AFM 341: Final Exam Questions & Answers
2023/2024
1). It operations
Ans: IT operations is concerned with the day-today activities that protect the
organization from ongoing threats to the integrity and availability of information systems
2). Who is responsible for it operations?
Ans: IT operations is often a joint effort between a variety of organizational groups,
including:
Help desk, Facilities management, Systems developers,
Information security,
Human resources
3). What control activities are performed in it operations?
Ans: Data input, processing, and output (= integrity)
Data backups (= availability)
Hardware lifecycle management (= availability)
IT service desk management (= integrity & availability)
4). What is a technology-enabled integrity control for input?
Ans: Input: Designing an AR system to sequentially pre-number invoices, so we can
easily tell if any are missing
5). What is a technology-enabled integrity control for data entry?
Ans: Data Entry: Field checks make sure data entered is the proper type (ex. Phone
numbers consist of digits, email addresses contain an @), completeness check (ex.
Ensures a first and last name has been entered))
PaperStoc.com Page 1 of 35
, 6). What is a technology-enabled integrity control for processing?
Ans: Processing: Matching (ex. An invoice cannot be paid unless a purchase order,
vendor invoice and goods receipt are consistent with one another
7). What is a technology-enabled integrity control for output?
Ans: Output: Data transmission controls (ex. checksums) check to ensure that all data
sent to another database is received
8). Differential backups
Ans: Backs up data that have changed since the last full backup
9). Incremental backup
Ans: Backs up data that have changed since the last partial backup
10). What are three options for storage of backed up data files?
Ans: 1. Removable media stored in the same location as the original data (typically in
a locked, fireproof safe)
2. Removable media stored offsite, either at another office location or at an outsourced
provider's location (ex. Iron Mountain)
3. Remotely backed up to an offsite location (ex. A separate data centre)
11). Key considerations for back-ups:
Ans: -Regularly test removable media to ensure it remains reliable; replace media on a
set schedule
-Regularly test automated back-up schedules to ensure the correct data is being backed
up
-Regularly evaluate the system environment to ensure all required systems are being
backed up
-Ensure employees are familiar with the procedures required to restore back-up data in
the event of an incident
12). Describe hardware lifecycle management
Ans: Most IT hardware has a defined period during which it is considered highly
reliable.
After that time has elapsed, the likelihood of unexpected hardware failure increases.
PaperStoc.com Page 2 of 35
, Those tasked with IT operations responsibilities should keep a detailed list of IT
hardware (ex. Servers, network components, etc.) including when it was installed, and
when it should be replaced
13). It service desk
Ans: The IT Service Desk is intended to be the primary point of contact for users and
IT staff in regard to IT-related objectives
14). What is the it service desk responsible for?
Ans: - Reporting disruptions to users (ex. Network is down)
- Fielding calls for users with problems (ex. Password reset)
- Capacity management (ex. Monitoring system performance, reviewing event data logs,
following up on exceptions/errors)
- Communicating upcoming system changes or maintenance (ex. New software release
on Sunday)
- Supplier management (ex. Evaluating suppliers, establishing contracts, managing
vendor relationships)
15). What are three types of physical it controls?
Ans: 1. Disaster recovery and business continuity
2. Environmental controls
3. Physical access control
16). What are disaster recovery and business continuity physical it controls?
Ans: The plans that are put in place to ensure an organization's business processes
and information systems can be recovered in the event of an incident
17). What are environmental physical it controls?
Ans: The protection of people, equipment and data from threats such as liquids,
smoke, fire and extreme temperature
18). What are physical access it controls?
Ans: The protection of people, equipment and data from threats related to physical
access to buildings and facilities
What are the four categories of physical controls?
PaperStoc.com Page 3 of 35
, 19).
Ans: 1. Communicate expectations
2. Preventative controls
3. Detective controls
4. Correction action
20). What are some physical threats that can impact business and it operations? name some
examples of each type. (6)
Ans: - Natural: Earthquakes, floods, storms, hurricanes, fires
- System/technical: Hardware/software outages, system errors
- Supply systems: Communication outages, power distribution interruptions
- Man-made: Explosions, toxic spills
- Political events: Civil disturbances, strikes
- Public health: Pandemic
21). What are the common areas are controls put into place for data centres and it equipment
rooms?
Ans: - Fire detection and suppression
- Power supply
- Heating, ventilation, and air conditioning (HVAC)
- Perimeter and interior intrusion prevention and detection
22). What are two types of controls for fire?
Ans: Fire detection and fire suppression (Wet pipe system and dry pipe system)
23). Fire suppression - wet pipe system
Ans: Have a constant supply of water in them at all times. They are effective, but have
a risk of leakage that can damage equipment
24). Fire suppression - dry pipe system
Ans: Water is only loaded into the pipes when an electric valve is stimulated by
excess heat
25). What are two controls for power supply?
Ans: Data centers commonly have battery and/or generator backups:
- An Uninterruptible Power Supply (UPS) is a battery powered system to provide a
PaperStoc.com Page 4 of 35
2023/2024
1). It operations
Ans: IT operations is concerned with the day-today activities that protect the
organization from ongoing threats to the integrity and availability of information systems
2). Who is responsible for it operations?
Ans: IT operations is often a joint effort between a variety of organizational groups,
including:
Help desk, Facilities management, Systems developers,
Information security,
Human resources
3). What control activities are performed in it operations?
Ans: Data input, processing, and output (= integrity)
Data backups (= availability)
Hardware lifecycle management (= availability)
IT service desk management (= integrity & availability)
4). What is a technology-enabled integrity control for input?
Ans: Input: Designing an AR system to sequentially pre-number invoices, so we can
easily tell if any are missing
5). What is a technology-enabled integrity control for data entry?
Ans: Data Entry: Field checks make sure data entered is the proper type (ex. Phone
numbers consist of digits, email addresses contain an @), completeness check (ex.
Ensures a first and last name has been entered))
PaperStoc.com Page 1 of 35
, 6). What is a technology-enabled integrity control for processing?
Ans: Processing: Matching (ex. An invoice cannot be paid unless a purchase order,
vendor invoice and goods receipt are consistent with one another
7). What is a technology-enabled integrity control for output?
Ans: Output: Data transmission controls (ex. checksums) check to ensure that all data
sent to another database is received
8). Differential backups
Ans: Backs up data that have changed since the last full backup
9). Incremental backup
Ans: Backs up data that have changed since the last partial backup
10). What are three options for storage of backed up data files?
Ans: 1. Removable media stored in the same location as the original data (typically in
a locked, fireproof safe)
2. Removable media stored offsite, either at another office location or at an outsourced
provider's location (ex. Iron Mountain)
3. Remotely backed up to an offsite location (ex. A separate data centre)
11). Key considerations for back-ups:
Ans: -Regularly test removable media to ensure it remains reliable; replace media on a
set schedule
-Regularly test automated back-up schedules to ensure the correct data is being backed
up
-Regularly evaluate the system environment to ensure all required systems are being
backed up
-Ensure employees are familiar with the procedures required to restore back-up data in
the event of an incident
12). Describe hardware lifecycle management
Ans: Most IT hardware has a defined period during which it is considered highly
reliable.
After that time has elapsed, the likelihood of unexpected hardware failure increases.
PaperStoc.com Page 2 of 35
, Those tasked with IT operations responsibilities should keep a detailed list of IT
hardware (ex. Servers, network components, etc.) including when it was installed, and
when it should be replaced
13). It service desk
Ans: The IT Service Desk is intended to be the primary point of contact for users and
IT staff in regard to IT-related objectives
14). What is the it service desk responsible for?
Ans: - Reporting disruptions to users (ex. Network is down)
- Fielding calls for users with problems (ex. Password reset)
- Capacity management (ex. Monitoring system performance, reviewing event data logs,
following up on exceptions/errors)
- Communicating upcoming system changes or maintenance (ex. New software release
on Sunday)
- Supplier management (ex. Evaluating suppliers, establishing contracts, managing
vendor relationships)
15). What are three types of physical it controls?
Ans: 1. Disaster recovery and business continuity
2. Environmental controls
3. Physical access control
16). What are disaster recovery and business continuity physical it controls?
Ans: The plans that are put in place to ensure an organization's business processes
and information systems can be recovered in the event of an incident
17). What are environmental physical it controls?
Ans: The protection of people, equipment and data from threats such as liquids,
smoke, fire and extreme temperature
18). What are physical access it controls?
Ans: The protection of people, equipment and data from threats related to physical
access to buildings and facilities
What are the four categories of physical controls?
PaperStoc.com Page 3 of 35
, 19).
Ans: 1. Communicate expectations
2. Preventative controls
3. Detective controls
4. Correction action
20). What are some physical threats that can impact business and it operations? name some
examples of each type. (6)
Ans: - Natural: Earthquakes, floods, storms, hurricanes, fires
- System/technical: Hardware/software outages, system errors
- Supply systems: Communication outages, power distribution interruptions
- Man-made: Explosions, toxic spills
- Political events: Civil disturbances, strikes
- Public health: Pandemic
21). What are the common areas are controls put into place for data centres and it equipment
rooms?
Ans: - Fire detection and suppression
- Power supply
- Heating, ventilation, and air conditioning (HVAC)
- Perimeter and interior intrusion prevention and detection
22). What are two types of controls for fire?
Ans: Fire detection and fire suppression (Wet pipe system and dry pipe system)
23). Fire suppression - wet pipe system
Ans: Have a constant supply of water in them at all times. They are effective, but have
a risk of leakage that can damage equipment
24). Fire suppression - dry pipe system
Ans: Water is only loaded into the pipes when an electric valve is stimulated by
excess heat
25). What are two controls for power supply?
Ans: Data centers commonly have battery and/or generator backups:
- An Uninterruptible Power Supply (UPS) is a battery powered system to provide a
PaperStoc.com Page 4 of 35
