1 The Primary function of the steering committee is:

A. Reviewing user requirements and ensuring that all controls are considered.
B. Strategic planning for computer installation.
C. Evaluating specific project plans for systems.
D. Conducting a major feasibility study, when it is required.

The Most Appropriate answer is B Strategic planning for computer installation

2 In an information processing system, specific measures were introduced to

improve quality. An auditor however will not be assured of the effectiveness of
these measures by:
A. A perceptible reduction in problems reported by users.
B. Increased satisfaction.
C. An increase in the quality assurance budget.
D. A reduction in the maintenance cost of the application.

The Most Appropriate answer is “C” An increase in the quality assurance budget

3 Which one of the following methodologies requires efficient system requirement

analysis?
A. Reverse Engineering
B. The Delphi Design
C. Joint application Design (JAD)
D.Traditional system development life cycle.

The Most Appropriate answer is “D” Traditional system development life cycle

Reverse engineering is taking apart an object to see how it works in order to duplicate or
enhance the object. The practice, taken from older industries, is now frequently used on
computer hardware and software. Software reverse engineering involves reversing a
program's machine code (the string of 0s and 1s that are sent to the logic processor) back
into the source code that it was written in, using program language statements.

Software reverse engineering is done to retrieve the source code of a program because the
source code was lost, to study how the program performs certain operations, to improve
the performance of a program, to fix a bug (correct an error in the program when the
source code is not available), to identify malicious content in a program such as a virus or
to adapt a program written for use with one microprocessor for use with another. Reverse
engineering for the purpose of copying or duplicating programs may constitute a
copyright violation. In some cases, the licensed use of software specifically prohibits
reverse engineering.
Someone doing reverse engineering on software may use several tools to disassemble a
program. One tool is a hexadecimal dumper, which prints or displays the binary numbers
of a program in hexadecimal format (which is easier to read than a binary format). By
knowing the bit patterns that represent the processor instructions as well as the instruction
lengths, the reverse engineer can identify certain portions of a program to see how they
work. Another common tool is the disassembler. The disassembler reads the binary code
and then displays each executable instruction in text form. A disassembler cannot tell the
difference between an executable instruction and the data used by the program so a
debugger is used, which allows the disassembler to avoid disassembling the data portions
of a program. These tools might be used by a cracker to modify code and gain entry to a
computer system or cause other harm.

Hardware reverse engineering involves taking apart a device to see how it works. For
example, if a processor manufacturer wants to see how a competitor's processor works,
they can purchase a competitor's processor, disassemble it, and then make a processor
similar to it. However, this process is illegal in many countries. In general, hardware
reverse engineering requires a great deal of expertise and is quite expensive.

Another type of reverse engineering involves producing 3-D images of manufactured

parts when a blueprint is not available in order to remanufacture the part. To reverse
engineer a part, the part is measured by a coordinate measuring machine (CMM). As it is
measured, a 3-D wire frame image is generated and displayed on a monitor. After the
measuring is complete, the wire frame image is dimensioned. Any part can be reverse
engineered using these methods.

The term forward engineering is sometimes used in contrast to reverse engineering

The Delphi method is a systematic, interactive forecasting method which relies on a

panel of independent experts. The carefully selected experts answer questionnaires in two
or more rounds. After each round, a facilitator provides an anonymous summary of the
experts’ forecasts from the previous round as well as the reasons they provided for their
judgments. Thus, participants are encouraged to revise their earlier answers in light of the
replies of other members of the group. It is believed that during this process the range of
the answers will decrease and the group will converge towards the "correct" answer.
Finally, the process is stopped after a pre-defined stop criterion (e.g. number of rounds,
achievement of consensus, stability of results) and the mean or median scores of the final
rounds determine the results.[1]

Delphi [pron: delfI] is based on the principle that forecasts from a structured group of
experts are more accurate than those from unstructured groups or individuals.[2] The
technique can be adapted for use in face-to-face meetings, and is then called mini-Delphi
or Estimate-Talk-Estimate (ETE). Delphi has been widely used for business forecasting
and has certain
4 Which of the following statements is false (with regard to structured
programming concepts and program modularity)?
A. Modules should perform only the principal function.
B. Interaction between modules should be minimal.
C. Modules should have only one entry and one exit point.
D. Modularity means program segmentation.
The Most Appropriate answer is “D” Modularity means program segmentation

5 Software quality assurance takes care of:

A. Error prediction.
B. Error prevention.
C. Error detection.
D. Error correction.

The Most Appropriate answer is “C” Error Detection

6 A computerized information system frequently fails to meet the needs of users

because:
A. users needs are constantly changing.
B. the growth of user requirements was inaccurately forecast.
C. the hardware system limits the number of concurrent users.
D. user participation in defining the system’s requirements is inadequate.

The Most Appropriate answer is “D” user participation in defining the system’s
requirements is inadequate.

7 Which of the following groups /individuals assume ownership of systems

development life cycle projects and the resulting system?
A. User management
B. Senor management.
C. Project steering committee
D. Systems development management.

The Most Appropriate answer is “A” User management

8 Data flow diagrams are used by IS auditors to:

A. Order data hierarchically.
B. Highlight high-level data definitions
C. Graphically summarise data generation.
D. Portray step by step detail of data generation

The Most Appropriate answer is “C”

9 Which of the following would NOT normally be a part of feasibility study?
A. Identify the cost savings of a new system.
B. Defining the major requirements of the new system.
C. Determining the productivity gains of implementing a new system.
D. Estimating a pay-back schedule for cost incurred in implementing a new
System.
The Most Appropriate answer is “B” Defining the major requirements of the new system.

10 When auditing the requirements phase of software, an IS auditor would:

A. Access the adequacy of audit trails.
B. Identify and determine the criticality of the need.
C. verify cost justifications and anticipated benefit.
D.Ensure the control specifications have been defined.

The Most Appropriate answer is “D” Ensure the control specifications have been defined.

11 Which phase of SDLC uses Data Flow Diagrams?

A. Requirements.
B. Design
C. Implementation
D. Maintenance

The Most Appropriate answer is “ B” Design

12 Which of the following is performed first in a system development life cycle

project?
A. Developing progaramme flow chart
B. Determining system inputs and outputs
C. Developing design documents.
D. Developing conversation plans

The Most Appropriate answer is “B” Determining system inputs and outputs

13 In which of the following SDLC (System Development Life Cycle) phases, is ther
IS auditor’s participation unnecessary.
A. Feasibility Study
B. User Requirements
C. Programming
D. Manual specifications

The Most Appropriate answer is “C” Programming.

14 In a system development project, the formal change control mechaninism is begun
after:
A. Completing the system planning document
B. Completing the system requirement documents
C. Completing the system design document.
D. Completing the program coding work.

The Most Appropriate answer is “B” Completing the system requirement documents
15 A decision table is used in program testing to check the branching of distinct
processes. It consists of:
A. A condition stub and result.
B. A condition stub and condition entry.
C. An action stub and condition entry.
D. An action stub and result.

The Most Appropriate answer is “B” A condition stub and condition entry

16. An IS auditor who plans on testing the connection of two or more system
components that pass information from one area to another would use:
A. Pilot testing
B. Parallel testing
C. Interface testing
D. Regression testing

The Most Appropriate answer is “ C” Interface testing

17 A large number of system failures are occurring hen corrections to previously

detected faults are resubmitted for acceptance testing. This would indicate that the
development team is probably not adequately performing which of the following
types of testing?
A. Unit testing
B. Regression testing
C. Acceptance testing
D. Integration testing3

The Most Appropriate answer is “B” Regression testing

18 An organization is developing a new business system. Which of the following

will provide the MOST assurance that the system provides the required
functionality?
A. Unit testing
B. Regression testing
C. Acceptance testing
D. Integration testing
The Most Appropriate answer is “C” Acceptance testing
19 Which of the following is a primary purpose for conducting parallel testing
A. To determine if the system is more cost-effective
B. To enable comprehensive unit and system testing
C. To highlight errors in the programme interfaces with files
D. To ensure the new systems meets all user requirements.

The Most Appropriate answer is “D” To ensure the new systems meets all user
requirements.

20 Unit testing g is different from system testing because:

A. unit testing is more comprehensive.
B. programmers are not involved in system testing.
C .system testing relates to interfaces between programs.
D. system testing proves user requirements are adequate.

The Most Appropriate answer is “C” system testing relates to interfaces between
programs

21 Which of the following is NOT an advantage of an object –oriented approach to

Data management systems?
A. A means to model complex relationships.
B. The ability to restrict the variety of data types.
C. The capacity to meet the demands of a changing environment.
D. The ability to access only the information that is needed.

The Most Appropriate answer is “The ability to restrict the variety of data types”

22 Design prototyping is more likely to be needed when:

A. The application system to be designed is a traditional accounting system.
B. There is substantial uncertainly surrounding the system to be designed.
C. The designer believes that there is no need to develop user specification for the
system to be implemented.
D. The SDLC approach to system development is adopted.

The Most Appropriate answer is “B” There is substantial uncertainly surrounding the
system to be designed

23 Which of the following represents a typical prototype of an interactive

application?
A. Screens and process programs
B. Screens, interactive edits sample reports
C. Interactive Edits, process programs and sample reports.
D. Screens, interactive edits, process programs and sample reports.
The Most Appropriate answer is “D” Screens, interactive edits, process programs and
sample reports
24 Which of the following is a management technique that enables organizations to
develop strategically important system faster while reducing development costs
and maintaining quality?
A. Function point analysis
B. Critical path methodology
C. Rapid application development
D. Program evaluation review technique

The Most Appropriate answer is “C” Rapid application development

25 The prototyping approach does not assume the existence of:

A. Reusable software
B. Formal specifications languages
C. Detail requirements document
D. Fourth- generation programming languages

The Most Appropriate answer is “ C” Detail requirements document

26 Which of the following will be considered to be the MOST serious disadvantage

of prototyping systems development?
A. The prototyping system is expensive.
B. Prototyping demands excessive computer usage
C Users may perceive that the development is complete.
D.The users needs may not have been correctly assessed.

The Most Appropriate answer is “ C” Users may perceive that the development is
complete

27 Which of the following is an advantage of prototyping?

A. The finished system normally has strong internal reports.
B. Prototype systems can provide significant time and cost savings.
C. Change control is often less complicated with prototype systems.
D. It ensures that functions or extras are not added to the intended system.

The Most Appropriate answer is “B” Prototype systems can provide significant time and
cost savings

28 Structured programmes is BEST described as a technique that:

A. Provides knowledge of program functions to other programmers via peer
reviews.
B. reduces the maintenance time of programs by the user of small-scale program
Modules.
C.Makes the readable coding reflect as closely as possible the dynamic execution
of the program.
 D. Controls the coding and testing of the high-level functions of the program in
the development process.

The Most Appropriate answer is “B” reduces the maintenance time of programs by the
user of small-scale program modules.

29 The biggest benefit of prototyping is:

A. Better version control.
B. Better communication between developers and users.
C. Increased productivity
D. Quicker delivery

The Most Appropriate answer is “ B” Better communication between developers and

users

30 Which one of the following techniques is represented by structured analysis and

design?
A. Function-oriented techniques
B. Data-oriented techniques
C. Control- oriented techniques
D. Information-oriented techniques

The Most Appropriate answer is “ A” Function-oriented techniques

31 The critical path in a Program Evaluation Review Technique(PERT) is identified

by:
A. The project manager team after identifying the critically of the function.
B. The path that has maximum slack time.
C. The path that has zero slack time
D. project development team after discussing with the uses.

The Most Appropriate answer is “ C” The path that has zero slack time

32 Which of the following ‘estimate of time’ has most important relevance in PERT
evaluation technique?
A. Most likely time
B. Pessimistic time
C. Actual time
D. Optimistic time .

The Most Appropriate answer is “C” Actual time

33 Introduction of CASE tools in a mainframe environment provides which of the

following benefit?
A. Easy conversion of huge data.
B. Adequate technical knowledge
 C. Proper training personnel
D. Acts as supportive tools

The Most Appropriate answer is “A” Easy conversion of huge data

34 PC-based analysis and design tools are used along with mainframe computer-
based tools. Identify the CASE tool that is required in this situation.
A .Diagramming tools
B. Simulation tools.
C. Export/Import tools.
D. Diagram checking tools

The Most Appropriate answer is “ C” Export/Import tools.

35 Many IT projects experience problems because the development time and / or

resource requirements are underestimated. Which of the following techniques
would improve the estimation of the resources required in system construction
after the development of the requirements specifications?
A. PERT chart
B. Recalibration
C. Cost-benefit analysis.
D. Function point estimation

The Most Appropriate answer is “D” Function point estimation

36 Which of the following is a management technique that enables organizations to

develop strategically important system faster while reducing development costs
and maintaining quality?
A. Function point analysis
B. Critical path methodology
C. Rapid application development.
D. Program evaluation review technique

The Most Appropriate answer is “C” Rapid application development

37 A significant problem is planning and controlling a software development project

is determining:
A. Project slack times
B. a project’s critical path
C. time and resource requirements for individual tasks.
D. precedent relationships which preclude the start of certain activities until others
complete.

The Most Appropriate answer is “C” time and resource requirements for individual tasks.

Answer the questions 38 and 39 on the basis of the following PERT diagram.
 Start P8 U12

W8
R9
Q10 END
END

V5
S7

The Most Appropriate answer is

38. The arrows and letters P through W in the diagram represent:

A. events
B. activities
C. successor points
D. predecessors points

The Most Appropriate answer is “ B” activities

39 Which of the following project completion paths represents the critical path?
A. PUW
B. PTVW
C.RVW
D. QSVW

The Most Appropriate answer is “ D” . QSVW

40 Which of the following computer aided software engineering (CASE) products is

used for developing detailed designs, such as screen and report layouts?
A. Super Case
B.Upper Case
C. Middle Case
D. Lower Case

The Most Appropriate answer is “ C” Middle Case

41 For which of the following does the 15 auditor NOT take part in the development
team deliberations?
 A. Ensuring adequacy of data integrity controls.
B. Ensuring adequacy of data security controls.
C.Ensuring that there are no costs and time overruns.
D. Ensuring that documentation is accurate life cycle project.

The Most Appropriate answer is “ C” Ensuring that there are no costs and time overruns

42 Which of the following issues requires more attention from an information

systems (IS) auditor participating in a system development life cycle project?
A. Technical issues
B. Organizational issues
C. Behavioral issues
D.Contractual issues

The Most Appropriate answer is “ C” Behavioral issues

43 After the systems is developed, the auditor’s objective in conducting a general

review is to
A. Determine whether a critical application needs some modification due to recent
changes in the status.
B. Conduct a test of controls to ensure that the no necessary control is omitted in
the design?
C. Make an evaluation of the whole process to quantify the substantive test
required for the specialization audit of the process.
D. Conduct a substantive test of the application system.

The Most Appropriate answer is “ C” Make an evaluation of the whole process to

quantify the substantive test required for the specialization audit of the process.

44 An auditor evaluating a software package purchase contract will NOT expect the
contract to include.
A. License cost
B. Maintenance cost
C.Operational cost
D. Outage cost

The Most Appropriate answer is “ D” Outage cost

45 An IS auditors while conducting a post-implementation review, would look for:

A. The documentation of the test objectives
B. The extent of issues pointed out in the user acceptance test and the unresolved
Issues.
C. The documentation of the test results.
D. The Log containing of the problems reported by the users.
The Most Appropriate answer is “ B” The extent of issues pointed out in the user
acceptance test and the unresolved Issues

46 The use of coding standards is encourage by the IS auditors because they:

A. define access control tables.
B. detail program documentation
C. standardize dataflow diagram methodology
D. ensure compliance with field naming conventions.

The Most Appropriate answer is “ D” ensure compliance with field naming conventions

47 An IS auditor involved as a team member in the detailed system design phase of a

system under development would be MOST concerned with:
A. Internal control procedures
B. user acceptance test schedules.
C. adequacy of the user training programs.
D. Clerical progress for resubmission of rejected items.

The Most Appropriate answer is “ A” Internal control procedures

48 An IS auditor who has participated in the development of an application system

might have their independence impaired if they:
A. perform an application development review.
B. recommends control and other system enhancements.
D. Are actively involved in the design and implementation of the application
system.

The Most Appropriate answer is “ D” Are actively involved in the design and
implementation of the application system

49 The primary role of an IS auditor in the system design phase of an application

‘ development project is to
A. advise on specific and detailed control procedures.
B. ensure the design accurately reflects the requirement
C. ensure all necessary controls are included in the initial design
D. advise the development manager on adherence to the schedule.

The Most Appropriate answer is “ C” ensure all necessary controls are included in the
initial design

50 Which of the following tasks would NOT be performed by IS auditor when

reviewing systems development controls in a specific applications?
A. Attend project progress meetings.
B. Review milestone documents for appropriate sign-off.
C. Compare development budgets with actual time and amount spent.
D. Design and execute testing procedures for use during acceptance testing.
The Most Appropriate answer is “ C” Compare development budgets with actual time
and amount spent

51 E- cash is a form of electronic money that:

A. can be used over any computer network.
B. utilizes reusable e-cash coins to make payments.
C. does not require the use of an Internet digital bank.
D. contains unique serial numbering to track the identity of the buyer.

The Most Appropriate answer is “ D” contains unique serial numbering to track the
identity of the buyer

52 Which of the following statements is incorrect?

A. Expert systems are aimed at solving problems using an algorithmic approach.
B. Expert systems are aimed at solving that have irregular structure.
C. Expert systems are aimed at solving problems that have irregular structure.
D. Expert systems are aimed at solving problems of considerable complixity.

The Most Appropriate answer is “ A” Expert systems are aimed at solving problems using
an algorithmic approach

53 Which of the following is a characteristic of a decision support system ( DSS)?

A. DSS is aimed at solving highly structured problem.
B. DSS combines the use of models with non-traditional data access and retrieval
functions.
C. DSS emphasizes flexibility in the decision making approach of users.
D. DSS supports only structured decision-making tasks.

The Most Appropriate answer is “ C” .DSS emphasizes flexibility in the decision making
approach of users

54 Which of the following is false with regard to expert-systems?

A. Expert system knowledge is represented declaratively
B. Expert system computations are performed through symbolic reasoning
C. Expert systems knowledge is incorporated in the program control.
D. Expert systems control their own actions3

The Most Appropriate answer is “ C” Expert systems knowledge is incorporated in the

program control.

55 Which of the following statements pertaining to data warehouses is FALSE?

A. A data warehouse is designed specifically for decision support.
B. The quality of the data warehouse must be very high.
C. Data warehouses are made up of existing database, files and external
information.
 D. A data warehouse is used by senior management only because of the
sensitivity of the data.

The Most Appropriate answer is “C” Data warehouses are made up of existing database,
files and external information.

56 Use of asymmetric encryption over an Internet e-commerce site, where there is

one private key for the hosting server and the public key is widely distributed to
the customers, is MOST likely to provide comfort to the:
A. Customer over the authetenticity of the customer.
B. Hosting organization over the authencity of the customer.
C. Customer over the confidentially of messages from the hosting organization.
D. Hosting organization over the confidentially of message passed to the
customer.

The Most Appropriate answer is “ A” Customer over the authetenticity of the customer

57 Which of the following concerns about the security of an electronic message

would be addressed by Digital Signatures?
A. Unauthorised reading
B. Theft
C. Unatohorised copying
D. Alteration

The Most Appropriate answer is “ D” Alteration

58 A (B 2 C) E commerce web site as part of its information security program, wants

to monitor, detect and prevent hacking activities and alert the system
administrator when suspicious activities occur. Which of the following
infrastructure components could be used for this purpose?
A. Intrusion detection systems
B. Firewalls
C. Routers
D. Asymmetric encryption

The Most Appropriate answer is “ “A” Intrusion detection systems

59 Fuzzy Logic is most effective when:

A. Used to develop decision support system.
B. Combined with neural network technologies.
C. Used to build hard disc controllers
D. Used to design memory caches

The Most Appropriate answer is “ C” Used to build hard disc controllers

60 Which of the following is not a subsystem of the decision support system?
A. Language system
 B. Knowledge system
C. Transaction processing system
D. Problem processing system.

The Most Appropriate answer is “C” Transaction processing system