0% found this document useful (0 votes)
637 views90 pages

Set D Digital Ecosystem and Controls Key & Notes - Mcqs

The document outlines key notes and multiple-choice questions related to the digital ecosystem and controls, focusing on governance, risk management, compliance, and information system security. It includes chapters on IT governance, enterprise risk management, business continuity planning, and the system development life cycle. Each chapter provides essential concepts, frameworks, and practices to ensure effective management and security of digital resources in organizations.

Uploaded by

sahupooja1809
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
637 views90 pages

Set D Digital Ecosystem and Controls Key & Notes - Mcqs

The document outlines key notes and multiple-choice questions related to the digital ecosystem and controls, focusing on governance, risk management, compliance, and information system security. It includes chapters on IT governance, enterprise risk management, business continuity planning, and the system development life cycle. Each chapter provides essential concepts, frameworks, and practices to ensure effective management and security of digital resources in organizations.

Uploaded by

sahupooja1809
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 90

SET – D

PAPER-4 : DIGITAL
ECOSYSTEM AND
CONTROLS
KEY NOTES
& MCQS

Prepared by:
Pradeep Kumar M
LinkedIn: https://www.linkedin.com/in/pradeepkumar-m12
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

INDEX
Sl No. Contents Page number

1. Key Notes 2 – 19

2. Chapter wise Mcqs 20 – 56

3. Mock Test – 1 55 – 71

4. Mock Test -1 Key 72 – 72

5. Mock Test – 2 73 – 88

6. Mock Test -2 Key 89 – 89

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


1
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

Chapter-wise Key Notes


Chapter 1: Concepts of Governance and IT Strategy
1.1 Introduction
• Explains the concept of governance, derived from "to steer," involving decision-making and accountability.
• Governance is about defining responsibilities and controls, while management executes these decisions.
Three Principles for a Governance Framework
1. Based on Conceptual Model: Identifies key components and relationships for consistency.
2. Open and Flexible: Adapts to new challenges dynamically.
3. Aligned to Major Standards: Integrates global frameworks and standards.
Benefits of Governance
• Achieves enterprise goals.
• Integrates business processes.
• Encourages desirable IT behavior.
• Stabilizes operations and defines clear decision-making processes.
1.2 Enterprise Governance
• Defined as ensuring strategic direction, resource optimization, and managing risks.
• Includes Corporate Governance (compliance-focused) and Business Governance (performance-fo-
cused).
1.3 Overview of IT Governance
Benefits of IT Governance
1. Delivers value through IT.
2. Improves user satisfaction with IT services.
3. Enhances agility and reduces IT risks.
4. Increases cost performance and compliance.
Key Practices to Determine IT Governance
• Questions include:
o Who makes decisions?
o How decisions are made.
o How governance results are monitored.
1.4 Governance of Enterprise IT (GEIT)
Benefits of GEIT
1. Aligns IT governance with enterprise strategy.
2. Ensures compliance and oversight.
3. Provides transparency and efficiency in IT-related decisions.
Key Governance Practices of GEIT
1. Evaluate the system by identifying stakeholder needs.
2. Direct governance with leadership support.
3. Monitor effectiveness via performance assessments.
Role of IT in Enterprises
• IT has evolved from data processing to decision-making and strategic transformation.
EGIT (Enterprise Governance of Information and Technology)

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


2
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

• Focuses on aligning IT strategy with enterprise strategy, ensuring IT contributes to value generation.
1.5 Business and IT Strategy
Objective of IT Strategy
• Provides a comprehensive view of the IT landscape and aligns IT with business strategies.
IT Steering Committee
• Composed of senior management to oversee IT deployment, resolve conflicts, and align IT with business
goals.
IT Strategic Planning
• Must remain dynamic, aligning long- and short-term plans with enterprise strategies.
Classification of Strategic Planning
1. Enterprise Strategic Plan: Defines long-term goals.
2. Information Systems Strategic Plan: Optimizes IT opportunities and addresses business requirements.
3. Information Systems Requirements Plan: Focuses on information architecture.
4. Information Systems Applications and Facilities Plan: Specifies application systems, hardware, and
infrastructure.
Key Management Practices for Aligning IT Strategy with Enterprise Strategy
1. Understanding enterprise direction.
2. Assessing current IT capabilities.
3. Defining target IT capabilities.
4. Conducting gap analysis.
Business Value from Use of IT
• Optimizes IT investments and aligns them with enterprise goals to deliver value.
1.6 Frameworks to Support Effective IT Governance
COBIT as an IT Governance Framework
• COBIT defines processes and objectives for IT management and governance.
COBIT Principles
1. Stakeholder value delivery.
2. Holistic governance approach.
3. Distinction between governance and management.
4. End-to-end enterprise focus.
Governance and Management Objectives
• COBIT 2019 organizes 40 objectives into five domains:
o EDM (Evaluate, Direct, Monitor).
o APO (Align, Plan, Organize).
o BAI (Build, Acquire, Implement).
o DSS (Deliver, Service, Support).
o MEA (Monitor, Evaluate, Assess).
Components of the Governance System
1. Processes.
2. Organizational structures.
3. Principles, policies, and procedures.

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


3
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

4. Information and behaviour.


COBIT Implementation Approach
1. Identify drivers for change.
2. Assess the current state.
3. Define targets and priorities.
4. Plan and implement feasible solutions.
Chapter 2: Governance, Risk, and Compliance Framework
2.1 Introduction
• Focuses on Governance, Risk, and Compliance (GRC) as an integrated framework to manage risk and
ensure adherence to laws, regulations, and internal policies.
2.2 Risk Fundamentals
• Risk refers to the potential of an event that could harm the enterprise or its goals.
• Risks can arise from external or internal sources and must be evaluated based on impact and likelihood.
Components of Risk
1. Risk Appetite: The level of risk an organization is willing to take.
2. Risk Tolerance: The acceptable variation in achieving objectives.
3. Risk Capacity: The ability to absorb potential losses.
2.3 Risk
• Categorizes risks into financial, operational, strategic, and compliance risks.
• Highlights the need for a robust risk assessment and mitigation strategy.
Risk Classification
1. Business Risks: Related to achieving business objectives.
2. Operational Risks: Arising from daily operations, including IT systems.
3. Strategic Risks: Linked to external changes affecting enterprise strategy.
2.4 Malicious Attacks
• Explains the growing threats of cyberattacks targeting enterprises.
Types of Attacks
1. Phishing: Fraudulent emails to steal information.
2. Denial of Service (DoS): Overloading systems to disrupt services.
3. Social Engineering: Manipulating individuals to access systems.
2.5 Malicious Software
• Covers harmful software like viruses, worms, ransomware, and spyware that compromise enterprise secu-
rity.
2.6 Counter Measures
• Discusses proactive and reactive strategies for risk mitigation, including firewalls, encryption, and training
employees.
2.7 Internal Controls
• Internal controls ensure accuracy, reliability, and compliance in financial and operational activities.
• Categorized into:
1. Preventive Controls: Stop issues before they occur.
2. Detective Controls: Identify issues after they occur.

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


4
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

3. Corrective Controls: Address identified problems.


2.8 Compliance
• Organizations must adhere to external laws, regulations, and internal standards.
• Compliance ensures legal accountability and mitigates risks of penalties.

Chapter 3: Enterprise Risk Management Framework


3.1 Introduction
Enterprise Risk Management (ERM) is a structured and systematic process designed to manage and mitigate risks
across an organization. It ensures alignment with objectives, enabling proactive decision-making.
3.2 Enterprise Risk Management (ERM)
ERM refers to practices and procedures that identify potential events affecting an entity, managing them within risk
tolerance, and providing reasonable assurance for achieving objectives.
Benefits of ERM
1. Better identification and assessment of risks.
2. Strengthens organizational resilience and agility.
3. Aligns risk management with strategic decision-making.
3.3 ERM Framework (For IT Governance Issues)
The ERM Framework focuses on integrating IT governance with risk management through Plan, Implement, Meas-
ure, and Learn (PIML).
Plan
1. Establish clear objectives for risk management.
2. Identify stakeholders and their roles in managing risks.
Implement
1. Deploy risk management strategies organization wide.
2. Use IT tools for automation and efficiency.
Measure
1. Monitor risk management outcomes.
2. Assess and analyse the effectiveness of controls.
Learn
1. Adjust and refine strategies based on feedback.
2. Incorporate lessons learned into the risk management framework.

Chapter 4: Information System Security Policy


4.1 Introduction
An information system comprises hardware, software, people, processes, and data that enable efficient and effec-
tive business operations. Securing these systems is critical to prevent unauthorized access and ensure data integ-
rity.
4.2 Information Systems
Information systems are frameworks for collecting, processing, storing, and disseminating information essential for
decision-making.
Components of Information Systems
1. Hardware: Physical devices like computers and servers.

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


5
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

2. Software: Applications and operating systems.


3. Data: Organizational information assets.
4. Processes: Procedures governing the system.
5. People: Users interacting with the system.
4.3 Need for Protection of Information Systems
1. Prevent unauthorized access and breaches.
2. Ensure data accuracy, reliability, and availability.
3. Mitigate risks of fraud and cyberattacks.
4.4 Information System Security
Focuses on safeguarding data, processes, and systems to maintain confidentiality, integrity, and availability.
4.5 Principles of Information Security
1. Confidentiality: Protecting sensitive data from unauthorized disclosure.
2. Integrity: Ensuring data accuracy and consistency.
3. Availability: Ensuring data and systems are accessible when needed.
4.6 Information Security Policy
A formal document outlining guidelines and rules for safeguarding information assets.
Key Components of Information Security Policy
1. Scope: Defines the coverage of the policy.
2. Roles and Responsibilities: Assigns accountability for security practices.
3. Access Control: Regulates access to systems and data.
4. Incident Management: Procedures for handling security breaches.
5. Monitoring and Compliance: Ensures adherence to policies.

Chapter 5: Business Continuity Planning and Disaster Recovery Planning


5.1 Introduction
Business continuity ensures critical processes continue during disruptions, while disaster recovery restores IT sys-
tems and data after adverse events.
5.2 Need of Business Continuity Management
1. Ensures organizational resilience to handle emergencies.
2. Reduces financial and reputational losses during disasters.
3. Builds confidence among stakeholders by safeguarding operations.
5.3 BCM Policy
A formal document outlining objectives, scope, and roles for business continuity management. It ensures alignment
with enterprise strategies and regulatory requirements.
5.4 Business Continuity Planning
Systematic preparation to handle unexpected disruptions to ensure minimal downtime and continued operations.
Steps in Business Continuity Planning
1. Risk Assessment: Identifying potential threats and vulnerabilities.
2. Business Impact Analysis (BIA): Determining the consequences of disruptions on operations.
3. Strategy Development: Formulating plans to manage identified risks.
5.5 Business Continuity Management (BCM) Process
The BCM process integrates planning, response, recovery, and monitoring to protect critical functions.

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


6
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

Steps of BCM Process


1. Identify Key Functions: Recognize essential activities and dependencies.
2. Conduct BIA and Risk Assessment: Evaluate risks and their potential impacts.
3. Develop Strategies: Define measures for risk reduction and recovery.
4. Implement Plans: Execute solutions, including backups and alternate sites.
5. Test and Maintain: Validate and update the plan regularly.
5.6 Business Continuity Management (BCM) Cycle
The BCM cycle involves continuous improvement through four key stages:
1. Plan: Establish strategies and policies.
2. Do: Implement and execute plans.
3. Check: Monitor and test effectiveness.
4. Act: Update and improve based on feedback.
5.7 Types of Plans
1. Business Continuity Plan (BCP): Focuses on sustaining critical operations.
2. Disaster Recovery Plan (DRP): Outlines steps to restore IT systems post-disaster.
3. Crisis Communication Plan: Coordinates internal and external communication during crises.
4. Emergency Response Plan: Provides immediate responses to incidents.
5.8 Types of Back-ups
1. Full Back up: Copies all data.
2. Incremental Backup: Copies changes made since the last backup.
3. Differential Backup: Copies changes since the last full backup.
4. Mirror Backup: Provides real-time replication of data.
5.9 Alternate Processing Facility Arrangements
1. Cold Site: Requires setup before use; least expensive.
2. Warm Site: Pre-configured but requires updates to become operational.
3. Hot Site: Fully operational and ready for immediate use; most expensive.
4. Mobile Site: Portable setup for temporary operational continuity.
5.10 Disaster Recovery Procedural Plan
A step-by-step guide for restoring IT systems and services post-disruption, ensuring minimal downtime. Includes
timelines, responsibilities, and detailed recovery actions.
Key Areas Covered in a Disaster Recovery Plan
1. Pre-Disaster Preparation: Risk analysis and preventive measures.
2. Response Procedures: Immediate actions after disaster occurrence.
3. Recovery Activities: Steps for restoring systems and operations.

Chapter 6. System Development Life Cycle (SDLC)


6.1 Introduction
• SDLC provides a sequence of activities for system designers and developers.
• Involves acquiring or developing and maintaining application systems used in routine business processes.
• SDLC is document-driven, producing documentation at crucial stages.
• Barry Boehm’s W5HH principle:

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


7
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

o Why is the system being developed?


o What will be done?
o When will it be done?
o Who is responsible for a function?
o Where are they located organizationally?
o How will the job be done technically and managerially?
o How much of each resource is needed?
6.2 Need for SDLC
Situations requiring SDLC:
• New service delivery opportunities related to new or existing business processes.
• Problems with existing systems or business activities.
• Strategic management focus shifts, such as mergers or new service delivery channels.
• Advances or replacements in existing technology.
• Competitors enhancing service quality through automation.
Advantages of SDLC:
• Better planning and control by project managers.
• Compliance with standards ensures better quality.
• Documentation improves communication and control.
• Phases provide milestones for reviews and sign-offs.
Shortcomings of SDLC:
• Cumbersome for development teams.
• Long visibility delay of the end product for users.
• Rigidity may prolong projects.
• Unsuitable for small or medium-sized projects.
6.3 System Development Life Cycle (SDLC) Phases
1. Preliminary Investigation
o Initiated by a system request to analyse the strategic benefits of implementing a system.
o Includes feasibility study dimensions:
▪ Technical: Is the technology available?
▪ Financial: Is the solution financially viable?
▪ Economic: Return on investment?
▪ Schedule/Time: Delivery feasibility within timelines?
▪ Resources: Human resource readiness?
▪ Operational: Solution’s workability?
▪ Behavioural: Impact on employees’ morale and quality of work life?
▪ Legal: Validity in legal terms?
▪ Political: Internal acceptance?
2. System Requirements Analysis
o Identification and documentation of user needs.
o Deliverable: Software Requirement Specification (SRS).
3. System Designing

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


8
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

o Detailed architecture and design of the system to meet requirements.


o Includes data flow diagrams, screen designs, database specifications, and security plans.
4. System Development
o Conversion of design specifications into a functional system.
o Characteristics of good coded programs:
▪ Reliability: Consistent operation over time.
▪ Robustness: Resilience in adverse conditions.
▪ Accuracy: Proper functionality without errors.
▪ Efficiency: Optimal performance per unit cost.
▪ Usability: User-friendly interface and documentation.
▪ Readability: Easy maintenance.
5. System Testing
o Testing includes:
▪ Unit testing: Individual modules.
▪ Integration testing: Combined modules.
▪ Regression testing: Identifying errors after changes.
▪ System testing: Complete system validation.
6. System Implementation
o Involves:
▪ Equipment installation.
▪ Training personnel.
▪ Transition to the new system with old systems running parallel initially.
7. Post-Implementation Review and Maintenance
o Types of maintenance:
▪ Scheduled: Planned for operational continuity.
▪ Rescue: Immediate troubleshooting of unforeseen issues.
▪ Corrective: Fixing bugs or design flaws.
▪ Adaptive: Adapting to changes in the environment.
▪ Perfective: Enhancing system performance and user interface.
▪ Preventive: Improving maintainability through documentation and updates.
6.4 Operation Manuals
• A typical user’s guide with:
o Preface, index, FAQs, and glossary.
o Guides on system functions, troubleshooting, and contact information.

Chapter 7. System Acquisition and Development Methodologies


7.1 Introduction
• System acquisition is critical for organizations to meet business objectives efficiently.
• Focuses on methods for acquiring software and evaluating IT proposals, along with an overview of SDLC
models.
7.2 Information System Acquisition

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


9
SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

• Procurement Options:
o In-House Development: Tailored to meet specific organizational needs but requires significant
resources.
o Procurement from External Sources: Ready-made software solutions that reduce development
time.
o Hybrid Approach: Combines internal and external solutions to balance customization and effi-
ciency.
• Evaluation of Proposals:
o Functional and non-functional requirements.
o Vendor reputation, technical capabilities, and financial stability.
o Cost-benefit analysis and alignment with organizational goals.
7.3 Information System Development Methodologies
• Waterfall Model:
o Sequential development process with distinct phases: Analysis, Design, Implementation, Testing,
Deployment, Maintenance.
o Advantages: Simple and structured.
o Disadvantages: Rigid and unsuitable for dynamic requirements.
• Prototyping Model:
o Development of a working model for iterative refinement based on user feedback.
o Advantages: Enhances user involvement and satisfaction.
o Disadvantages: Risk of scope creep and incomplete analysis.
• Agile Methodology:
o Emphasizes iterative progress through small, incremental sprints with customer collaboration.
o Advantages: Highly flexible and adaptive.
o Disadvantages: Requires skilled teams and close communication.
• V-Model:
o Extends the Waterfall Model with a parallel emphasis on verification and validation.
o Advantages: Focuses on quality assurance.
o Disadvantages: Rigid and less flexible.
• RAD (Rapid Application Development):
o Prioritizes quick delivery using prototyping and iterative refinement.
o Advantages: Accelerates development and improves user involvement.
o Disadvantages: High dependency on user feedback and skilled developers.

Chapter 8. Information Systems’ Control and Its Classification


8.1 Introduction
• Information Systems (IS) controls ensure the confidentiality, integrity, and availability of information re-
sources.
8.2 Controls
• Preventive Controls:
o Aim to prevent errors or unauthorized access before they occur.
10

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

o Examples: Authentication mechanisms, firewalls, and role-based access controls.


• Detective Controls:
o Identify and report errors or irregularities after they occur.
o Examples: Intrusion detection systems (IDS), activity logs, and audit trails.
• Corrective Controls:
o Address and rectify issues discovered by detective controls.
o Examples: System patches, backups, and error corrections.
8.3 Classification of Controls
1. Administrative Controls:
o Policies, procedures, and training designed to establish accountability.
o Examples: Security policies, employee training, and segregation of duties.
2. Technical Controls:
o Security measures implemented through technology.
o Examples: Firewalls, encryption, and intrusion prevention systems (IPS).
3. Physical Controls:
o Safeguard physical assets and resources.
o Examples: Surveillance systems, biometric access controls, and secure facilities.
8.4 Role of Auditors While Inspecting Controls
• Assess the design, implementation, and effectiveness of controls.
• Perform compliance testing and identify potential gaps or weaknesses.
• Recommend corrective actions to strengthen control systems.

Chapter 9. Information Technology Tools


9.1 Introduction
• IT tools facilitate operational efficiency, enhance decision-making, and ensure control over business pro-
cesses.
9.2 Control and Inspection of Information Systems
• Tools such as ACL, IDEA, and SQL enable anomaly detection and data analysis for auditing purposes.
9.3 Information Systems Auditing
• Auditing ensures that systems comply with regulatory requirements and support organizational objectives.
9.4 Auditing Around vs. Through the Computer
• Auditing Around the Computer:
o Focuses on verifying the outputs of systems to ensure reliability.
• Auditing Through the Computer:
o Examines system processing and internal controls to validate accuracy.
9.5 IT Tools for Controls
• Examples:
o Vulnerability Scanners: Detect weaknesses in system security.
o File Integrity Checkers: Monitor changes to critical files.
o Network Monitoring Tools: Track and analyse network traffic for anomalies.
11

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

Chapter 10. Digital Data and Privacy


10.1 Introduction
• Data Collection and Processing:
o Proper data collection and storage enable easier analysis.
o Examples: HR records for productivity analysis, accounting data for expense policy restructuring.
10.2 Data Protection
• Digital Assets:
o Information Assets: Valuable data with potential monetary benefits.
o Digital Assets: Include data, images, videos, written content, etc.
• Data Protection Components:
o Data Privacy: Focuses on authentication, encryption, data loss prevention, threat monitoring, ac-
cess control, and breach response.
o Data Security: Implements policies to protect personal data.
o Secure & Usable Data: Ensures governance, third-party contacts, discovery/classification,
and data erasure.
• Data Protection Challenges:
o Physical loss of data, loss of confidentiality, and unresponsive data.
10.3 Fair Information Practices
• Principles:
o Collection Limitation: Limit personal data collected and standardize procedures.
o Data Quality: Ensure accurate and relevant data for decision-making.
o Purpose Specification: Data should be encrypted and used only for specified purposes.
o Use Limitation: Use multi-factor authentication to restrict access.
o Security Safeguards: Encrypt data during storage, processing, and transmission.
o Accountability: Data collectors must follow these principles.
• Challenges:
o For Users: Online tracking, losing control of data, lack of transparency, and social media data col-
lection.
o For Businesses: Communication gaps, cybercrime threats, insider threats, and data breaches.
10.4 Data Security Tools
• Encryption: Protects data by scrambling it, requiring a key for decryption.
• Firewalls: Monitor and block unauthorized traffic in business networks.
• Two-Factor Authentication (2FA): Combines something you know (password) with something you have
(mobile OTP or biometrics).
• Access Control: Ensures only authorized parties access systems and data.
• Data Loss Prevention (DLP): Prevents unauthorized copying, deletion, or leakage of data.

10.5 Data Analysis


• Types of Data:
o Internal Data: Business transactions, customer records, and financial metrics.
12

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

o External Data: Consumer trends, competitors, and market data.


o Marketing Data: Customer preferences and behaviours from social media, cookies, etc.
o Structural Data: Infrastructure designs like blueprints.
• Categories of Data):
o Qualitative Data: Asks "why" (descriptive and non-statistical).
o Quantitative Data: Asks "how much" (statistical and measurable).
• Benefits of Data Analysis:
o Improved operational efficiency, better customer understanding, new business models, and risk
management.
10.6 Data Analysis Tools:
Tool Type Uses Pros Cons
Microsoft Business Ana- Data visualization and Regular updates, good Clunky interface, data limits
BI lytics Suite predictive analytics visualizations in free version
Tableau Data Visualiza- Creating dashboards and Great visualizations, No data preprocessing,
tion Tool worksheets mobile support poor version control
Python Programming Data scraping, analysis, Easy to learn, widely Memory-intensive
Language reporting used
R Programming Statistical analysis and Platform independent, Complex to learn, slower
Language data mining compatible than Python

10.7 Data Analytics


• Relationship Between Data Analysis and Data Analytics:
o Data Analysis is a subset of Data Analytics.
o Data Analytics includes broader applications for business decisions.
• Types of Data Analytics:
o Descriptive: What happened?
o Diagnostic: Why did it happen?
o Predictive: What is likely to happen?
o Prescriptive: What’s the best course of action?
10.8 Data Assurance
• Key Elements:
o Data Governance: Managing availability, usability, and security of data.
o Data Profiling: Analyzing data to identify quality issues.
o Master Data Management (MDM): Ensures accuracy and consistency of core business data.
10.9 IT Act 2000-Based Regulatory Compliances
• Objectives:
o Legal recognition of digital transactions and signatures.
o Facilitate electronic filing and storage of documents.
• Key Provisions (Sections):
o 43: Penalty for data damage.
o 66C: Punishment for identity theft.
13

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

o 66D: Punishment for cheating by impersonation using computers.


o 67: Penalty for publishing obscene material online.
• Cybersecurity Requirements:
o Follow ISO 27001 standards for data security.
o Conduct annual penetration tests and regular risk assessments.
10.10 Digital Personal Data Protection Act, 2023
• Highlights of the Act:
o Applicability: Applies to digital personal data processed in India or related to services offered in
India.
o Consent: Data processing requires user consent, which can be withdrawn anytime.
o Rights of Data Principals:
▪ Information, correction, erasure, grievance redressal, and nomination rights.
o Data Fiduciary Obligations:
▪ Ensure data accuracy, prevent breaches, and erase data once its purpose is served.
o Transfer of Data Outside India: Permitted except to restricted countries.
• Enforces privacy rights and promotes responsible data handling practices.
• Key principles include:
o Data Minimization: Collect only necessary data.
o Retention and Deletion: Maintain data only as long as required.

Chapter 11: Business Intelligence (BI)

11.1 Introduction

1. Business Intelligence (BI) transforms raw data into actionable insights for decision-making.

2. BI uses tools, software, or services to create dashboards, graphs, charts, and reports that guide organiza-
tions in making informed choices.

3. Modern BI tools enable businesses to identify market trends, monitor financial performance, understand
customer behaviour, and capitalize on opportunities.

11.2 Functionalities of Business Intelligence

1. Analytics: Uses techniques like seasonal analysis, "what-if" scenarios, and data modelling to identify
trends.

2. Dashboards: Provides visual collections of KPIs, metrics, and data for quick insights.

3. Data Mining: Leverages machine learning and statistical methods to uncover patterns in datasets.

4. ETL (Extract, Transform, Load): Extracts data, cleans it, and loads it into data warehouses for analysis.

5. Model Visualization: Converts raw data into visual formats like charts and histograms for better under-
standing.

6. OLAP (Online Analytical Processing): Performs multidimensional analyses for CRM, forecasting, and
budgeting.

7. Predictive Modelling: Predicts trends and outcomes using statistical methods.

8. Reporting: Generates detailed reports for organizational understanding and decisions.


14

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

9. Scorecards: Tracks and measures KPIs using visual tools.

10. Real-Time Monitoring: Enables immediate decision-making by analysing operational data in real-time.

11. Collaborative BI: Shares insights with stakeholders inside and outside the organization.

12. Mobile BI: Allows access to BI tools on mobile devices for convenience.

11.3 Business Intelligence Life Cycle

1. Analyse Business Requirements: Identify the business goals and necessary analysis.

2. Design Data Model: Develop logical models that showcase relationships in the data.

3. Design Physical Schema: Structure the data warehouse by building schemas based on models.

4. Build the Data Warehouse: Populate the warehouse with data from source systems.

5. Create BI Project Structure: Define metadata and organize the project for data mapping.

6. Develop BI Objects: Create reports, dashboards, metrics, and charts for analysis.

7. Administer and Maintain: Regularly monitor and update the BI system to ensure functionality and secu-
rity.

11.4 Business Intelligence Tools

1. Popular Tools:

o Microsoft Power BI: Offers real-time analytics, AI-driven insights, and integration with multiple
data sources.

o Tableau: Simplifies data visualization with live analytics.

o QlikSense: Provides self-service analytics and conversational AI.

o Dundas BI: Features interactive dashboards with drag-and-drop functionality.

o Sisense: Focuses on simplicity and fast analytics.

2. Additional BI Tools: Zoho Analytics, Oracle BI, SAS Visual Analytics, and others.

3. Key Benefits:

o Centralizes data for better insights.

o Automates reporting processes.

o Enhances forecasting and efficiency.

11.5 Chart Types in Power BI

1. Line Charts: Visualize trends over time.

2. Bar Charts: Represent absolute values, including positive and negative data.

3. Pie Charts: Display data proportions as percentages.

4. Doughnut Charts: Similar to pie charts, with a hollow centre.

5. Funnel Charts: Show data progression through stages (e.g., recruitment processes).

11.6 Business Intelligence vs Data Analytics

1. Business Intelligence (BI):

o Focuses on historical data for decision-making.


15

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

o Provides actionable insights to drive business growth.

2. Data Analytics:

o Cleanses and transforms raw data into meaningful formats.

o Models and predicts trends for informed strategies.

Chapter 12: ABCD of FinTech

12.1 Introduction

1. FinTech leverages technology to revolutionize financial services, including lending, payments, insurance,
and asset management.

2. Categories:

o B2C (Business-to-Consumer): Direct solutions like mobile payments and digital banking.

o B2B (Business-to-Business): Cloud-based services for businesses.

3. Core Technologies: Artificial Intelligence (AI), Blockchain, Cloud Computing, and Big Data (ABCD).

12.2 Technologies Powering FinTech

1. Artificial Intelligence (AI):

o Enhances fraud detection, personalization, and predictive analytics.

o Classification:

▪ Capabilities:

▪ Narrow AI: Performs specific tasks (e.g., Siri).

▪ General AI: Hypothetical AI that replicates human intelligence.

▪ Super AI: Theoretical AI that surpasses human intelligence.

▪ Functionalities:

▪ Reactive AI: Responds to inputs without memory.

▪ Limited Memory AI: Makes decisions based on past experiences.

▪ Theory-of-Mind AI: Understands emotions and social contexts.

▪ Self-Aware AI: Hypothetical sentient AI.

2. Blockchain:

o A secure, decentralized ledger for transactions.

o Types: Public, Private, Consortium, and Hybrid.

o Features: Transparency, distributed control, and immutability.

3. Cloud Computing:

o Types: Public, Private, Hybrid clouds.

o Service Models: IaaS, PaaS, SaaS.

o Benefits: Scalability, cost-efficiency, and accessibility.


16

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

4. Big Data:

o Drives insights for fraud detection, customer behaviour analysis, and real-time decision-making.

12.3 FinTech Trends and Benefits

1. Trends:

o Expansion of digital banking and mobile payments.

o Blockchain for decentralized finance.

o AI-driven customer experiences.

2. Benefits:

o Encourages competition and innovation.

o Promotes financial inclusion through digital services.

o Accelerates processes, reducing costs and delays.

12.4 Challenges in FinTech

1. Exclusion of digitally and financially illiterate groups.

2. Algorithmic biases in automated systems.

3. Risks of fraud, scams, and data breaches.

4. Complexity in understanding advanced financial products.

12.5 FinTech Use Cases

1. Mobile Payments: Secure transactions through apps like Apple Pay and Google Pay.

2. Retail Banking: Enhances access and affordability of services.

3. Blockchain and Cryptocurrency: Enables secure, decentralized financial platforms (e.g., Bitcoin).

4. Insurance (InsurTech): Simplifies policy management and claims processing.

5. Payment Gateways: Facilitates cost-effective online transactions (e.g., PayU India).

12.6 Regulatory Compliance and Cybersecurity

1. Importance of data protection laws (e.g., India’s IT Act Sections 43A and 72A).

2. Emphasis on Confidentiality, Integrity, and Availability in transactions.

3. Cybersecurity frameworks to address risks and ensure safe systems.

12.7 Evolution of Digital Currency

1. Cryptocurrencies like Bitcoin provide decentralized, borderless transactions.

2. Features include cryptographic security and consensus-driven validation.

Illustrations

1. Nike: Uses AI to customize sneakers and gather consumer insights.

2. Starbucks: Employs predictive analytics for personalized recommendations and seamless ordering.
17

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

Chapter 13. Emerging Technologies

13.1. Introduction to Emerging Technologies

• Emerging technologies are innovations that have the potential to significantly impact industries and rede-
fine business processes.

• They are often disruptive and create new opportunities and challenges.

13.2. Key Technologies and Their Applications

13.2.1 Internet of Things (IoT)

• Definition: IoT refers to a network of interconnected devices that communicate and exchange data in real-
time.

• Key Features:

o Real-time monitoring and data exchange.

o Automation of processes.

• Applications:

1. Smart Homes and Cities:

▪ Smart lighting, temperature control, and energy management.

▪ Traffic management and waste management in smart cities.

2. Industrial Automation:

▪ Predictive maintenance to reduce downtime.

▪ Enhanced efficiency in manufacturing processes.

3. Healthcare:

▪ Remote health monitoring using wearable devices.

▪ Smart medical devices for real-time patient data.

13.2.2 Quantum Computing

• Definition: Quantum computing leverages quantum mechanics principles like superposition and entangle-
ment to perform computations at unprecedented speeds.

• Key Features:

o Processes data faster than classical computers.

o Solves complex problems that are otherwise infeasible.

• Applications:

1. Drug Discovery:

▪ Simulation of molecular structures to accelerate drug development.

2. Optimization Problems:

▪ Logistics and supply chain optimization.


18

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

▪ Portfolio optimization in finance.

3. Cryptography:

▪ Strengthening secure communications through quantum encryption.

13.2.3 Regtech

• Definition: Regtech, or Regulatory Technology, involves the use of technology to simplify regulatory com-
pliance.

• Key Features:

o Automates compliance processes.

o Reduces the risk of regulatory penalties.

• Applications:

1. Compliance Reporting:

▪ Automated generation of regulatory reports.

2. Fraud Detection:

▪ Real-time monitoring of transactions to identify anomalies.

3. Adherence to Privacy Laws:

▪ Ensures compliance with laws like GDPR (General Data Protection Regulation) and DPDP
(Digital Personal Data Protection Act).

13.3. Advantages of Emerging Technologies

• Efficiency:

o Streamline processes and reduce manual intervention.

• Real-time Insights:

o Facilitate informed decision-making through instant data analysis.

• Transparency and Security:

o Enhance trust through secure and transparent systems.

• Cost Reduction:

o Optimize resources and reduce operational costs over time.

13.4. Challenges in Adopting Emerging Technologies

• High Initial Investment:

o Deployment of technologies like IoT and quantum computing requires significant upfront costs.

• Skill Gaps:

o Shortage of professionals with expertise in emerging technologies.

• Regulatory and Ethical Concerns:

o Compliance with data protection laws and ethical implications of automation and AI.

13.5. Future Trends


19

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

• Integration of AI with IoT:

o Smarter devices capable of autonomous decision-making.

• Quantum Computing Expansion:

o Wider adoption in industries like healthcare, finance, and cybersecurity.

• Growth of Regtech:

o Increased reliance on technology for regulatory adherence in fintech and healthcare sectors.

• Sustainability Focus:

o Emerging technologies addressing climate change and sustainable practices.

20

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

MCQs
Chapter 1: Concepts of Governance and IT Strategy

1. What is the primary goal of IT governance?


a) Reducing IT costs
b) Ensuring alignment between IT and business goals
c) Increasing the complexity of IT systems
d) Managing daily operations
Answer: b) Ensuring alignment between IT and business goals

2. Which framework is widely used for IT governance?


a) COBIT
b) ISO 9001
c) ITSM
d) GDPR
Answer: a) COBIT

3. What is a key principle of governance?


a) Restricting innovation
b) Aligning IT goals with business goals
c) Increasing stakeholder conflicts
d) Avoiding risk management
Answer: b) Aligning IT goals with business goals

4. What does ISO 27001 focus on?


a) Business strategy alignment
b) IT service management
c) Information security management
d) Risk analysis
Answer: c) Information security management

5. What does COBIT stand for?


a) Control Objectives for IT Businesses
b) Control Objectives for Information and Related Technology
c) Corporate Objectives and IT Budgeting
d) Compliance Objectives for IT Governance
Answer: b) Control Objectives for Information and Related Technology

6. Which of the following is NOT a benefit of IT governance?


a) Enhanced business agility
b) Better cost performance of IT
c) Misalignment of IT with business strategy
d) Improved compliance with laws
Answer: c) Misalignment of IT with business strategy

7. What is the COBIT principle related to stakeholders?


a) Holistic approach
b) Dynamic governance
c) Providing stakeholder value
d) End-to-end governance
Answer: c) Providing stakeholder value

8. Which domain in COBIT focuses on performance monitoring?


a) MEA
b) APO
c) DSS
21

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) BAI
Answer: a) MEA

9. What is the primary role of the IT steering committee?


a) Managing daily operations
b) Approving IT budgets
c) Overseeing IT deployment and alignment with business goals
d) Performing IT audits
Answer: c) Overseeing IT deployment and alignment with business goals

10. Which COBIT domain deals with solution acquisition and implementation?
a) DSS
b) BAI
c) APO
d) EDM
Answer: b) BAI

11. What is a key element of a governance framework?


a) Unlimited resources
b) Conceptual models
c) Unregulated processes
d) Ad-hoc decision-making
Answer: b) Conceptual models

12. What is the first step in the IT strategy planning process?


a) Define IT capabilities
b) Understand enterprise direction
c) Conduct gap analysis
d) Monitor IT operations
Answer: b) Understand enterprise direction

13. What does GEIT stand for?


a) Governance for Enterprise IT
b) General Enterprise IT Tools
c) Governance of Enterprise IT
d) Governance Essentials for IT
Answer: c) Governance of Enterprise IT

14. Which component is NOT part of COBIT’s governance system?


a) Policies and procedures
b) People, skills, and competencies
c) Cloud infrastructure only
d) Organizational structures
Answer: c) Cloud infrastructure only

15. What does an effective governance system ensure?


a) That all IT-related decisions are ad-hoc
b) Alignment of IT and business objectives
c) Complete elimination of risks
d) Sole focus on IT security
Answer: b) Alignment of IT and business objectives

16. Which of the following is NOT a COBIT governance principle?


a) Dynamic governance system
b) Governance distinct from management
c) IT-centric framework only
22

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) End-to-end governance
Answer: c) IT-centric framework only

17. Which of these roles is NOT typically part of IT governance?


a) Board of Directors
b) CIO
c) External Vendors
d) Middle Management
Answer: c) External Vendors

18. What is the primary focus of IT governance?


a) Enhancing employee performance
b) Managing business operations
c) Delivering value from IT investments
d) Implementing marketing strategies
Answer: c) Delivering value from IT investments

19. Which of the following refers to IT and business alignment?


a) Operational strategy
b) Enterprise strategy
c) Conformance
d) Compliance
Answer: b) Enterprise strategy

20. What does MEA stand for in COBIT?


a) Monitor, Evaluate, and Assess
b) Manage, Execute, and Analyze
c) Monitor, Execute, and Adapt
d) Measure, Evaluate, and Align
Answer: a) Monitor, Evaluate, and Assess

Chapter 2: Governance, Risk, and Compliance Framework

1. What does GRC stand for?


a) Governance, Risk, and Compliance
b) General Risk Controls
c) Governance and Risk Cycle
d) Growth, Risk, and Compliance
Answer: a) Governance, Risk, and Compliance

2. Which is a key element of a risk management framework?


a) Risk Appetite
b) IT Budget
c) Revenue Reports
d) Employee Feedback
Answer: a) Risk Appetite

3. What type of risk arises due to external events?


a) Operational Risk
b) Strategic Risk
c) External Risk
d) Financial Risk
Answer: c) External Risk

4. What is the first step in risk management?


a) Risk Mitigation
23

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

b) Risk Analysis
c) Risk Identification
d) Risk Communication
Answer: c) Risk Identification

5. Which of the following is NOT an internal control type?


a) Preventive
b) Corrective
c) Detective
d) Compulsive
Answer: d) Compulsive

6. What is the role of governance in GRC?


a) To set the overall strategy and oversight
b) To reduce audit efforts
c) To manage day-to-day IT tasks
d) To eliminate risks completely
Answer: a) To set the overall strategy and oversight

7. Which is an example of a compliance regulation?


a) GDPR
b) ISO 31000
c) COBIT
d) ITIL
Answer: a) GDPR

8. Which type of risk is associated with IT system failures?


a) Strategic Risk
b) Compliance Risk
c) Operational Risk
d) Financial Risk
Answer: c) Operational Risk

9. What does a GRC framework aim to achieve?


a) Increased organizational risk
b) Improved governance and compliance
c) Elimination of IT audits
d) Reduced focus on regulations
Answer: b) Improved governance and compliance

10. Which term refers to the rules for how risks are handled?
a) Risk Analysis
b) Risk Mitigation
c) Risk Policy
d) Risk Scoring
Answer: c) Risk Policy

Chapter 3: Enterprise Risk Management Framework

1. What is Enterprise Risk Management (ERM)?


a) A method to analyze financial performance
b) A process to identify, assess, and manage enterprise risks
c) A system for automating IT processes
d) A framework for managing stakeholders
Answer: b) A process to identify, assess, and manage enterprise risks

2. Which framework is widely used for Enterprise Risk Management?


a) COSO ERM
24

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

b) ISO 9001
c) ITIL
d) PCI-DSS
Answer: a) COSO ERM

3. What does the term 'risk appetite' signify in ERM?


a) The tolerance level for risk the organization is willing to accept
b) A framework for monitoring risks
c) The probability of risk occurrence
d) The desire to eliminate risks entirely
Answer: a) The tolerance level for risk the organization is willing to accept

4. Which is NOT a key component of the ERM framework?


a) Risk assessment
b) Governance structure
c) Marketing strategy
d) Control environment
Answer: c) Marketing strategy

5. Which stage in the ERM process involves prioritizing risks?


a) Risk Monitoring
b) Risk Analysis
c) Risk Identification
d) Risk Evaluation
Answer: d) Risk Evaluation

6. What is the goal of ERM?


a) To reduce all risks to zero
b) To optimize risk-taking to enhance enterprise value
c) To eliminate operational complexity
d) To increase IT budgets
Answer: b) To optimize risk-taking to enhance enterprise value

7. What is 'inherent risk' in ERM?


a) The risk remaining after controls are applied
b) Risk that exists naturally in the absence of controls
c) A type of financial risk
d) Risks that occur only due to external factors
Answer: b) Risk that exists naturally in the absence of controls

8. Which of the following is NOT a risk response strategy in ERM?


a) Avoid
b) Transfer
c) Retain
d) Complicate
Answer: d) Complicate

9. What is the purpose of a 'control activity' in ERM?


a) To increase the complexity of risk reporting
b) To mitigate identified risks
c) To increase the number of regulations
d) To ensure stakeholder conflicts
Answer: b) To mitigate identified risks

10. What does 'ERM integration' mean?


a) Managing risks independently in silos
b) Coordinating risk management across the entire organization
25

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Outsourcing risk-related activities


d) Limiting risk management to IT systems
Answer: b) Coordinating risk management across the entire organization

11. Which type of risk is most likely to impact strategic goals?


a) Financial Risk
b) Compliance Risk
c) Operational Risk
d) Strategic Risk
Answer: d) Strategic Risk

12. What does 'residual risk' mean?


a) Risk that is completely eliminated
b) Risk remaining after controls are applied
c) Risks that are not identified during assessment
d) Risk transferred to third parties
Answer: b) Risk remaining after controls are applied

13. Which of the following is a key benefit of ERM?


a) Improved compliance with data regulations
b) Increased stakeholder engagement
c) Better alignment of risk and strategy
d) Reduced financial reporting accuracy
Answer: c) Better alignment of risk and strategy

14. Which element of ERM involves reviewing the effectiveness of risk measures?
a) Risk Identification
b) Risk Monitoring
c) Risk Response
d) Risk Appetite
Answer: b) Risk Monitoring

15. What is 'risk culture'?


a) The organizational mindset toward risk management
b) The process of analyzing risks
c) The technical tools used in risk management
d) The outsourcing of risk activities
Answer: a) The organizational mindset toward risk management

16. Which of these is a type of operational risk?


a) Data breaches
b) Revenue fluctuations
c) Poor marketing decisions
d) Political instability
Answer: a) Data breaches

17. Which principle of ERM emphasizes aligning risks with the organization's strategy?
a) Risk Identification
b) Strategic Integration
c) Performance Management
d) Compliance Alignment
Answer: b) Strategic Integration

18. What is the 'control environment' in ERM?


a) The framework for external compliance
b) The culture and structure for managing risks effectively
c) The financial cost of risk management
26

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) The area where physical controls are implemented


Answer: b) The culture and structure for managing risks effectively

19. What does a 'heat map' represent in risk management?


a) A representation of risk appetite
b) A visual tool to plot risk likelihood and impact
c) A graph of past risk events
d) A tool for monitoring compliance
Answer: b) A visual tool to plot risk likelihood and impact

20. Which role is primarily responsible for ensuring ERM is implemented effectively?
a) IT Administrator
b) Risk Manager
c) Financial Analyst
d) HR Manager
Answer: b) Risk Manager

Chapter 4: Information System Security Policy

1. What does the CIA triad in information security stand for?


a) Confidentiality, Integrity, Accessibility
b) Confidentiality, Integrity, Availability
c) Compliance, Integrity, Availability
d) Confidentiality, Information, Assurance
Answer: b) Confidentiality, Integrity, Availability

2. What is the purpose of an information security policy?


a) To reduce IT expenses
b) To outline guidelines for protecting information systems
c) To manage employee performance
d) To promote outsourcing of IT services
Answer: b) To outline guidelines for protecting information systems

3. Which of the following is a principle of information security?


a) Decentralization
b) Accountability
c) Openness
d) Anonymity
Answer: b) Accountability

4. What is the primary goal of access control?


a) To prevent unauthorized access
b) To optimize IT resources
c) To increase employee productivity
d) To ensure system backups
Answer: a) To prevent unauthorized access

5. Which standard is widely used for information security management?


a) ISO 27001
b) ITIL
c) COBIT
d) GDPR
Answer: a) ISO 27001

6. What does an Acceptable Use Policy (AUP) define?


a) The process for accessing confidential data
b) Authorized use of an organization’s IT systems and resources
c) Procedures for reporting IT incidents
27

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) Guidelines for system audits


Answer: b) Authorized use of an organization’s IT systems and resources

7. What is the role of encryption in information security?


a) To block access to unauthorized users
b) To ensure data is accessible to everyone
c) To protect data by making it unreadable without a key
d) To eliminate the need for backups
Answer: c) To protect data by making it unreadable without a key

8. Which of the following is NOT a component of an information security policy?


a) Risk management guidelines
b) Compliance requirements
c) Employee salary structure
d) Data classification standards
Answer: c) Employee salary structure

9. What does multi-factor authentication (MFA) provide?


a) Single-layer protection
b) Additional security by requiring multiple forms of verification
c) Faster access to IT resources
d) Encryption of system logs
Answer: b) Additional security by requiring multiple forms of verification

10. Which of the following is an example of a physical security control?


a) Password policies
b) Firewall settings
c) Surveillance cameras
d) Network segmentation
Answer: c) Surveillance cameras

11. Which policy is designed to manage incidents of information security breaches?


a) Data Classification Policy
b) Incident Response Policy
c) Risk Management Policy
d) System Maintenance Policy
Answer: b) Incident Response Policy

12. What is the purpose of periodic audits in information security?


a) To identify areas of non-compliance and vulnerabilities
b) To eliminate security controls
c) To increase IT budgets
d) To promote third-party access
Answer: a) To identify areas of non-compliance and vulnerabilities

13. Which type of security ensures that data is accurate and complete?
a) Integrity
b) Confidentiality
c) Availability
d) Accessibility
Answer: a) Integrity

14. What does ‘least privilege’ mean in access control?


a) Providing minimum access necessary for job performance
b) Allowing unlimited access to IT systems
c) Removing access controls entirely
28

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) Granting access to all employees equally


Answer: a) Providing minimum access necessary for job performance

15. What is a key feature of a strong password policy?


a) Use of default passwords
b) Regularly updating passwords
c) Avoiding special characters
d) Storing passwords on shared documents
Answer: b) Regularly updating passwords

16. What is the purpose of a backup policy?


a) To prevent unauthorized data access
b) To ensure data recovery in case of system failure
c) To eliminate duplicate data
d) To limit user activity on systems
Answer: b) To ensure data recovery in case of system failure

17. Which of the following is a technical control in information security?


a) User training
b) Firewall configuration
c) Security awareness programs
d) Physical access restrictions
Answer: b) Firewall configuration

18. What is the primary focus of a security awareness program?


a) To reduce IT expenses
b) To educate users about security threats and best practices
c) To train auditors on technical controls
d) To eliminate the need for security policies
Answer: b) To educate users about security threats and best practices

19. What is an example of a deterrent security control?


a) Intrusion detection systems
b) Security cameras with warning signs
c) Data encryption
d) Role-based access control
Answer: b) Security cameras with warning signs

20. What is the primary focus of information security policies?


a) Increasing revenue
b) Protecting IT systems and data from threats
c) Minimizing employee workload
d) Eliminating external audits
Answer: b) Protecting IT systems and data from threats

I’ll continue creating 20 MCQs for each remaining chapter. Let’s proceed with Chapter 5 and beyond:

Chapter 5: Business Continuity Planning and Disaster Recovery Planning

1. What is the primary purpose of a Business Continuity Plan (BCP)?


a) To manage employee relations
b) To ensure operations continue during and after a disaster
c) To create an IT budget plan
d) To avoid audits
Answer: b) To ensure operations continue during and after a disaster
29

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

2. Which of the following is NOT a phase in the Business Continuity Management (BCM) process?
a) Risk Assessment
b) Incident Response
c) Financial Reporting
d) Testing and Maintenance
Answer: c) Financial Reporting

3. What does a Disaster Recovery Plan (DRP) focus on?


a) Managing marketing campaigns
b) Restoring IT systems and operations after a disaster
c) Enhancing customer satisfaction
d) Reducing employee turnover
Answer: b) Restoring IT systems and operations after a disaster

4. Which backup type ensures a copy of all data is made, regardless of previous backups?
a) Differential Backup
b) Full Backup
c) Incremental Backup
d) Selective Backup
Answer: b) Full Backup

5. What does the term 'Recovery Time Objective' (RTO) signify?


a) The time taken to detect a disaster
b) The maximum acceptable time to restore operations
c) The duration of system downtime during maintenance
d) The time spent on disaster prevention
Answer: b) The maximum acceptable time to restore operations

6. Which type of site is fully equipped and ready to take over operations immediately in case of a dis-
aster?
a) Cold Site
b) Hot Site
c) Warm Site
d) Hybrid Site
Answer: b) Hot Site

7. What is the purpose of a Risk Assessment in BCM?


a) To create marketing strategies
b) To identify potential threats and their impact
c) To increase revenue
d) To reduce system updates
Answer: b) To identify potential threats and their impact

8. Which document outlines how to handle unexpected incidents that disrupt operations?
a) Financial Report
b) Incident Management Plan
c) Compliance Audit Report
d) Employee Handbook
Answer: b) Incident Management Plan

9. What is the main goal of Business Impact Analysis (BIA)?


a) To analyze employee performance
b) To determine the effects of disruptions on critical operations
c) To measure financial profits
d) To evaluate competitors' strategies
Answer: b) To determine the effects of disruptions on critical operations
30

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

10. Which of the following is a characteristic of a Warm Site?


a) Fully equipped and operational
b) Requires configuration and setup before use
c) Contains only basic infrastructure
d) Permanently offline
Answer: b) Requires configuration and setup before use

11. Which phase in BCM involves testing the effectiveness of the BCP?
a) Development
b) Implementation
c) Maintenance and Testing
d) Risk Assessment
Answer: c) Maintenance and Testing

12. What does the term 'Recovery Point Objective' (RPO) signify?
a) The maximum amount of data loss acceptable
b) The time taken to create a backup
c) The cost of implementing disaster recovery solutions
d) The time to achieve compliance certification
Answer: a) The maximum amount of data loss acceptable

13. What is the role of a Crisis Communication Plan in BCM?


a) To enhance IT capabilities
b) To manage stakeholder communication during disruptions
c) To reduce operating expenses
d) To automate system monitoring
Answer: b) To manage stakeholder communication during disruptions

14. Which of the following is an example of a preventive control in BCM?


a) Installing fire suppression systems
b) Performing regular audits
c) Conducting training for employees
d) Executing the disaster recovery plan
Answer: a) Installing fire suppression systems

15. Which type of backup only stores changes made since the last backup?
a) Differential Backup
b) Incremental Backup
c) Full Backup
d) Selective Backup
Answer: b) Incremental Backup

16. What is a key feature of a Cold Site?


a) Fully operational and ready for immediate use
b) Contains only basic infrastructure with no live data
c) Offers partial IT system capabilities
d) Requires no maintenance or setup
Answer: b) Contains only basic infrastructure with no live data

17. Which of the following is a key benefit of having a Business Continuity Plan?
a) Increased compliance fines
b) Reduction in IT investments
c) Improved organizational resilience
d) Enhanced marketing capabilities
Answer: c) Improved organizational resilience
31

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

18. What is the primary purpose of tabletop exercises in BCM?


a) To evaluate employee satisfaction
b) To simulate and test the response to potential disruptions
c) To identify competitors' weaknesses
d) To train employees on financial management
Answer: b) To simulate and test the response to potential disruptions

19. What is the significance of 'alternate processing facilities' in BCM?


a) They reduce operational costs
b) They act as backup locations for critical operations
c) They enhance IT capabilities
d) They eliminate the need for regular updates
Answer: b) They act as backup locations for critical operations

20. Which of the following is a key objective of disaster recovery testing?


a) To reduce financial losses
b) To identify gaps and improve recovery plans
c) To eliminate backups
d) To implement new regulations
Answer: b) To identify gaps and improve recovery plans

Chapter 6: System Development Life Cycle (SDLC)

1. What is the primary objective of the System Development Life Cycle (SDLC)?
a) To optimize business processes
b) To manage financial risks
c) To guide the development and maintenance of information systems
d) To create organizational policies
Answer: c) To guide the development and maintenance of information systems

2. Which is the first phase of the SDLC?


a) System Design
b) System Analysis
c) Feasibility Study
d) Requirement Gathering
Answer: c) Feasibility Study

3. What is the purpose of the Requirement Gathering phase in SDLC?


a) To identify the needs of stakeholders
b) To implement the system
c) To create system backups
d) To develop training materials
Answer: a) To identify the needs of stakeholders

4. Which phase in SDLC involves creating detailed specifications for system components?
a) Implementation
b) Testing
c) System Design
d) Maintenance
Answer: c) System Design

5. What does the Testing phase in SDLC focus on?


a) Identifying stakeholder needs
b) Validating that the system meets requirements
c) Maintaining system documentation
d) Gathering system requirements
Answer: b) Validating that the system meets requirements
32

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

6. Which of the following is NOT an SDLC model?


a) Waterfall
b) Agile
c) Scrum
d) Lean Six Sigma
Answer: d) Lean Six Sigma

7. What is the key characteristic of the Agile SDLC model?


a) Fixed and linear phases
b) Focus on iterative and incremental development
c) Detailed documentation
d) Avoidance of user involvement
Answer: b) Focus on iterative and incremental development

8. Which SDLC model is best suited for projects with clear and unchanging requirements?
a) Waterfall
b) Agile
c) Spiral
d) Prototype
Answer: a) Waterfall

9. What is the Spiral Model in SDLC primarily used for?


a) Projects with low risk
b) Large and complex projects with high risk
c) Small and simple projects
d) Projects with no budget constraints
Answer: b) Large and complex projects with high risk

10. What is the final phase of the SDLC?


a) System Design
b) Testing
c) Deployment and Maintenance
d) Requirement Analysis
Answer: c) Deployment and Maintenance

11. Which SDLC phase involves training users and deploying the system into production?
a) Implementation
b) Requirement Analysis
c) Testing
d) Feasibility Study
Answer: a) Implementation

12. What is the purpose of a feasibility study in SDLC?


a) To determine if the project is viable and worth pursuing
b) To implement the system
c) To monitor employee performance
d) To create system reports
Answer: a) To determine if the project is viable and worth pursuing

13. Which SDLC model emphasizes the use of working prototypes?


a) Agile
b) Waterfall
c) Prototype Model
d) V-Model
Answer: c) Prototype Model
33

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

14. What does the V-Model in SDLC represent?


a) Sequential development with parallel testing
b) Agile development
c) Iterative system design
d) Non-linear development
Answer: a) Sequential development with parallel testing

15. Which of the following is a key advantage of the Agile model?


a) Rigid project timelines
b) Flexibility to adapt to changes
c) Lack of user involvement
d) Minimal documentation
Answer: b) Flexibility to adapt to changes

16. What is a disadvantage of the Waterfall model?


a) Lack of clear documentation
b) High user involvement
c) Limited flexibility to handle changes
d) Lack of project structure
Answer: c) Limited flexibility to handle changes

17. What does the Maintenance phase in SDLC involve?


a) Identifying system requirements
b) Monitoring and updating the system to ensure functionality
c) Designing the system architecture
d) Testing system components
Answer: b) Monitoring and updating the system to ensure functionality

18. Which model is best suited for projects with evolving requirements?
a) Agile
b) Waterfall
c) V-Model
d) Prototype Model
Answer: a) Agile

19. What does system implementation include?


a) Writing code, integrating components, and testing
b) Identifying business requirements
c) Analyzing system performance
d) Creating feasibility reports
Answer: a) Writing code, integrating components, and testing

20. What is the role of end-users in the SDLC process?


a) Creating the system architecture
b) Providing requirements and feedback
c) Writing program code
d) Managing the testing process
Answer: b) Providing requirements and feedback

Chapter 7: System Acquisition and Development Methodologies

1. What is the primary goal of the system acquisition process?


a) To select and implement the most appropriate system for organizational needs
b) To evaluate employee performance
c) To eliminate IT systems
34

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) To create feasibility reports


Answer: a) To select and implement the most appropriate system for organizational needs

2. Which of the following is NOT a system acquisition method?


a) Custom Development
b) Off-the-Shelf Software
c) Open Source Software
d) Risk Analysis
Answer: d) Risk Analysis

3. What is a key advantage of off-the-shelf software?


a) High customization
b) Cost-effectiveness and rapid implementation
c) Unlimited flexibility
d) Exclusively designed for the organization
Answer: b) Cost-effectiveness and rapid implementation

4. Which SDLC model is best suited for system acquisition?


a) Spiral
b) Prototype
c) Agile
d) V-Model
Answer: b) Prototype

5. What does a feasibility report assess during system acquisition?


a) Cost, technical, and operational feasibility of a proposed system
b) Employee satisfaction
c) Marketing strategies
d) Compliance regulations
Answer: a) Cost, technical, and operational feasibility of a proposed system

6. What is the purpose of Request for Proposal (RFP)?


a) To seek solutions from vendors for system requirements
b) To train employees
c) To implement an existing system
d) To reduce project timelines
Answer: a) To seek solutions from vendors for system requirements

Chapter 9: Information Technology Tools

1. What is the purpose of using CAATs (Computer-Assisted Audit Techniques)?


a) Automating financial forecasting
b) Enhancing the efficiency of auditing procedures
c) Designing system architecture
d) Managing network security
Answer: b) Enhancing the efficiency of auditing procedures

2. Which of the following is a common CAAT tool?


a) Parallel Simulation
b) Firewall Configuration
c) Data Compression Software
d) Virtual Private Networks (VPN)
Answer: a) Parallel Simulation

3. Embedded Audit Modules are used to:


a) Audit transactions in real-time
35

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

b) Encrypt sensitive information


c) Optimize software performance
d) Implement disaster recovery plans
Answer: a) Audit transactions in real-time

4. What does an "Integrated Test Facility" (ITF) do?


a) Separates test data from live data
b) Uses test data within a live environment
c) Archives old data for testing
d) Compresses data for storage
Answer: b) Uses test data within a live environment

5. Which audit tool identifies and flags unusual transactions?


a) Exception Reports
b) Data Encryption Tools
c) Debugging Modules
d) Backup Systems
Answer: a) Exception Reports

6. Why are control flowcharts used in auditing?


a) To manage network configurations
b) To visualize processes and controls
c) To encrypt financial data
d) To validate system speed
Answer: b) To visualize processes and controls

7. The primary function of "Transaction Tagging" in IT audits is to:


a) Mark and trace specific transactions
b) Prevent unauthorized access
c) Enhance hardware efficiency
d) Reduce software dependencies
Answer: a) Mark and trace specific transactions

8. What type of software is used to verify the integrity of data during audits?
a) Compression Software
b) Data Validation Tools
c) Network Monitors
d) File Sharing Systems
Answer: b) Data Validation Tools

9. Continuous auditing tools are designed to:


a) Perform audits on a periodic basis
b) Monitor transactions in real-time
c) Archive historical data
d) Create system recovery plans
Answer: b) Monitor transactions in real-time

10. An "Audit Hook" is primarily designed to:


a) Prevent unauthorized logins
b) Notify auditors of irregular activities
c) Encrypt confidential files
d) Enhance software usability
Answer: b) Notify auditors of irregular activities

11. What is the main purpose of Generalized Audit Software (GAS)?


a) Simplifying financial analysis
b) Assisting in audit testing across systems
36

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Encrypting sensitive client data


d) Optimizing system configurations
Answer: b) Assisting in audit testing across systems

12. Which of the following is a preventive measure in IT audit tools?


a) Firewalls
b) Exception Reports
c) Audit Trails
d) Debugging Software
Answer: a) Firewalls

13. Control Risk Analysis in IT audits involves:


a) Identifying potential control failures
b) Enhancing software reliability
c) Compressing large files
d) Monitoring hardware upgrades
Answer: a) Identifying potential control failures

14. Which tool helps auditors simulate business processes?


a) Parallel Simulation
b) Data Validation Tools
c) Exception Reports
d) Network Monitors
Answer: a) Parallel Simulation

15. Which IT audit tool compares expected vs. actual outcomes of transactions?
a) Integrated Test Facility
b) Re-performance
c) Control Flowchart
d) Audit Hook
Answer: b) Re-performance

16. An audit trail primarily helps in:


a) Improving system efficiency
b) Tracing the history of transactions
c) Encrypting financial data
d) Reducing transaction errors
Answer: b) Tracing the history of transactions

17. What is the purpose of "Snapshot" in IT audits?


a) Capturing real-time data during transactions
b) Compressing archived data
c) Validating security controls
d) Enhancing software compatibility
Answer: a) Capturing real-time data during transactions

18. Which tool is used to check user access privileges?


a) Logical Access Control Software
b) Data Compression Tools
c) Network Speed Analyzers
d) File Backup Systems
Answer: a) Logical Access Control Software

19. What is the primary focus of statistical sampling in IT audits?


a) Automating process controls
b) Evaluating system performance
c) Drawing conclusions from sampled data
37

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) Managing user access


Answer: c) Drawing conclusions from sampled data

20. A "Mapping Program" in IT audits is used to:


a) Trace relationships between data files
b) Encrypt sensitive data
c) Improve processing speed
d) Archive historical files
Answer: a) Trace relationships between data files

Chapter 10: Digital Data and Privacy

1. What is a key principle of data privacy regulations like GDPR?


a) Transparency in data handling
b) Mandatory data encryption
c) Free data sharing policies
d) Unlimited data retention
Answer: a) Transparency in data handling

2. The concept of "Data Minimization" refers to:


a) Collecting only necessary data
b) Reducing data storage costs
c) Eliminating duplicate records
d) Limiting encryption efforts
Answer: a) Collecting only necessary data

3. Which regulation focuses on consumer data protection in India?


a) GDPR
b) HIPAA
c) Digital Personal Data Protection Act, 2023
d) CCPA
Answer: c) Digital Personal Data Protection Act, 2023

4. PII stands for:


a) Personal Identifiable Information
b) Protected Internet Information
c) Private Internal Identifier
d) Public Information Index
Answer: a) Personal Identifiable Information

5. The "right to be forgotten" allows individuals to:


a) Request deletion of their personal data
b) Encrypt their sensitive information
c) Block tracking cookies
d) Access secure cloud services
Answer: a) Request deletion of their personal data

6. A data breach occurs when:


a) Unauthorized access to data is achieved
b) Data is securely encrypted
c) Backups are completed
d) Firewalls are activated
Answer: a) Unauthorized access to data is achieved

7. What does the "purpose limitation" principle mean in data privacy?


a) Data must only be used for the stated purpose
38

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

b) Data should be limited in size


c) Only public data can be accessed
d) Backup data must remain confidential
Answer: a) Data must only be used for the stated purpose

8. Which is an example of sensitive personal data?


a) Bank account details
b) General preferences
c) Public email address
d) Basic demographic information
Answer: a) Bank account details

9. Data encryption primarily aims to:


a) Protect data from unauthorized access
b) Delete unnecessary information
c) Improve data processing speed
d) Store data in cloud systems
Answer: a) Protect data from unauthorized access

10. Anonymization of data means:


a) Removing identifiable information
b) Encrypting all data
c) Deleting data after use
d) Sharing data publicly
Answer: a) Removing identifiable information

11. What is a common safeguard against phishing attacks?


a) Multi-factor authentication
b) Increasing data storage capacity
c) Compressing email attachments
d) Using public Wi-Fi networks
Answer: a) Multi-factor authentication

12. "Data portability" allows users to:


a) Transfer data from one provider to another
b) Encrypt data automatically
c) Delete unwanted emails
d) Improve network performance
Answer: a) Transfer data from one provider to another

13. Which of the following is NOT a privacy-enhancing technology?


a) Virtual Private Networks (VPNs)
b) Firewalls
c) Cookies
d) Anonymization tools
Answer: c) Cookies

14. What is a "Privacy Impact Assessment" (PIA)?


a) An analysis of data protection risks
b) A review of software updates
c) A tool for marketing campaigns
d) A method to compress data
Answer: a) An analysis of data protection risks

15. Which is a key requirement for lawful data processing?


a) User consent
b) Data redundancy
39

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Unlimited retention periods


d) Publicly accessible servers
Answer: a) User consent

16. What does "data retention policy" specify?


a) How long data is stored
b) Encryption methods for data
c) Backup schedules
d) Types of public data
Answer: a) How long data is stored

17. The term "pseudonymization" refers to:


a) Replacing identifiable data with pseudonyms
b) Encrypting passwords
c) Deleting duplicate records
d) Storing data in the cloud
Answer: a) Replacing identifiable data with pseudonyms

18. Which organization enforces GDPR compliance?


a) European Union (EU)
b) United Nations (UN)
c) World Trade Organization (WTO)
d) International Monetary Fund (IMF)
Answer: a) European Union (EU)

19. "Consent management" in data privacy involves:


a) Tracking user permissions
b) Encrypting sensitive data
c) Preventing unauthorized downloads
d) Designing user interfaces
Answer: a) Tracking user permissions

20. Data subjects in privacy laws refer to:


a) Individuals whose data is collected
b) Companies storing the data
c) Cloud service providers
d) Database administrators
Answer: a) Individuals whose data is collected

Chapter 11: Business Intelligence

1. What is the primary goal of Business Intelligence (BI)?


a) Improve decision-making processes
b) Increase network security
c) Optimize software development
d) Manage financial audits
Answer: a) Improve decision-making processes

2. A data warehouse is primarily used for:


a) Real-time transaction processing
b) Storing historical data for analysis
c) Monitoring system performance
d) Encrypting sensitive information
Answer: b) Storing historical data for analysis
40

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

3. Which tool is commonly associated with Business Intelligence?


a) Tableau
b) Apache Hadoop
c) GitHub
d) Jenkins
Answer: a) Tableau

4. ETL in the context of BI stands for:


a) Extract, Transform, Load
b) Encrypt, Transfer, Log
c) Evaluate, Test, Launch
d) Edit, Tag, Link
Answer: a) Extract, Transform, Load

5. Dashboards in BI are used for:


a) Visualizing key performance indicators
b) Encrypting large data sets
c) Real-time software debugging
d) Managing project timelines
Answer: a) Visualizing key performance indicators

6. What is the role of data mining in BI?


a) Extracting patterns and trends from large data sets
b) Compressing files for storage
c) Monitoring transaction histories
d) Developing network infrastructure
Answer: a) Extracting patterns and trends from large data sets

7. Which of the following is NOT a BI tool?


a) Microsoft Power BI
b) SAP BusinessObjects
c) Salesforce
d) Adobe Photoshop
Answer: d) Adobe Photoshop

8. OLAP in BI stands for:


a) Online Analytical Processing
b) Operational Load Application Process
c) Open Line Analysis Procedure
d) Offline Application Processing
Answer: a) Online Analytical Processing

9. Key performance indicators (KPIs) in BI are used to:


a) Measure business performance against objectives
b) Track software errors
c) Encrypt financial data
d) Monitor system backups
Answer: a) Measure business performance against objectives

10. Predictive analytics in BI involves:


a) Forecasting future trends using historical data
b) Encrypting data for secure storage
c) Monitoring real-time network performance
d) Compressing large data files
Answer: a) Forecasting future trends using historical data
41

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

11. Data visualization tools help in:


a) Presenting data in a graphical format
b) Encrypting sensitive data
c) Debugging software applications
d) Monitoring system performance
Answer: a) Presenting data in a graphical format

12. Which BI process involves combining data from multiple sources?


a) Data Integration
b) Data Compression
c) Data Encryption
d) Data Debugging
Answer: a) Data Integration

13. Which of the following is a real-time BI application?


a) Monitoring online sales data
b) Archiving historical records
c) Compressing data for storage
d) Encrypting sensitive emails
Answer: a) Monitoring online sales data

14. A "drill-down" feature in BI allows users to:


a) Access detailed data from summary reports
b) Encrypt individual files
c) Debug software errors
d) Optimize network performance
Answer: a) Access detailed data from summary reports

15. Which term describes the process of cleaning and organizing raw data?
a) Data Preprocessing
b) Data Mining
c) Data Encryption
d) Data Archiving
Answer: a) Data Preprocessing

16. A cloud-based BI solution is advantageous because:


a) It provides scalability and remote access
b) It reduces internet bandwidth usage
c) It guarantees data encryption
d) It eliminates the need for data backups
Answer: a) It provides scalability and remote access

17. Data governance in BI ensures:


a) Accurate, secure, and compliant data usage
b) Faster network speeds
c) Unlimited data retention
d) Real-time debugging
Answer: a) Accurate, secure, and compliant data usage

18. Business Intelligence tools are primarily used by:


a) Decision-makers and analysts
b) Software developers
c) Network engineers
d) Database administrators only
Answer: a) Decision-makers and analysts
42

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

19. Which of the following is a benefit of using BI in organizations?


a) Improved decision-making capabilities
b) Reduced software licensing costs
c) Enhanced hardware performance
d) Faster debugging of applications
Answer: a) Improved decision-making capabilities

20. The "slice-and-dice" feature in BI allows:


a) Viewing data from different perspectives
b) Compressing large datasets
c) Encrypting sensitive data
d) Testing system performance
Answer: a) Viewing data from different perspectives

Chapter 9: Information Technology Tools

1. What is the purpose of using CAATs (Computer-Assisted Audit Techniques)?


a) Automating financial forecasting
b) Enhancing the efficiency of auditing procedures
c) Designing system architecture
d) Managing network security
Answer: b) Enhancing the efficiency of auditing procedures

2. Which of the following is a common CAAT tool?


a) Parallel Simulation
b) Firewall Configuration
c) Data Compression Software
d) Virtual Private Networks (VPN)
Answer: a) Parallel Simulation

3. Embedded Audit Modules are used to:


a) Audit transactions in real-time
b) Encrypt sensitive information
c) Optimize software performance
d) Implement disaster recovery plans
Answer: a) Audit transactions in real-time

4. What does an "Integrated Test Facility" (ITF) do?


a) Separates test data from live data
b) Uses test data within a live environment
c) Archives old data for testing
d) Compresses data for storage
Answer: b) Uses test data within a live environment

5. Which audit tool identifies and flags unusual transactions?


a) Exception Reports
b) Data Encryption Tools
c) Debugging Modules
d) Backup Systems
Answer: a) Exception Reports

6. Why are control flowcharts used in auditing?


a) To manage network configurations
b) To visualize processes and controls
c) To encrypt financial data
d) To validate system speed
Answer: b) To visualize processes and controls
43

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

7. The primary function of "Transaction Tagging" in IT audits is to:


a) Mark and trace specific transactions
b) Prevent unauthorized access
c) Enhance hardware efficiency
d) Reduce software dependencies
Answer: a) Mark and trace specific transactions

8. What type of software is used to verify the integrity of data during audits?
a) Compression Software
b) Data Validation Tools
c) Network Monitors
d) File Sharing Systems
Answer: b) Data Validation Tools

9. Continuous auditing tools are designed to:


a) Perform audits on a periodic basis
b) Monitor transactions in real-time
c) Archive historical data
d) Create system recovery plans
Answer: b) Monitor transactions in real-time

10. An "Audit Hook" is primarily designed to:


a) Prevent unauthorized logins
b) Notify auditors of irregular activities
c) Encrypt confidential files
d) Enhance software usability
Answer: b) Notify auditors of irregular activities

11. What is the main purpose of Generalized Audit Software (GAS)?


a) Simplifying financial analysis
b) Assisting in audit testing across systems
c) Encrypting sensitive client data
d) Optimizing system configurations
Answer: b) Assisting in audit testing across systems

12. Which of the following is a preventive measure in IT audit tools?


a) Firewalls
b) Exception Reports
c) Audit Trails
d) Debugging Software
Answer: a) Firewalls

13. Control Risk Analysis in IT audits involves:


a) Identifying potential control failures
b) Enhancing software reliability
c) Compressing large files
d) Monitoring hardware upgrades
Answer: a) Identifying potential control failures

14. Which tool helps auditors simulate business processes?


a) Parallel Simulation
b) Data Validation Tools
c) Exception Reports
d) Network Monitors
Answer: a) Parallel Simulation
44

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

15. Which IT audit tool compares expected vs. actual outcomes of transactions?
a) Integrated Test Facility
b) Re-performance
c) Control Flowchart
d) Audit Hook
Answer: b) Re-performance

16. An audit trail primarily helps in:


a) Improving system efficiency
b) Tracing the history of transactions
c) Encrypting financial data
d) Reducing transaction errors
Answer: b) Tracing the history of transactions

17. What is the purpose of "Snapshot" in IT audits?


a) Capturing real-time data during transactions
b) Compressing archived data
c) Validating security controls
d) Enhancing software compatibility
Answer: a) Capturing real-time data during transactions

18. Which tool is used to check user access privileges?


a) Logical Access Control Software
b) Data Compression Tools
c) Network Speed Analyzers
d) File Backup Systems
Answer: a) Logical Access Control Software

19. What is the primary focus of statistical sampling in IT audits?


a) Automating process controls
b) Evaluating system performance
c) Drawing conclusions from sampled data
d) Managing user access
Answer: c) Drawing conclusions from sampled data

20. A "Mapping Program" in IT audits is used to:


a) Trace relationships between data files
b) Encrypt sensitive data
c) Improve processing speed
d) Archive historical files
Answer: a) Trace relationships between data files

Chapter 10: Digital Data and Privacy

1. What is a key principle of data privacy regulations like GDPR?


a) Transparency in data handling
b) Mandatory data encryption
c) Free data sharing policies
d) Unlimited data retention
Answer: a) Transparency in data handling

2. The concept of "Data Minimization" refers to:


a) Collecting only necessary data
b) Reducing data storage costs
c) Eliminating duplicate records
45

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) Limiting encryption efforts


Answer: a) Collecting only necessary data

3. Which regulation focuses on consumer data protection in India?


a) GDPR
b) HIPAA
c) Digital Personal Data Protection Act, 2023
d) CCPA
Answer: c) Digital Personal Data Protection Act, 2023

4. PII stands for:


a) Personal Identifiable Information
b) Protected Internet Information
c) Private Internal Identifier
d) Public Information Index
Answer: a) Personal Identifiable Information

5. The "right to be forgotten" allows individuals to:


a) Request deletion of their personal data
b) Encrypt their sensitive information
c) Block tracking cookies
d) Access secure cloud services
Answer: a) Request deletion of their personal data

6. A data breach occurs when:


a) Unauthorized access to data is achieved
b) Data is securely encrypted
c) Backups are completed
d) Firewalls are activated
Answer: a) Unauthorized access to data is achieved

7. What does the "purpose limitation" principle mean in data privacy?


a) Data must only be used for the stated purpose
b) Data should be limited in size
c) Only public data can be accessed
d) Backup data must remain confidential
Answer: a) Data must only be used for the stated purpose

8. Which is an example of sensitive personal data?


a) Bank account details
b) General preferences
c) Public email address
d) Basic demographic information
Answer: a) Bank account details

9. Data encryption primarily aims to:


a) Protect data from unauthorized access
b) Delete unnecessary information
c) Improve data processing speed
d) Store data in cloud systems
Answer: a) Protect data from unauthorized access

10. Anonymization of data means:


a) Removing identifiable information
b) Encrypting all data
c) Deleting data after use
46

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) Sharing data publicly


Answer: a) Removing identifiable information

11. What is a common safeguard against phishing attacks?


a) Multi-factor authentication
b) Increasing data storage capacity
c) Compressing email attachments
d) Using public Wi-Fi networks
Answer: a) Multi-factor authentication

12. "Data portability" allows users to:


a) Transfer data from one provider to another
b) Encrypt data automatically
c) Delete unwanted emails
d) Improve network performance
Answer: a) Transfer data from one provider to another

13. Which of the following is NOT a privacy-enhancing technology?


a) Virtual Private Networks (VPNs)
b) Firewalls
c) Cookies
d) Anonymization tools
Answer: c) Cookies

14. What is a "Privacy Impact Assessment" (PIA)?


a) An analysis of data protection risks
b) A review of software updates
c) A tool for marketing campaigns
d) A method to compress data
Answer: a) An analysis of data protection risks

15. Which is a key requirement for lawful data processing?


a) User consent
b) Data redundancy
c) Unlimited retention periods
d) Publicly accessible servers
Answer: a) User consent

16. What does "data retention policy" specify?


a) How long data is stored
b) Encryption methods for data
c) Backup schedules
d) Types of public data
Answer: a) How long data is stored

17. The term "pseudonymization" refers to:


a) Replacing identifiable data with pseudonyms
b) Encrypting passwords
c) Deleting duplicate records
d) Storing data in the cloud
Answer: a) Replacing identifiable data with pseudonyms

18. Which organization enforces GDPR compliance?


a) European Union (EU)
b) United Nations (UN)
c) World Trade Organization (WTO)
47

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

d) International Monetary Fund (IMF)


Answer: a) European Union (EU)

19. "Consent management" in data privacy involves:


a) Tracking user permissions
b) Encrypting sensitive data
c) Preventing unauthorized downloads
d) Designing user interfaces
Answer: a) Tracking user permissions

20. Data subjects in privacy laws refer to:


a) Individuals whose data is collected
b) Companies storing the data
c) Cloud service providers
d) Database administrators
Answer: a) Individuals whose data is collected

Chapter 11: Business Intelligence

1. What is the primary goal of Business Intelligence (BI)?


a) Improve decision-making processes
b) Increase network security
c) Optimize software development
d) Manage financial audits
Answer: a) Improve decision-making processes

2. A data warehouse is primarily used for:


a) Real-time transaction processing
b) Storing historical data for analysis
c) Monitoring system performance
d) Encrypting sensitive information
Answer: b) Storing historical data for analysis

3. Which tool is commonly associated with Business Intelligence?


a) Tableau
b) Apache Hadoop
c) GitHub
d) Jenkins
Answer: a) Tableau

4. ETL in the context of BI stands for:


a) Extract, Transform, Load
b) Encrypt, Transfer, Log
c) Evaluate, Test, Launch
d) Edit, Tag, Link
Answer: a) Extract, Transform, Load

5. Dashboards in BI are used for:


a) Visualizing key performance indicators
b) Encrypting large data sets
c) Real-time software debugging
d) Managing project timelines
Answer: a) Visualizing key performance indicators

6. What is the role of data mining in BI?


a) Extracting patterns and trends from large data sets
48

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

b) Compressing files for storage


c) Monitoring transaction histories
d) Developing network infrastructure
Answer: a) Extracting patterns and trends from large data sets

7. Which of the following is NOT a BI tool?


a) Microsoft Power BI
b) SAP BusinessObjects
c) Salesforce
d) Adobe Photoshop
Answer: d) Adobe Photoshop

8. OLAP in BI stands for:


a) Online Analytical Processing
b) Operational Load Application Process
c) Open Line Analysis Procedure
d) Offline Application Processing
Answer: a) Online Analytical Processing

9. Key performance indicators (KPIs) in BI are used to:


a) Measure business performance against objectives
b) Track software errors
c) Encrypt financial data
d) Monitor system backups
Answer: a) Measure business performance against objectives

10. Predictive analytics in BI involves:


a) Forecasting future trends using historical data
b) Encrypting data for secure storage
c) Monitoring real-time network performance
d) Compressing large data files
Answer: a) Forecasting future trends using historical data

11. Data visualization tools help in:


a) Presenting data in a graphical format
b) Encrypting sensitive data
c) Debugging software applications
d) Monitoring system performance
Answer: a) Presenting data in a graphical format

12. Which BI process involves combining data from multiple sources?


a) Data Integration
b) Data Compression
c) Data Encryption
d) Data Debugging
Answer: a) Data Integration

13. Which of the following is a real-time BI application?


a) Monitoring online sales data
b) Archiving historical records
c) Compressing data for storage
d) Encrypting sensitive emails
Answer: a) Monitoring online sales data

14. A "drill-down" feature in BI allows users to:


a) Access detailed data from summary reports
b) Encrypt individual files
49

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Debug software errors


d) Optimize network performance
Answer: a) Access detailed data from summary reports

15. Which term describes the process of cleaning and organizing raw data?
a) Data Preprocessing
b) Data Mining
c) Data Encryption
d) Data Archiving
Answer: a) Data Preprocessing

16. A cloud-based BI solution is advantageous because:


a) It provides scalability and remote access
b) It reduces internet bandwidth usage
c) It guarantees data encryption
d) It eliminates the need for data backups
Answer: a) It provides scalability and remote access

17. Data governance in BI ensures:


a) Accurate, secure, and compliant data usage
b) Faster network speeds
c) Unlimited data retention
d) Real-time debugging
Answer: a) Accurate, secure, and compliant data usage

18. Business Intelligence tools are primarily used by:


a) Decision-makers and analysts
b) Software developers
c) Network engineers
d) Database administrators only
Answer: a) Decision-makers and analysts

19. Which of the following is a benefit of using BI in organizations?


a) Improved decision-making capabilities
b) Reduced software licensing costs
c) Enhanced hardware performance
d) Faster debugging of applications
Answer: a) Improved decision-making capabilities

20. The "slice-and-dice" feature in BI allows:


a) Viewing data from different perspectives
b) Compressing large datasets
c) Encrypting sensitive data
d) Testing system performance
Answer: a) Viewing data from different perspectives

Chapter 12: ABCD of Fintech

1. What does "FinTech" stand for?

a) Financial Technology
b) Financial Terminal
c) Financial Transactions
d) Financial Test

Answer: a) Financial Technology

2. Which of the following technologies does FinTech heavily rely on?


50

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

a) Artificial Intelligence
b) Blockchain
c) Big Data
d) All of the above

Answer: d) All of the above

3. What is the primary purpose of Peer-to-Peer (P2P) lending platforms?

a) To involve banks in lending


b) To connect lenders and borrowers directly
c) To use only fiat currency
d) To enhance ATM services

Answer: b) To connect lenders and borrowers directly

4. Crowd funding is defined by SEBI as:

a) Lending large amounts of money from a single investor


b) Solicitation of small funds from multiple investors
c) Only debt-based fundraising
d) Using offline means for investments

Answer: b) Solicitation of small funds from multiple investors

5. Blockchain technology can be categorized into:

a) Private, Consortium, Public, Hybrid


b) Exclusive, Public, and Restricted
c) Open, Closed, and Partially Closed
d) Fixed, Dynamic, and Shared

Answer: a) Private, Consortium, Public, Hybrid

6. Which of the following is NOT an example of a FinTech product?

a) P2P Lending
b) Robo Advisors
c) Fixed Deposits
d) Distributed Ledger Technology

Answer: c) Fixed Deposits

7. What is the key feature of Blockchain technology?

a) Decentralization
b) Central Authority Control
c) High Latency Transactions
d) Absence of Cryptography

Answer: a) Decentralization

8. Which principle encourages integration of data protection into product design?

a) Open Source Principle


b) Data Protection by Design and Default (DPbDD)
c) Blockchain Security Principle
d) Cybersecurity Framework

Answer: b) Data Protection by Design and Default (DPbDD)

9. In AI classification based on capabilities, "General AI" refers to:


51

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

a) Systems trained for one task


b) Systems capable of any intellectual task like humans
c) Theoretical systems only
d) Systems developed only for entertainment

Answer: b) Systems capable of any intellectual task like humans

10. What is the advantage of Big Data in financial institutions?

a) Enhanced security protocols


b) Objective insights for better products
c) Reduced competition
d) Manual data collection

Answer: b) Objective insights for better products

11. What does "Reactive AI" focus on?

a) Optimizing outputs based on inputs


b) Learning from past experiences
c) Emotional intelligence
d) Becoming self-aware

Answer: a) Optimizing outputs based on inputs

12. What is the major advantage of Cloud Computing?

a) High initial investment


b) Scalability and flexibility
c) Requires local data centers
d) Low internet dependency

Answer: b) Scalability and flexibility

13. What is the purpose of a "Hybrid Cloud"?

a) To provide exclusive services to one organization


b) To combine private and public cloud advantages
c) To operate only as a public cloud
d) To focus on centralized storage

Answer: b) To combine private and public cloud advantages

14. Which FinTech example focuses on decentralized transactions without intermediaries?

a) Blockchain
b) Crowd Funding
c) Robo Advisors
d) UPI

Answer: a) Blockchain

15. Which AI technology is most effective for image classification?

a) Reactive AI
b) Deep Learning
c) General AI
d) Blockchain

Answer: b) Deep Learning

16. What does a "Public Blockchain" offer?


52

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

a) Restricted access
b) Open participation with native tokens
c) Limited scalability
d) Higher fees for transactions

Answer: b) Open participation with native tokens

17. Which financial tool allows digital transactions without government intermediaries?

a) Traditional Bank Transfers


b) Cryptocurrency
c) Cheque Systems
d) UPI Only

Answer: b) Cryptocurrency

18. A primary drawback of Cloud Computing is:

a) Data accessibility
b) Dependence on Internet connectivity
c) Cost-efficiency
d) Broad network access

Answer: b) Dependence on Internet connectivity

19. Which FinTech use case focuses on transparency in supply chains?

a) Insurance
b) Supply Chain Management
c) Mobile Payments
d) Real Estate

Answer: b) Supply Chain Management

20. What does "Robo Advisor" use to provide financial advice?

a) Blockchain verification
b) Automated algorithms
c) Crowd-based insights
d) Human interaction

Answer: b) Automated algorithms

Chapter 13: Emerging Technologies

1. What is UPI123Pay designed for?


(a) Smartphones
(b) Feature phones
(c) IoT devices
(d) Quantum Computing
Answer: (b) Feature phones

2. Which technology allows financial organizations to automate regulatory compliance?


(a) IoT
(b) RegTech
(c) Quantum Computing
(d) Mobile Computing
Answer: (b) RegTech

3. Which payment system does not require an internet connection?


(a) UPI
53

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

(b) USSD
(c) Mobile Wallet
(d) IMPS
Answer: (b) USSD

4. What is the primary purpose of the AEPS (Aadhaar Enabled Payment System)?
(a) Fund Transfer
(b) Cash Withdrawal
(c) Cash Deposit
(d) All of the above
Answer: (d) All of the above

5. What does RuPay combine in its name?


(a) Rupees and Payment
(b) Rules and Payment
(c) Rapid and Payment
(d) Regular and Payment
Answer: (a) Rupees and Payment

6. Which one is NOT a benefit of digital payments?


(a) Tax discounts
(b) Increased cash handling risks
(c) Competitive advantage for businesses
(d) Environment-friendly practices
Answer: (b) Increased cash handling risks

7. Which IoT application assists in monitoring customer visits and queue times in banks?
(a) Fraud prevention
(b) Capacity building
(c) Personalized rewards
(d) Remote monitoring
Answer: (b) Capacity building

8. What principle does quantum computing rely on?


(a) Superposition and Qubits
(b) Binary Bits
(c) Neural Networks
(d) Virtual Machines
Answer: (a) Superposition and Qubits

9. Which of the following ensures secure digital payment transactions?


(a) MPIN
(b) OTP
(c) Fingerprint Verification
(d) All of the above
Answer: (d) All of the above

10. What is the purpose of e-RUPI?


(a) Contactless digital payment
(b) Cheque clearing
(c) Cash withdrawal
(d) Credit monitoring
Answer: (a) Contactless digital payment

11. Which is NOT a type of card used in digital payments?


(a) Debit card
(b) Credit card
54

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

(c) Smart card


(d) Cash card
Answer: (d) Cash card

12. Which challenge in IoT involves inaccuracies in analytics?


(a) Hardware compatibility issues
(b) Incorrect data capture difficulties
(c) Data security issues
(d) Connectivity issues
Answer: (b) Incorrect data capture difficulties

13. What does RegTech focus on in the financial industry?


(a) Product Development
(b) Regulatory Monitoring and Compliance
(c) Risk Management
(d) Asset Management
Answer: (b) Regulatory Monitoring and Compliance

14. What is the primary risk associated with quantum computing in finance?
(a) Speed of transactions
(b) Breaking cryptographic algorithms
(c) Increased processing power
(d) Operational inefficiency
Answer: (b) Breaking cryptographic algorithms

15. Which type of digital payment allows bill sharing among friends?
(a) UPI
(b) AEPS
(c) Mobile Wallet
(d) BHIM
Answer: (a) UPI

16. Which technology is NOT mentioned as part of emerging financial technologies?


(a) Mobile Computing
(b) Cloud Computing
(c) Blockchain
(d) RegTech
Answer: (c) Blockchain

17. Which of these is NOT a disadvantage of e-business?


(a) Security concerns
(b) Cultural impediments
(c) Increased customer base
(d) High start-up costs
Answer: (c) Increased customer base

18. What ensures fraud prevention in financial transactions using IoT?


(a) Advanced cryptography
(b) Sensors at PoS terminals
(c) Personalized marketing
(d) Remote access systems
Answer: (b) Sensors at PoS terminals

19. What factor is crucial for IoT success in the financial industry?
(a) Legacy system usage
(b) Accurate problem statements
(c) High sensor costs
55

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

(d) Increased downtime


Answer: (b) Accurate problem statements

20. Which component of mobile computing deals with portable devices?


(a) Mobile Communication
(b) Mobile Software
(c) Mobile Hardware
(d) Mobile Network
Answer: (c) Mobile Hardware

56

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

MOCK MCQ -1
SET D: PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS
(Mixed 1-mark and 2-mark questions)

1. What is the primary objective of IT governance?


a) To automate all business processes
b) To align IT goals with enterprise goals
c) To reduce IT spending
d) To eliminate manual decision-making

(1 mark)

2. Case-based Question:
A logistics company uses IoT devices to monitor the temperature of goods in transit. Recently, several temperature
sensors malfunctioned, leading to product spoilage. As part of its risk management framework, what immediate ac-
tion should the company take?
a) Ignore the issue and compensate customers
b) Conduct a root cause analysis and replace faulty sensors
c) Stop using IoT devices entirely
d) Focus only on maintaining customer relationships

(2 marks)

3. COBIT defines which of the following as a key objective of IT governance?


a) Automation of routine processes
b) Ensuring stakeholder value delivery
c) Minimizing IT resource utilization
d) Outsourcing IT functions

(1 mark)

4. Case-based Question:
A retail chain implemented a disaster recovery plan but failed to restore its systems within the agreed recovery time
after a cyberattack. What critical aspect might the company have overlooked in its disaster recovery planning?
a) Implementation of incident response measures
b) Regular testing of recovery procedures
c) Automation of backup systems
d) Hiring more IT staff

(2 marks)

5. Which principle is NOT part of a governance system according to COBIT?


a) End-to-end governance system
b) Stakeholder satisfaction
c) Distinct separation of governance and management
d) Restriction on IT spending

(1 mark)
57

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

6. Case-based Question:
A bank’s IT steering committee has identified a need to align IT initiatives with business objectives. However, the
committee lacks clarity on prioritizing investments. What is the most effective approach they should adopt?
a) Focus solely on cost reduction
b) Develop a portfolio management process
c) Use trial-and-error for decision-making
d) Allocate resources equally to all projects

(2 marks)

7. Which of the following frameworks provides guidance for IT governance?


a) Agile
b) COBIT
c) Scrum
d) PRINCE2

(1 mark)

8. Case-based Question:
An e-commerce company collects personal data from users for customized marketing campaigns. However, during
an audit, it was flagged for non-compliance with the Digital Personal Data Protection Act, 2023. What should the
company immediately implement to avoid legal penalties?
a) Discontinue all marketing campaigns
b) Ensure consent is obtained before using personal data
c) Reduce the volume of customer data collected
d) Focus only on anonymized data

(2 marks)

9. What is the role of the IT steering committee in an organization?


a) To approve and monitor key IT projects
b) To execute IT operations
c) To troubleshoot IT issues
d) To develop programming tools

(1 mark)

10. Case-based Question:


A global organization is implementing a business continuity plan (BCP) after a recent ransomware attack. It has
identified alternate data processing facilities. What other critical element should be included in the BCP to ensure
effectiveness?
a) Regular staff bonuses
b) Employee awareness and training on incident response
c) Outsourcing all IT operations
d) Restricting access to management only

(2 marks)
58

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

11. Which of the following is NOT a stage in the System Development Life Cycle (SDLC)?
a) System Design
b) Implementation
c) Maintenance
d) Resource Redistribution

(1 mark)

12. Case-based Question:


A fintech startup deploys blockchain technology for secure financial transactions. However, during testing, it identi-
fied delays in transaction processing due to poor infrastructure. What corrective action should the company take?
a) Switch to manual transaction processing
b) Upgrade IT infrastructure to support blockchain deployment
c) Reduce the volume of transactions
d) Stop using blockchain altogether

(2 marks)

13. The primary focus of Enterprise Risk Management (ERM) is to:


a) Eliminate all business risks
b) Monitor and mitigate organizational risks effectively
c) Automate risk analysis processes
d) Focus only on financial risks

(1 mark)

14. Case-based Question:


An IT company is tasked with ensuring compliance with ISO 27001 standards. However, during implementation, it
identifies gaps in documentation. What should be the company’s immediate focus to address this?
a) Automate all processes
b) Conduct a compliance audit and update documentation
c) Outsource compliance activities
d) Ignore gaps if systems are operational

(2 marks)

15. What is the key objective of Business Continuity Planning (BCP)?


a) To ensure systems are never impacted by disasters
b) To minimize business disruption during emergencies
c) To outsource all IT operations
d) To increase company profits

(1 mark)

16. Which of the following is NOT an emerging technology discussed in the Digital Ecosystem?
a) Artificial Intelligence
b) Blockchain
c) Vacuum Tubes
d) Quantum Computing
59

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

(1 mark)

17. Case-based Question:


A pharmaceutical company faces issues with its supply chain due to poor data integrity in its inventory manage-
ment system. What should the company prioritize to ensure data accuracy?
a) Regular data audits and implementing validation rules
b) Outsourcing supply chain management
c) Reducing the inventory size
d) Ignoring the issue unless customers complain

(2 marks)

18. What is the purpose of the Digital Personal Data Protection Act, 2023?
a) To promote data sharing between businesses
b) To ensure accountability in processing personal data
c) To eliminate all data collection activities
d) To restrict the use of encryption

(1 mark)

19. Case-based Question:


A retail company uses predictive analytics to forecast demand. Recently, it discovered biased results due to incom-
plete data sets. What corrective measure should the company take?
a) Avoid using analytics altogether
b) Ensure comprehensive and unbiased data collection
c) Ignore forecasting inaccuracies
d) Switch to manual demand forecasting

(2 marks)

20. Which of the following is a principle of information security?


a) Confidentiality, Integrity, and Availability
b) Accountability, Profitability, and Reliability
c) Security, Usability, and Scalability
d) Risk, Audit, and Documentation

(1 mark)

21. Case-based Question:


A financial institution introduced a mobile banking app that was recently compromised due to weak authentication
controls. What is the best way to mitigate such risks in the future?
a) Use two-factor authentication and biometric verification
b) Limit app usage to only high-value customers
c) Avoid upgrading the app for cost reasons
d) Encourage users to change passwords frequently

(2 marks)
60

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

22. Which of the following is NOT a component of an Enterprise Risk Management (ERM) framework?
a) Risk Identification
b) Risk Monitoring
c) Risk Elimination
d) Risk Mitigation

(1 mark)

23. Case-based Question:


A manufacturing company operates a legacy system that does not support real-time data processing. The CIO is
concerned that this system could hinder decision-making. What is the best approach to resolve this issue?
a) Gradually replace the legacy system with modern software
b) Stop using the system entirely
c) Outsource decision-making to external consultants
d) Focus on upgrading hardware only

(2 marks)

24. What does the "A" in the ABCD of Fintech stand for?
a) Accountability
b) Artificial Intelligence
c) Automation
d) Authorization

(1 mark)

25. Case-based Question:


An organization’s IT audit revealed poor backup procedures leading to data loss after a server crash. What should
the company do to improve its disaster recovery plan?
a) Perform regular backup tests and implement redundancy
b) Avoid using critical systems
c) Outsource backup management entirely
d) Keep backups only for financial data

(2 marks)

26. What is the primary purpose of Business Intelligence tools?


a) To automate daily operations
b) To support data-driven decision-making
c) To replace manual labor
d) To ensure system security

(1 mark)

27. Case-based Question:


A startup used a cloud platform to host its e-commerce site. After a surge in user traffic, the site crashed due to in-
sufficient resources. What should the startup prioritize to prevent such failures in the future?
a) Implement scalable cloud infrastructure
b) Limit user traffic during peak times
61

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Avoid promotional activities


d) Switch to on-premises hosting

(2 marks)

28. What does a Governance, Risk, and Compliance (GRC) framework primarily focus on?
a) Improving operational efficiency
b) Managing governance, risks, and regulatory compliance
c) Automating business processes
d) Increasing employee productivity

(1 mark)

29. Case-based Question:


A company uses AI-based systems for fraud detection. However, it has noticed several false positives in its results,
causing inconvenience to customers. What corrective measure should the company take?
a) Stop using AI for fraud detection
b) Improve the training data for the AI model
c) Reduce the sensitivity of fraud detection entirely
d) Implement manual review processes for every transaction

(2 marks)

30. What is the role of ISO 27001 in an organization?


a) To define cloud deployment strategies
b) To provide guidelines for information security management
c) To improve business continuity planning
d) To automate system controls

(1 mark)

31. Which of the following is a key component of Business Continuity Planning?


a) Employee satisfaction surveys
b) Disaster recovery procedural plans
c) Budget forecasting
d) IT outsourcing strategies

(1 mark)

32. Case-based Question:


A healthcare organization adopted cloud storage for patient records but failed to secure data adequately. It was
later penalized for violating data protection regulations. What should the organization prioritize to prevent such inci-
dents?
a) Encrypt all patient records and implement access controls
b) Limit the use of cloud storage for patient records
c) Outsource the entire cloud management process
d) Store only minimal patient data

(2 marks)
62

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

33. What is the primary function of a disaster recovery plan?


a) To ensure system updates are performed regularly
b) To restore IT systems and operations after a disaster
c) To automate all business processes
d) To train employees on business strategies

(1 mark)

34. Case-based Question:


An e-commerce company has been experiencing delays in order processing due to insufficient coordination be-
tween its IT and logistics departments. What should the company do to address this issue?
a) Implement an integrated ERP system
b) Reduce the number of orders processed
c) Outsource logistics entirely
d) Focus only on IT system improvements

(2 marks)

35. What is the purpose of COBIT’s Evaluate, Direct, and Monitor (EDM) domain?
a) To manage day-to-day IT operations
b) To provide strategic direction and monitor performance
c) To automate IT processes
d) To develop technical solutions for business issues

(1 mark)

36. Case-based Question:


A multinational company noticed inconsistent cybersecurity practices across its regional offices, leading to vulnera-
bilities. What should the company implement to standardize practices?
a) Establish a unified information security policy
b) Allow regional offices to create their own policies
c) Focus only on critical systems
d) Use local consultants to handle cybersecurity

(2 marks)

37. Which of the following is a core principle of ISO 27001?


a) Scalability and performance
b) Continuous improvement of information security
c) Cost reduction in IT
d) Transitioning to cloud systems

(1 mark)

38. Case-based Question:


A financial services firm adopted blockchain for secure transaction processing. However, it observed increased
costs and complexity during implementation. What strategy should the firm adopt to optimize its blockchain use?
a) Conduct a cost-benefit analysis before further deployment
b) Replace blockchain with traditional systems
63

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Use blockchain for all operations


d) Stop further blockchain investments

(2 marks)

39. Which of the following is a key benefit of enterprise governance of IT?


a) Unlimited budget for IT projects
b) Alignment of IT strategy with business goals
c) Reduction of employee workload
d) Elimination of all risks

(1 mark)

40. Case-based Question:


A logistics company’s supply chain was disrupted due to a lack of real-time data sharing between its partners. What
is the best solution to resolve this issue?
a) Deploy a blockchain-based supply chain management system
b) Reduce the number of partners in the supply chain
c) Focus on internal data sharing only
d) Avoid sharing sensitive data with partners

(2 marks)

41. What does the "C" in COBIT stand for?


a) Control
b) Compliance
c) Corporate
d) Communication

(1 mark)

42. Case-based Question:


An organization was unable to meet its recovery point objective (RPO) during a recent system outage. What aspect
of its backup strategy should it improve?
a) Increase the frequency of backups
b) Reduce the volume of data stored
c) Implement manual recovery procedures
d) Focus only on critical systems

(2 marks)

43. What is the purpose of Business Intelligence (BI) tools?


a) To enable data-driven decision-making
b) To automate IT governance
c) To minimize operational costs
d) To enhance cybersecurity

(1 mark)
64

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

44. Case-based Question:


A tech company adopted artificial intelligence (AI) for customer support but found that many queries were not re-
solved effectively. What should the company focus on to improve the AI system?
a) Train the AI model with more diverse data
b) Replace the AI system with manual support
c) Use AI only for high-priority customers
d) Avoid updating the system to reduce costs

(2 marks)

45. Which of the following is NOT an IT governance framework?


a) ITIL
b) COBIT
c) PRINCE2
d) GDPR

(1 mark)

46. Case-based Question:


A bank introduced biometric authentication for online banking but faced customer resistance due to privacy con-
cerns. How should the bank address this issue?
a) Educate customers about the security benefits of biometric authentication
b) Discontinue biometric authentication altogether
c) Make biometric authentication optional
d) Focus only on traditional authentication methods

(2 marks)

47. Which of the following best describes the purpose of a risk classification system?
a) To prioritize risks based on their impact and likelihood
b) To eliminate all risks in an organization
c) To focus solely on financial risks
d) To increase the complexity of risk management

(1 mark)

48. Case-based Question:


A retail company was penalized for failing to comply with the Digital Personal Data Protection Act, 2023. What long-
term strategy should the company adopt to ensure compliance?
a) Establish a dedicated data protection team
b) Stop collecting customer data
c) Rely only on external consultants for compliance
d) Avoid storing customer data digitally

(2 marks)

49. What is the primary focus of a governance framework?


a) To ensure compliance with legal and regulatory requirements
b) To automate IT processes
65

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) To reduce the complexity of business operations


d) To increase profitability

(1 mark)

50. Which of the following is NOT a key benefit of IT governance?


a) Improved alignment of IT goals with business objectives
b) Reduced operational costs of IT systems
c) Elimination of all cybersecurity risks
d) Better compliance with regulatory requirements

(1 mark)

51. Case-based Question:


An IT services company faced frequent delays in project delivery due to inadequate resource allocation. What
should the company do to improve resource management?
a) Implement a project portfolio management system
b) Reduce the number of projects undertaken
c) Hire more staff without assessing needs
d) Outsource resource allocation decisions

(2 marks)

52. What is the purpose of a business continuity management (BCM) cycle?


a) To train employees for handling routine tasks
b) To ensure continuous operations during disruptions
c) To automate all IT processes
d) To eliminate all organizational risks

(1 mark)

53. Case-based Question:


A telecom company integrated IoT devices to monitor equipment. However, the company is concerned about the
increased risk of cyberattacks. What should it implement to enhance security?
a) Use strong encryption and regularly update device firmware
b) Disconnect IoT devices during non-working hours
c) Limit IoT usage to a few devices
d) Avoid monitoring non-critical equipment

(2 marks)

54. Which of the following is a principle of COBIT for governance systems?


a) IT must only focus on cost reduction
b) Governance should be tailored to enterprise needs
c) IT strategy should work independently of business strategy
d) Governance eliminates the need for management

(1 mark)
66

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

55. Case-based Question:


An e-commerce firm collects and analyzes customer data for personalized marketing. During a data audit, gaps in
consent management were identified. What should the firm focus on to address this issue?
a) Implement clear consent mechanisms for all data collection activities
b) Stop using customer data for marketing
c) Store customer data in encrypted files without consent
d) Use only anonymized data for analysis

(2 marks)

56. What does the "B" in the ABCD of Fintech represent?


a) Budgeting
b) Blockchain
c) Benchmarking
d) Business Intelligence

(1 mark)

57. Case-based Question:


A manufacturing firm developed a risk mitigation plan to reduce workplace accidents. However, several incidents
still occurred due to a lack of employee awareness. What should the firm do to enhance risk management?
a) Conduct regular employee training and awareness programs
b) Stop high-risk operations entirely
c) Hire additional safety inspectors
d) Rely solely on automation for workplace safety

(2 marks)

58. Which of the following is NOT a key concept in enterprise governance?


a) Conformance
b) Performance
c) Sustainability
d) Manual controls

(1 mark)

59. Case-based Question:


A bank implemented advanced data analytics tools to detect fraud. However, the tools generated many false posi-
tives, leading to inefficiency. What should the bank prioritize to improve the system?
a) Refine analytics algorithms and improve training data
b) Stop using analytics tools entirely
c) Focus only on high-value transactions
d) Use manual fraud detection for all cases

(2 marks)

60. What is the main focus of the GRC (Governance, Risk, and Compliance) framework?
a) Reducing operational costs
b) Managing enterprise governance, risks, and compliance obligations
67

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Eliminating the need for audits


d) Increasing system automation

(1 mark)

61. Case-based Question:


A global IT company is facing challenges in aligning its IT strategy with its business goals. What is the most effec-
tive approach to address this issue?
a) Develop an IT steering committee to ensure alignment
b) Focus solely on cost-saving measures in IT
c) Outsource strategic planning to external consultants
d) Allow departments to create their own IT strategies

(2 marks)

62. What does the term “Digital Economy” primarily refer to?
a) The use of digital technologies to enhance traditional business models
b) A fully automated economy
c) An economy based solely on cryptocurrency
d) A system where no human intervention is required

(1 mark)

63. Case-based Question:


An organization transitioned to cloud computing but faced issues with data privacy due to shared cloud environ-
ments. What action should the organization take to mitigate this risk?
a) Implement encryption and data segmentation
b) Avoid using cloud services for critical data
c) Limit cloud usage to local environments only
d) Migrate back to on-premises systems

(2 marks)

64. What is the key objective of the Digital Personal Data Protection Act, 2023?
a) To protect and regulate the processing of personal data
b) To enable unrestricted access to personal data for businesses
c) To enforce mandatory cloud storage for data
d) To replace all other privacy laws globally

(1 mark)

65. Case-based Question:


A financial services company uses AI for credit scoring but received complaints of bias against certain de-
mographics. What should the company focus on to address this issue?
a) Ensure diverse training datasets for the AI model
b) Reduce the use of AI in credit scoring
c) Limit credit scoring to manual methods
d) Avoid addressing customer complaints directly

(2 marks)
68

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

66. What does “Big Data” primarily refer to in the context of fintech?
a) Large datasets that require specialized tools for analysis
b) Data used only for financial transactions
c) Manual methods of analyzing business information
d) Small datasets with minimal complexity

(1 mark)

67. Case-based Question:


A retail company uses multiple disconnected systems for managing customer data, leading to inefficiencies. What
should the company implement to streamline operations?
a) An integrated customer relationship management (CRM) system
b) Reduce the number of customers served
c) Focus only on large-scale customers
d) Outsource customer data management entirely

(2 marks)

68. What is the primary advantage of using blockchain in financial transactions?


a) Improved scalability for processing transactions
b) Enhanced transparency and security in data handling
c) Reduction in employee workload
d) Elimination of all compliance requirements

(1 mark)

69. Case-based Question:


A large enterprise migrated to a new ERP system to improve operational efficiency. However, the project exceeded
its budget due to unforeseen customization requirements. What should the company do to prevent such issues in
future projects?
a) Conduct a detailed feasibility and scope analysis during the planning phase
b) Avoid implementing ERP systems entirely
c) Limit project budgets to ensure cost control
d) Focus only on generic, off-the-shelf solutions

(2 marks)

70. What is the primary goal of a data assurance program?


a) To analyze large volumes of data for insights
b) To ensure data accuracy, reliability, and compliance
c) To replace human decision-making with AI
d) To reduce the storage of unnecessary data

(1 mark)

71. Case-based Question:


A global consulting firm stores sensitive client data in multiple locations. During a recent audit, it was flagged for
non-compliance with regional data privacy laws. What should the firm prioritize to address this issue?
69

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

a) Implement a centralized data governance framework


b) Avoid storing client data digitally
c) Focus only on data protection for high-value clients
d) Reduce the number of locations storing client data

(2 marks)

72. Which of the following is a key feature of the System Development Life Cycle (SDLC)?
a) It provides a phased approach to system development
b) It eliminates the need for user involvement
c) It focuses solely on software coding
d) It replaces all manual processes

(1 mark)

73. Case-based Question:


An e-commerce company suffered a reputational loss due to delayed order deliveries caused by system outages.
What should the company focus on to mitigate such risks in the future?
a) Develop and regularly test a robust disaster recovery plan
b) Avoid using technology during peak demand
c) Outsource delivery operations to reduce dependency on systems
d) Restrict order volumes to match system capacity

(2 marks)

74. What is the purpose of the Digital Data Protection Act, 2023?
a) To regulate the collection and processing of personal data
b) To enforce mandatory use of blockchain for data storage
c) To remove data protection requirements for businesses
d) To allow unrestricted sharing of user data

(1 mark)

75. Case-based Question:


A tech company implemented machine learning algorithms to detect fraud. However, the system flagged several
legitimate transactions as fraudulent. What is the best course of action for the company?
a) Refine the algorithm and improve training datasets
b) Stop using machine learning for fraud detection
c) Allow only manual review of all transactions
d) Reduce system sensitivity to eliminate false positives

(2 marks)

76. What is the main benefit of aligning IT strategy with business objectives?
a) Improved IT resource utilization and business value delivery
b) Complete elimination of IT-related risks
c) Increased IT budgets for all departments
d) Independent operation of IT from business units

(1 mark)
70

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

77. Case-based Question:


A bank was fined for not detecting insider threats despite having a robust IT security policy. What additional meas-
ure should the bank adopt to prevent such incidents?
a) Implement continuous monitoring and user behavior analytics
b) Outsource all IT security activities
c) Stop granting high-level system access to employees
d) Focus only on external threat prevention

(2 marks)

78. Which of the following best describes Business Intelligence (BI)?


a) Tools and systems that support data-driven decision-making
b) Systems that replace all manual business processes
c) Methods to automate financial accounting
d) Software designed only for predictive analytics

(1 mark)

79. Case-based Question:


A retail chain implemented digital payment systems but faced issues with failed transactions during peak hours.
What should the company do to improve the reliability of its payment systems?
a) Upgrade infrastructure to handle peak loads efficiently
b) Limit the use of digital payments during peak hours
c) Switch to cash-only payments during high demand
d) Reduce the number of payment options available

(2 marks)

80. What is the significance of Information Systems Controls in an organization?


a) They ensure secure and efficient operation of IT systems
b) They eliminate the need for external audits
c) They focus solely on reducing operational costs
d) They remove the need for data backup

(1 mark)
71

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

MOCK TEST KEY


Q.No. Answer Q.No. Answer Q.No. Answer Q.No. Answer

1 b 21 a 41 a 61 a

2 b 22 c 42 a 62 A

3 b 23 a 43 a 63 A

4 b 24 b 44 a 64 A

5 d 25 a 45 d 65 A

6 b 26 b 46 a 66 A

7 b 27 a 47 a 67 A

8 b 28 b 48 a 68 B

9 a 29 b 49 a 69 A

10 b 30 b 50 c 70 B

11 d 31 b 51 a 71 A

12 b 32 a 52 b 72 A

13 b 33 b 53 a 73 A

14 b 34 a 54 b 74 A

15 b 35 b 55 a 75 A

16 c 36 a 56 b 76 A

17 a 37 b 57 a 77 A

18 b 38 a 58 d 78 A

19 b 39 b 59 a 79 A

20 a 40 a 60 b 80 A
72

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

MOCK MCQ TEST -2


SET D: PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS
(Mixed 1-mark and 2-mark questions)

1. Which framework provides best practices for IT service management?

a) COBIT
b) ITIL
c) NIST
d) ISO 27001

(1 mark)

2. Case-based Question:

A financial institution implemented multi-factor authentication (MFA) to enhance security. However, many users by-
pass MFA by using weak recovery questions. What should the institution implement to mitigate this risk?
a) Enforce biometric authentication
b) Implement hardware-based authentication tokens
c) Disable account recovery features
d) Use CAPTCHA to verify user identity

(2 marks)

3. Which phase in the System Development Life Cycle (SDLC) ensures the system meets business needs
before deployment?

a) Implementation
b) Testing
c) Planning
d) Maintenance

(1 mark)

4. What does the CIA triad stand for in information security?

a) Control, Integrity, Authentication


b) Confidentiality, Integrity, Availability
c) Compliance, Innovation, Access
d) Cybersecurity, Intelligence, Audit

(1 mark)

5. Case-based Question:

A manufacturing company faced a ransomware attack where attackers encrypted all customer orders. The com-
pany lacked a structured incident response plan. What should be the first response to such an attack?
a) Pay the ransom to recover data
b) Shut down affected systems and notify cybersecurity teams
73

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Delete all encrypted files and restart systems


d) Continue operations without restoring data

(2 marks)

6. Which cryptographic technique ensures non-repudiation in digital transactions?

a) Symmetric Encryption
b) Hashing
c) Digital Signatures
d) Tokenization

(1 mark)

7. In blockchain, what mechanism ensures consensus without a central authority?

a) Hashing
b) Proof of Work (PoW)
c) Digital Certificate
d) Cryptanalysis

(1 mark)

8. Case-based Question:

An e-commerce platform suffered a data breach due to weak API security, exposing customer payment details.
What action should be taken immediately?
a) Disable the API service
b) Implement OAuth authentication and secure API endpoints
c) Inform customers after fixing the vulnerability
d) Ignore minor breaches if no financial loss occurs

(2 marks)

9. What is the role of an Intrusion Detection System (IDS)?

a) Prevent attacks before they occur


b) Detect unauthorized activities in real-time
c) Encrypt sensitive data
d) Backup critical system files

(1 mark)

10. Which type of firewall filters traffic at the application layer?

a) Packet Filtering Firewall


b) Stateful Firewall
c) Proxy Firewall
d) Network Firewall

(1 mark)
74

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

11. Case-based Question:

A healthcare provider uses cloud storage for patient records. Due to poor access controls, unauthorized employees
accessed confidential patient data. What security measure should be implemented?
a) Role-based access control (RBAC)
b) Disable cloud storage for patient records
c) Allow access to all employees for operational efficiency
d) Use open Wi-Fi networks for secure access

(2 marks)

12. Which cloud model offers complete control over infrastructure but requires in-house maintenance?

a) Public Cloud
b) Private Cloud
c) Hybrid Cloud
d) Community Cloud

(1 mark)

13. Case-based Question:

A global consulting firm stores sensitive client data in multiple locations. During a recent audit, it was flagged for
non-compliance with regional data privacy laws. What should the firm prioritize to address this issue?
a) Implement a centralized data governance framework
b) Avoid storing client data digitally
c) Focus only on data protection for high-value clients
d) Reduce the number of locations storing client data

(2 marks)

14. What is the primary goal of a data assurance program?

a) To analyze large volumes of data for insights


b) To ensure data accuracy, reliability, and compliance
c) To replace human decision-making with AI
d) To reduce the storage of unnecessary data

(1 mark)

15. Which attack manipulates users into divulging sensitive information?

a) Phishing
b) DDoS
c) Ransomware
d) Man-in-the-Middle

(1 mark)

16. Case-based Question:


75

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

A bank was fined for not detecting insider threats despite having a robust IT security policy. What additional meas-
ure should the bank adopt to prevent such incidents?
a) Implement continuous monitoring and user behavior analytics
b) Outsource all IT security activities
c) Stop granting high-level system access to employees
d) Focus only on external threat prevention

(2 marks)

17. Which cybersecurity model enforces the "Need to Know" principle?

a) Bell-LaPadula Model
b) Biba Model
c) Clark-Wilson Model
d) Brewer-Nash Model

(1 mark)

18. Case-based Question:

A fintech company is integrating blockchain technology to improve security in financial transactions. However,
transactions are taking longer to validate due to high processing power requirements. What should the company
consider implementing?
a) Shift from Proof of Work (PoW) to Proof of Stake (PoS)
b) Increase block size to include more transactions
c) Remove cryptographic hashing to speed up processing
d) Use centralized ledger instead of blockchain

(2 marks)

19. What is the primary purpose of a Zero Trust Architecture?

a) Allow free access to users


b) Reduce IT governance complexity
c) Verify every request regardless of network location
d) Eliminate the need for authentication

(1 mark)

20. Case-based Question:

An organization using cloud services experienced a data breach due to an employee mistakenly sharing an access
key in a public forum. What security control should be strengthened to prevent such incidents?
a) Implement Key Management System (KMS) with automatic rotation
b) Reduce cloud usage to essential employees only
c) Avoid using access keys for authentication
d) Disable cloud-based authentication services

(2 marks)

21. Which of the following is NOT a principle of IT governance as per COBIT?


76

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

a) Holistic approach
b) End-to-end coverage
c) Strict manual control requirements
d) Governance distinct from management

(1 mark)

22. Case-based Question:

A multinational corporation faced challenges in meeting GDPR compliance due to data stored across multiple cloud
providers. What should the company do to ensure data protection compliance?
a) Implement a unified data governance framework
b) Encrypt all data and disable compliance monitoring
c) Store data only in high-security countries
d) Reduce data collection activities

(2 marks)

23. What does the "B" in the ABCD of Fintech represent?

a) Budgeting
b) Blockchain
c) Benchmarking
d) Business Intelligence

(1 mark)

24. Case-based Question:

A retail company adopted AI-powered chatbots for customer service. However, customers reported incorrect re-
sponses to their queries. What should the company prioritize to improve chatbot accuracy?
a) Train AI models using diverse datasets
b) Restrict chatbots to predefined queries only
c) Reduce chatbot availability during peak hours
d) Remove AI-based automation from customer service

(2 marks)

25. Which attack involves attackers modifying ARP cache entries to redirect network traffic?

a) SQL Injection
b) ARP Spoofing
c) DNS Tunneling
d) Cross-site Scripting

(1 mark)

26. Case-based Question:

A smart home device manufacturer is facing security concerns as its IoT devices are vulnerable to unauthorized
remote access. What action should the company take to secure its devices?
a) Implement strong authentication and encryption protocols
77

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

b) Remove internet connectivity from all IoT devices


c) Avoid releasing security patches to prevent system changes
d) Increase device price to discourage hackers

(2 marks)

27. Which of the following cloud deployment models allows multiple organizations to share a cloud infra-
structure?

a) Private Cloud
b) Public Cloud
c) Hybrid Cloud
d) Community Cloud

(1 mark)

28. Case-based Question:

An IT firm noticed that employees were frequently using unauthorized USB drives, leading to potential malware in-
fections. What security measure should be enforced to mitigate this risk?
a) Implement endpoint security solutions with device control
b) Block all USB ports on employee computers
c) Ban employees from using any external devices
d) Allow only company-approved USB drives without encryption

(2 marks)

29. What is the primary function of a Security Operations Center (SOC)?

a) Handle customer queries


b) Monitor and respond to cybersecurity threats
c) Design corporate IT infrastructure
d) Implement marketing strategies

(1 mark)

30. Case-based Question:

A large e-commerce company suffered a major DDoS attack during its Black Friday sale. What solution should the
company implement to prevent such attacks in the future?
a) Deploy Web Application Firewall (WAF) and traffic filtering
b) Shut down website access during high-traffic periods
c) Avoid promotional campaigns to reduce attack incentives
d) Rely solely on antivirus software for security

(2 marks)

31. Which type of attack involves an attacker intercepting and modifying communications between two par-
ties without their knowledge?

a) Phishing
b) Man-in-the-Middle (MITM)
78

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) SQL Injection
d) Brute Force

(1 mark)

32. Case-based Question:

A global company recently faced a major data breach due to an insider threat where an employee leaked confiden-
tial customer data. What should the company implement to prevent such incidents?
a) Deploy User Behavior Analytics (UBA) for anomaly detection
b) Remove employee access to sensitive data entirely
c) Implement a zero-password policy
d) Outsource data security to third parties

(2 marks)

33. Which standard focuses on risk management guidelines for organizations?

a) ISO 31000
b) ISO 27001
c) GDPR
d) NIST 800-53

(1 mark)

34. Case-based Question:

A financial institution wants to improve its risk assessment strategy for IT governance. Which framework should it
primarily adopt?
a) COBIT
b) ITIL
c) Six Sigma
d) Agile

(2 marks)

35. What is the primary function of a Next-Generation Firewall (NGFW)?

a) Perform only packet filtering


b) Provide deep packet inspection and intrusion prevention
c) Block all incoming traffic
d) Replace traditional network monitoring tools

(1 mark)

36. Case-based Question:

An organization is experiencing frequent phishing attacks leading to compromised employee credentials. What
should be the first step in mitigating this issue?
a) Conduct cybersecurity awareness training for employees
b) Remove email access for all employees
79

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

c) Switch all communications to social media platforms


d) Disable multi-factor authentication (MFA)

(2 marks)

37. What is the main purpose of a Security Information and Event Management (SIEM) system?

a) Monitor and analyze security events in real-time


b) Improve cloud performance
c) Replace firewalls and antivirus software
d) Automate employee payroll processing

(1 mark)

38. Case-based Question:

A hospital recently migrated patient records to a cloud-based storage system but is now facing compliance chal-
lenges under HIPAA regulations. What should the hospital prioritize?
a) Implement strict access controls and encryption mechanisms
b) Store all records in a physical format instead
c) Disable all cloud services
d) Remove patient records older than five years

(2 marks)

39. Which of the following techniques is used in digital forensics to recover deleted files?

a) Data masking
b) Disk imaging
c) Tokenization
d) Firewall logging

(1 mark)

40. Case-based Question:

A manufacturing company relies on Industrial IoT (IIoT) devices for production monitoring. Recently, several de-
vices were compromised due to weak passwords. What should be the best approach to securing IIoT devices?
a) Enforce strong authentication and regular firmware updates
b) Disconnect IIoT devices from the internet
c) Replace IIoT devices with manual monitoring systems
d) Use the same password for all devices for easy management

(2 marks)

41. Which of the following best describes quantum cryptography?

a) Uses quantum mechanics to ensure secure communication


b) A method of breaking encryption using supercomputers
c) A technique to store data in a blockchain
d) A mathematical approach to predicting cyber threats
80

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

(1 mark)

42. Case-based Question:

A company offering cloud-based digital payment solutions faced a significant outage during peak hours. Which
cloud strategy should be adopted to ensure high availability?
a) Deploying multi-region redundancy and load balancing
b) Restricting transactions during peak hours
c) Reducing server capacity to cut costs
d) Using a single data center for all transactions

(2 marks)

43. What is the primary function of an Endpoint Detection and Response (EDR) solution?

a) Detect, investigate, and respond to endpoint threats


b) Block only external network traffic
c) Replace traditional antivirus solutions
d) Monitor employee internet usage

(1 mark)

44. Case-based Question:

An e-commerce company uses AI-driven recommendation engines for customer purchases. However, the AI model
has started showing biases against certain demographics. What should the company do?
a) Improve dataset diversity and retrain the AI model
b) Remove AI from the recommendation system
c) Stop collecting customer preference data
d) Use only rule-based recommendations

(2 marks)

45. What does "Tokenization" refer to in cybersecurity?

a) Replacing sensitive data with non-sensitive equivalents


b) Encrypting all data with a public key
c) Converting data into a blockchain ledger
d) Compressing large datasets for analysis

(1 mark)

46. Case-based Question:

A law firm handling highly confidential client documents wants to implement a secure collaboration system. What is
the most effective security measure?
a) Implementing end-to-end encryption with role-based access
b) Using personal email accounts for communication
c) Allowing employees to access files without authentication
d) Storing all documents in local hard drives without backups

(2 marks)
81

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

47. Which of the following security principles ensures that system actions are traceable to a specific user?

a) Integrity
b) Non-repudiation
c) Confidentiality
d) Availability

(1 mark)

48. Case-based Question:

A bank suffered from credential stuffing attacks where hackers used previously leaked passwords to access user
accounts. What measure should the bank implement to mitigate this risk?
a) Enforce Multi-Factor Authentication (MFA)
b) Disable password expiry policies
c) Encourage users to use weak passwords for easy recall
d) Remove login restrictions to allow smoother access

(2 marks)

49. What is the purpose of Identity and Access Management (IAM) in cybersecurity?

a) Manage user permissions and control access to systems


b) Encrypt all stored data
c) Detect malware in network traffic
d) Improve data compression

(1 mark)

50. Case-based Question:

A logistics company uses GPS tracking in its fleet management system. Recently, attackers tampered with location
data, causing operational disruptions. What countermeasure should be implemented?
a) Use encrypted GPS signals and anomaly detection
b) Remove GPS tracking from vehicles
c) Allow drivers to manually update locations
d) Store location data without security controls

(2 marks)

51. Which attack exploits vulnerabilities in poorly sanitized user input fields?

a) Cross-site Scripting (XSS)


b) DDoS Attack
c) Social Engineering
d) Insider Threat

(1 mark)

52. Case-based Question:


82

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

A multinational company is concerned about unauthorized data transfers via removable media. What security con-
trol should be implemented?
a) Restrict USB access with endpoint security controls
b) Ban employees from using computers
c) Use external hard drives for data storage instead
d) Allow unrestricted use of removable devices

(2 marks)

53. Which of the following is an example of a preventive security control?

a) Intrusion Detection System (IDS)


b) Multi-Factor Authentication (MFA)
c) Log Monitoring
d) Security Auditing

(1 mark)

54. Case-based Question:

A social media platform noticed increased account takeovers due to phishing attacks. What security measure
should be prioritized?
a) Implement domain-based email authentication (DMARC)
b) Disable user logins temporarily
c) Remove two-factor authentication (2FA)
d) Allow users to share login credentials

(2 marks)

55. What is the function of a honeypot in cybersecurity?

a) To deceive attackers and study their behavior


b) To encrypt sensitive business data
c) To protect against ransomware attacks
d) To monitor internet usage of employees

(1 mark)

56. Case-based Question:

A healthcare provider handling sensitive patient records wants to comply with HIPAA regulations. What security
measure is essential?
a) Implement strong encryption and audit controls
b) Store patient data on personal devices
c) Allow public access to patient records
d) Use third-party cloud storage without access control

(2 marks)

57. Which security mechanism ensures that only authorized users can modify data?
83

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

a) Availability
b) Authentication
c) Integrity
d) Non-repudiation

(1 mark)

58. Case-based Question:

A company using Software-as-a-Service (SaaS) platforms is worried about unauthorized API access. What security
approach should be taken?
a) Use API gateway with strong authentication controls
b) Disable API usage completely
c) Avoid using encryption for API requests
d) Share API keys publicly for easier access

(2 marks)

59. What is the main purpose of an Intrusion Prevention System (IPS)?

a) Detect and block suspicious activities in real-time


b) Log network activity for future analysis
c) Encrypt email communications
d) Improve system boot time

(1 mark)

60. Case-based Question:

A digital payment company is expanding to multiple countries, but different regions have varied data privacy laws.
What should the company do to ensure compliance?
a) Implement a global data protection framework based on regulatory requirements
b) Store all customer data in a single country
c) Avoid implementing data privacy policies
d) Use the same data handling approach for all regions

(2 marks)

61. Which of the following is an example of a symmetric encryption algorithm?

a) RSA
b) AES
c) ECC
d) SHA-256

(1 mark)

62. Case-based Question:

A government agency wants to implement a secure voting system using blockchain. What advantage does block-
chain provide in this case?
a) Immutable audit trail and transparent transactions
84

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

b) Easy manipulation of voting results


c) Reducing the need for encryption
d) Centralized control over votes

(2 marks)

63. What is the primary purpose of OAuth in API security?

a) Secure user authentication and authorization


b) Encrypt all web traffic
c) Detect and remove malware
d) Improve password strength

(1 mark)

64. Case-based Question:

A company deployed a new AI-driven threat detection system but is facing too many false positives. What should
be done to improve accuracy?
a) Retrain the AI model with diverse datasets
b) Disable threat detection for non-critical events
c) Allow employees to manually review every alert
d) Reduce logging to avoid processing large datasets

(2 marks)

65. What is the purpose of a Security Operations Center (SOC)?

a) Monitor and respond to security threats in real-time


b) Develop marketing strategies
c) Improve customer support response times
d) Automate HR processes

(1 mark)

66. Which of the following techniques is used in biometric authentication?

a) Retina scanning
b) SQL injection
c) Packet filtering
d) DDoS mitigation

(1 mark)

67. Case-based Question:

A multinational bank recently suffered a data breach when an employee unintentionally sent confidential customer
records via an unsecured email. What security control should the bank implement to prevent such incidents?
a) Data Loss Prevention (DLP) with content filtering
b) Use only printed copies for confidential data
c) Allow employees unrestricted access to all files
d) Remove encryption for easier access
85

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

(2 marks)

68. Which cybersecurity concept ensures that users are granted the minimum level of access needed to
perform their tasks?

a) Least Privilege Principle


b) Full Access Policy
c) Always-Connected Framework
d) Maximum Authentication Policy

(1 mark)

69. Case-based Question:

A hospital adopted cloud-based medical records but faced regulatory issues regarding patient data storage across
multiple locations. What should the hospital do to ensure compliance?
a) Implement geo-fencing to restrict data storage locations
b) Store patient records on personal devices
c) Disable encryption to improve processing speed
d) Allow unrestricted access to all employees

(2 marks)

70. What is the primary function of a Distributed Denial-of-Service (DDoS) attack?

a) Overwhelm a network or system to cause service disruption


b) Encrypt files and demand ransom for access
c) Exploit vulnerabilities in an SQL database
d) Intercept communications between two parties

(1 mark)

71. Case-based Question:

A retail company’s website was frequently targeted by credential stuffing attacks, where attackers used stolen
username-password combinations. What should the company implement to prevent such attacks?
a) Implement login throttling and Multi-Factor Authentication (MFA)
b) Remove password authentication entirely
c) Allow unlimited login attempts
d) Use the same passwords for all users

(2 marks)

72. What is the primary advantage of using a Security Information and Event Management (SIEM) system?

a) Provides real-time monitoring and threat detection


b) Eliminates the need for endpoint protection
c) Automates software development
d) Encrypts all stored data

(1 mark)
86

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

73. Case-based Question:

An e-commerce company noticed an increase in fake product reviews being submitted automatically by bots. What
is the best security measure to prevent this issue?
a) Implement CAPTCHA and bot detection techniques
b) Allow only verified users to submit reviews
c) Disable product reviews entirely
d) Require every user to submit a security deposit

(2 marks)

74. What is the role of penetration testing in cybersecurity?

a) Identify security weaknesses by simulating cyberattacks


b) Encrypt network traffic using SSL
c) Improve data storage efficiency
d) Detect insider threats through behavioral analysis

(1 mark)

75. Case-based Question:

A government agency is concerned about securing classified data from unauthorized external access. What cyber-
security measure should be prioritized?
a) Air-gapped networks with controlled physical access
b) Use cloud storage for classified data without encryption
c) Allow open internet access to all classified systems
d) Implement shared passwords for convenience

(2 marks)

76. What does the principle of "Segregation of Duties" in IT security aim to prevent?

a) Unauthorized access due to single-user control


b) Automated system updates
c) Full administrative privileges for all employees
d) Faster execution of critical tasks

(1 mark)

77. Case-based Question:

A cryptocurrency exchange suffered a major breach when attackers exploited weak API security controls. What
should the exchange do to mitigate such risks?
a) Implement strong authentication and API access controls
b) Remove API security to allow faster transactions
c) Allow anonymous access to all transactions
d) Store API keys in publicly accessible locations

(2 marks)
87

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

78. What is the primary function of a Secure Web Gateway (SWG)?

a) Protects web traffic by filtering and monitoring HTTP/S requests


b) Manages user permissions in cloud applications
c) Encrypts all emails sent within an organization
d) Optimizes internet speed for corporate networks

(1 mark)

79. Case-based Question:

A financial services company detected an ongoing ransomware attack encrypting files on multiple systems. What
should the company do immediately?
a) Isolate affected systems and activate the incident response plan
b) Pay the ransom to recover the encrypted files
c) Shut down all IT systems to prevent further encryption
d) Wait for the attackers to stop the attack on their own

(2 marks)

80. What is the key advantage of implementing Zero Trust Security?

a) Continuous verification of users and devices regardless of location


b) Eliminates the need for security monitoring
c) Allows unrestricted access to corporate systems
d) Reduces the need for encryption in data protection

(1 mark)

88

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12


SET – D PAPER-4: DIGITAL ECOSYSTEM AND CONTROLS

Answers

Q Answer Q Answer Q Answer Q Answer

1 b 2 b 3 b 4 b

5 b 6 c 7 b 8 b

9 b 10 c 11 a 12 b

13 b 14 b 15 a 16 a

17 a 18 a 19 c 20 a

21 c 22 a 23 b 24 a

25 b 26 a 27 d 28 a

29 b 30 a 31 b 32 a

33 a 34 a 35 b 36 a

37 a 38 a 39 b 40 a

41 a 42 a 43 a 44 a

45 a 46 a 47 b 48 a

49 a 50 a 51 a 52 a

53 b 54 a 55 a 56 a

57 c 58 a 59 a 60 a

61 b 62 a 63 a 64 a

65 a 66 a 67 a 68 a

69 a 70 a 71 a 72 a

73 a 74 a 75 a 76 a

77 a 78 a 79 a 80 a
89

Prepared by: Pradeep Kumar M LinkedIn:https://www.linkedin.com/in/pradeepkumar-m12

You might also like