SPOM SET D

SPOM SET D P4
Digital Ecosystem and Controls

ALL THE BEST!!

AFTER YOUR EXAMS, PLEASE SHARE YOUR REVIEWS AND RESULTS WITH US!

CA Nand Jha
Visit YouTube & Join Telegram
P4 SET D: Digital Ecosystem and Controls

SPOM SET D P4 MCQ

Digital Ecosystem and Controls
1. Which of the following is not a benefit of IT governance?
A. Opportunity in internal audit
B. Optimal utilization of IT resources
C. Enhanced satisfaction level of users with IT services
D. Better cost performance of IT

2. Which of the following can NOT be considered as key governance practices of governance
of enterprise IT?
A. Evaluate the governance system
B. Create new governance system
C. Direct the governance system
D. Monitor the governance system

3. Which of the following is NOT considered a key function of the IT steering committee?
A. Establish the size and scope of IT functions.
B. Review the status of IS plans and budget and overall IT performance.
C. Report the board of directors on IT activity on a regular basis.
D. Providing stability and overcoming any limitation of organizational structures.

4. Which of the following is NOT a misconception about COBIT?

A. Not a full description of the whole IT environment
B. Not a framework to organize business processes
C. Does not make any IT-related decision
D. Does not make any HR-related decision

5. Which of the following will NOT be considered a component of a governance system as per
COBIT?
A. Organization structure
B. Principle policy procedure
C. Processes
D. Deployment management

6. As per the policy of a company, every application should have a unique user ID and two-
factor authentication. This is an example of the following practices of the Information
Technology Infrastructure Library:
A. Architecture Management
B. Information Security Management
C. Portfolio Management
D. Knowledge Management

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

7. Which of the following will not be considered as assets in case a company is planning to
implement a GRC?
A. Customer Data
B. SAP Software
C. Microsoft License
D. Investment Detail of Employees

8. A company is using a pirated license of a software on a few machines in its office. This risk
can be classified as:
A. Control risk
B. Compliant risk
C. Opportunity risk
D. Hazard risk

9. A company has given AMC to a vendor to resolve all complaints related to hardware and
other devices. This is an example of which type of management strategy?
A. Tolerate Risk
B. Terminate Risk
C. Transfer Risk
D. Treat Risk

10. In which type of malicious attack does one user or computer pretend to be another user or
computer?
A. Phishing
B. Mass Guiding
C. Masquerading Attack
D. Replay Attack

11. Which of the following is not true for an internal control system?
A. Facilitates the effectiveness of operations
B. Assists compliance with applicable law
C. Assists the interconnectivity with vendors
D. Helps safeguarding the assets of the entity

12. Which of the following is not a benefit of implementing ERM in an organization?

A. Aligning Risk, Appetite, and Strategy
B. Providing Absolute Assurance on Risk Outcome
C. Enhancing Risk Response Decision
D. Lessening Operational Surprises and Losses

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

13. In COSO ERM framework, what does the control environment component
represent?
A. The foundation for risk and control perspective based on value analytics.
B. The process of setting a specific business objective
C. Identifying potential events impacting the business
D. Monitoring the outcome of risk management strategy

14. In the PIML cycle, what is the primary objective of the Implement phase?
A. Getting board approval
B. Establishing standard and checking existing controls
C. Identifying intended benefits of the tools
D. Monitoring risk performance indicators

15. Which of the following is the main objective of an information system?

A. To secure data from cyber threats
B. To convert data into meaningful information
C. To provide network infrastructure
D. To monitor system performance

16. What is the primary function of an information security policy?

A. To define rules for secure access to information assets
B. To upgrade system hardware periodically
C. To develop marketing strategy for IT services
D. To train the employee in software programming

17. Which of the following is not a method of validating the proposal of vendors?
A. Checklist
B. Point Scoring Analysis
C. Public Evaluation Report
D. Copyright Violations

18. Which model of system development methodology is used to develop a small or pilot
version of part or all of a system?
A. Prototype Model
B. Incremental Model
C. Waterfall Model
D. Agile Model

19. Which of the following system development methodologies is focused on quick

development and delivery?
A. Spiral Model
B. Rapid Application Model
C. Waterfall Model
D. Agile Model

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

20. Installation of firewalls in the system of an office is an example of which type of control?
A. Preventive Control
B. Detective Control
C. Directive Control
D. Corrective Control

21. Job Scheduling is an example of which type of control?

A. Operating System Access Control
B. Physical Access Control
C. Network Access Control
D. Environmental Control

22. Which of the following is not part of the Application Control Framework?
A. Boundary Control
B. Communication Control
C. Operation Management Control
D. Processing Control

23. Which of the following best describes the primary function of a business intelligence tool?
A. Designing software for customer relationship management system
B. Collecting, processing, and analysing large amounts of data from various sources to aid in
decision-making
C. Developing enterprise resource planning application for business efficiency
D. Creating social media posts and email campaigns for marketing purposes

24. Which chart type in Power BI helps visualize data proportions and is especially useful for
displaying the components that make up a total value?
A. Bar Charts
B. Line Charts
C. Doughnut Charts
D. Column Charts

25. Which is most accurate about AI?

A. AI is solely about creating machines with human-like consciousness
B. AI's primary goal is to develop systems that can only store information
C. AI advancements help in transforming various industries and enabling machines to
perform tasks requiring human intelligence
D. AI is limited to simple automation tasks like turning on a light in a room

26. Which of the following statements best describes a blockchain?

A. It is a centralized system for securely storing data that can be easily modified when
required.
B. It is a digital ledger that relies on trusted third parties for transaction verification and
settlement.
C. It is a shared, decentralized, and append-only ledger for recording transactions globally
without intermediaries.
D. It is a private database for storing confidential data restricted to specific users only.

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

27. Which of the following is true about Cloud Computing?

A. Cloud computing relies solely on a single physical device for storage and processing.
B. It allows the use of application services and data storage by the Internet without the need for
direct management of underlying infrastructure.
C. Cloud computing exclusively provides free services like email and file storage.
D. Cloud computing is a network protocol used to connect personal computers.

28. Which of the following statements accurately describes Big Data?

A. Big Data refers to any type of data stored in a traditional database.
B. Big Data involves large, complex datasets that traditional data processing tools struggle to
handle.
C. Big Data exclusively consists of social media and government documentation data.
D. Big Data is characterized by 3V: high volume, high validation, and high variety.

29. Which of the following is a core characteristic of Artificial Intelligence (AI) in

transforming industries?
A. AI is focused solely on automating manual tasks with basic rules.
B. AI systems rely on hard-coded instructions to solve problems.
C. AI enables machines to learn, adapt, and make intelligent decisions based on data.
D. AI requires human intervention for every task it performs.

30. What is the primary objective of a firewall in an information system?

A. To allow unrestricted access to all network resources.
B. To detect and repair malicious software in the system.
C. To prevent unauthorized access to or from a private network by monitoring and controlling
incoming and outgoing traffic.
D. To enhance the speed and performance of the network by compressing data.

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

IMPORTANT MCQs

1. Which of the following domains of COBIT 5 covers areas such as operational delivery
and support of IT services, including security within the IT system?
(A) Align, Plan and Organize
(B) Build, Acquire and Implement
(C) Deliver, Service and Support
(D) Monitor, Evaluate and Assess

2. Which of the following domains of COBIT 5 addresses the overall organization, strategy
and supporting IT related activities within the IT system?
(A) Align, Plan and Organize
(B) Build, Acquire and Implement
(C) Deliver, Service and Support
(D) Monitor, Evaluate and Assess

3. A governance system typically refers to all the means and mechanisms that will
enable_________in an enterprise to have an organized mechanism to satisfy specific
enterprise objectives.
(A) Multiple stakeholders
(B) Several processes
(C) Intrinsic goals
(D) Numerous products

4. Which of the following IT processes contained in the Deliver, Service and Support
domain of COBIT manages the operations?
(A) DSS02
(B) DSS03
(C) DSS94
(D) DSS01

5. COBIT is a framework for the _______ and ________ of information and technology
aimed at the whole enterprise.
(A) governance, management
(B) support, services
(C) monitoring, management
(D) governance, support

6. The objective of Internal Control is to enable an organization to manage its challenges or

disruptions seamlessly. Identify which of the following is not an objective of Internal
Control.
(A) Compliance with applicable laws and regulations
(B) Meeting sales targets
(C) Reliability of internal and external financial reporting
(D) Effectiveness and efficiency of operations

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

7. When DXN Ltd. decided to adopt automation to support its critical business processes, it
exposed itself to a number of risks. One risk that the automated process could lead to a
breakdown in internal processes, people, and systems is a type of _____.
(A) Operational Risk
(B) Financial Risk
(C) Strategic Risk
(D) Compliance Risk

8. A huge oil spill from an oil well run by ABC Petroleum, one of the largest oil companies
in the world, resulted in an assessed environmental damage of about USD 20 Billion. The
company spent an amount of USD 2 Billion on promotional ads informing the world that it is
an environment-friendly company. The promotional advertisements were done to prevent the
company from _________________ damage.
(A) Strategic
(B) Operational
(C) Financial
(D) Reputational

9. Risk Management enables an organization in various manner except one. Choose the
correct answer.
(A) to evaluate all risks at enterprise level
(B) monitor mitigation actions
(C) measure and manage the risk
(D) organizing the risk

10. Mr. X has set up his new business of manufacturing color pens. He is well aware of the
various kinds of risks involved in his business; however, he unintentionally violated some
industry regulations while setting up his business. Which category of the risk does this refer
to?
(A) Strategic
(B) Financial
(C) Compliance
(D) Operational

11. Enterprise Risk Management (ERM) framework consists of interrelated components that
are used to identify events that are relevant to the organization’s objective. Identify which of
the following is not a component of the ERM Framework.
(A) Internal environment
(B) Organization chart
(C) Objective setting
(D) Event identification

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

12. Mr. Anil is working with XYZ Company that is under the process of adopting Enterprise
Resource Management (ERM) framework. He prepared a list of policies and procedures that
need to be established and executed to ensure that the risk responses that management
selected are effectively carried out. Which component of ERM is referred here during this
activity?
(A) Risk Assessment
(B) Control Activities
(C) Information and Communication
(D) Monitoring

13. In COSO ERM Cube, _______ are the policies and procedures that are established and
executed to help ensure that the risk responses that management selected are effectively
carried out.
(A) Control Activities
(B) Risk Management
(C) Risk Response
(D) Objective Setting

14. Following are the benefits of integrating ERM throughout the organization. Choose the
odd one out.
(A) Increase positive outcomes and reduce negative surprises.
(B) Reduce performance variability and maximize disruption.
(C) Improve resource deployment and enhance resource allocation.
(D) Enhance enterprise resilience, not only to survive but allocation

15. Which of the following “Principles for Performance” provides the composite view of
risks that an organization faces relative to business objectives?
(A) Implementation of Risk Responses
(B) Development of Portfolio view
(C) Prioritization of Risk
(D) Formulation of Business Objective

16. ABC Ltd. carries out fire drills in its company every 6 months whereby a fire-like
situation is simulated, and the preparedness of the organization and its personnel for facing
disaster is verified. Under Business Continuity Management, which type of plan does this
refer to?
(A) Emergency Plan
(B) Test Plan
(C) Back-up Plan
(D) Recovery Plan

17. Which of the following documents is not classified as being part of the Business
Continuity Management System?
(A) The Risk Assessment Report
(B) Incident Log
(C) Local Authority Risk Register
(D) Performance Analysis Report

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

18. Which of the following does not form part of the Business Continuity Management
(BCM) cycle?
(A) Information Collection
(B) Development and Implementation
(C) Testing and Review
(D) Recruiting

19. Which of the following statements is incorrect?

(A) A Full Backup captures all files on the disk or within the folder selected for backup.
(B) The Mirror backup is clean and does not contain old and obsolete files.
(C) With differential backups, one full backup is done first and subsequent backup runs are
the changes made since the last full backup.
(D) Incremental Backup consumes the most storage space as compared to full and differential
backups.

20. ABC Ltd. has installed LHJ Backup system whereby the data is backed up almost every
second from the live environment to the backup drive. Which type of back-up has ABC Ltd.
implemented?
(A) Full Backup
(B) Incremental Backup
(C) Differential Backup
(D) Mirror Backup

21. Which of the following phase of System Development Life Cycle (SDLC) involves the
determination of user needs of the Proposed System?
(A) System Analysis
(B) System Planning
(C) System Designing
(D) System Implementation

22. The following are definitions of various Feasibility Study used in System Development
Life Cycle.
I. Is the solution viable financially?
II. Does the project provide Return on Investment?
III. How will the solution work?
IV. Is the solution permissible?
The term used for various dimensions of feasibility study is given below:
A. Legal Feasibility
B. Operational Feasibility
C. Economic Feasibility
D. Financial Feasibility
Choose the correct option from the following that determine the correct match.
(A) I-D, II-C, III-B, IV-A
(B) I-C, II-B, III-A, IV-D
(C) I-C, II-D, III-B, IV-A
(D) I-A, II-C, III-D, IV-B

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

23. In an organization, as most of the Information Systems require some modification after
development, the System Maintenance phase becomes one of the important aspects of SDLC.
There are different categories of Maintenance which are Scheduled, Adaptive, Corrective,
Rescue, Preventive, and Perfective. Which of the following statements is not correct about
these categories of Maintenance?
(A) Scheduled Maintenance is planned to ensure operational continuity and avoidance of
anticipated risks.
(B) Rescue Maintenance deals with undetected malfunctions that require immediate
troubleshooting solution.
(C) Adaptive Maintenance mainly deals with accommodating to the new or changed user
requirements and concerns functional enhancements to the system.
(D) Corrective Maintenance deals with fixing bugs in the code or defects found during the
executions.

24. ABC Ltd. is proposing to introduce the Fitness awareness amongst its employees by
gifting FitBit gadget to all employees and then giving targets for personal fitness. The
Management wants to evaluate the Feasibility of this initiative. Which dimension is tested
here?
(A) Technical Feasibility
(B) Economic Feasibility
(C) Operational Feasibility
(D) Behavioural Feasibility

25. Following are the different types of testing done during the System Testing phase of
Systems Development Life Cycle (SDLC).
(A) Regression Testing
(B) Integration Testing
(C) System Testing
(D) Unit Testing
The activities carried out under these Testing types are mentioned below:
(i) An activity of software testing in which individual software modules are combined and
tested as a group.
(ii) A process in which software and other system elements are tested as a whole.
(iii) Ensures that changes or corrections in the software have not introduced new faults.
(iv) To test if individual units of source code are fit for use.
Pick the correct match:
(B) (A) - (iii), (B) - (i), (C) - (ii), (D) – (iv)
(A) (A) - (i), (B) - (ii), (C) - (iii), (D) – (iv)
(C) (A) - (i), (B) - (iv), (C) - (ii), (D) – (iii)
(D) (A) - (iv), (B) - (ii), (C) - (i), (D) – (iii)

26. Which of the following is true about Spiral Model?

(A) It combines features of the prototyping model and waterfall model.
(B) It combines features of the prototyping model and RAD model.
(C) It combines features of the waterfall model and RAD model.
(D) It is intended for small and simple projects.

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

27. During System Acquisition in SDLC, the top management of an enterprise should
establish acquisition standards that address the security and reliability issues as per current
state-of-the-art development standards. Which of the following is not considered while
focusing on acquisition standards?
(A) Ensuring security, reliability, and functionality already built into a product.
(B) Ensuring managers’ complete reviews of appropriate vendor, contract, and licensing.
(C) Request for proposals soliciting bids when acquiring off-the-shelf or third-party software.
(D) To select the programming techniques and languages to be used for systems
development.

28. Softtech, a software development company, has clients in many fields like
pharmaceuticals, educational institutes, health industry, etc. The company follows an
approach to develop the software by releasing multiple versions, wherein the product is
decomposed into a number of components and each component is delivered to the client on
its completion. Identify the System development approach adopted by Softtech.
(A) The Waterfall Model
(B) The Prototyping Model
(C) The Spiral Model
(D) The Incremental Model

29. Amongst various System Development Methodologies, a software development model

that combines iterative and incremental methods is _______.
(A) Spiral
(B) Agile
(C) Prototype
(D) Rapid Application Development (RAD)

30. Which of the following is not a strength of RAD model?

(A) Possibility of quick initial review.
(B) Constant integration isolates problems and encourages customer feedback.
(C) Provides the ability to rapidly change system design as demanded by users.
(D) Enhances the risk avoidance.

31. Identify from the following controls of Information System that deals with framing of
high-level IT policies, procedures, and standards on a holistic view.
(A) Management Controls
(B) Environmental Controls
(C) Access Controls
(D) Physical Controls

32. Mr. Amit is an auditor of a company XYZ Ltd. While evaluating controls over ERP
systems, he had to audit the controls which were administered through the computer
centre/computer operations group and the built-in operating system controls. Which of the
following controls are referred here?
(A) Environmental Controls
(B) Application controls
(C) Management Controls
(D) Audit Controls

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha
P4 SET D: Digital Ecosystem and Controls

33. Mr. Y used duplicate keys to enter in the prohibited area zone of JKH Ltd. company and
stole some important documents of the company. Which of the following controls you think
has been compromised to make such an incident happen?
(A) Environmental Control
(B) Physical Access Control
(C) Network Access Control
(D) Logical Access Control

34. Output Controls are responsible to ensure that the data delivered to users will be
presented, formatted, and delivered in a consistent and secured manner. Which of the
following activity does not fall under the purview of Output Control?
(A) Spooling
(B) Report Distribution Control
(C) Asset Safeguarding
(D) Control over printing

35. The Quality Assurance Management controls involve various functions that ensure that
the development, implementation, operation, and maintenance of information systems
conform to quality standards. With such scope of the controls in mind, what do you think is
not true about Quality Assurance Management Controls?
(A) Auditors might use interviews, observations, and reviews of documentation to evaluate
how well Quality Assurance (QA) personnel perform their monitoring role.
(B) Auditors might evaluate how well QA personnel make recommendations for improved
standards or processes through interviews, observations, and reviews of documentation.
(C) Auditors can evaluate how well QA personnel undertake the reporting function and
training through interviews, observations, and reviews of documentation.
(D) Auditors check whether the organizations that have been audited have appropriate, high-
quality disaster recovery plan in place or not.

36. An IS Auditor is using an audit tool that involves embedding audit software modules
within a host application system to provide continuous monitoring of system’s transactions.
Which audit tool does this refer to?
(A) Audit hooks
(B) System Control Audit Review File (SCARF)
(C) Integrated Test Facility (ITF)
(D) Continuous and Intermittent Simulation (CIS)

37. In an organization ABC Ltd.; the adherence of policies, procedures and standards as
defined by the management are required to be followed. An accountant Mr. X, due to enmity,
misused his access rights and made changes in the credit points earned by the salesperson Mr.
A on every sale of his customer. During the audit, the auditor Mr. B suspected this
discrepancy and preferred to embed an audit software module into the accountant Mr. X’s
host application software to determine the frequency with which he had made the changes in
the credit points of Mr. A. Which of the following audit tool is used by Mr. B in this case?
(A) Integrated Test Facility (ITF)
(B) System Control Audit Review File (SCARF)
(C) Snapshots
(D) Audit Hooks

Visit YouTube Channel for More Join Telegram - @CANand Jha

CA Nand Jha