$$ Questions $1-1010$ Marks $1.$ Select the correct definition. IT governance is defined as the a$.$ policies in place around the use of IT in the organisation b$.$ measures in place to monitor adherence of IT staff to performance goals c$.$ processes that ensure the effective and efficient use of IT in enabling an organisation to achieve its goals d$.$ processes that ensure the effective and efficient use of information within an organisation. $2.$ Whom of the following within an organisation is responsible for information governance? a$.$ Business b$.$ IT c$.$ Business and IT d$.$ Users $3.$ During a review of logical access controls, you observe that user$-$ids are shared. This poses the following risk: a$.$ The audit trail will reflect the incorrect user$-$id b$.$ User access is time consuming c$.$ Passwords are easily guessed d$.$ User accountability may not be established $4.$ The best source of evidence to determine if ex$-$employees continue to have access to a company's automated databases is a$.$ Reviewing computer logs of access attempts b$.$ Reconciling current payroll lists with database access lists c$.$ Discussing the password removal process with the database administrator d$.$ Reviewing access controls software to determine whether the most current version is implemented $5.$ A risk associated with change management is that a$.$ Unauthorised changes may be implemented resulting in business disruption b$.$ Unauthorised users may gain access to the system c$.$ Computer equipment may not function optimally d$.$ Computer equipment are not safeguarded $6.$ Which of the following statements relating to disaster recovery is true? a$.$ Business continuity is a subset of disaster recovery b$.$ There is no need for business involvement when defining the disaster recovery plan c$.$ Disaster recovery is the ability of a business to recover its IT applications and processes in the event of a disaster d$.$ Disaster recovery is the ability of a business to continue operations in the event of a disruption or a disaster $7.$ The best method to ensure that back$-$ups will run is to $\_\_\_\_\_\_\_\_\_$ it$.$ a$.$ Schedule it b$.$ Trigger it manually c$.$ Trigger it automatically d$.$ Schedule it to trigger automatically $8.$ An incident is usually an indication that a$.$ a change request was logged to make changes to an application in the development phase b$.$ business continuity plans are not working as intended c$.$ there is an interruption of an IT service provided to business d$.$ physical access to the server room was compromised $9.$ The following are objectives of application controls: $$ i$.$ All transactions are appropriately authorised and recorded $$ ii$.$ All transactions are processed on a timely basis $$ iii.$$ All transactions are processed completely and accurately $$ iv$.$ Output is complete and accurate and authorised users are able to view it $$ a$.$ i and ii b$.$ ii and iii c$.$ i$,$ ii and iii d$.$ All of the above $10.$ An audit trail is used to track processing history of a transaction.$$ An audit trail used to track master file updates may not contain: a$.$ Before and after image of the changes made. b$.$ User$-$id of the person who made the changes. c$.$ The date on which the changes were made. d$.$ The user$-$ids of the supervisors responsible for reviewing the changes made.