File Content -
ISCA
ANALYSIS
March 18
2016
RTP NOVEMBER 2008 TO MAY 2016 + MOCK TEST PAPERS FROM 2010
TO 2015+ QUESTION PAPER FROM JUNE 2009 TO NOV-2015.
USEFUL FROM
MAY 2016
EXAMS.
ISCAGiridhar’sTM
CHAPTER-1 CONCEPTS OF GOVERNANCE AND MANAGEMENT OF INFORMATION
SYSTEMS(CGMIS)
1. Explain the key benefits of IT Governance achieved at highest level in an organization.(NOV-
2014(2M). Study material 1.5.3+asked in Nov 2015 exams
2. Write short notes on the following with reference to Governance Dimensions:study material 1.2
(i) Conformance or Corporate Governance Dimension(MTP O-14)
(ii) Performance or Business Governance Dimension
OR
Differentiate between Corporate Governance and Business Governance.(MTPO-15)
3. What do you understand by GEIT? Also explain its key benefits.(RTP N-14 + MTP M-15). Study
material 1.5.4
4. Explain the key functions of IT Steering Committee in brief(MTP F-15). Study material 1.7.2
5. Discuss the key management practices, which are required for aligning IT strategy with enterprise
strategy.(RTP M-15 + MAY 2015(EXAMS). Study material 1.8.4
6.‘The success of the process of ensuringbusiness value from use of IT can be measured by
evaluating the benefits realized from IT enabled investments and services portfolio and how
transparency of IT costs, benefits and risk is implemented’. Explain some of the key metrics, which
can be used forsuch evaluation.(RTP N-15) study material 1.8.5
7. Explain the following terms with reference to Information Systems
(i) Risk(RTP M-11+MTP S-15 + NOV 2014 ). Study material 1.9.3 +Sources of Risk(MTP S-15). Study
material 1.9.2
(ii) Threat(NOV 2014 (EXAMS)+RTP M-15+M-12
(iii) Vulnerability(RTP M-12+N-11+MTP S-15 + MAY 2015(EXAMS) + NOV 2014 (EXAMS). Study
material 1.9.3
(iv) Exposure(RTP M-12)
(v) Attack(RTP M-12+N-11+N-09)
(vi) Asset(RTP M-15)
8. Define the following terms:
(i) Likelihood(RTP M-12+N-11+N-09)
(ii) Countermeasure
(iii) Residual Risk(RTP N-09)
9. Briefly explain various risk management strategies.(MTP S-15 + MTP O-13 + MTP F-13+RTP N-14
GIVEN IN CASE LAW).+ study material 1.9.4
10. Describe key management practices for implementing risk management.(RTP N-14 + MTP M-15
+ MTP S-14 + MAY 2015(EXAMS). Study material 1.9.6
11. Discuss the five principles of COBIT 5 in brief.(RTP M-14 + MTP M-15 + MTP F-14 + May
2015(EXAMS) + study material 1.10.6
12. Discuss various categories of enablers under COBIT 5.(RTP N-15 + MTP O-14 + MTP A-14 + MTP
O-13 + MAY 2014(EXAMS).+ study material 1.10.8
13. Discuss the areas, which should be reviewed by internal auditors as a part of the review of
Governance, Risk and Compliance.(RTP N-14) (MOCK O-15) + study material 1.12.3
14. Discuss the key management practices for assessing and evaluating the system of internal
controls in an enterprise in detail.(RTP N-14) (MOCK S-15)+ study material 1.12.5
15. Describe the major benefits achieved through proper governance in an organization.
16. What are the key governance practices that are required to implement GEIT in an enterprise?
(MTP S-14). Study material 1.5.6
17. Discuss key management practices, which are needed to be implemented for evaluating
‘whether business value is derived from IT’in an organization.( study material-1.8.5).
18.‘COBIT 5 provides various management practices for ensuring compliance with external
compliances as relevant to the enterprise’. Explain these practices in brief.(MTP S-14 + NOV
2015(4M) + NOV 2014(6M).+ study material 1.11.2
19. Discuss some of the sample metrics for reviewing the process of evaluating and assessing
compliance with external laws & regulations and ITcompliances with internal policies.( study
material 1.11.3)
20. Write short notes on the following:
(i) Role of IT in enterprises(NOV2015(EXAMS) . study material 1.7
(ii) Integrating COBIT 5 with other frameworks(MOCK O-15) + study material 1.10.2
(iii) Sample areas of review for assessing and managing risks( study material 1.12.4).
(iv) Evaluating IT Governance Structure and Practices by Internal Auditors.(RTP M-16) + study
material 1.12.2)
21. Discuss different levels of managerial activity that are carried out in an enterprise.(RTP M-16) +
NOV 2015exams+ MTP F-15) study material 1.8
22. Discuss key benefits of COBIT 5 framework.(RTP M-16+N-13) + study material 1.10.4
23. Internal Controls as per COSO(RTP N-15 + NOV 2014 (EXAMS). Study material 1.6.2
24. Key governance practices for evaluating risk management(RTP M-15 + MTP O-14). Study
material 1.9.5.
25. Discuss COBIT and its components in brief.(RTP M-15) + study material 1.10.3
26. Discuss major benefits of Governance(RTP M-15 + NOV 2014 + 2015 (EXAMS). Study material
1.3.1
27. Need for enterprises to use COBIT-5(MTP F-15) + study material 1.10.1
28. Metrics of Risk Management.(NOV2015(exams) + study material 1.9.7
29.Strategic Planning(MTP F-15)(SM PG NO 1.14)
CHAPTER-2: INFORMATION SYSTEMSCONCEPT(ISC)
1. Define the following terms briefly:
(a) Abstract system(RTP M-15+N-10)
(b) Physical System(RTP M-15+N-10)
(c) Open System(RTPM-16+N-08)
(d) Closed System(RTPM-16+N-08)
(e) Deterministic System(RTP M-13+M-11+N-08)
(f) Probabilistic System(RTP M-13+M-11+N-08)
2. Discuss important characteristics of Computer based Information Systems in brief.(RTP N-15+M-
13+N-11)(Study Material 2.7)+asked in may-11 exams
3. What do you understand by TPS?Briefly discuss the key activities involved in a TPS.(RTP N-
14)(asked in may 14 exams)
4. What are the principal components of a TPS? Discuss in brief.(MTP M-12)
5. Explain basic features of a TPS in brief(RTP N-13+M-11)+MTP S-14 : asked in Nov-13
6. What do you understand by MIS? Discuss major characteristics of an effective MIS(RTP N-12+M-
12+N-09)+MTP F-13 + O-13 +M-15 : asked in Nov 2015+NOV 2013
7. Briefly discuss major misconceptions about MIS.(RTP N-14+N-13)+MTP O-15
8.‘There are various constraints, which come in the way of operating an MIS’. Explain any four such
constraints in brief.(RTP N-14+N-12+M-12+M-11) : asked in may 2012.
9. What are major limitations of MIS? Explain in brief.(RTP M-14+N-11+N-09)+MTP AUG-12+ MTP S-
13+ F-15 : asked in Nov 2012.
10. What is Decision Support System (DSS)? Explain the key characteristics of a DSS in brief.(RTP M-
14)+MTP S-13 : asked in may 2012+NOV 2008
11. What is EIS? Explain major characteristics of an EIS.(RTP N-15+N-14+M-14)(Study material pg no
2.25)+MTP AUG-12 + F-14 + M-15 :asked in Nov 2012+ may 2011
12.‘There is a practical set of principles to guide the design of measures and indicators to be
included in an EIS’. Explain those principles in brief.(RTP N-13+N-12+M-12+N-11)+MTP F-13+A-14
13. Discuss the difference betweenEIS and Traditional Information Systems.(asked in may 2013)
14. What is an Expert System?(MTP S-15)Discuss some of the business implications of Expert
Systems in brief.(RTP M-15+M-12+N-10)+MTP M-13 +O-13 (Study Material pg no 2.29)+ asked in
may 2011.
15.Describe the major benefits of Expert Systems in brief.(RTP M-14)+MTP M-12+F-14 + O-14) :
asked in Nov 2015+NOV 2010
16. Discuss some of the important implications/advantagesof Information Systems inbusiness(RTP
M-13+M-11)(or)‘In modern business perspective,information systems have far reaching effects for
smooth and efficient operations’. Discuss some of these important implications of information
systems in business.(Studymaterial pg no 2.35) : asked in may 2015+may 2010
17. What is Information? Briefly discuss its attributes.(RTP M-16+M-15+M-11+N-09)+MTP F-12 +S-
14 (Study material pg no 2.3(2.2.1)) : asked in Nov 2011.
18. What is DSS? Explain the components of a DSS in brief.(RTP N-09) ( STUDY MATERIAL PG NO
2.23)
19. Differentiate between DSS and Traditional MIS.
20.“A Decision Support System supports human decision-making process rather than providing a
means to replace it”. Justify the above statement by stating the characteristics of decision support
system.(MTP O-14)
21.“Decision support systems are widely used as part of an Organization’s Accounting Information
system”. Give examples to support this statement.(RTP N-15+N-09) (Study material pg no 2.24)
OrDiscuss various examples of DSS in Accounting.(MTP M-15+O-15(Only capital budgeting system)
22. Briefly describe five/threemajor characteristics of the types of information used in Executive
Decision making.(Asked in May 2010)
23. Write short notes on the following:
(i) Text Processing Systems(RTP M-11)
(ii) Components of Message Communication Systems(RTP N-10)(STUDY MATERIAL PG NO 2.14) +
asked in Nov 2012(ONLY ELECTRONIC MAIL)
(iii) Teleconferencing and Video-conferencing Systems
(iv)Role of information in business
24. Describe the main pre-requisites of a Management Information System, which makes it an
effective management tool.(RTP M-13)+MTP F-12 : asked in may 2014
25. Discuss major areas of Computer-based applications(RTP M-16) (study material 2.2.4-page no
2.8)
26. Discuss differentcomponentsof ERP (Enterprise Resource Planning) and its benefits.(Study
materialpg no 2.31)+MTP S-13 (RTP M-16+M-14+M-11) :asked in Nov 2015(only components)
27. Why do we need Expert Systems?(RTP M-15) +MTP O-14 (Study Material pg no 2.30) : asked in
Nov 2015
28. Discuss different types of Information Systems.(RTP M-15)+MTP S-14(Study material pg no 2.9)
29.What are the features of the Electronic Mail System?(RTP N-15 GIVEN IN CASE LAW)
30. Explain the major points for evaluation of effectives Management Information System
(MIS).(RTP N-15 GIVEN IN CASE LAW)
31. What are the types of operations into which the different office activities can be broadly grouped
under office automation systems?(RTP N-12)+ MTP O-14 (Study Material Pg no 2.12) : asked in
May 2015+ NOV 2010EXAMS
32.Discuss different levels of management activitiesin management planning andcontrol
hierarchy.(RTP N-10)(STUDY MATERIAL PG NO 2.38)
33.Describe the three levels of implementation of databases.(RTP N-10)+MTP M-13 (STUDY
MATERIAL PG NO 2.23)+ asked in Nov 2010exams
34.Explain any four benefits of Office Automation Systems.(MTP M-12).
35.Discuss Information System and its components. What are the activities carried out by
Information System in general?(MTP F-15).
36.Explicit and Tacit Knowledge(MTP S-15) study material PG NO 2.16.
37.Electronic Document Management System(MTP O-15)
38. Potential applications should possess to qualify for expert systemdevelopment. (Askedin
May2013)study material PG NO 2.31.
39.To operate Information Systems (IS) effectively and efficiently a business manager should have
following knowledge about it(asked in may 15 exams)
40.Discuss some IT tools that may prove to be crucial for the company’s business growth.(MTP O-
15)+asked in nov-14 exams
CHAPTER-3: Protection of InformationSystems(POIS)
1.Discuss various types of Information Security policesand their hierarchy.(RTP N-12+N-08)+MTP
M-15+(asked in nov-13+11exams)
2.What are the key components of a good security policy? Explain in brief(RTP N-08)(or)major
components of a good information security policy(RTP M-16+N-14+N-13+N-12)+MTP M-15+AUG-
12+F-12(or) State themajor points required to be stated by a good security policy.(RTP M-11)
(asked in NOV-2015 EXAMS+nov-13 exams+may-12 exams)
3.The Information Security Policy of an organization has been defined and documented as given
below:
“Our organization is committed to ensure Information Security through established goals and
principles. Responsibilities for implementing every aspect of specific applicable proprietary and
general principles, standards and compliance requirements have been defined. This is reviewed at
least once a year for continued suitability with regard to cost and technological changes.”
Discuss Information Security Policy and also identify the salient components that have not been
covered in the above policy.
4.Discuss five interrelated components of Internal Controls.(RTP N-14+N-11)+MTP S-14+A-14+asked
in nov-12 exams
5.What do you mean by Preventive Controls?(MTP M-15)+RTP N-09Explain with the help of
examples. Also discusstheir broad characteristics in brief.(RTP M-14)+MTP S-13
6.What do you mean by Corrective Controls?(RTP M-15+N-12+M-11)Explain with the help of
examples. Also discuss their broad characteristics in brief.(RTP N-13+N-12)+MTP O-13+F-13+AUG-
12(asked in may-15 exams)
7.Whatdo you understand by Financial Controls? Explain major financial control techniques in
brief.(RTP N-10)+MTP O-14+asked in may 14 exams
8.Whatdo you understand by Boundary Controls? Explain major Boundary Control techniques in
brief.(RTP M-16+N-14+M-12)+MTP F-15+M-13(asked in may-15+13exams about report)+ only
Cryptography(RTP M-15+M-14+N-13+N-12)
9.Brieflyexplain major update and report controls with reference to Database Controls in brief(RTP
M-14 ONLY REPORT)
10.Whatdo you understand by classification of Information? Explain different classifications of
Information.(or) As a member of IS Steering Committee, how do you classify the information for
better integrity and security.(asked in nov-15 exams)
11.Brieflyexplain major Data Integrity Policies.(RTP N-14+N-10)+MTP M-15+M-13+asked in nov-
14+10exams(or)once the information is classified onvariouslevels, the organization has to decide
about the implementation of different data integritycontrols. Do you agree? If yes, explain about
dataintegrityand its policies.
12.Writeshort notes on the following:
(I) TimeBomb(RTP N-11)+MTPA-14+O-13+M-13
(ii)LogicBomb(RTP N-11)+MTP A-14+O-13+M-13
(iii)Trojan(RTP M-13+N-14+M-14+M-13)
(iv)Worms(RTP N-12+N-11)
13.Whatdo you understand by Asynchronous Attacks? Explain various forms of Asynchronous
Attacks in brief.(RTP N-14+N-12)
14.Explainsome of the key ways to control remote and distributed data processing applications in
brief.(RTP M-14+M-13+N-11)+asked in may 15 exams
15.Discussthe three processes of Access Control Mechanism, when a user requests for resources.
16.Discuss Locks on Doors with respect to physical access controls in brief(RTP N-08).(or)Discuss
different means of controlling physical access in an organization.(RTP M-15+M-10)(SM PG NO 3.21)
17.Discuss major dimensions under which the impact of cyber frauds onenterprises can be viewed.
18.Discuss major techniques to commit cyber frauds in brief.(RTP M-16+M-15)+MTP S-14
19.Discuss any three Internetworking devices
20.Discuss major General Controls within an enterprise in brief.(RTP N-15-ONLY SHORT NOTE)
(i)Organizational Controls
(ii)Management Controls
(iii)Financial Controls
(iv)BCP (Business Continuity Planning) Controls
(v)Operating System Controls(asked only operating system security in nov-14 exams)
(i)major tasks
(ii)components
(iii)remedies
(vi)Data Management Controls
(i)Access Control
(ii)Backup Control(MTP F-15)
(vii)System Development Controls
(viii)Computer Centre Security and Controls
(i)Physical Security(or)Discuss the arrangements a company XYZ should emphasize in
order to tighten its Physical Security for protecting its IT assets(RTP N-15)
(ii)Software & Data Security
(iii)Data Communication Security
(ix)Internet and Intranet Controls
(x)Personal Computers Controls(security measures only asked in nov-14 exams)
21.Whatdo you mean by Detective Controls?(MTP S-14)+RTP M-11Explain with the help of
examples.(RTP M-12)Also describe their main characteristics in brief.(RTP M-12+M-11)+MTP F-14
22.DiscussApplication Controls and their categories in brief.
(i)Boundary Controls
(ii)Input Controls
(iii)Communication Controls
(iv)Processing Controls(ONLY DATA PROCESSINGCONTROLS–RTP M-11+N-10)+virtual memory
controls(RTP M-10)
(v)Database Controls
(vi)Output Controls(MTP S-14)+asked in may-13 exams
23.‘There are various general guidelines, with reference to ‘Segregation of Duties’, which may be
followed in addition with the concepts like, ‘maker should not be the checker’. Explain those
guidelines.
24.What is ‘Data Integrity’? Explain six categories of integrity controls in brief.
25.Explain some of the key logical access controls in detail with the help of suitable examples.(RTP
N-15)+only computer crime exposures(or)Crimes are committed by using computers and can
damage the reputation, morale and even the existence of an organisation’. What are the problems
do you think that any organization can face with the result of computer crimes?(RTPN-13+N-12+N-
11)+MTP O-14.(asked in nov-15 exams+may 14 exams)
26.Describemajor controls over environmental exposures.(RTP M-10)(or)Discuss different controls
for environmental Exposures.(MTP F-15)
27.What is Cyber Fraud? Differentiate between pure cyber frauds and cyber enabled frauds.
28.Explain major cyber-attacks reported by various agencies in recent years.
29.Discuss Managerial Controls and their categories in brief.(MTP S-15)
(i).Top Management and Information Systems Management Controls
(ii).Systems Development Management Controls(RTP N-15)
(iii).Programming Management Controls
(iv).Data Resource ManagementControls(RTP N-15)
(v).Quality Assurance Management Controls(RTPM-16)
(vi).Security Management Controls(RTP M-16)
(vii).Operations Management Controls
30.Write short notes on the following:
(i)Need for protection of Information Systems
(ii)Compensatorycontrols(MTP O-14)
(iii)BCP controls
(iv)Cyber Frauds
(v)TopologicalControls
(vi) Backup Controls
31 (combination question of 6+21) just differences(RTP M-16)
32.Impact of Technology on Internal Controls(RTP M-16)+MTP S-15+O-14(SM PG NO 3.11)+ only
Segregation of Duties(RTP M-15)
33.Discuss InformationSystem Security and its objectives.(RTP M-15+N-13+M-13+N-12+M-12+N-10)
(SM PG NO 3.3)(asked in may 14 exams)
34.Whatare the aspects that should be evaluated by an IS Auditor while reviewing the adequacy of
data security controls?(RTP N-11+N-10)(SM PG NO 3.73).+ MTP A-14+M-12
35.‘The objective of controls is to reduce or if possible, eliminate the causes of the exposure to
potential loss. Exposures are potential losses due to threats materializing. All exposures have
causes’. Discuss some categories of exposures in brief and also discuss some critical control
considerations in a computerized environment.(RTP M-11)(SM PG NO 3.9)(asked in nov-14 exams)
36.Describe various groups of management, comprised by security policy.(RTP N-10)(SM PG NO
3.6(3.4.3))
37.Differentiate between Physical AccessControls and Logical AccessControls.(MTP F-15)
38. Whatare the issues that should be covered by a security policy? Explain in brief.(RTP N-11)(or)
For appropriate implementation of information security at various levels, organizations require
security policies, which should cover various issues.’ What are these issues that should be covered
by a security policy? Explain in brief.(MTP A-14+AUG-12+MAR-13)(SM PG NO 3.6)(asked in may-13
exams)
39.‘Information systems can generate many direct and indirect risks. These risks lead toa gap
between the need to protect systems and the degree of protection applied’. What are the main
reasons of this gap?(RTP M-11+M-10)(sm pg no 3.2)
(Note:-For control over 3rdchapter please referGiridhar’sflow chart in caclubindia and it is divided
into 3 parts).
CHAPTER-4:BusinessContinuity Planning and Disaster Recovery
Planning(BCPDRP).
1.Discussthe objectives of Business Continuity planning.(RTP M-16+N-14)(or)what are the
objectives and goals of BCP?(MTP O-14+A-14)+RTP M-12+N-11+M-11+N-10+asked in nov-13+12
exams
2.Describethe methodology of developing a Business Continuity Plan. Also enumerate its eight
phases.(or)Discuss the different phases involved in the development of a Business Continuity
Plan.(or)Name the different phases of methodology for developinga BCP. What are the major
points on which a methodology mainly emphasizes upon?(RTP M-16+N-13+M-13+N-12+M-12+M-
11)+MTP S-14+O-13+F-13(asked in may 14 exams)
3.Whiledeveloping a Business Continuity Plan, what are the key tasks that should be covered in the
second phase ‘Vulnerability Assessment and General definition of Requirement’?(RTP N-14+N-
13+N-10)+MTP O-13+S-13+M-13
4.Whatare the major documents that shouldbe the part of a Business Continuity Management
system? Explain in brief.(or)Why documentation is required in Business Continuity Management
(BCM)? Whichdocuments are classified as being part of the BCM system?(RTP M-16)
5.Discussthe maintenance tasks undertaken in the development of a BCP in brief.(RTP N-14)
6.Brieflyexplain various types of system’s back-up for the system and data together.(OR)Explain
briefly data back-up techniques.(MTPF-12)(Or)Explain briefly various types of data back-ups(RTP
N-15)+MTP M-15+Discuss different types 0f back-up plans used in BCP?MTPS-14(asked in nov-14
exams+nov-11exams)
7. Explainbriefly the following terms with respect to business continuity and disaster recovery
planning.(or)various kinds of plans that need to bedesigned for BCM.(asked in nov-15 exams)
(I)Emergencyplan(RTP N-15+N-09)
(ii)RecoveryPlan(RTP M-16+N-15+M-13+N-11)+MTP F-15+asked in may-12 exams
(iii)Testplan(RTP N-14+N-13)
(iv)Backup plan.(MTP F-15)
(or)‘Different types of plans are used in BCP namely, EmergencyPlan, Back-up Plan, Recovery Plan,
and Test Plan’. Discuss recovery plan in brief.(RTP M-12)(or)differential backup technique in
detail.(RTP N-10)
8.Explainbriefly the following terms with respect to alternate processing facility arrangements in
business continuity and disaster recovery planning.(RTP M-13)+(asked in may-15 exams+may-11
exams)(or)discuss the various backup options considered by a security administrator when
arranging alternate processing facility.
(i)Cold site(RTP N-15+N-12+M-12+N-09)+MTP F-14
(ii)Hot site(RTP N-15+N-12+M-12+N-09)+MTP F-14
(iii)Warm site(RTP N-09)
9.A company has decided to outsource its recovery process to a third party site. What are the issues
that should be considered by the security administrators while drafting the contract?(ASKED IN
NOV-15+may-10EXAMS)(RTP N-15+N-14+M-13+M-11)+MTP M-12
10.Describe contents/componentsof a Disaster Recovery and Planning Document.(RTP N-08)(OR)
Discuss the major areas that form a part of Disaster Recovery Planning (DRP) Document.(RTP N-
15+M-14+N-10)+MTP O-15+asked in nov-11 exams
11.Explain theobjectives of performing BCP tests while developing a business continuity plan.(RTP
N-10)
12.Briefly explain the maintenance tasks undertaken in the development of a business continuity
plan.
13.What are the key aspects that should be verified during audit/self-assessment of an enterprise’
BCM program while reviewing BCM arrangements?(asked in may-15 exams)
14.Differentiate between Incremental Backup and Differential Backup(or)Differential Backup and
Full Backup(RTP N-14)(or)Incremental Backup and Mirror Backup(RTP M-13+M-10)(or)Full backup
and Incremental Backup(RTP N-12)(or)Differential Backup(RTP N-11)
15.Write short notes on the following:
(i)BCP Manual(MTP S-15)
(ii)Discussdifferent stages of Business Continuity Management (BCM) Process.(MTP F-15)(SM
PG NO 4.11)
(iii) Back-up Plan
(iv) BCM Maintenance
16.Differentiate between Cold Site and Hot Site.(RTP N-13)
17.Discuss Business Impact Analysis (BIA).(RTP M-16)
18.What is meant by Business Continuity Planning? Explain the areas covered byBusiness
Continuity.(RTP M-16+M-13+N-12+M-12+M-10)+asked in nov-10 exams
19.Explain the advantages of Business Continuity Management (BCM)(RTP N-15)
20.What are the objectives of Business Continuity Management (BCM) Policy?(MTP M-15)(SM PG
NO 4.4)(asked in nov-14 exams)
21. Whatare the tasks thatshould be undertaken in Business Impact Analysis? Explain in brief.(MTP
A-14+F-14+M-13+AUG-12)+RTP N-11+M-11(SM PG NO 4.14)(asked in may-13+nov-11+09exams
(or)In the development of a business continuity plan, there are total eight phases;Business Impact
Analysis is the third importantphase. Discuss various tasks which are to be undertaken in this
phase.(RTP N-10)
22.What do you understand by the term ‘Disaster’? What procedural plando you suggest for
disaster recovery?(MTP F-12)(SM PG NO4.24)
23.While auditing aDRP for information technology(IT) assets, what concerns are required to be
addressed?Briefly explain.(asked in may-14 exams)(sm pg no 4.27 point no XX)
24.What are the elements to be included in the methodology for the development of disaster
recovery/business resumption plan?.(asked in nov-12 exams)(sm pg no 4.25)
CHAPTER-5:Acquisition, Development and Implementation of
InformationSystems(ADIIS)
1.Discuss the key characteristics of Waterfall Model in brief. Also explain its major weaknesses(MTP
F-14+M-12)only weakness+(RTP N-13+N-12+M-12+N-10)
1A.‘Waterfall approach is oneof the popular approaches for system development’.Explain the basic
principles/key characteristics of this approach.(RTP M-13+M-11)(SM PG NO 5.9)
2.Briefly explainweaknessesPrototyping approach.(RTP M-14+M-11)+MTP S-13
3.Describe major strengths ofPrototyping model.(RTP N-14+M-11)+MTP F-12
3A.Discuss basic principles/Generic phasesof Prototyping Model in brief.(RTP M-12)(sm pg no
5.11)
4.Explain major strengths and weaknesses of Spiral model(RTP M-14)+RTP N-13(ONLY
WEAK)+asked in nov-10 exams(or)as a person in-charge of system developmentlife cycle, you are
assigned a job of developing a model for a new system, which combines the features of a
prototyping model and the waterfall model.Whichwill be the model of your choice and what are its
strengthsand weaknesses?.
4A.XYZ Ltd., primarilyengaged in games development is in the process of automation of its various
business processes. After considering all the relevant factors, the technical consultantof the
company recommended tofollow a combination of prototyping and waterfall model forthe project
implementation. Identify the model and explain its basic principles.(RTP M-13)+(MTP O-13+M-
13)(SM PG NO 5.15)
5.What do you understand by agile model of software development? Also explain its major
strengths(RTP M-16+N-14+M-13)+MTP O-14+AUG-12(asked in nov-14 +nov-13 exams)and
weaknesses in brief.(RTP M-13)+(MTP F-15+S-14)
6.State and briefly explain the stages of System Development Life Cycle (SDLC).(nov-15 exams)
7.The top management of company has decided to develop a computer information system for its
operations. Is itessential to conduct the feasibility study of system before implementing it? If
answer is yes, state the reasons. Also discuss three different angles through which feasibility study of
the system is to be conducted.(MTP S-15)
8.What are the possible advantages of SDLC from the perspective of IS Audit?(RTP N-14+N-13+N-
10)+MTP F-14+asked in nov-12+10exams
9.What are the major aspects that need to be kept in mind while eliciting information to delineate
scope?(or)‘While eliciting information to delineate to scope, what are the aspects that are needed
to be kept in mind during preliminary investigation of a project under SDLC’?(RTP N-13+N-12+N-
11+N-10)
10.Discuss in detail, how the analysis of present system is made by the system analyst?(or)A
Company is offering a wide range ofproducts and services to its customers. It relies heavily on its
existing information system to provide up to date information. The company wishes to enhance its
existing system. You being an information system auditor, suggest how the investigation of the
present information system should be conducted so that it can be further improved upon.(or)
discuss in brief the various functional areas to be studied by a system analyst for a detailed
investigation of the present system.(MTP AUG-12)+asked in nov-11+may-11exams
11.Explain two primary methods, which are used for the analysis of the scope of a project in
SDLC.(RTP N-15+N-14+M-13+N-12)+MTP O-14+asked in may-10 exams
12.Explain two primarymethods, which are used for the analysis of the scope of a project in
13.If you are the Project Manager of a Software Company with the responsibility for developing a
break-through product, combining state of the art hardware and software; will you opt for typing as
a process model for a product meant for the intensely competitive entertainment market?
14.Describe briefly four categories of major tools that are used for system development(or)Discuss
majorly used System Development Tools(RTP M-16)+ ONLY DATA FLOW DIAGRAM+Structured
English+Flowcharts(RTP N-15+N-14+N-09)
15.Bring out the reasons as to why organizations fail to achieve their Systems Development
Objectives?(RTP N-14+N-11+N-10)+MTP A-14+F-12(or)List down some notable issues because of
which an enterprise at times fails to achieve the objectives of the system development.(MTP F-15)
(or)It is observed that sometimes, organizations fail to achieve their systemsdevelopment
objectives. What may be the possible reasons for the same in your opinion? Give any five.(RTP N-
12)(asked in may-15 exams)
16.Discuss major characteristics of a good coded program in brief(RTP N-15+N-13+N-12+N-11+N-
10)+MTP S-14+asked in nov-12 exams
17.What is Unit Testing?Explain five categories of tests that a programmer typicallyperforms on a
program unit.(asked in NOV-15 Exams+MAY 15 EXAMS+nov-14exams)+MTP O-15+RTP M-13(or)
What is Unit Testing? Discuss its benefits and limitations.(RTP N-09)+asked in may-10 exams
18.Explain the following testing techniques:
(i)Black Box Testing(RTP N-14+N-13+N-08)+MTP O-14+Asked in N-09exams
(ii) White Box Testing(RTP N-14+N-13+M-13)+MTP O-14+AUG-12+asked in J-09 exams
(iii) Gray Box Testing(RTP N-13)
19.Explaindifferent changeover strategies used for conversion from old system to new
system.(ONLY PHASED(MTP AUG-12)+PILOT)(RTP N-15+N-12)
20.Discussbriefly, various activities that are involved for successful conversion with respect to a
computerized information system.(RTP N-12+N-10)+asked in may-13 exams
21.Explain corrective and adaptive maintenance in brief.(MTP A-14+O-13+M-13)+RTP N-11
22.What is waterfall model of system development? Also discuss its major strengths.(RTP M-12+N-
10)+asked in may 2014 exams only strengths.
23.What is Rapid Application Development? Discuss its strengths(RTP M-12)and weaknesses in
brief.(RTP N-11)
24.Agile methodology is one of the popular approaches of systemdevelopment. What are the
weaknesses of this methodology in your opinion?(RTP M-14)+MTP M-15(or)As per recent industry
trends, Agile methodology has become a good choice for software development community. There
is no doubt to say that it has various strengths aswell but on the other hand, it has certain
weaknesses too. Briefly explain the weaknesses of this methodology.MTPF-13+RTP M-13
24A.what is agile methodology? Explain its basic principles/featuresin brief.(RTP N-13+N-12)(SM PG
NO 5.18)
25.What do you understand by feasibility study? Explain various types of feasibility studies in
detail.(RTP N-14+M-14+N-08)(or)Differentiate between “Economic Feasibility” and “Operational
Feasibility”.(MTP M-15)(or)What issues would you like to raise during the technical feasibility of
new proposed system?(RTP M-13+N-12)+(MTP M-15)(SM PG NO 5.24)(asked in nov-13+J-09
exams)+Discuss various dimensions under which the phase feasibility study of SDLC is
evaluated.(MTP O-14+RTP N-11)+Operational Feasibility(MTP M-12+RTP N-13+N-12)+Technical
Feasibility(MTP F-12)+RTP M-12+N-09+Feasibility study of a system is accomplished under various
dimensions such as technical, financial, economical, operational, legal etc. Out of these, explain
technical feasibility in brief.(RTP N-12)+Economic Feasibility(RTP N-09)
26.System Analysts use various fact-finding techniques for determining the needs/ requirements of a
system to be developed. Explain these techniques in brief.(RTP M-14+N-11)+MTP S-14+A-14(ANY
TWO ONLY)+MTP O-13+AUG-12(or)Discussany two fact finding techniques with reference to
requirements phase of SDLC?
27.What do you understand by “Requirement analysis”?(RTP N-14)+MTP O-13+F-13What is the
significance of analyzing the present system and how is it carried out? Explain briefly.
28.What is SDLC? Explain the key activities performed in the Requirements Analysis phase.(RTP M-
16+N-14+M-14+M-13+M-12)+MTP O-13+F-13(or)‘Requirements Analysis phase includes a
thorough and detailed understanding of the current system, identificationsof the areas that need
modifications to solve the problem, the determination of user/managerial requirements and to have
fair idea about various systems development tools’. Briefly discuss the activities, which are
performed in this phase.(RTP M-11)+(asked in may-13+11exams)
29. Discuss the roles of the following with reference to SDLC:
(i) Steering Committee(OR)Mention different functions of steering Committee under SDLC(RTP N-
15+M-14)
(ii) System analyst(RTP M-14)+asked in nov-11 exams
(iii) Database Administrator(RTP M-14)+asked in nov-11 exams
(iv) IS auditor(RTP M-16+M-14)+asked in nov-11 exams
30.Discuss Final Acceptance Testing in brief.(RTP M-14+N-13+M-12)
31.Write short notes on the following:
(i) data dictionary(MTP O-13+F-13+F-12)+RTP N-13+asked in may-12+10exams
(ii) static testing
(iii) Regression Testing(asked in nov-10 exams)
(iv)system testing(RTP M-11)+asked in nov-13 exams
(v)Preventive Maintenance(MTP F-13)(or)Preventive and Perfective Maintenance(MTP M-12)
(vi)AdaptiveMaintenance(RTP M-14)+MTP S-13
Orhowcan ‘SystemMaintenance’ underSystem Development Life Cycle (SDLC) be categorized?OR
‘’maintaining the system is an important aspect of SDLC” considering this statement list out various
categories of system maintenance in SDLC.(RTP M-16)(RTP N-15+M-11)+asked in nov-10 exams
(vii)Strengths(RTP M-11)&Weaknesses of IncrementalModel(RTP M-16)(Or)forthe development
of software, various techniques/models are used e.g. waterfall, incremental, spiral etc; in which,
each has some strengths and some weaknesses. Discuss the weaknesses of the incremental
model.(RTP N-11)
(viii)Auditors’ involvement in development work
(ix)Parallel RunningImplementation(RTP M-14)
(x)Discuss Integration Testing and its types.(MTP F-15)+What is Integration testing? Explain
bottom-up and top-down integration.(RTP M-12)
32.Importantfactorsshould be considered by the system analyst while designing userinput
forms.(asked in nov-15 exams)
33.ProgramDebugging and Program Testing(RTP M-16)
34.Explain the various user related issues in achieving the system development
objectives.(RTP N-15)
35.According to youas an IS Auditor, what are the validation methods for approving the
vendors‟ proposals?(RTP N-15+N-14+M-14)(or)Large organizations would naturally tend to adopt a
sophisticated and objective approach to validate the vendor’s proposal’. What arethe validation
methods that may be used for this purpose?(RTP M-11)
36.With reference to the conversion from existing information system to a new system, explain the
file conversion in brief.(RTP M-14)+MTP F-14
37.The company appoints an Accountant forhis active involvement during the development work of
the proposed system. Discuss some of the aspects on which anaccountant can play a vital role
during proposed system’s development.(MTP S-15)(SM PG NO 5.7)(CONCEPT NO 5.3.3)
38.What do youunderstand by “System Development Methodology”?(MTP S-15)(SM PG NO 5.8)
39.Differentiate between Hardware Acquisition and Software Acquisition.(MTP M-15)(SM PG NO
5.45)
40.Management should establish acquisition standards that address the same security and
reliability issues as development standards. What are the issues that should be focused by
Acquisition standards?(RTP M-13+N-11+M-11)+(MTP O-13+F-13)(SM PG NO 5.44)
41.Describe major design principles with reference to SDLC in brief.(MTP M-13)(SM PG NO5.42)
42. CASEtools(MTP F-12)+RTP N-09
43.At the end of the analysis phase of SDLC, the system analyst prepares a document called
‘Systems Requirements Specifications (SRS)’. Briefly explain the contents of a SRS.(RTP N-10)(SM PG
NO 5.36)(asked in may-14 exams+nov-11 exams)(sm pg no 5.59)
44. Brieflyexplain about various categories of software maintenance used in system development
life cycle.(SDLC)(asked in may 2014 exams)
45.What are the majoractivities involved in design of database.(asked in may-12 exams)
CHAPTER-6:Auditing of InformationSystems(AIS)
1.Discuss the issues relating to the performance of evidence collection and understanding the
reliability of controls.(RTP N-14)+MTP M-15+(asked in may 2015 exams+nov-14 exams)
2.Explain the set of skills that is generally expected ofan IS auditor.(MTP A-14+F-13+AUG-12)+RTP
N-11+N-10+asked in nov-12 exams
3.Explain major types of IS Audits in brief.(or)Discuss the variouscategories of IS Audit?(MTP S-
14)+RTP N-10+asked in nov-12 exams)
4.Explain major stages of IS Audits in brief(or)The company appoints an auditor toconduct
audit of the existing Information System. What are the steps an auditor would follow to conduct
the audit of Information Systems?(MTP F-15)(or)Discuss in brief various steps involved in
information systems audit?(MTP O-14)(asked in may-15 exams+may-12)
5.An important task for the auditor as a part of his/her preliminary evaluation is to gain a good
understanding of the technology environment and related control issues. Explain major aspects that
should be considered in this exercise.(asked in may 2015 exams)
6.What are the key steps that can be followed for a risk-based approach to make an audit plan?
Explain in brief.
7.Write short notes on the following:
(i) Snapshots(RTP N-14)
(ii) AuditHooks(RTP N-14)
8.What do you understand by SCARFtechnique? Explain various types of information collected by
using SCARF technique in brief.(RTP N-12)OrDiscuss the System Control Audit Review File (SCARF)
technique used in the audit of Information Systems.(RTP M-16+N-15+N-14)+asked in may-13+11
exams
9.Describe major advantages of continuous audit techniques.(MTP S-15+M-15+S-14+A-14+S-
13+AUG-12+M-12)+RTP N-13+N-12+N-11(asked in nov-15+11exams+may 14+10exams)
10.Describe major disadvantages(asked in may 14+nov-11exams)and limitations of Continuous
Audit techniques.(RTP M-14+M-12)+MTP O-15+F-15+F-14+O-13+F-13
11.Explainthree major ways by which audit trails can be used to support security objectives.(OR)
What objectives are achieved when audit trails are maintained?(RTP M-11)(MTP S-15+M-15+S-14)
(SM PG NO 6.22)+asked in nov-11+may-10exams
12.Discuss major audit issues of operational layer withreference to application security audit.
13.What are the factors that influence an organization towards controls and audit ofcomputers?
(asked in nov-15 exams)
14.Discuss the points relating to ‘Legal Considerations and Audit Standards’ to be considered by an IS
auditor as a part of his/her preliminary review.(or)Being an IS Auditor, what are the critical factors
that you will consider as a part of your preliminary review which are going to be critical for your
effective audit review?(MTP S-15)
15.Discuss Integrated Test Facility (ITF) technique of continuous audit in detail with the help of
examples.(asked in nov-13 exams)
16.Describe major tasks performed by an Operating System in brief.(MTP O-14)(asked in may-15
exams)
17.What are the major aspects that should be thoroughlyexamined by an IS Auditor during the audit
of Environmental Controls? Explain in brief.(or)An enterprise ABC plans to conduct audit in its
enterprise. List down some points for audit of Environmental controls that an auditor would
consider in his/her checklist while conducting the audit.(or)As an IS auditor, What are the
environmental controls verified by you, while conducting physical inspections.(MTP F-15)(asked in
nov-15 exams)(SM PG NO 6.24)
18.Discuss major audit issuesof Tactical Layer with reference to Application Security Audit.
19.Write short notes on the following:
(i)Basic Plan with reference to IS Audit
(ii) Continuous Audit
(iii)Continuous and Intermittent Simulation (CIS) technique
(iv)Strategic Layer with reference to application security audit.
20.Functions of IS Auditor(RTP M-11) +(asked in nov-15 exams+NOV 2014 EXAMS)
21.Discuss the Accounting and Operations Audit Trails with respect to Communication
Controls.(RTP N-15)
22.Inherent Risk and Detection Risk(RTP N-15)
23.Differentiate between Control Risk and Detection Risk.(MTP F-15)
24.Discuss the impact of information systems audit on organizations(or)Factors influencing an
organization toward controls and audit of computers and the impact of the information systems
audit function on organizations(MTP O-14+A-14)(sm pg no 6.2)(Only objectives askedasked in nov-
2015 exams)
CHAPTER-7:Information Technology Regulatory Issues(ITRI)
1. Explain the objectives of the Information Technology Act 2000.(RTPN-14)(asked in may 2012
exams)
2.Explain ‘Authentication of Electronic Records’ with reference to Section 3 of Information
Technology Act 2000.(Or)howdoes the Information Technology Act 2000 enable the authentication
of records using digital signatures?(Or)To ensure that no unauthorized disclosure of the
information will be made, proper authentication mechanism needs to be implemented. How
Information Technology (Amendment) Act 2008 addresses this issue with reference to its Section 3?
(RTP M-13+N-11)+MTP M-15+F-14+AUG-12+F-12+(asked in nov-13+N-09exams+may 2011
exams)
3.Discuss the main provisions provided in Information Technology Act 2000 to facilitate e-
Governance.
4.Discuss the ‘Use of Electronic Records in Government and its agencies’ in the light ofSection 6 of
Information Technology Act 2000.(RTP N-14+M-14+M-11)
5.Describe the ‘Power to make rules by Central Government in respect of Electronic Signature’ in the
light of Section 10 of Information Technology Act 2000.(RTP M-16+M-14+N-13)(ASKED INNov-15
EXAMS+May 2012exams)
6.Describe the ‘Tampering with Computer Source Documents’ in the light of Section 65 of
Information Technology Act 2000.(OR)‘Tampering with Computer Source Documents’ is a common
threat for automated business modules. HowInformation Technology (Amendment) Act 2008
addresses this issue with reference to its Section 65?(RTP M-14)
7.Discuss ‘Punishment for sending offensive messages through communication service etc.’ in the
light of Section 66A of Information Technology Act2000.(RTP M-15+N-14+N-10)+asked inmay-13
exams
As per the decision of theSupreme Courtdated 24.03.2015; Section 66A of Information Technology
Act, 2000 (Punishment for sending offensive messages through communication service, etc.) has
been declaredUnconstitutionalas itis violative of Article 19(1)(a) related to freedom of speech
and expressions. Now comments on social networking sites will not be offensive unless they come
under the provisions of the Indian Penal Code, 1860.
8.Discuss ‘Power of the Controller to givedirections’ under Section 68 of Information Technology Act
2000.(RTP M-15+N-13)
9.Discuss ‘Power to issue directions for interception or monitoring or decryption of any information
in any computer resource’ under Section 69 of Information Technology Act 2000.
10.Discuss ‘Penalty for publishing Electronic Signature Certificate false in certain particulars’ under
Section 73 of Information Technology Act 2000.
11.What is the vision of National Cyber Security Policy 2013? Also explain its major objectives.
12.Discuss PDCA cyclic process under ISO27001.(MTPO-15+M-15+S-14)+asked in nov-14 exams)
13.Write a short note on ‘Service Strategy’ of IT Infrastructure Library (ITIL) framework. (Or) Discuss
Information Technology Infrastructure Library (ITIL) Service Lifecycle.(RTP N-15)(asked in nov-15
exams).+only library (asked in may-12 exams)
14.What are the major provisions on ‘Retention of Electronic Records’ with reference to Information
Technology Act 2000? Explain in brief.(RTP M-15)+MTP S-15+F-15+O-13+F-13+asked in may 2012
exams+may 2011 exams.
15.Briefly explain the following with respect to the Information Technology Act 2000:
(i) [Section 66B] Punishment for dishonestly receiving stolen computer resource or communication
device(RTP M-15+N-14)+asked in may-13 exams
(ii) [Section 66C] Punishment for identity theft
(iii) [Section 66D] Punishment for cheating by personation by using computer resource
(iv) [Section 66E] Punishment for violation of privacy(RTP N-14)+asked in may-13 exams
(v) [Section 66F] Punishment for cyberterrorism(RTP M-14)(asked in may-15 exams)
16.Explainthe ‘Power to issue directions for blocking public access of any information through any
computer resource’ under Section 69A of the Information Technology Act 2000.(RTP N-15)+MTP O-
15
17.Explain the ‘Power to authorize to monitor and collect traffic dataor information through any
computer resource for Cyber Security’ with reference to Section 69B of the Information Technology
Act 2000.(RTP M-12+M-11)+MTP AUG-12
18.Write short notes on the following:
(i) [Section 4] Legal Recognition of Electronic Records
(ii) [Section 5] Legal Recognition of Electronic Signature
19.Write short notes on the following:
(i) System Controls with reference to the requirement of RBI/IRDAfor System Control and Audit
(ii)Requirements of SEBI for System Controls & Audit(asked in nov-14 exams)(sm pg no 7.33)
(iii) Auditor Selection Norms with reference to the requirement of SEBI for System Control andaudit
(RTP N-15)(asked in may-15 exams)
20. DiscussITIL Framework.(RTP M-14–ONLY SERVICE OPERATION)+MTP S-15+ (MTP F-14Service
TransitionONLY).+SERVICE DESIGN (MTP S-13)
21.Discuss the guidelines recommended by Securities and Exchange Board of India (SEBI) to conduct
audit of systems.(RTP M-16)
22.To retain their electronic records for specified period, what are the conditions laid down by
Section 7, Chapter III of Information Technology Act, 2000?(RTP N-15+N-13+M-13+N-12+M-
11)+MTP O-14+F-12(asked in may-14exams+ may2010 exams)
23.Explain the penalty for failure to furnish information return under Section 44 of IT Act,
2000.(RTP N-15)
24.Whatare the powers of a Police Officer under the Information Technology (Amendment) Act,
2008 to enter and searchetc. (SECTION 80)?(RTP M-15+N-14+M-10)
25.Describe ‘Recognition of Foreign Certifying Authorities’ in the light of Section 19of Information
Technology (Amendment) Act, 2008.(RTP M-14+M-12+N-11)+ MTP F-14+M-12+asked in may 13
exams.
26.Describe ‘Secure Electronic Signature’ in the light of Section 15 of Information Technology
(Amendment) Act, 2008.(RTP N-13+M-11)+asked in nov 2010 exams
27.Discuss the ‘Acceptance of Digital Signature Certificate’ under Section 41 of Information
Technology (Amendment) Act, 2008.(RTP N-13+N-12)+MTP M-12+asked in nov-2010 exams
28.Discuss the major functions, which may be performed by the Controller of CertifyingAuthorities
under Section 18 of Information Technology (Amendment) Act, 2008.(RTP M-13)+(asked in nov-13
exams)
29.Power of State Government to make rules in the light of Section 90 of InformationTechnology
(Amendment) Act, 2008.(RTP M-13+N-11)+MTP M-13
30.Discuss the Duties of Certifying Authorities under Section 30 of the Information Technology
(Amendment) Act 2008 to facilitate e-Governance.(RTP N-12+M-12+M-11+N-08)+MTP M-13+asked
in nov-12+may-11exams.
31.Discuss the composition of a Cyber Appellate Tribunal under Section 49 of Information
Technology (Amendment) Act, 2008.(RTP N-12)
32.What is the procedure to apply for a license to issue electronic signature certificates, under
Section 22, Information Technology (Amendment) Act, 2008?(RTP N-12)+MTP O-13+F-13+asked in
may-13 exams+nov 2010 exams)
33.Discuss the Electronic Signature under Section 3A of Information Technology(Amendment) Act,
2008.(RTP M-12)
34.Describe “license to issue electronic signature certificates” with respect to the Section 21 of
Information Technology (Amendment) Act, 2008.(RTP N-11)
35.Discuss “Appeal to Cyber Regulations Appellate Tribunal” under Section 57 of Information
Technology (Amendment) Act, 2008(RTP N-11)+MTP A-14
36.Define the following terms with respect to Information Technology (Amendment) Act, 2008:
(i)Access(RTP M-11)
(ii)AppropriateGovernment(RTP M-11)
(iii)ComputerNetwork(RTP M-11+N-10)
(iv)SecureSystem(RTP M-11)
(v)ElectronicSignature(RTP N-10+M-10+N-08)
(vi)Electronic SignatureCertificate(RTP N-10+M-10)
(vii)Intermediary+ chapter-XII(RTP N-10)(asked in may-15 exams+ may 14 exams)
(viii)Computer SourceCode(RTP N-10)
(ix)Electronicform(RTP N-08)+asked in may 2010 exams
(x)Keypair(RTP N-08)
(xi)Asymmetric cryptosystem(RTP N-08)+asked inmay 2010 exams
(xii)Adjudicating officer.(RTP N-08)
37.Discuss the Delivery of Services by Service Provider with respect to the Section 6A of Information
Technology (Amendment) Act, 2008.(RTP N-10)
38.Discuss National nodal agency with respect to theSection 70A of Information Technology
(Amendment) Act, 2008.(RTP N-10)
39.Explain the power of Controller to make regulations under Section 89 of the Information
Technology (Amended) Act 2008.(RTP M-10)
40.Briefly explain the Punishment forpublishing or transmitting of material containing sexually
explicit act, etc. in electronic form as per Section 67 A of the Information Technology
(Amended) Act 2008.(RTP M-10)
41.Discuss ‘Publication of rules, regulation etc. in Electronic Gazette’ with reference to Section 8
under Information Technology (Amendment) Act 2008.(MTP F-14)
42. In informationTechnology (Amended) Act2008, what do section 25 and 26 say about suspension
of licence to issue electronic signature certificate.(asked in nov-12 exams)
43. Constitution of CRAC u/s 88.(asked in nov-12 exams+nov-11exams)
44.SA 402(MTP O-14)
CHPATER-8: EmergingTechnologies(ET)(ADDED FROM NOV-14
EXAMS)
1.What is Cloud Computing? Explain some pertinent similarities and differencesbetween Cloud and
Grid computing.(RTP N-15)+MTP S-15
2.Discuss the major goals of Cloud Computing in brief.OR pertinent objectives in order to achieve
the goals of cloud computing.(RTP N-14)(MTP S-14)(Askedin nov-14 exams)
3.Describe Front end and Backend architecture with reference to Cloud Computing.(RTP M-15)
4.What do you understand by Public cloud? Also discuss its major advantages in brief.(RTP N-14)
5.What is Private cloud? Also explain its major advantages in brief.
6.Explain the following withreference to cloud computing:
(I)Infrastructure as a Service (IaaS)(MTP M-15)
(II)Platform as a Service (PaaS)(RTP M-15) + (MTP O-14)
(III)Software as a Service (SaaS)(RTP M-15)
(iv)Network as a Service (NaaS)
(v) Communication as a Service (CaaS).
7.Explain, in brief, the characteristics of CloudComputing(MTP F-15)
8.Briefly discuss the advantages of Cloud Computing.(MTP O-14)(Askedin nov-15 exams)
9.Discuss any fivechallenges to Cloud Computing in brief.(RTP N-14)(Askedin may-15 exams)
10.Explain some of the tangible benefits of mobile computing.(MTP S-14+M-15+O-15)
11.Write short notes on the following:
(i) Hybrid Cloud
(ii) Mobile Computing
(iii)BYOD(MTP S-15)
(iv) Web 2.0
(v) Green ITbestpractices(MTP O-15) (asked in may15 exams)
12.‘The work habits of computer users and businesses can be modified to minimize adverse impact
on the global environment’. Discuss some of such steps, which can be followed for Green IT.(Or)
what are your recommendations for efficient use of computer and IT resources to achieve the
objectives of ‘Green Computing’?(RTP N-14)+ (MTP F-15)(asked in nov-14 exams)
13.Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) are two of the three main
categories of cloud computing. What's thethird category? Explain in brief.
14.Explain Web 2.0 with their applications.
15.ExplainMobile Computingand BYOD with an example.
16. What is Green Computing? Discuss security issues of Green computing in brief.
17.If you consider Web 2.0 as anideal platform for implementing and helping social networks
to grow, what are the major components of Web 2.0?(RTP N-15)
18.What are the emerging threats under “Bring Your Own Device (BYOD)?(RTP M-16)+MTP S-15)
(asked in nov-15 exams)(or)if theemployees of the company are allowed to use personal devices
such as laptop, smart phones, tablets etc.to connect and access the data, what could be the security
risks involved? Classify and elaborate such risks.
19.Life Cycle of SocialNetworks(MTP S-15)
20.Discussthe issues ‘Threshold Policy’ and ‘Interoperability’ in Cloud Computing.(MTP O-15)
KEY TERMS:
MTP = MOCK TEST PAPER
O=OCTOBER
A=APRIL
F=FEB
S=SEP
AUG=AUGUST
RTP = REVISION TEST PAPER
M=MAY N=NOVEMBER
5
CAclubindia
