Scribd
Upload
18 views5 pages

8

The document contains 30 multiple-choice questions related to information systems control, focusing on various types of controls such as preventive, detective, and corrective. It emphasizes the importance of safeguarding assets and data integrity while ensuring compliance with regulatory requirements. Key concepts include the roles of different controls, responsibilities within organizations, and the significance of access controls for data confidentiality.

Uploaded by

kritikpaudel123
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
18 views5 pages

8

The document contains 30 multiple-choice questions related to information systems control, focusing on various types of controls such as preventive, detective, and corrective. It emphasizes the importance of safeguarding assets and data integrity while ensuring compliance with regulatory requirements. Key concepts include the roles of different controls, responsibilities within organizations, and the significance of access controls for data confidentiality.

Uploaded by

kritikpaudel123
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Here are 30 multiple-choice questions (MCQs) based on the document, with answers in bold:

1. What is the primary purpose of information systems control?


(a) To maximize profit
(b) To ensure operational efficiency
(c) To safeguard assets and data integrity
(d) To reduce employee workload
Answer: (c) To safeguard assets and data integrity

2. Which of the following is NOT a classification criterion for controls?


(a) Objective of Controls
(b) Audit Perspective
(c) Financial Impact
(d) Nature of IS Resources
Answer: (c) Financial Impact

3. Preventive controls are designed to:


(a) Detect and report errors
(b) Provide directions to staff
(c) Minimize the impact of threats
(d) Prevent errors or security incidents from occurring
Answer: (d) Prevent errors or security incidents from occurring

4. Which control type is designed to detect incidents and report their occurrence?
(a) Preventive
(b) Detective
(c) Corrective
(d) Directive
Answer: (b) Detective

5. An example of a directive control is:


(a) Firewalls
(b) Training manuals
(c) Data encryption
(d) Virus detection
Answer: (b) Training manuals

6. What is a key characteristic of corrective controls?


(a) They are proactive in nature
(b) They minimize the impact of threats
(c) They detect unauthorized access
(d) They provide training directives
Answer: (b) They minimize the impact of threats

7. Environmental controls include:


(a) Encryption
(b) UPS and air-conditioning
(c) Firewall installation
(d) Password policies
Answer: (b) UPS and air-conditioning
8. Logical access controls are primarily concerned with:
(a) Securing physical access
(b) Ensuring environmental safety
(c) Preventing unauthorized digital access
(d) Conducting internal audits
Answer: (c) Preventing unauthorized digital access

9. Which department is responsible for conducting internal audits in an organization?


(a) HR Department
(b) IT Department
(c) Internal Audit Department
(d) Finance Department
Answer: (c) Internal Audit Department

10. The purpose of physical access controls is to:


(a) Monitor network activities
(b) Restrict unauthorized physical entry
(c) Encrypt data storage
(d) Prevent software malfunction
Answer: (b) Restrict unauthorized physical entry

11. A firewall is an example of:


(a) Corrective control
(b) Detective control
(c) Directive control
(d) Preventive control
Answer: (d) Preventive control

12. Which control ensures compliance with regulatory requirements?


(a) Directive controls
(b) Corrective controls
(c) Detective controls
(d) Preventive controls
Answer: (a) Directive controls

13. A major benefit of preventive controls is:


(a) Detecting fraud
(b) Reducing the cost of corrections
(c) Reversing unauthorized actions
(d) Delaying security incidents
Answer: (b) Reducing the cost of corrections

14. Which type of control helps recover operations after a disaster?


(a) Preventive
(b) Detective
(c) Corrective
(d) Directive
Answer: (c) Corrective

15. An example of detective control is:


(a) Security alarms
(b) CCTV monitoring
(c) Password management
(d) Antivirus software
Answer: (b) CCTV monitoring

16. Which framework focuses on managerial functions for planning and operation?
(a) Application Control Framework
(b) Physical Control Framework
(c) Logical Control Framework
(d) Management Control Framework
Answer: (d) Management Control Framework

17. What is the main objective of information system controls?


(a) Ensure uninterrupted power supply
(b) Achieve business objectives effectively
(c) Increase employee productivity
(d) Control financial transactions
Answer: (b) Achieve business objectives effectively

18. A system access control that terminates inactive sessions is called:


(a) Firewall
(b) Terminal timeout
(c) Encryption
(d) Audit log
Answer: (b) Terminal timeout

19. Who is responsible for defining organizational policies for IT security?


(a) HR Manager
(b) Security Administrator
(c) Marketing Manager
(d) Finance Controller
Answer: (b) Security Administrator

20. Which of the following is NOT an example of physical access control?


(a) Security guards
(b) CCTV cameras
(c) Antivirus software
(d) Biometric entry
Answer: (c) Antivirus software

21. Logical access control includes:


(a) ID cards
(b) Password authentication
(c) Fire extinguishers
(d) Data backups
Answer: (b) Password authentication

22. Corrective controls involve:


(a) Employee training
(b) Risk assessment
(c) Incident recovery
(d) Preventing threats
Answer: (c) Incident recovery

23. The control that limits the number of login attempts is:
(a) Terminal timeout
(b) Encryption
(c) Access control list
(d) Lockout policy
Answer: (d) Lockout policy

24. Application control ensures:


(a) Physical security
(b) Logical security
(c) Data accuracy and completeness
(d) Environmental safety
Answer: (c) Data accuracy and completeness

25. What is the primary risk of nepotism in an organization?


(a) Employee productivity
(b) Compromised integrity
(c) High operating costs
(d) Excessive paperwork
Answer: (b) Compromised integrity

26. Fire alarms and sprinklers are part of:


(a) Logical access controls
(b) Environmental controls
(c) Management controls
(d) Application controls
Answer: (b) Environmental controls

27. Who should conduct system audits regularly?


(a) Marketing Manager
(b) Internal Audit Team
(c) IT Manager
(d) Sales Director
Answer: (b) Internal Audit Team

28. A well-designed information system should:


(a) Operate without human intervention
(b) Have built-in security controls
(c) Eliminate all risks
(d) Focus only on data storage
Answer: (b) Have built-in security controls

29. What ensures sensitive output is sent to authorized terminals?


(a) Firewall
(b) User authentication
(c) Output control
(d) Encryption
Answer: (c) Output control
30. Which factor is crucial for ensuring data confidentiality?
(a) Data backups
(b) Antivirus programs
(c) Access controls
(d) Employee turnover
Answer: (c) Access controls

You might also like