This Paper has 21 answerable questions with 0 answered.
Roll No……… | |
Total No. of Questions — 7] | [Total No. of Printed Pages — 3 |
Time Allowed : 3 Hours | Maximum Marks : 100 |
Answers to questions are to be given only in English except in the case of candidates who have opted for Hindi Medium. If a candidate has not opted for Hindi medium, his/her answers in Hindi will not be valued. |
Question No. 1 is compulsory. |
Answer any five Questions from the remaining six questions. |
Marks |
1. | ABC is a leading company in the manufacturing of food items. The company is in the process of automation of its various business processes. During this phase, technical consultant of the company bas highlighted the importance of information security and has suggested to introduce it right from the beginning. He has also suggested to perform the risk assessment activity and accordingly, to mitigate the assessed risk. For carrying out all these suggestions, various best practices have been followed by the company. In addition, after each activity, appropriate standards' compliances have been tested to check the quality of each process. Various policies related with business continuity planning and disaster recovery planning have been implemented to ensure three major expectations from the software, namely, resist, tolerate and recover. Read the above carefully and answer the following : (a) | What are the major suggestions given by the technical consultant ? How the company is implementing these suggestions ? | (b) | Discuss risk assessment with the help of risk analysis framework in brief. | (c) | Out of various types of plans used in business continuity planning, discuss recovery plan in brief. | (d) | What should be the major components of a good information security policy, as per your opinion ? |
| 5+5+ 5+5 | (0) |
2. | (a) | What do you understand by unauthorized intrusion? What is hacking and what damage can a hacker do ? | 6 | (0) |
| (b) | What are the guidelines to be followed before starting the implementation of an ERP package ? | 6 | (0) |
| (c) | Describe the power to make rules by Central Government in respect of Electronic Signature under Section 10 of Information Technology (Amended) Act 2008. | 4 | (0) |
3. | (a) | What are the tangible and intangible benefits that can result from the development of a computerized system ? | 6 | (0) |
| (b) | What is Decision Support System ? Discuss its characteristics in brief. | 6 | (0) |
| (c) | What are the major activities involved in the design of a database ? | 4 | (0) |
4. | (a) | What is IT Infrastructure Library ? Discuss the configuration management under ITIL framework. | 6 | (0) |
| (b) | List any six ERP vendors and describe the ERP packages offered by them. | 6 | (0) |
| (c) | Discuss the parameters that would help in planning a documentation process of IS audit. | 4 | (0) |
|
5. | (a) | What is a Virus? What policy and procedure controls can be recommended for ensuring control over virus proliferation and damage ? | 6 | (0) |
| (b) | How is the term 'Electronic Record' defined in IT (Amended) Act 2008 ? What is the provision given in the IT Act for the retention of Electronic Records? | 6 | (0) |
| (c) | Discuss the constraints in operating a MIS. | 4 | (0) |
6. | (a) | The unique nature of each LAN makes it difficult to define standard testing procedures to effectively perform a review. So, what information a Reviewer / IS Auditor should identify and understand prior to commencing a LAN review ? | 6 | (0) |
| (b) | As an IS Auditor, what are the steps to be followed by you while conducting IT auditing? | 6 | (0) |
| (c) | What are the two types of Service Auditor’s Reports under SAS 70? Describe the contents of each type of report. | 4 | (0) |
7. | Write short notes on any four of the following : | | |
| (a) | Data Dictionary | 4 | (0) |
| (b) | Risk Mitigation Measures | 4 | (0) |
| (c) | Software Process Maturity | 4 | (0) |
| (d) | Preventative and Restorative Information Protection | 4 | (0) |
| (e) | Objectives of Information Technology Act 2000 | 4 | (0) |