and generally is left out orincomplete

32. In achieving the objectives of requirement analysis, the process of understanding the
present system requires which technique?
(a) Fact finding technique
(b) Inquiry
(c) Inspection
(d) Analytical Procedure.

33. The Indian fertilizer industry depends heavily on Government subsidies since they
are expected to sell their products to customers at prices far below the cost of production.
The Government has evolved a complicated mechanism fordeciding the subsidy level for each
type of fertilizer depending upon various dynamic factors like the international price of the
raw material / finished product, the Rupee/dollar exchange rate, conversion & added costs,
 etc. The industry association decides to set up a common cloud facility for helping the
individual units manage the work of raising regular subsidy claims linked to the various cost
factors as also sales elements, etc. Such a cloud facility would be deemed to be a
______________
(a) Public Cloud facility
(b) Private Cloud facility
(c) Community Cloud facility
(d) Hybrid Cloud facility

34. The Bring Your Own Device (BYOD) concept _____________

(a) Envisages permitting employees to use their own personal devices for official work
(b) Envisages permitting employees to do their personal work on official devices
(c) Is a risk free & beneficial system for corporate
(d) Envisages storage of both official & personal information on the same device without any
demarcation

35. Which of the following is an example of Social Media _________

(a) LinkedIn
(b) Times of India newspaper
(c) Society monthly magazine
(d) National Geographic magazine

36. State True or False. In Social Media, content is supplied and managed by user himself
through the use of tools and platforms supplied by social media sites.
(a) TRUE
(b) FALSE

37. The Business Information System used for handling structured problems as also
doing routine transactional jobs is _________________
(a) Transaction Processing System or TPS
(b) Decision Support System or DSS
(c) Executive Support System or ESS
(d) Structured Query Language or SQL.

38. The Business Information System which provides answers to semi-structured

problems and used for handling structured problems is ________________
(a) Structured Query Language or SQL
(b) Transaction Processing System or TPS
(c) Decision Support System or DSS
(d) Executive Support System or ESS

39. The Business Information System which provides answers to un-structured problems
& supports Executive management in planning strategy & vision is______________
(a) Structured Query Language or SQL
(b) Executive Information System or EIS
(c) Transaction Processing System or TPS
(d) Decision Support System or DSS

40. An Expert System _____________

(a) Is a software that supersedes the operation of other software

(b) Is a panel of software experts who are consulted for solving security threats
(c) Is a computer hardware that manages other hardware in a computer system
(d) Is a software that comprises specialized human knowledge in a specific, narrow domain

41. You have received an alert about the due date for payment ofyour postpaid mobile
 phone charges. You log on to the service provider’s website and attempt to transfer the
payment through net banking. However, while you were able to complete the formalities
involved at your bank’s portal, the system hangs later on and a message is flashed saying that
there is a problem with the service provider’s system & asking users to try later. This is an
issue with the service provider’s ___________
(a) Transaction Processing System
(b) Expert systems
(c) Executive Information System or EIS
(d) Decision Support System or DSS

42. State TRUE or FALSE.

‘Decision Support Systems can support both semi- structured as well as structured problems;
they can be useful both to operational as well strategic decision-making’
(a) TRUE
(b) FALSE

43. A KEY differentiator for a Decision Support System over a Transaction Processing
System is _______________.
(a) It can handle large amounts of data in batch as well as online mode
(b) It is more interactive & model-driven, performing mathematical & qualitative analysis
(c) It has a larger database as compared to the transaction processing system
(d) It can more reliably handle large volume of information relating to transaction

44. One of the initiatives in Green InformationTechnology implementation could

be______________
(a) Using single power efficient server combined with virtualization
(b) Avoiding replacement of old equipment with new ones
(c) Replacing a single server system with multiple servers
(d) Moving back storage & processing capacity from the cloud

45. EffectiveGreenInformationTechnologyimplementation couldinvolve_______________

(a) Replacing a single server system with multiple servers
(b) Avoiding replacement of old equipment with new ones
(c) Using power efficient hardware & thin clients
(d) Moving back storage & processing capacity from the cloud

46. What is a distinguishing feature of Web 3.0

(a) Communication from one person/unit to many

(b) Semantic Web
(c) HTML Web pages & email newsletters
(d) Two-way communication not possible

47. Which is one of the major areas of emerging technology wherein CAs need to play a
KEY role ?
(a) Management of social media & the risks associated with it
(b) Development of new software technology
(c) New techniques of marketing of products
(d) Developments in the field of integrated circuits

48. In COBIT 5 enablers are factors that influence that something will work in governance &
management of enterprise IT. How many such categories of enablers does the COBIT 5 system
identify ?
(a) 7 categories of enablers
 (b) 5 categories of enablers
(c) 8 categories of enablers
(d) 10 categories of enablers

49. You have been engaged as a Consultant to carry out IS Audit of a large organization.
What is the first step you would take while commencing your work?
(a) Commence auditing of the financials
(b) List all the software and hardware used in the organization
(c) Peruse financials for the previous three years
(d) Identify all risks present in the IT environment of the organization

50. Arrange in chronological order of theirassessment.

a) Risk, b) Threat, c) Vulnerability, d)Impact
(a) a,b,c,d
(b) c,b,a,d
(c) d,c,b,a
(d) c,b,d,a

51. Complete the sentence. "___________ " is not a RISK management strategy.
(a) Define
(b) Eliminate
(c) Share
(d) Mitigate

52. COBIT 5 principles include all except,

(a) Meeting StakeholderNeeds
(b) Covering Enterprise End To End
(c) Separating Governance FromManagement
(d) Enabling BetterControls

53. Best definition to define a HUMAN being in terms of System.

(a) Physical, Probabilistic, Manual,Close
(b) Physical, Probabilistic, Manual, Close /Open
(c) Physical, Probabilistic, Automatic,Close
(d) Physical, Probabilistic, Manual,Open

54. Moving the Information System triangle from TOP to BOTTOM, kindly arrange in sequence
which system user shall encounter first to last.
(a) MIS, DSS,ESS
(b) TPS, KMS, DSS,EIS
(c) EIS, DSS, KMS,TPS
(d) TPS, KMS, DSS,MIS

55. A Company ABC Ltd. is facing trouble paying incentive to its sales representatives. The
incentive is paid on the basis of sales turnover achieved region-wise. Company has appointed
you as a consultant asking your input as to which type of system they need to create to solve the
problem. Please guide.
(a) MIS
(b) EIS
(c) TPS
(d) ESS

56. Sales persons at BIG BAZAR use bar code scanners at the time of billing. This system of
reading bar codes for billing can be best classified as .
(a) TPS
(b) OAS
(c) MIS
(d) ESS
57. An accountant changes the voucher dates in TALLY without proper authority and sanction by
management. This act by accountant shall be best classified as breach of which key principle?
(a) Integrity
(b) Confidentiality
(c) Availability
(d) Confidentiality, Availability andIntegrity.

58. TALLY accounting software gives a warning when cash balance may turn negative on
updating a voucher. This is good example of .
(a) CompensatoryControl
(b) DetectiveControl
(c) CorrectiveControl
(d) PreventiveControl

59. Security guard at an ATM is an example of .

(a) Compensatory Control, LogicalControl
(b) Detective Control, PhysicalControl
(c) Preventive Control,Physical
(d) Corrective Control, LogicalControl

60. To use a GAS based fire suppression system, what needs to be done first.
(a) CallPolice
(b) CallMedics
(c) EvacuateHumans
(d) RemoveComputers

61. A large company is in process of creating a BCP framework. The Board of Directors have
appointed you as a BCP consultant. Board has asked you to justify / reason out the main
objective of BCP is to prevent / minimize losses. Your report shall highlight the reason for
having BCP except this reason..
(a) RevenueLoss
(b) ReputationLoss
(c) ProductivityLoss
(d) New CustomerAcquisition

62. An organization with extensive internet based business has its computer servers located in an
area known for power outages at times for several hours a day. How is the organization’s
exposure to this situation expressed in Business Continuity Management terms?
(a) Risk
(b) Vulnerability
(c) Contingency
(d) Emergency

63. Crisis phase, Recovery phase are two of the three phases that are typical of any disaster
scenario. Which is the third phase?
(a) Restoration phase
(b) Planning phase
(c) Multiplication phase
(d) Stabilization phase

64. What are the pre-requisites in developing a Business Continuity Plan (BCP) ?
(a) Planning for all phases & making it part of business process
 (b) Testing of the BCP
(c) Waiting for one incident to learn from, before drawing up BCP
(d) Having the organization’s strategic long term plan ready

65. What is not the phase of development of a Business Continuity Plan (BCP) ?
(a) Maintenance of the BCP
(b) Business Impact Analysis & Risk Assessment
(c) Testing of the BCP
(d) Waiting for one incident to learn from, before drawing up BCP

66. What are the key phases post development of a Business Continuity Plan (BCP) ?
(a) Testing, training & awareness of employees & maintenance
(b) Appointing a project team and steering committee
(c) Risk assessment
(d) Business Impact Analysis

67. A Business Impact Analysis (BIA) has the objective of estimating the financial & intangible
operational impacts for each business unit, assuming a worst case scenario. What other
objective does it have ?
(a) Address initiatives for speedy recovery from contingency
(b) Identify business unit processes & estimated recovery time for each
(c) Develop recovery management team
(d) Develop crisis management team

68. What is Recovery Time Objective (RTO) ?

(a) RTO is a measure of the user’s tolerance to downtime
(b) The time period the crisis is expected to last
(c) The time required for the team to stem further damage
(d) The time required for the crisis management team to respond

69. A company sells small furniture items exclusively over the Internet. It works with an Internet
service provider for facilitating its online business. In house, it runs the operations with the bare
minimum of manpower. Storage of information and recording of all transactions is carried out
using the company’s IT network and very limited physical documentation is [Link]
business is growing fast and their far sighted CEO has asked his managers to carry out a risk
analysis to check and ensure preparedness in the face of any contingency. How would you rate
this company’s tolerance to the risk of failure of the Internet services?
(a) Vital
(b) Critical
(c) Sensitive
(d) Non Critical

70. Restoring from a Differential Back-up involves ____________

(a) Restoring from last full back-up & then every incremental back-up
(b) Restoring from full back-up alone
(c) Restoring from last full back-up & then the differential back-up
(d) Restoring from differential back-up alone

71. A leading e-commerce provider is entering into the Indian market and is keen that the
business is built on firm foundations to ensure its credibility to customers. Appreciating the
importance of ensuring 100 % back-up for its Internet operations, it approaches a reputed
vendor for advice on back-up facilities. The vendor analyses the customer’s requirements and
comes up with a solution. The vendor offers the customer a ready-to-use back-up facility based
uponsubscription & membership. Virtually every equipment / facility which the customer has
in his main facility, including air-conditioning, would be replicated at the vendor’s back-up
location and it would be ready for instantaneous use in the case of an emergency, providing the
customer the very dependable back-up facilities they seek but at a price. What is such a facility
called ?
 (a) Mirror site
(b) Cold site
(c) Hot site
(d) Warm Site

72. State True or false.

Apart from covering losses on account of damage or loss of equipment, properties, additional
costs incurred to meet the contingency etc., it is possible to get insurance cover for business
interruption & consequent financial losses including customer claims, delayed cash flows, etc.
(a) TRUE
(b) FALSE

73. In order to protect its critical data from virus attacks an organisation decides to limit internet
access to its employees. What type of risk response has the organisationexercised.
(a) Mitigate
(b) Avoid
(c) Accept
(d) Transfer

74. A production company decides to insure against production loss due to natural calamities.
What type of response is this classified as?
(a) Mitigate
(b) Avoid
(c) Accept
(d) Transfer

75. Maintenance of privacy in relation to data collected by an organisation is very important

because:
(a) Errors committed during entry would cause great damage
(b) It has an impact on the infrastructure and business competitiveness
(c) It can be easily accessed by third parties
(d) It contains critical and sensitive information pertaining to a customer

76. The Objective of an Information Systems auditing includes:

(a) Asset Safeguarding Objectives
(b) Data integrity objectives
(c) System effectiveness and system efficiency objectives
(d) All of the above

77. What are preventive controls?

(a) those mechanisms which refer unlawful activities to the appropriate person/group
(b) those controls which attempt to predict potential problems before they occur
(c) those mechanisms which modify the processing system to minimise error occurrences
(d) those controls which corrects the error arising from a problem

78. What are detective controls?

(a) Provision for control of probable threats from materializing
(b) Those controls that are designed to detect errors and omissions of malicious acts
(c) Those controls which assess probable threats
(d) Those controls which minimise the impact of threat

79. What are corrective controls?

(a) Those controls that correct an error once it has been detected
(b) Those mechanisms which provide a clear understanding of the vulnerabilities of an asset
(c) Surprise checks by an administrator
(d) Those mechanisms by which the management gets regular reports of spend to date
against a profiled spend

80. An organisation decides to control the access to a software application by segregating entry
 level and updation level duties. What type of internal control does this amount to?
(a) Preventive Control
(b) Detective Control
(c) Corrective Control
(d) Physical Access Control

81. Under which type of control mechanism does taking a back up of everyday activity classify as?
(a) Detective Control
(b) Preventive control
(c) Corrective control
(d) Administrative Implementation of Control

82. Of the below mentioned roles, which one of the following should be performed by an IS
auditor?
(a) Set the risk appetite
(b) Impose risk management process
(c) Evaluate Risk Management process
(d) Take decision on risk response

83. A data centre housing about 200 employees is involved in handling businesses processes of
multinational companies. For security reasons, it decides to shift its network server and mail
server to a secluded room with restricted entry. What kind of internal control is this?
(a) Manual Preventive Control
(b) Manual Detective Control
(c) Computerised Preventive Control
(d) Computerised Corrective Control

84. What are the three KEY objectives of Information Security Management ?
(a) Compliance, Integrity and Availability
(b) Confidentiality, Information Security and Availability
(c) Confidentiality, Integrity and Availability
(d) Confidentiality, Integrity and Asset Management

85. The IS policy of an enterprise that talks about protecting non-public personal information
from unauthorised use, corruption, disclosure and distribution is:
(a) Acceptable usage policy
(b) Data classification and Privacy Policy
(c) Physical Access policy
(d) Asset Management Policy

86. The policy which restricts the ways in which the network, website or system may be used by a
user of an enterprise is termed as:
(a) Acceptable usage policy
(b) Physical Access and Security policy
(c) Asset Management Policy
(d) Business Continuity Management Policy

87. The characteristics of a strong password that protects information assets should be:
(a) Maximum 8 characters, case specific
(b) Minimum 8 characters, only alpha numeric
(c) Minimum 8 characters, only alphabets and easy to remember
(d) Minimum 8 characters, case specific and containing special characters

88. Standards, Guidelines and Procedures are the three elements of policy implementation. In
what order should they be followed for proper implementation?
 (a) Guidelines, Procedures and Standards
(b) Procedures, Standards and Guidelines
(c) Standards, Guidelines and Procedures
(d) Guidelines, Standards and Procedures

89. Who is responsible for defining security strategy and policies for an organisation?
(a) Steering Committee
(b) Information Owner
(c) Security Manager
(d) Information Custodian

90. What is a Denial-of-Service attack?

(a) An attempt to make a machine or network unavailable to its intended users.
(b) Unauthorized access to an organisation’s internal network.
(c) Illegal copying of software.
(d) Creation of Internet Protocol (IP) packets with a forged source IP address

91. A bank has outsourced certain processes related to its personal loans unit to a third party
vendor. As an IS auditor of the bank, what would you look for to assure yourself that non- public
business information accessed by the third party vendor is protected and not misused?
(a) A non -disclosure agreement signed by the vendor
(b) Check if all employees of the vendor are given enough training
(c) Verify if there are instances of data being misused earlier
(d) Check for a written acknowledgement from the vendor that they have read and
understood the company’s policy

92. Under what information category does widely distributed product brochures fall?
(a) Top Secret
(b) Highly Confidential Information
(c) Public Information
(d) Proprietary

93. Under what category does information received from clients fall?
(a) Top Secret
(b) Highly Confidential Information
(c) Public Information
(d) Proprietary

94. Threats to Information Assets like computing equipment, media and people are known as:
(a) Cyber threats
(b) Environmental Threats
(c) Physical Threats
(d) Logical access threats

95. Why audit trials and logs important for Security Management?
(a) To know where access attempts occurred and who attempted them
(b) To reduce unauthorized access to sensitive information
(c) To prevent modification or deletion of file content
(d) To prevent unintentional physical access

96. Which of the following is not a biometric characteristic?

(a) Finger prints
(b) Retina scans
(c) Passport photo
(d) Palm scans
97. Which of the following is a natural environmental threat?
(a) War action and Bomb threats
(b) Air conditioning failure
(c) Earthquakes
(d) Undesired activities in computer facilities such as smoking

98. Which of the following is not a characteristic of Logic Bombs?

(a) This blows up on the occurrence of a logical event
(b) These are programmed based on time
(c) This checks whether a particular condition has been met to execute the logic code
(d) These are very difficult to detect as its destructive information set is known only after it is
executed

99. On what basis are access privileges assigned to a user?

(a) Seniority level
(b) Expertise and qualification
(c) Job requirements and responsibilities
(d) There is no basis. It is randomly assigned

100. In this strategy, implementation can be staged with conversion to the new system taking place
gradually.
a) Phased Changeover
b) Direct Changeover
c) Pilot Changeover
d) Parallel Changeover
 ISCA MCQ 2019

ISCA ANSWER KEY – v 1.1

Question Answer’s Question Answer’s

No. No.
Q.1 d Q.51 a
Q.2 c Q.52 d
Q.3 b Q.53 b
Q.4 b Q.54 c
Q.5 a Q.55 a
Q.6 c Q.56 b
Q.7 a Q.57 a
Q.8 b Q.58 d
Q.9 c Q.59 c
Q.10 d Q.60 c
Q.11 d Q.61 d
Q.12 c Q.62 b
Q.13 b Q.63 a
Q.14 c Q.64 a
Q.15 a Q.65 d
Q.16 d Q.66 a
Q.17 c Q.67 b
Q.18 a Q.68 a
Q.19 d Q.69 b
Q.20 d Q.70 c
Q.21 a Q.71 c
Q.22 d Q.72 a
Q.23 b Q.73 a
Q.24 b Q.74 d
Q.25 c Q.75 d
Q.26 b Q.76 d
Q.27 d Q.77 b
Q.28 b Q.78 b
Q.29 c Q.79 a
Q.30 a Q.80 a
Q.31 d Q.81 c
Q.32 a Q.82 c
Q.33 c Q.83 a
Q.34 a Q.84 c
Q.35 a Q.85 b
Q.36 a Q.86 a
Q.37 a Q.87 d
Q.38 c Q.88 c
Q.39 b Q.89 c

A.T. Academy [Link] Page 1

 ISCA MCQ 2019
Q.40 d Q.90 a
Q.41 a Q.91 a
Q.42 a Q.92 c
Q.43 b Q.93 b
Q.44 a Q.94 c
Q.45 c Q.95 a
Q.46 b Q.96 c
Q.47 a Q.97 c
Q.48 a Q.98 b
Q.49 d Q.99 c
Q.50 b Q.100 a

A.T. Academy [Link] Page 2