Software testing trainming toronto- call 416-743-6333 www.stepin2it.com

CSQA Subjective questions sample paper –5

(Internal Control and Security)

Q1. Internal auditors should be ___________ of the activities they audit.

Q2. Establishing and maintaining the Internal Control system is the responsibility of the
a) Internal Audit function
b) CEO and key managers
c) Workers
d) QA group

Q3. Risk = ____________ x ______________
a) Loss x impact
b) Frequency x delay
c) Frequency x occurrence
d) Delay x occurrence


Q4. Organizational policies form a part of ____________ controls.

Q5. Controls are a means to __________ business risks.

Q6. What are the two systems involved in every business application.

Q7. What are the three different categories on internal control?

Q8. No control should cost more than the potential error it is established to prevent, detect and correct. ( T / F )

Q9. Amongst all controls, ___________ controls are the lowest in cost and ___________ controls are the most expensive to implement.
a) detective, preventive
b) preventive, corrective
c) corrective, detective
d) preventive, detective

Q10. Prior to installing any control, some _______________ analysis should be made.

Q11. In the COSO Internal Control framework, control designers have to go through a _______________ process before setting the control objectives.

Q12. Quality Assurance should focus on the security management controls. ( T / F )

Q13. ____________ is a weakness in an information system.

Q14. Information security baseline information should be collected by an _____________ assessment team.

Q15. Ownership and responsibility of the computer security belong to ______________ in the organization.
a) senior management
b) security officer
c) all employees
d) QA group

Q16. Security mechanisms (defenses) need to be ___________ so that compromise of a single security mechanism is insufficient to compromise a host or network.

Q17. Routines in a computer system that check the validity of input data are referred to as:
a. Environmental control
b. SOX control
c. Preventive control
d. Detective control
e. Corrective control

Q18. ___________ directly examine internal controls and recommend improvements.

Q19. There are two components of controls. The first is _________ and the second is the controls within an individual business application.

Q20. ____________ are the means by which management uses to manage the organization.

Q21. The objectives of transaction processing controls are to __________, _________ or ___________ incorrect processing.

Q22. __________ control type of control is most desirable

Q23. __________ controls alert individuals involved in a process so that they are aware of a problem.

Q24. __________ controls should bring potential problems to the attention of individuals so that action can be taken.

Q25. __________ controls will not prevent problems from occurring, but rather will point out a problem.

Q26. __________ controls assist individuals in the investigation and correction of causes of exposures that have been detected.

Q27. __________ action is often a difficult and time consuming process.

Q28. In information systems there is a __________ associated with each control.

Q29. The system of internal control is designed to minimize _________

Q30. Security can be divided into two parts. First is the ____________controls, and second is ___________controls.

Q31. ____________ should focus on the security management controls.

Q32. ____________is a weakness in an information system.

Answers:
Q1. Independent
Q2. CEO and key managers
Q3. c
Q4. Environmental
Q5. Minimize
Q6. Environmental and Transaction Processing controls
Q7. Preventive, detective, corrective
Q8. True
Q9. Preventive, corrective
Q10. cost benefit
Q11. Risk assessment
Q12. True
Q13. Vulnerability
Q14. Independent
Q15. All Employees
Q16. Layered
Q17. d
Q18. Internal Auditors
Q19. Environmental
Q20. Environmental
Q21. Prevent, detect or correct
Q22. Preventive
Q23. Detective
Q24. Detective
Q25. Detective
Q26. corrective
Q27. corrective
Q28. cost
Q29. risk
Q30. Security Management and Security technical
Q31. Quality Assurance
Q32. Vulnerability

Software Quality Assurance and Testing  Toronto-stepin2it.com
Software Quality Assurance and Testing, Software Testing & Quality Assurance ,Software Testing Training - QA Training & Job Opportunities .|

Software testing training -stepin2it sample questions

CSQA Subjective questions sample paper –6

 (Metrics and Measurement)

Q1. Measurement data is most reliable when it is generated exclusively for measuring product or service quality. True / False

Q2. Measurement can be used to gauge the status, effectiveness and efficiency of processes, customer satisfaction, product quality, and as a tool for management to use in their decision-making processes. True / False

Q3. A _____________ is a single quantitative attribute of an entity.

Q4. A metric is a ____________ unit of measurement that cannot be directly observed, but is created by combining or relating two or more measures.

Q5. A metric normalizes data so that comparison is possible. True / False

Q6. __________ measurement uses hard data that can be obtained by counting, stacking, weighing, timing.

Q7. An objective measurement should result in ————- values for a given measure, when measured by two or more qualified observers.
a) Identical
b) Different
c) Sometimes same
d) Not sure

Q8. Subjective data is normally observed or perceived. It is a person’s perception of a product or activity, and includes personal attitudes, feelings and opinions, such as how easy a system is to use, or the skill level needed to execute the system. True / False

Q9. Objective measurement is more reliable than subjective measurement, but as a general rule, subjective measurement is considered more important. True / False

Q10. The more difficult something is to measure, the less valuable it is. True / False

Q11. The four types of measured data are
a) Nominal
b) Ordinal
c) Interval
d) Ratio
e) All the above

Q12. Nominal data can be subjected to arithmetic operations of any type, and the values cannot be ranked in any “natural order.” True / False

Q13. In ordinal data, the data can be ranked, but differences or ratios between values are not meaningful. True / False

Q14. __________ data has no absolute zero, and ratios of values are not necessarily meaningful.
a) Nominal
b) Ordinal
c) Interval
d) Ratio
e) All the above

Q15. In Ratio type data, the data has an absolute zero and meaningful ratios can be calculated. True / False

Q16. The measures of central tendency are the mean, medium, and mode. True / False

Q17. Ideally models should be developed that are capable of predicting process or product parameters, not just describing them. This is facilitated by measures and resulting metrics that are:
a) Simple and precisely definable, so it is clear how they can be evaluated
b) Objective
c) Easily obtainable at reasonable cost
d) Valid, measuring what they are intended to measure
e) Robust,
f) All the above

Q18. Match the pairs
A. Reliability
B. Validity
C. Calibration
1. Robustness
2. Consistency if measurement
3. modification of a measurement
4. degree to which a measure actually measures what it was intended to measure.

Q19. Measurement dashboards are used to monitor progress and initiate change. True / False
Q20. Using dashboards is known as “ _______________”
a) Management by Act
b) Management by time
c) One minute Manger
d) Management by fact

Q21. Statistical process control is used to ensure that the process behaves in a ___________ manner.

Q22. For a software product, the requirements, the complexity of the software design, the size of the final program’s source or object code, or the number of pages of documentation produced for the installed system can be measured. True / False

Q23. The cyclomatic complexity of such a graph can be computed by a simple formula from graph theory, as v(G)=e-n+2, where e is the number of edges, and n is the number of nodes in the graph. True / False

Q24. A _________ is defined as a necessary crossing of directional lines in the graph.
a) Cross
b) Node
c) Knot
d) All the above

Q25. Reliability is defined as the probability of a software failure, or the rate at which software errors will occur. True / False

Q26. Customer perception of product quality is measured using
a) Customer surveys
b) Service level agreements
c) Loyalty
d) Recommendations to others
e) All the above

Q27. _____________ are those that can be controlled by improving the work processes.
a) Common causes
b) Special causes
c) Generic Causes
d) Controllable causes

Q28. Special causes are those that must be controlled outside the process; typically they need to be dealt with individually. True / False

Q29. A measurement program is defined as the entire set of activities that occur around ___________ data.

Q30. Mature organizations typically measure for budget, schedule, and project status, and management relies on project teams to determine when requirements are done. True / False

Q31. People in Quality group should help develop the measure. True / False

Q32. When results are not achieved, a quality management philosophy tells the organization to look at how the system (i.e., its processes) can be improved rather than reacting, making emotional decisions, and blaming people. True / False

Q33. The management by fact process contains two components:
1. Meeting desired results.
2. Managing the processes to drive the results.
True / False

Q34. A process is defined as ____________ when its mean and standard deviation remain constant over time.
a) Unstable
b) Unreliable
c) Stable
d) Reliable
e) Controllable

Q35. A ___________ process is predictable,
a) Unstable
b) Unreliable
c) Stable
d) Reliable
e) Controllable

Q36. If special causes of variation exist, the process may be unpredictable, and therefore stable. True / False

Q37. A state of statistical control is established when all special causes of variation have been eliminated True / False

Q38. Classify into common causes and Special causes
No available disk space, Citywide power returns or business returns to normal operations after 3 days, Invalid data, Errors in operating or job, Control instructions, The operator strike ends

Q39. Because special causes are `sporadic contributors,’ due to some specific circumstances, the `process’ or `system’ variability is defined without them.” True / False

Q40. Improvements to address the ———- causes of variation usually require process or system changes.
a) Common causes
b) Special causes
c) Generic Causes
d) Controllable causes

Q41. Reducing variation due to common causes is process improvement and the real essence of continuous process improvement. True / False

Q42. Which is the most capable process and why?

Q43. Risk management involves the activities of defining, measuring, prioritizing, and managing risk in order to eliminate or minimize any potential negative effect associated with risk. True / False

Q44. Risk is the possibility that an unfavorable event will occur. True / False

Q45. The probability of risk occurring at the beginning of the project is very low (due to the unknowns), whereas at the end of the project the probability is very high. True / False

Q46. Risk management is the process used to identify, analyze, and respond to a risk. True / False

Q47. Risk management consists of
a) Risk Identification
b) Risk Quantification
c) Risk Response Development
d) Risk Response Control
e) All the above

Q48. Match the pair
1. Risk Identification
2. Risk Analysis
3. Risk Prioritization
4. Risk Response Planning
5. Risk Resolution
6. Risk Monitoring
a. The process that evaluates the action taken, documents the risk results and repeats the cycle of identification, quantification and response.
b. The process that answers the question “What should be done about the risk?”
c. The process that answers the question “Which risks do we care about?”
d. The process that answers the question “What are the risks?”
e. The process that answers the question “How are the risks prioritized?”
f. The process that executes the plan that was developed in the prior step.

Q49. Expected value =
a) Value * Cost
b) Probability * Impact
c) Probability * value
d) Cost * impact

Q50. Typical responses for risk include: procurement, contingency planning, alternative strategies, and insurance. True / False


Answers:
Q1. False
Q2. True
Q3. Measure
Q4. Derived
Q5. True
Q6. Objective
Q7. a)Identical
Q8. True
Q9. True
Q10. False
Q11. All of the above
Q12. False
Q13. True
Q14. C
Q15. True
Q16. True
Q17. All the above
Q18. A-2, B-4, C-3
Q19. True
Q20. D
Q21. Consistent
Q22. True
Q23. True
Q24. C
Q25. True
Q26. E
Q27. A
Q28. True
Q29. quantitative
Q30. False
Q31. False
Q32. True
Q33. True
Q34. C
Q35. C
Q36. False
Q37. True
Q38. Special causes: the operator strike ends, citywide power returns or business returns to normal operations after an
Common causes: invalid data, no available disk space, and errors in operating or job
control instructions.
Q39. True
Q40. A
Q41. True
Q42. C
Q43. True
Q44. True
Q45. False
Q46. True
Q47. E
Q48. Risk Identification – this process answers the question “What are the risks?”
Risk Analysis – this process answers the question “Which risks do we care about?”
Risk Prioritization – this process answers the question “How are the risks prioritized?”
Risk Response Planning – this process answers the question “What should be done
about the risk?”
Risk Resolution – this process executes the plan that was developed in the prior step.
Risk Monitoring – this process evaluates the action taken, documents the risk results
and repeats the cycle of identification, quantification and response
Q49. B. Probability * Impact
Q50. True


source   : http://istqbquestionbank.blogspot.ca/