Information Technology

By Md. Monowar Hossain, FCA,CISA,CPFA

CA
Certificate Level
New Syllabus (2023)
Information Technology
Model MCQ (Set-1)

(2024) Page # 336

 Information Technology
By Md. Monowar Hossain, FCA,CISA,CPFA

CA(CL)
Information Technology (IT)
50 Marks
New Syllabus (2023)

Syllabus area Weighting

(indicative %)
1. Building Information Systems 15
2. Managing Information Systems 15
3. Information Technologies 10
4. Business Continuity Planning and Disaster Recovery 10

Model Question

Information Technology [Model Question Set-1]

Building Information Systems
01. During system testing, a developer realizes 02. During a major sale an e-commerce
the system logs display user credentials in company’s new system crashes due to
plain text. In the development phase, what unexpected user load. What could have
control was likely missed ? prevented this unwanted issue?
A) Logging and monitoring control A) Improved user interface design
B) Role-based access control B) Regular system patching
C) Version control C) Load testing during development
D) Data masking D) Backup and restore capabilities
Ans. D Ans. C
03. A firm develops a financial software but 04. An entity implements a BYOD policy.148
discovers unauthorized changes in the During system development, which control
source code. ensures adequate security?
Which control is most appropriate to A) Developing platform-independent
prevent this? applications
A) Logging and monitoring user activity B) Enforcing encryption on all endpoints
B) Code review and version control C) Implementing firewall rules
C) Segmentation of developer access D) Defining acceptable use policies
D) Multi-factor authentication for
developers
Ans. B Ans.A
05. A software company discovers post- 06. The software vendor does not provide patch
deployment that the system does not log updates find out through the system audit.
failed login attempts. What IT audit In this, what critical process control is
activity could have detected this earlier? missing?
A) Logging and monitoring audit A) Patch management policy
B) Access control testing B) Vendor assessment and management
C) Functional requirement verification C) Incident response planning
D) Vulnerability assessment D) SLA agreement review

148A bring your own device (BYOD) policy is when an organization decides to allow or require employees to use personal devices
for work-related activities. BYOD policies range from enabling remote tools on personal mobile phones to requiring employees to
provide their own laptop or computer.
(2024) Page # 337
 Information Technology
By Md. Monowar Hossain, FCA,CISA,CPFA

Information Technology [Model Question Set-1]

Ans.A Ans.B
07. A system has been implemented but faces 08. After implementation within an entity, the
repeated downtime. What is the MOST system produces inconsistent reports. What
likely cause? control should have been prioritized?

A) Failure in data migration A) Automated testing scripts

B) Inadequate risk assessment B) Regular staff training
C) Ineffective load balancing C) Real-time monitoring tools
D) Weak password policies D) Data integrity checks
Ans.C Ans.D
09. Without user testing, a new feature in a 10. Disrupting operations, an IT team
system was deployed causing system-wide implements a system update during peak
crashes. Which process was likely business hours. What scheduling control
bypassed? should have been enforced?

A) SLA agreements
A) Change control process
B) Maintenance windows
B) Regression testing
C) Automated rollback procedures
C) Code documentation
D) Versioning protocols
D) System backup procedures
Ans.A Ans.B
11. Users report missing critical features 12. Due to outdated hardware assumptions, a
during the post-implementation phase. deployed system does not scale as
What control ensures alignment with user expected. What process should have been
expectations? applied?
A) Training documentation A) Performance monitoring
B) Stakeholder review meetings B) Load testing
C) User acceptance testing C) Disaster recovery planning
D) Automated testing tools D) Capacity planning
Ans.C Ans. D
13. In the organization, employees frequently 14. Software Developers report that maintaining
misinterpret the use of a newly the new system is overly complex. What
implemented system. What post- documentation process could address this?
implementation step was inadequate?
A) API integration documentation
A) Employee training programs B) System design documentation
B) User documentation C) Change log documentation
C) Technical support setup D) SLA requirement documentation
D) Periodic security audits
Ans.A Ans.B
Managing Information Systems
15. When determining a phased 16. During the transition phase, which of the
implementation approach for a new following ensures seamless interoperability
system, what is the primary consideration? between legacy and modern systems?
A) Availability of IT resources A) Middleware integration
B) Minimized impact on end-users B) Cloud-native deployment
C) Total cost of ownership C) Agile methodology
D) Compliance with cybersecurity D) Security patch updates
policies
(2024) Page # 338
 Information Technology
By Md. Monowar Hossain, FCA,CISA,CPFA

Information Technology [Model Question Set-1]

Ans.B Ans.A
17. During system planning, which technique 18. What is the first step to ensure
ensures effective stakeholder infrastructure readiness when migrating a
involvement? system to the cloud?
A) Implementing DevOps pipelines
A) Rapid application development B) Finalizing vendor SLAs
B) Requirements elicitation workshops C) Conducting a workload analysis
C) Change management processes D) Ensuring compliance with data
D) Continuous integration pipelines sovereignty laws
Ans.B Ans.C
19. For its infrastructure, a multinational entity 20. To minimize downtime, during
must meet diverse regulatory infrastructure setup, which is most crucial?
requirements. What is the key
A) Establishing active-active failover
consideration in its system design?
systems
A) Virtual private network deployment B) Deploying hybrid cloud architectures
B) Compliant ticketing systems C) Performing automated backups
C) Open-source adoption D) Load testing infrastructure
D) Data localization and encryption components
Ans. D Ans. A
21. Which step is MOST critical to ensuring 22. To a new CRM system a commercial bank
data integrity in a data conversion migrates customer data. What type of data
project ? conversion method should be prioritized to
A) Post-deployment system reduce risks?
documentation
B) Pre-loading validation of conversion A) Offline batch processing
rules B) Direct cutover conversion
C) Defining a rollback mechanism C) Incremental data migration
D) Data deduplication during D) Full re-creation of data in the new
extraction system
Ans.B Ans.C
23. When converting data from legacy 24. What ensures accountability during data
systems to modern formats, which type of conversion processes?
error is MOST likely to occur?
A) Automated logging mechanisms
A) API authentication failure
B) Single-point-of-contact assignment
B) OS compatibility issues
C) Cross-functional audit committees
C) Inconsistent GUI rendering
D) Use of AI-based data validators
D) Loss of metadata
Ans.D Ans.A
25. To validate converted data, what is the 26. What metric ensures availability during SLA
BEST approach? negotiations for an IT system?
A) Real-time monitoring of database
A) Mean time to repair (MTTR)
logs
B) Recovery point objective (RPO)
B) Parallel runs of both old and new
C) Uptime percentage149
systems

149 Uptime refers to the percentage of time a system is ready for operation under normal circumstances.

(2024) Page # 339

 Information Technology
By Md. Monowar Hossain, FCA,CISA,CPFA

Information Technology [Model Question Set-1]

C) Exclusive reliance on manual data D) Incident response time
checks
D) Deploying immutable backup
copies
Ans.B Ans.C
27. When assessing vendor responsibilities in 28. If an IT team consistently misses SLA-
data breaches, which SLA component is defined resolution times, then what process
MOST relevant ? should be optimized first?
A) Network throughput guarantees A) Incident management workflows
B) Scalability clause B) Vendor service reviews
C) Backup restoration windows C) Real-time ticket escalation policies
D) Notification time frame D) Routine team performance
evaluations
Ans.D Ans. A
29. To ensure SLA compliance during peak 30. How can Vendors’ Service Level Agreement
operations, what is the most effective tool? (SLA) compliance be continuously tracked?
A) Enhanced communication channels A) Real-time employee surveys
B) Predictive analytics for workload B) Quarterly performance appraisals
management C) Implementing automated KPI
C) Periodic team skill assessments dashboards
D) Automating user ticket prioritization D) Manual checks by designated officers
Ans.B Ans.C
Information Technologies
31. For processing, which generation of 32. Which of the following was a defining feature
computers introduced the use of of fourth-generation computers?
integrated circuits (ICs)?150
A) Microprocessors151
A) First Generation
B) Optical storage
B) Second Generation
C) Vacuum tubes
C) Third Generation
D) Transistors
D) Fourth Generation
Ans. C Ans.A
33. In computer hardware is driving the 34. By integrating communication and project
concept of "edge computing" what management tools, which type of software
significant trend? supports collaborative work environments?

A) Development of cloud-exclusive A) Database management software

services B) End-user computing platforms
B) Decentralization of computational C) Workflow management software
resources closer to the data source152 D) Enterprise resource planning systems

150
An integrated circuit (IC) — commonly called a chip — is made out of a semiconductor material called silicon, in which small electronic
components called transistors are formed within the silicon and then wired together with interconnects layered on top of the silicon surface.
151
A microprocessor is the predominant type of modern computer processor. It combines the components and function of a central processing unit
(CPU) into a single integrated circuit (IC) or a few connected ICs. Like CPUs, microprocessors are commonly thought of as the “brain” of the
computer.
152Edge computing allows devices in remote locations to process data at the "edge" of the network, either by the device or a local server. And when data needs to be
processed in the central datacenter, only the most important data is transmitted, thereby minimizing latency.

(2024) Page # 340

 Information Technology
By Md. Monowar Hossain, FCA,CISA,CPFA

Information Technology [Model Question Set-1]

C) Increased dependence on centralized
mainframes
D) Transition to proprietary hardware over
open-source systems
Ans. B Ans. C
35. Software facilitates interaction between a 36. The shift from traditional office
user and hardware, which type? productivity suites to cloud-based
alternatives, which trend is driving?
A) Application software A) Pay-per-use pricing models154
B) Middleware B) Increased hardware dependencies
C) Firmware C) Regulatory restrictions on on-premise
D) System software153 solutions
D) Decline in broadband availability
Ans.D Ans.A
37. In business analytics, what is the key 38. To secure data transmission over the
advantage of using columnar databases? Internet, which protocol is primarily used?
A) Easier integration with on-premise
A) FTP (File Transfer Protocol)
systems
B) TCP (Transmission Control Protocol)
B) Faster query performance for
C) HTTPS (Hypertext Transfer Protocol
aggregations
Secure)
C) Simplified data normalization
D) UDP (User Datagram Protocol)
processes
D) Enhanced support for non-structured
data
Ans.B Ans. C
39. What is the main advantage of using fiber- 40. In cloud environments, what is the primary
optic cables over traditional copper wires, function of an API156 gateway?
in telecommunication networks ?
A) Managing and routing API calls
A) Enhanced durability
B) User authentication
B) Reduced installation complexity
C) Data replication across nodes
C) Compatibility with older
D) Securing cloud endpoints
technologies
D) Increased bandwidth and speed155
Ans.D Ans.A
Business Continuity Planning and Disaster Recovery
41. Which of the following is a key objective of 42. Ensures that an organization’s BCP remains
a Business Continuity Plan (BCP)? relevant over time, by which approach?

153
System software is a type of computer program that is designed to run a computer's hardware and application programs.The operating system
is the best-known example of system software.
154
The Pay Per Use model is an extensively employed billing method that charges customers based on their actual usage of a service or product.
155
Although speed and bandwidth are not interchangeable, greater bandwidth is essential to maintain tolerable speeds on multiple devices.
Higher bandwidth allows for more simultaneous internet activities without degradation in performance.
156
API stands for Application Programming Interface. In the context of APIs, the word Application refers to any software with a distinct function.
Interface can be thought of as a contract of service between two applications.

(2024) Page # 341

 Information Technology
By Md. Monowar Hossain, FCA,CISA,CPFA

Information Technology [Model Question Set-1]

A) To limit communication during a A) Focusing only on financial risk analysis
disaster B) Avoiding regular drills to minimize
B) To provide a framework for ongoing disruptions
operations during a disruption C) Conducting bi-annual audits and
C) To avoid investing in redundant updates 157
systems D) Leaving the plan unchanged after
D) To ensure all operations are halted initial approval
during a disruption
Ans. B Ans. C
43. 158
In a business continuity plan, why is it 44. After a disaster, what is the primary
important to involve third-party purpose of conducting post-mortem
vendors?159 reviews?

A) They can provide additional funding

A) To evaluate the effectiveness of the
during crises
response and recovery efforts
B) They are often the cause of
B) To assign blame for the disruption
disasters
C) To reduce disaster recovery budgets
C) It ensures legal compliance with
D) To ensure all employees are trained in
industry standards
disaster recovery protocols
D) Their services may be critical to
maintaining operations
Ans. D Ans. A
45. When using cloud-based disaster 46. To full operation, which phase of the disaster
recovery solutions, what is a significant recovery lifecycle involves restoring all
challenge?160 systems?

A) Inability to integrate with legacy A) Response

systems B) Mitigation
B) Latency issues during recovery C) Resumption 161
C) Lack of encryption options D) Recovery
D) Lack of scalability
Ans. B Ans. C
47. The step-by-step process for restoring 48. 162
The primary purpose of a recovery time
operations after a disruption, which objective (RTO) is _______________________
document defines?

157 Internal IT audits evaluate a company's internal controls, including its corporate governance and accounting processes.
158A business continuity plan (BCP) is a document that explains the actions you should take before, during and after unexpected
events and situations. It is designed to help you: identify, prevent or reduce risks where possible. prepare for risks that are out of
your control.
159 Third party suppliers include managed service providers, cloud service providers, external consultants, as well as support
agents such as cleaners who may visit your premises regularly and thus be in physical proximity to information or systems.
160 Cloud disaster recovery (CDR) is a cloud-based solution or managed service that helps you quickly recover your organization's

critical systems after a disaster and provides you remote access to your systems in a secure virtual environment.
161Resumption-the action of beginning something again after a pause or interruption. the start of something again after it has
stopped.
162Recovery Time Objective (RTO) is the maximum acceptable amount of time for restoring a network or application and
regaining access to data after an unplanned disruption. Loss of revenue and the extent to which a disrupted process impacts
business continuity can both have an impact on RTO.
(2024) Page # 342
 Information Technology
By Md. Monowar Hossain, FCA,CISA,CPFA

Information Technology [Model Question Set-1]

A) to establish the maximum time
A) Emergency Management Plan (EMP) systems can be down before recovery.
B) Business Impact Analysis (BIA) B) to define the maximum tolerable data
C) Risk Assessment Plan (RAP) loss.
D) Disaster Recovery Plan (DRP) C) to prioritize which systems are most
critical.
D) to identify the resources needed for
recovery.
Ans. D Ans. A
49. 163
What is a 'mirror site' in the context of 50. In a business continuity context, which of
disaster recovery? the following is an example of a preventive
control?
A) A location to store physical
hardware for emergencies
A) Implementing antivirus software
B) A real-time, fully synchronized
B) Developing evacuation plans
duplicate of the primary site
C) Conducting regular data backups164
C) A site used for archival purposes
D) Establishing a warm site
only
D) A site that hosts older versions of
data and systems
Ans. B Ans. C

163 A mirror site is a website or files on a computer server copied to another server to make content available from more than one
place.
164 Business continuity plans are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.

BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
(2024) Page # 343
 Information Technology
By Md. Monowar Hossain, FCA,CISA,CPFA

Model Answer of
IT Model Question
Set-1

Q 01 02 03 04 05 06 07 08 09 10
A D C B A A B C D A B

Q 11 12 13 14 15 16 17 18 19 20
A C D A B B A B C D A

Q 21 22 23 24 25 26 27 28 29 30
A B C D A D C D A B C

Q 31 32 33 34 35 36 37 38 39 40
A C A B C D A B C D A

Q 41 42 43 44 45 46 47 48 49 50
A B C D A B C D A B C

(2024) Page # 344