Inter
FINAL – EIS
FINAL & SM
AUDIT
DT
100 Important
PRACTICE
100 Questions
IMPORTANT
QUESTIONS
QUESTIONS
CHAPTER 2
,
, (EIS-SM) 100 important questions
Q 1- Information Security that refers to ensure Confidentiality, Integrity and Availability of
information, is critical in banking industry, to mitigate the risks of Information Technology.
Identify and explain various sub-processes that are involved in Information Security.
Answer: The various sub-processes that are involved in information Security are as follows:
Information Security Policies, Procedures and practices: This refers to the processes relating to
approval and implementation of information security. The security policy is basis on which
detailed procedures and practices are developed and implemented at various units/department
and layers of technology, as relevant.
These cover all key areas of securing information at various layers of information processing
and ensure that information is made available safely and securely. For example - Non-disclosure
agreement with employees, vendors etc., KYC procedures for security.
User Security Administration: This refers to security for various users of information systems.
The security administration policy documents define how users are created and granted access
as per organization structure and access matrix. It also covers the complete administration of
users right from creation to disabling of users is defined as part of security policy.
Application Security: This refers to how security is implemented at various aspects of
application right from configuration, setting of parameters and security for transactions
through various application controls. For example – Event Logging.
Database Security: This refers to various aspects of implementing security for the database
software. For example - Role based access privileges given to employees.
CAtestseries.org (Since 2015) – CA Final Inter Foundation online Test Series 1
, Operating System Security: This refers to security for operating system software which is
installed in the servers and systems which are connected to the servers.
Network Security: This refers to how security is provided at various layers of network and
connectivity to the servers. For example - Use of virtual private networks for employees,
implementation of firewalls etc.
Physical Security: This refers to security implemented through physical access controls. For
example - Disabling the USB ports.
Q 2- Through automation, a business organization intends to increase the accuracy of its
information transferred and certifies the repeatability of the value-added task performed by
the automation of business. Being a management consultant, identify major benefits that
would help the organization to achieve its objectives.
Answer: Major benefits of automating Business Processes are as follows:
I. Quality and Consistency: Ensures that every action is performed identically - resulting in
high quality, reliable results and stakeholders will consistently experience the same level
of service.
II. Time Saving: Automation reduces the number of tasks employees would otherwise
need to do manually. It frees up time to work on items that add genuine value to the
business, allowing innovation and increasing employees’ levels of motivation.
III. Visibility: Automated processes are controlled and consistently operate accurately
within the defined timeline. It gives visibility of the process status to the organization.
CAtestseries.org (Since 2015) – CA Final Inter Foundation online Test Series 2
FINAL – EIS
FINAL & SM
AUDIT
DT
100 Important
PRACTICE
100 Questions
IMPORTANT
QUESTIONS
QUESTIONS
CHAPTER 2
,
, (EIS-SM) 100 important questions
Q 1- Information Security that refers to ensure Confidentiality, Integrity and Availability of
information, is critical in banking industry, to mitigate the risks of Information Technology.
Identify and explain various sub-processes that are involved in Information Security.
Answer: The various sub-processes that are involved in information Security are as follows:
Information Security Policies, Procedures and practices: This refers to the processes relating to
approval and implementation of information security. The security policy is basis on which
detailed procedures and practices are developed and implemented at various units/department
and layers of technology, as relevant.
These cover all key areas of securing information at various layers of information processing
and ensure that information is made available safely and securely. For example - Non-disclosure
agreement with employees, vendors etc., KYC procedures for security.
User Security Administration: This refers to security for various users of information systems.
The security administration policy documents define how users are created and granted access
as per organization structure and access matrix. It also covers the complete administration of
users right from creation to disabling of users is defined as part of security policy.
Application Security: This refers to how security is implemented at various aspects of
application right from configuration, setting of parameters and security for transactions
through various application controls. For example – Event Logging.
Database Security: This refers to various aspects of implementing security for the database
software. For example - Role based access privileges given to employees.
CAtestseries.org (Since 2015) – CA Final Inter Foundation online Test Series 1
, Operating System Security: This refers to security for operating system software which is
installed in the servers and systems which are connected to the servers.
Network Security: This refers to how security is provided at various layers of network and
connectivity to the servers. For example - Use of virtual private networks for employees,
implementation of firewalls etc.
Physical Security: This refers to security implemented through physical access controls. For
example - Disabling the USB ports.
Q 2- Through automation, a business organization intends to increase the accuracy of its
information transferred and certifies the repeatability of the value-added task performed by
the automation of business. Being a management consultant, identify major benefits that
would help the organization to achieve its objectives.
Answer: Major benefits of automating Business Processes are as follows:
I. Quality and Consistency: Ensures that every action is performed identically - resulting in
high quality, reliable results and stakeholders will consistently experience the same level
of service.
II. Time Saving: Automation reduces the number of tasks employees would otherwise
need to do manually. It frees up time to work on items that add genuine value to the
business, allowing innovation and increasing employees’ levels of motivation.
III. Visibility: Automated processes are controlled and consistently operate accurately
within the defined timeline. It gives visibility of the process status to the organization.
CAtestseries.org (Since 2015) – CA Final Inter Foundation online Test Series 2
