ISCA Analysis

ISCA ANALYSIS March 18 2016 RTP NOVEMBER 2008 TO MAY 2016 + MOCK TEST PAPERS FROM 2010 TO 2015+ QUESTION PAPER FROM JUNE 2009 TO NOV-2015. USEFUL FROM MAY 2016 EXAMS. ISCAGiridhar’sTM CHAPTER-1 CONCEPTS OF GOVERNANCE AND MANAGEMENT OF INFORMATION SYSTEMS(CGMIS) 1. Explain the key benefits of IT Governance achieved at highest level in an organization.(NOV- 2014(2M). Study material 1.5.3+asked in Nov 2015 exams 2. Write short notes on the following with reference to Governance Dimensions:study material 1.2 (i) Conformance or Corporate Governance Dimension(MTP O-14) (ii) Performance or Business Governance Dimension OR Differentiate between Corporate Governance and Business Governance.(MTPO-15) 3. What do you understand by GEIT? Also explain its key benefits.(RTP N-14 + MTP M-15). Study material 1.5.4 4. Explain the key functions of IT Steering Committee in brief(MTP F-15). Study material 1.7.2 5. Discuss the key management practices, which are required for aligning IT strategy with enterprise strategy.(RTP M-15 + MAY 2015(EXAMS). Study material 1.8.4 6.‘The success of the process of ensuringbusiness value from use of IT can be measured by evaluating the benefits realized from IT enabled investments and services portfolio and how transparency of IT costs, benefits and risk is implemented’. Explain some of the key metrics, which can be used forsuch evaluation.(RTP N-15) study material 1.8.5 7. Explain the following terms with reference to Information Systems (i) Risk(RTP M-11+MTP S-15 + NOV 2014 ). Study material 1.9.3 +Sources of Risk(MTP S-15). Study material 1.9.2 (ii) Threat(NOV 2014 (EXAMS)+RTP M-15+M-12 (iii) Vulnerability(RTP M-12+N-11+MTP S-15 + MAY 2015(EXAMS) + NOV 2014 (EXAMS). Study material 1.9.3 (iv) Exposure(RTP M-12) (v) Attack(RTP M-12+N-11+N-09) (vi) Asset(RTP M-15) 8. Define the following terms: (i) Likelihood(RTP M-12+N-11+N-09) (ii) Countermeasure (iii) Residual Risk(RTP N-09) 9. Briefly explain various risk management strategies.(MTP S-15 + MTP O-13 + MTP F-13+RTP N-14 GIVEN IN CASE LAW).+ study material 1.9.4 10. Describe key management practices for implementing risk management.(RTP N-14 + MTP M-15 + MTP S-14 + MAY 2015(EXAMS). Study material 1.9.6 11. Discuss the five principles of COBIT 5 in brief.(RTP M-14 + MTP M-15 + MTP F-14 + May 2015(EXAMS) + study material 1.10.6 12. Discuss various categories of enablers under COBIT 5.(RTP N-15 + MTP O-14 + MTP A-14 + MTP O-13 + MAY 2014(EXAMS).+ study material 1.10.8 13. Discuss the areas, which should be reviewed by internal auditors as a part of the review of Governance, Risk and Compliance.(RTP N-14) (MOCK O-15) + study material 1.12.3 14. Discuss the key management practices for assessing and evaluating the system of internal controls in an enterprise in detail.(RTP N-14) (MOCK S-15)+ study material 1.12.5 15. Describe the major benefits achieved through proper governance in an organization. 16. What are the key governance practices that are required to implement GEIT in an enterprise? (MTP S-14). Study material 1.5.6 17. Discuss key management practices, which are needed to be implemented for evaluating ‘whether business value is derived from IT’in an organization.( study material-1.8.5). 18.‘COBIT 5 provides various management practices for ensuring compliance with external compliances as relevant to the enterprise’. Explain these practices in brief.(MTP S-14 + NOV 2015(4M) + NOV 2014(6M).+ study material 1.11.2 19. Discuss some of the sample metrics for reviewing the process of evaluating and assessing compliance with external laws & regulations and ITcompliances with internal policies.( study material 1.11.3) 20. Write short notes on the following: (i) Role of IT in enterprises(NOV2015(EXAMS) . study material 1.7 (ii) Integrating COBIT 5 with other frameworks(MOCK O-15) + study material 1.10.2 (iii) Sample areas of review for assessing and managing risks( study material 1.12.4). (iv) Evaluating IT Governance Structure and Practices by Internal Auditors.(RTP M-16) + study material 1.12.2) 21. Discuss different levels of managerial activity that are carried out in an enterprise.(RTP M-16) + NOV 2015exams+ MTP F-15) study material 1.8 22. Discuss key benefits of COBIT 5 framework.(RTP M-16+N-13) + study material 1.10.4 23. Internal Controls as per COSO(RTP N-15 + NOV 2014 (EXAMS). Study material 1.6.2 24. Key governance practices for evaluating risk management(RTP M-15 + MTP O-14). Study material 1.9.5. 25. Discuss COBIT and its components in brief.(RTP M-15) + study material 1.10.3 26. Discuss major benefits of Governance(RTP M-15 + NOV 2014 + 2015 (EXAMS). Study material 1.3.1 27. Need for enterprises to use COBIT-5(MTP F-15) + study material 1.10.1 28. Metrics of Risk Management.(NOV2015(exams) + study material 1.9.7 29.Strategic Planning(MTP F-15)(SM PG NO 1.14) CHAPTER-2: INFORMATION SYSTEMSCONCEPT(ISC) 1. Define the following terms briefly: (a) Abstract system(RTP M-15+N-10) (b) Physical System(RTP M-15+N-10) (c) Open System(RTPM-16+N-08) (d) Closed System(RTPM-16+N-08) (e) Deterministic System(RTP M-13+M-11+N-08) (f) Probabilistic System(RTP M-13+M-11+N-08) 2. Discuss important characteristics of Computer based Information Systems in brief.(RTP N-15+M- 13+N-11)(Study Material 2.7)+asked in may-11 exams 3. What do you understand by TPS?Briefly discuss the key activities involved in a TPS.(RTP N- 14)(asked in may 14 exams) 4. What are the principal components of a TPS? Discuss in brief.(MTP M-12) 5. Explain basic features of a TPS in brief(RTP N-13+M-11)+MTP S-14 : asked in Nov-13 6. What do you understand by MIS? Discuss major characteristics of an effective MIS(RTP N-12+M- 12+N-09)+MTP F-13 + O-13 +M-15 : asked in Nov 2015+NOV 2013 7. Briefly discuss major misconceptions about MIS.(RTP N-14+N-13)+MTP O-15 8.‘There are various constraints, which come in the way of operating an MIS’. Explain any four such constraints in brief.(RTP N-14+N-12+M-12+M-11) : asked in may 2012. 9. What are major limitations of MIS? Explain in brief.(RTP M-14+N-11+N-09)+MTP AUG-12+ MTP S- 13+ F-15 : asked in Nov 2012. 10. What is Decision Support System (DSS)? Explain the key characteristics of a DSS in brief.(RTP M- 14)+MTP S-13 : asked in may 2012+NOV 2008 11. What is EIS? Explain major characteristics of an EIS.(RTP N-15+N-14+M-14)(Study material pg no 2.25)+MTP AUG-12 + F-14 + M-15 :asked in Nov 2012+ may 2011 12.‘There is a practical set of principles to guide the design of measures and indicators to be included in an EIS’. Explain those principles in brief.(RTP N-13+N-12+M-12+N-11)+MTP F-13+A-14 13. Discuss the difference betweenEIS and Traditional Information Systems.(asked in may 2013) 14. What is an Expert System?(MTP S-15)Discuss some of the business implications of Expert Systems in brief.(RTP M-15+M-12+N-10)+MTP M-13 +O-13 (Study Material pg no 2.29)+ asked in may 2011. 15.Describe the major benefits of Expert Systems in brief.(RTP M-14)+MTP M-12+F-14 + O-14) : asked in Nov 2015+NOV 2010 16. Discuss some of the important implications/advantagesof Information Systems inbusiness(RTP M-13+M-11)(or)‘In modern business perspective,information systems have far reaching effects for smooth and efficient operations’. Discuss some of these important implications of information systems in business.(Studymaterial pg no 2.35) : asked in may 2015+may 2010 17. What is Information? Briefly discuss its attributes.(RTP M-16+M-15+M-11+N-09)+MTP F-12 +S- 14 (Study material pg no 2.3(2.2.1)) : asked in Nov 2011. 18. What is DSS? Explain the components of a DSS in brief.(RTP N-09) ( STUDY MATERIAL PG NO 2.23) 19. Differentiate between DSS and Traditional MIS. 20.“A Decision Support System supports human decision-making process rather than providing a means to replace it”. Justify the above statement by stating the characteristics of decision support system.(MTP O-14) 21.“Decision support systems are widely used as part of an Organization’s Accounting Information system”. Give examples to support this statement.(RTP N-15+N-09) (Study material pg no 2.24) OrDiscuss various examples of DSS in Accounting.(MTP M-15+O-15(Only capital budgeting system) 22. Briefly describe five/threemajor characteristics of the types of information used in Executive Decision making.(Asked in May 2010) 23. Write short notes on the following: (i) Text Processing Systems(RTP M-11) (ii) Components of Message Communication Systems(RTP N-10)(STUDY MATERIAL PG NO 2.14) + asked in Nov 2012(ONLY ELECTRONIC MAIL) (iii) Teleconferencing and Video-conferencing Systems (iv)Role of information in business 24. Describe the main pre-requisites of a Management Information System, which makes it an effective management tool.(RTP M-13)+MTP F-12 : asked in may 2014 25. Discuss major areas of Computer-based applications(RTP M-16) (study material 2.2.4-page no 2.8) 26. Discuss differentcomponentsof ERP (Enterprise Resource Planning) and its benefits.(Study materialpg no 2.31)+MTP S-13 (RTP M-16+M-14+M-11) :asked in Nov 2015(only components) 27. Why do we need Expert Systems?(RTP M-15) +MTP O-14 (Study Material pg no 2.30) : asked in Nov 2015 28. Discuss different types of Information Systems.(RTP M-15)+MTP S-14(Study material pg no 2.9) 29.What are the features of the Electronic Mail System?(RTP N-15 GIVEN IN CASE LAW) 30. Explain the major points for evaluation of effectives Management Information System (MIS).(RTP N-15 GIVEN IN CASE LAW) 31. What are the types of operations into which the different office activities can be broadly grouped under office automation systems?(RTP N-12)+ MTP O-14 (Study Material Pg no 2.12) : asked in May 2015+ NOV 2010EXAMS 32.Discuss different levels of management activitiesin management planning andcontrol hierarchy.(RTP N-10)(STUDY MATERIAL PG NO 2.38) 33.Describe the three levels of implementation of databases.(RTP N-10)+MTP M-13 (STUDY MATERIAL PG NO 2.23)+ asked in Nov 2010exams 34.Explain any four benefits of Office Automation Systems.(MTP M-12). 35.Discuss Information System and its components. What are the activities carried out by Information System in general?(MTP F-15). 36.Explicit and Tacit Knowledge(MTP S-15) study material PG NO 2.16. 37.Electronic Document Management System(MTP O-15) 38. Potential applications should possess to qualify for expert systemdevelopment. (Askedin May2013)study material PG NO 2.31. 39.To operate Information Systems (IS) effectively and efficiently a business manager should have following knowledge about it(asked in may 15 exams) 40.Discuss some IT tools that may prove to be crucial for the company’s business growth.(MTP O- 15)+asked in nov-14 exams CHAPTER-3: Protection of InformationSystems(POIS) 1.Discuss various types of Information Security policesand their hierarchy.(RTP N-12+N-08)+MTP M-15+(asked in nov-13+11exams) 2.What are the key components of a good security policy? Explain in brief(RTP N-08)(or)major components of a good information security policy(RTP M-16+N-14+N-13+N-12)+MTP M-15+AUG- 12+F-12(or) State themajor points required to be stated by a good security policy.(RTP M-11) (asked in NOV-2015 EXAMS+nov-13 exams+may-12 exams) 3.The Information Security Policy of an organization has been defined and documented as given below: “Our organization is committed to ensure Information Security through established goals and principles. Responsibilities for implementing every aspect of specific applicable proprietary and general principles, standards and compliance requirements have been defined. This is reviewed at least once a year for continued suitability with regard to cost and technological changes.” Discuss Information Security Policy and also identify the salient components that have not been covered in the above policy. 4.Discuss five interrelated components of Internal Controls.(RTP N-14+N-11)+MTP S-14+A-14+asked in nov-12 exams 5.What do you mean by Preventive Controls?(MTP M-15)+RTP N-09Explain with the help of examples. Also discusstheir broad characteristics in brief.(RTP M-14)+MTP S-13 6.What do you mean by Corrective Controls?(RTP M-15+N-12+M-11)Explain with the help of examples. Also discuss their broad characteristics in brief.(RTP N-13+N-12)+MTP O-13+F-13+AUG- 12(asked in may-15 exams) 7.Whatdo you understand by Financial Controls? Explain major financial control techniques in brief.(RTP N-10)+MTP O-14+asked in may 14 exams 8.Whatdo you understand by Boundary Controls? Explain major Boundary Control techniques in brief.(RTP M-16+N-14+M-12)+MTP F-15+M-13(asked in may-15+13exams about report)+ only Cryptography(RTP M-15+M-14+N-13+N-12) 9.Brieflyexplain major update and report controls with reference to Database Controls in brief(RTP M-14 ONLY REPORT) 10.Whatdo you understand by classification of Information? Explain different classifications of Information.(or) As a member of IS Steering Committee, how do you classify the information for better integrity and security.(asked in nov-15 exams) 11.Brieflyexplain major Data Integrity Policies.(RTP N-14+N-10)+MTP M-15+M-13+asked in nov- 14+10exams(or)once the information is classified onvariouslevels, the organization has to decide about the implementation of different data integritycontrols. Do you agree? If yes, explain about dataintegrityand its policies. 12.Writeshort notes on the following: (I) TimeBomb(RTP N-11)+MTPA-14+O-13+M-13 (ii)LogicBomb(RTP N-11)+MTP A-14+O-13+M-13 (iii)Trojan(RTP M-13+N-14+M-14+M-13) (iv)Worms(RTP N-12+N-11) 13.Whatdo you understand by Asynchronous Attacks? Explain various forms of Asynchronous Attacks in brief.(RTP N-14+N-12) 14.Explainsome of the key ways to control remote and distributed data processing applications in brief.(RTP M-14+M-13+N-11)+asked in may 15 exams 15.Discussthe three processes of Access Control Mechanism, when a user requests for resources. 16.Discuss Locks on Doors with respect to physical access controls in brief(RTP N-08).(or)Discuss different means of controlling physical access in an organization.(RTP M-15+M-10)(SM PG NO 3.21) 17.Discuss major dimensions under which the impact of cyber frauds onenterprises can be viewed. 18.Discuss major techniques to commit cyber frauds in brief.(RTP M-16+M-15)+MTP S-14 19.Discuss any three Internetworking devices 20.Discuss major General Controls within an enterprise in brief.(RTP N-15-ONLY SHORT NOTE) (i)Organizational Controls (ii)Management Controls (iii)Financial Controls (iv)BCP (Business Continuity Planning) Controls (v)Operating System Controls(asked only operating system security in nov-14 exams) (i)major tasks (ii)components (iii)remedies (vi)Data Management Controls (i)Access Control (ii)Backup Control(MTP F-15) (vii)System Development Controls (viii)Computer Centre Security and Controls (i)Physical Security(or)Discuss the arrangements a company XYZ should emphasize in order to tighten its Physical Security for protecting its IT assets(RTP N-15) (ii)Software & Data Security (iii)Data Communication Security (ix)Internet and Intranet Controls (x)Personal Computers Controls(security measures only asked in nov-14 exams) 21.Whatdo you mean by Detective Controls?(MTP S-14)+RTP M-11Explain with the help of examples.(RTP M-12)Also describe their main characteristics in brief.(RTP M-12+M-11)+MTP F-14 22.DiscussApplication Controls and their categories in brief. (i)Boundary Controls (ii)Input Controls (iii)Communication Controls (iv)Processing Controls(ONLY DATA PROCESSINGCONTROLS–RTP M-11+N-10)+virtual memory controls(RTP M-10) (v)Database Controls (vi)Output Controls(MTP S-14)+asked in may-13 exams 23.‘There are various general guidelines, with reference to ‘Segregation of Duties’, which may be followed in addition with the concepts like, ‘maker should not be the checker’. Explain those guidelines. 24.What is ‘Data Integrity’? Explain six categories of integrity controls in brief. 25.Explain some of the key logical access controls in detail with the help of suitable examples.(RTP N-15)+only computer crime exposures(or)Crimes are committed by using computers and can damage the reputation, morale and even the existence of an organisation’. What are the problems do you think that any organization can face with the result of computer crimes?(RTPN-13+N-12+N- 11)+MTP O-14.(asked in nov-15 exams+may 14 exams) 26.Describemajor controls over environmental exposures.(RTP M-10)(or)Discuss different controls for environmental Exposures.(MTP F-15) 27.What is Cyber Fraud? Differentiate between pure cyber frauds and cyber enabled frauds. 28.Explain major cyber-attacks reported by various agencies in recent years. 29.Discuss Managerial Controls and their categories in brief.(MTP S-15) (i).Top Management and Information Systems Management Controls (ii).Systems Development Management Controls(RTP N-15) (iii).Programming Management Controls (iv).Data Resource ManagementControls(RTP N-15) (v).Quality Assurance Management Controls(RTPM-16) (vi).Security Management Controls(RTP M-16) (vii).Operations Management Controls 30.Write short notes on the following: (i)Need for protection of Information Systems (ii)Compensatorycontrols(MTP O-14) (iii)BCP controls (iv)Cyber Frauds (v)TopologicalControls (vi) Backup Controls 31 (combination question of 6+21) just differences(RTP M-16) 32.Impact of Technology on Internal Controls(RTP M-16)+MTP S-15+O-14(SM PG NO 3.11)+ only Segregation of Duties(RTP M-15) 33.Discuss InformationSystem Security and its objectives.(RTP M-15+N-13+M-13+N-12+M-12+N-10) (SM PG NO 3.3)(asked in may 14 exams) 34.Whatare the aspects that should be evaluated by an IS Auditor while reviewing the adequacy of data security controls?(RTP N-11+N-10)(SM PG NO 3.73).+ MTP A-14+M-12 35.‘The objective of controls is to reduce or if possible, eliminate the causes of the exposure to potential loss. Exposures are potential losses due to threats materializing. All exposures have causes’. Discuss some categories of exposures in brief and also discuss some critical control considerations in a computerized environment.(RTP M-11)(SM PG NO 3.9)(asked in nov-14 exams) 36.Describe various groups of management, comprised by security policy.(RTP N-10)(SM PG NO 3.6(3.4.3)) 37.Differentiate between Physical AccessControls and Logical AccessControls.(MTP F-15) 38. Whatare the issues that should be covered by a security policy? Explain in brief.(RTP N-11)(or) For appropriate implementation of information security at various levels, organizations require security policies, which should cover various issues.’ What are these issues that should be covered by a security policy? Explain in brief.(MTP A-14+AUG-12+MAR-13)(SM PG NO 3.6)(asked in may-13 exams) 39.‘Information systems can generate many direct and indirect risks. These risks lead toa gap between the need to protect systems and the degree of protection applied’. What are the main reasons of this gap?(RTP M-11+M-10)(sm pg no 3.2) (Note:-For control over 3rdchapter please referGiridhar’sflow chart in caclubindia and it is divided into 3 parts). CHAPTER-4:BusinessContinuity Planning and Disaster Recovery Planning(BCPDRP). 1.Discussthe objectives of Business Continuity planning.(RTP M-16+N-14)(or)what are the objectives and goals of BCP?(MTP O-14+A-14)+RTP M-12+N-11+M-11+N-10+asked in nov-13+12 exams 2.Describethe methodology of developing a Business Continuity Plan. Also enumerate its eight phases.(or)Discuss the different phases involved in the development of a Business Continuity Plan.(or)Name the different phases of methodology for developinga BCP. What are the major points on which a methodology mainly emphasizes upon?(RTP M-16+N-13+M-13+N-12+M-12+M- 11)+MTP S-14+O-13+F-13(asked in may 14 exams) 3.Whiledeveloping a Business Continuity Plan, what are the key tasks that should be covered in the second phase ‘Vulnerability Assessment and General definition of Requirement’?(RTP N-14+N- 13+N-10)+MTP O-13+S-13+M-13 4.Whatare the major documents that shouldbe the part of a Business Continuity Management system? Explain in brief.(or)Why documentation is required in Business Continuity Management (BCM)? Whichdocuments are classified as being part of the BCM system?(RTP M-16) 5.Discussthe maintenance tasks undertaken in the development of a BCP in brief.(RTP N-14) 6.Brieflyexplain various types of system’s back-up for the system and data together.(OR)Explain briefly data back-up techniques.(MTPF-12)(Or)Explain briefly various types of data back-ups(RTP N-15)+MTP M-15+Discuss different types 0f back-up plans used in BCP?MTPS-14(asked in nov-14 exams+nov-11exams) 7. Explainbriefly the following terms with respect to business continuity and disaster recovery planning.(or)various kinds of plans that need to bedesigned for BCM.(asked in nov-15 exams) (I)Emergencyplan(RTP N-15+N-09) (ii)RecoveryPlan(RTP M-16+N-15+M-13+N-11)+MTP F-15+asked in may-12 exams (iii)Testplan(RTP N-14+N-13) (iv)Backup plan.(MTP F-15) (or)‘Different types of plans are used in BCP namely, EmergencyPlan, Back-up Plan, Recovery Plan, and Test Plan’. Discuss recovery plan in brief.(RTP M-12)(or)differential backup technique in detail.(RTP N-10) 8.Explainbriefly the following terms with respect to alternate processing facility arrangements in business continuity and disaster recovery planning.(RTP M-13)+(asked in may-15 exams+may-11 exams)(or)discuss the various backup options considered by a security administrator when arranging alternate processing facility. (i)Cold site(RTP N-15+N-12+M-12+N-09)+MTP F-14 (ii)Hot site(RTP N-15+N-12+M-12+N-09)+MTP F-14 (iii)Warm site(RTP N-09) 9.A company has decided to outsource its recovery process to a third party site. What are the issues that should be considered by the security administrators while drafting the contract?(ASKED IN NOV-15+may-10EXAMS)(RTP N-15+N-14+M-13+M-11)+MTP M-12 10.Describe contents/componentsof a Disaster Recovery and Planning Document.(RTP N-08)(OR) Discuss the major areas that form a part of Disaster Recovery Planning (DRP) Document.(RTP N- 15+M-14+N-10)+MTP O-15+asked in nov-11 exams 11.Explain theobjectives of performing BCP tests while developing a business continuity plan.(RTP N-10) 12.Briefly explain the maintenance tasks undertaken in the development of a business continuity plan. 13.What are the key aspects that should be verified during audit/self-assessment of an enterprise’ BCM program while reviewing BCM arrangements?(asked in may-15 exams) 14.Differentiate between Incremental Backup and Differential Backup(or)Differential Backup and Full Backup(RTP N-14)(or)Incremental Backup and Mirror Backup(RTP M-13+M-10)(or)Full backup and Incremental Backup(RTP N-12)(or)Differential Backup(RTP N-11) 15.Write short notes on the following: (i)BCP Manual(MTP S-15) (ii)Discussdifferent stages of Business Continuity Management (BCM) Process.(MTP F-15)(SM PG NO 4.11) (iii) Back-up Plan (iv) BCM Maintenance 16.Differentiate between Cold Site and Hot Site.(RTP N-13) 17.Discuss Business Impact Analysis (BIA).(RTP M-16) 18.What is meant by Business Continuity Planning? Explain the areas covered byBusiness Continuity.(RTP M-16+M-13+N-12+M-12+M-10)+asked in nov-10 exams 19.Explain the advantages of Business Continuity Management (BCM)(RTP N-15) 20.What are the objectives of Business Continuity Management (BCM) Policy?(MTP M-15)(SM PG NO 4.4)(asked in nov-14 exams) 21. Whatare the tasks thatshould be undertaken in Business Impact Analysis? Explain in brief.(MTP A-14+F-14+M-13+AUG-12)+RTP N-11+M-11(SM PG NO 4.14)(asked in may-13+nov-11+09exams (or)In the development of a business continuity plan, there are total eight phases;Business Impact Analysis is the third importantphase. Discuss various tasks which are to be undertaken in this phase.(RTP N-10) 22.What do you understand by the term ‘Disaster’? What procedural plando you suggest for disaster recovery?(MTP F-12)(SM PG NO4.24) 23.While auditing aDRP for information technology(IT) assets, what concerns are required to be addressed?Briefly explain.(asked in may-14 exams)(sm pg no 4.27 point no XX) 24.What are the elements to be included in the methodology for the development of disaster recovery/business resumption plan?.(asked in nov-12 exams)(sm pg no 4.25) CHAPTER-5:Acquisition, Development and Implementation of InformationSystems(ADIIS) 1.Discuss the key characteristics of Waterfall Model in brief. Also explain its major weaknesses(MTP F-14+M-12)only weakness+(RTP N-13+N-12+M-12+N-10) 1A.‘Waterfall approach is oneof the popular approaches for system development’.Explain the basic principles/key characteristics of this approach.(RTP M-13+M-11)(SM PG NO 5.9) 2.Briefly explainweaknessesPrototyping approach.(RTP M-14+M-11)+MTP S-13 3.Describe major strengths ofPrototyping model.(RTP N-14+M-11)+MTP F-12 3A.Discuss basic principles/Generic phasesof Prototyping Model in brief.(RTP M-12)(sm pg no 5.11) 4.Explain major strengths and weaknesses of Spiral model(RTP M-14)+RTP N-13(ONLY WEAK)+asked in nov-10 exams(or)as a person in-charge of system developmentlife cycle, you are assigned a job of developing a model for a new system, which combines the features of a prototyping model and the waterfall model.Whichwill be the model of your choice and what are its strengthsand weaknesses?. 4A.XYZ Ltd., primarilyengaged in games development is in the process of automation of its various business processes. After considering all the relevant factors, the technical consultantof the company recommended tofollow a combination of prototyping and waterfall model forthe project implementation. Identify the model and explain its basic principles.(RTP M-13)+(MTP O-13+M- 13)(SM PG NO 5.15) 5.What do you understand by agile model of software development? Also explain its major strengths(RTP M-16+N-14+M-13)+MTP O-14+AUG-12(asked in nov-14 +nov-13 exams)and weaknesses in brief.(RTP M-13)+(MTP F-15+S-14) 6.State and briefly explain the stages of System Development Life Cycle (SDLC).(nov-15 exams) 7.The top management of company has decided to develop a computer information system for its operations. Is itessential to conduct the feasibility study of system before implementing it? If answer is yes, state the reasons. Also discuss three different angles through which feasibility study of the system is to be conducted.(MTP S-15) 8.What are the possible advantages of SDLC from the perspective of IS Audit?(RTP N-14+N-13+N- 10)+MTP F-14+asked in nov-12+10exams 9.What are the major aspects that need to be kept in mind while eliciting information to delineate scope?(or)‘While eliciting information to delineate to scope, what are the aspects that are needed to be kept in mind during preliminary investigation of a project under SDLC’?(RTP N-13+N-12+N- 11+N-10) 10.Discuss in detail, how the analysis of present system is made by the system analyst?(or)A Company is offering a wide range ofproducts and services to its customers. It relies heavily on its existing information system to provide up to date information. The company wishes to enhance its existing system. You being an information system auditor, suggest how the investigation of the present information system should be conducted so that it can be further improved upon.(or) discuss in brief the various functional areas to be studied by a system analyst for a detailed investigation of the present system.(MTP AUG-12)+asked in nov-11+may-11exams 11.Explain two primary methods, which are used for the analysis of the scope of a project in SDLC.(RTP N-15+N-14+M-13+N-12)+MTP O-14+asked in may-10 exams 12.Explain two primarymethods, which are used for the analysis of the scope of a project in 13.If you are the Project Manager of a Software Company with the responsibility for developing a break-through product, combining state of the art hardware and software; will you opt for typing as a process model for a product meant for the intensely competitive entertainment market? 14.Describe briefly four categories of major tools that are used for system development(or)Discuss majorly used System Development Tools(RTP M-16)+ ONLY DATA FLOW DIAGRAM+Structured English+Flowcharts(RTP N-15+N-14+N-09) 15.Bring out the reasons as to why organizations fail to achieve their Systems Development Objectives?(RTP N-14+N-11+N-10)+MTP A-14+F-12(or)List down some notable issues because of which an enterprise at times fails to achieve the objectives of the system development.(MTP F-15) (or)It is observed that sometimes, organizations fail to achieve their systemsdevelopment objectives. What may be the possible reasons for the same in your opinion? Give any five.(RTP N- 12)(asked in may-15 exams) 16.Discuss major characteristics of a good coded program in brief(RTP N-15+N-13+N-12+N-11+N- 10)+MTP S-14+asked in nov-12 exams 17.What is Unit Testing?Explain five categories of tests that a programmer typicallyperforms on a program unit.(asked in NOV-15 Exams+MAY 15 EXAMS+nov-14exams)+MTP O-15+RTP M-13(or) What is Unit Testing? Discuss its benefits and limitations.(RTP N-09)+asked in may-10 exams 18.Explain the following testing techniques: (i)Black Box Testing(RTP N-14+N-13+N-08)+MTP O-14+Asked in N-09exams (ii) White Box Testing(RTP N-14+N-13+M-13)+MTP O-14+AUG-12+asked in J-09 exams (iii) Gray Box Testing(RTP N-13) 19.Explaindifferent changeover strategies used for conversion from old system to new system.(ONLY PHASED(MTP AUG-12)+PILOT)(RTP N-15+N-12) 20.Discussbriefly, various activities that are involved for successful conversion with respect to a computerized information system.(RTP N-12+N-10)+asked in may-13 exams 21.Explain corrective and adaptive maintenance in brief.(MTP A-14+O-13+M-13)+RTP N-11 22.What is waterfall model of system development? Also discuss its major strengths.(RTP M-12+N- 10)+asked in may 2014 exams only strengths. 23.What is Rapid Application Development? Discuss its strengths(RTP M-12)and weaknesses in brief.(RTP N-11) 24.Agile methodology is one of the popular approaches of systemdevelopment. What are the weaknesses of this methodology in your opinion?(RTP M-14)+MTP M-15(or)As per recent industry trends, Agile methodology has become a good choice for software development community. There is no doubt to say that it has various strengths aswell but on the other hand, it has certain weaknesses too. Briefly explain the weaknesses of this methodology.MTPF-13+RTP M-13 24A.what is agile methodology? Explain its basic principles/featuresin brief.(RTP N-13+N-12)(SM PG NO 5.18) 25.What do you understand by feasibility study? Explain various types of feasibility studies in detail.(RTP N-14+M-14+N-08)(or)Differentiate between “Economic Feasibility” and “Operational Feasibility”.(MTP M-15)(or)What issues would you like to raise during the technical feasibility of new proposed system?(RTP M-13+N-12)+(MTP M-15)(SM PG NO 5.24)(asked in nov-13+J-09 exams)+Discuss various dimensions under which the phase feasibility study of SDLC is evaluated.(MTP O-14+RTP N-11)+Operational Feasibility(MTP M-12+RTP N-13+N-12)+Technical Feasibility(MTP F-12)+RTP M-12+N-09+Feasibility study of a system is accomplished under various dimensions such as technical, financial, economical, operational, legal etc. Out of these, explain technical feasibility in brief.(RTP N-12)+Economic Feasibility(RTP N-09) 26.System Analysts use various fact-finding techniques for determining the needs/ requirements of a system to be developed. Explain these techniques in brief.(RTP M-14+N-11)+MTP S-14+A-14(ANY TWO ONLY)+MTP O-13+AUG-12(or)Discussany two fact finding techniques with reference to requirements phase of SDLC? 27.What do you understand by “Requirement analysis”?(RTP N-14)+MTP O-13+F-13What is the significance of analyzing the present system and how is it carried out? Explain briefly. 28.What is SDLC? Explain the key activities performed in the Requirements Analysis phase.(RTP M- 16+N-14+M-14+M-13+M-12)+MTP O-13+F-13(or)‘Requirements Analysis phase includes a thorough and detailed understanding of the current system, identificationsof the areas that need modifications to solve the problem, the determination of user/managerial requirements and to have fair idea about various systems development tools’. Briefly discuss the activities, which are performed in this phase.(RTP M-11)+(asked in may-13+11exams) 29. Discuss the roles of the following with reference to SDLC: (i) Steering Committee(OR)Mention different functions of steering Committee under SDLC(RTP N- 15+M-14) (ii) System analyst(RTP M-14)+asked in nov-11 exams (iii) Database Administrator(RTP M-14)+asked in nov-11 exams (iv) IS auditor(RTP M-16+M-14)+asked in nov-11 exams 30.Discuss Final Acceptance Testing in brief.(RTP M-14+N-13+M-12) 31.Write short notes on the following: (i) data dictionary(MTP O-13+F-13+F-12)+RTP N-13+asked in may-12+10exams (ii) static testing (iii) Regression Testing(asked in nov-10 exams) (iv)system testing(RTP M-11)+asked in nov-13 exams (v)Preventive Maintenance(MTP F-13)(or)Preventive and Perfective Maintenance(MTP M-12) (vi)AdaptiveMaintenance(RTP M-14)+MTP S-13 Orhowcan ‘SystemMaintenance’ underSystem Development Life Cycle (SDLC) be categorized?OR ‘’maintaining the system is an important aspect of SDLC” considering this statement list out various categories of system maintenance in SDLC.(RTP M-16)(RTP N-15+M-11)+asked in nov-10 exams (vii)Strengths(RTP M-11)&Weaknesses of IncrementalModel(RTP M-16)(Or)forthe development of software, various techniques/models are used e.g. waterfall, incremental, spiral etc; in which, each has some strengths and some weaknesses. Discuss the weaknesses of the incremental model.(RTP N-11) (viii)Auditors’ involvement in development work (ix)Parallel RunningImplementation(RTP M-14) (x)Discuss Integration Testing and its types.(MTP F-15)+What is Integration testing? Explain bottom-up and top-down integration.(RTP M-12) 32.Importantfactorsshould be considered by the system analyst while designing userinput forms.(asked in nov-15 exams) 33.ProgramDebugging and Program Testing(RTP M-16) 34.Explain the various user related issues in achieving the system development objectives.(RTP N-15) 35.According to youas an IS Auditor, what are the validation methods for approving the vendors‟ proposals?(RTP N-15+N-14+M-14)(or)Large organizations would naturally tend to adopt a sophisticated and objective approach to validate the vendor’s proposal’. What arethe validation methods that may be used for this purpose?(RTP M-11) 36.With reference to the conversion from existing information system to a new system, explain the file conversion in brief.(RTP M-14)+MTP F-14 37.The company appoints an Accountant forhis active involvement during the development work of the proposed system. Discuss some of the aspects on which anaccountant can play a vital role during proposed system’s development.(MTP S-15)(SM PG NO 5.7)(CONCEPT NO 5.3.3) 38.What do youunderstand by “System Development Methodology”?(MTP S-15)(SM PG NO 5.8) 39.Differentiate between Hardware Acquisition and Software Acquisition.(MTP M-15)(SM PG NO 5.45) 40.Management should establish acquisition standards that address the same security and reliability issues as development standards. What are the issues that should be focused by Acquisition standards?(RTP M-13+N-11+M-11)+(MTP O-13+F-13)(SM PG NO 5.44) 41.Describe major design principles with reference to SDLC in brief.(MTP M-13)(SM PG NO5.42) 42. CASEtools(MTP F-12)+RTP N-09 43.At the end of the analysis phase of SDLC, the system analyst prepares a document called ‘Systems Requirements Specifications (SRS)’. Briefly explain the contents of a SRS.(RTP N-10)(SM PG NO 5.36)(asked in may-14 exams+nov-11 exams)(sm pg no 5.59) 44. Brieflyexplain about various categories of software maintenance used in system development life cycle.(SDLC)(asked in may 2014 exams) 45.What are the majoractivities involved in design of database.(asked in may-12 exams) CHAPTER-6:Auditing of InformationSystems(AIS) 1.Discuss the issues relating to the performance of evidence collection and understanding the reliability of controls.(RTP N-14)+MTP M-15+(asked in may 2015 exams+nov-14 exams) 2.Explain the set of skills that is generally expected ofan IS auditor.(MTP A-14+F-13+AUG-12)+RTP N-11+N-10+asked in nov-12 exams 3.Explain major types of IS Audits in brief.(or)Discuss the variouscategories of IS Audit?(MTP S- 14)+RTP N-10+asked in nov-12 exams) 4.Explain major stages of IS Audits in brief(or)The company appoints an auditor toconduct audit of the existing Information System. What are the steps an auditor would follow to conduct the audit of Information Systems?(MTP F-15)(or)Discuss in brief various steps involved in information systems audit?(MTP O-14)(asked in may-15 exams+may-12) 5.An important task for the auditor as a part of his/her preliminary evaluation is to gain a good understanding of the technology environment and related control issues. Explain major aspects that should be considered in this exercise.(asked in may 2015 exams) 6.What are the key steps that can be followed for a risk-based approach to make an audit plan? Explain in brief. 7.Write short notes on the following: (i) Snapshots(RTP N-14) (ii) AuditHooks(RTP N-14) 8.What do you understand by SCARFtechnique? Explain various types of information collected by using SCARF technique in brief.(RTP N-12)OrDiscuss the System Control Audit Review File (SCARF) technique used in the audit of Information Systems.(RTP M-16+N-15+N-14)+asked in may-13+11 exams 9.Describe major advantages of continuous audit techniques.(MTP S-15+M-15+S-14+A-14+S- 13+AUG-12+M-12)+RTP N-13+N-12+N-11(asked in nov-15+11exams+may 14+10exams) 10.Describe major disadvantages(asked in may 14+nov-11exams)and limitations of Continuous Audit techniques.(RTP M-14+M-12)+MTP O-15+F-15+F-14+O-13+F-13 11.Explainthree major ways by which audit trails can be used to support security objectives.(OR) What objectives are achieved when audit trails are maintained?(RTP M-11)(MTP S-15+M-15+S-14) (SM PG NO 6.22)+asked in nov-11+may-10exams 12.Discuss major audit issues of operational layer withreference to application security audit. 13.What are the factors that influence an organization towards controls and audit ofcomputers? (asked in nov-15 exams) 14.Discuss the points relating to ‘Legal Considerations and Audit Standards’ to be considered by an IS auditor as a part of his/her preliminary review.(or)Being an IS Auditor, what are the critical factors that you will consider as a part of your preliminary review which are going to be critical for your effective audit review?(MTP S-15) 15.Discuss Integrated Test Facility (ITF) technique of continuous audit in detail with the help of examples.(asked in nov-13 exams) 16.Describe major tasks performed by an Operating System in brief.(MTP O-14)(asked in may-15 exams) 17.What are the major aspects that should be thoroughlyexamined by an IS Auditor during the audit of Environmental Controls? Explain in brief.(or)An enterprise ABC plans to conduct audit in its enterprise. List down some points for audit of Environmental controls that an auditor would consider in his/her checklist while conducting the audit.(or)As an IS auditor, What are the environmental controls verified by you, while conducting physical inspections.(MTP F-15)(asked in nov-15 exams)(SM PG NO 6.24) 18.Discuss major audit issuesof Tactical Layer with reference to Application Security Audit. 19.Write short notes on the following: (i)Basic Plan with reference to IS Audit (ii) Continuous Audit (iii)Continuous and Intermittent Simulation (CIS) technique (iv)Strategic Layer with reference to application security audit. 20.Functions of IS Auditor(RTP M-11) +(asked in nov-15 exams+NOV 2014 EXAMS) 21.Discuss the Accounting and Operations Audit Trails with respect to Communication Controls.(RTP N-15) 22.Inherent Risk and Detection Risk(RTP N-15) 23.Differentiate between Control Risk and Detection Risk.(MTP F-15) 24.Discuss the impact of information systems audit on organizations(or)Factors influencing an organization toward controls and audit of computers and the impact of the information systems audit function on organizations(MTP O-14+A-14)(sm pg no 6.2)(Only objectives askedasked in nov- 2015 exams) CHAPTER-7:Information Technology Regulatory Issues(ITRI) 1. Explain the objectives of the Information Technology Act 2000.(RTPN-14)(asked in may 2012 exams) 2.Explain ‘Authentication of Electronic Records’ with reference to Section 3 of Information Technology Act 2000.(Or)howdoes the Information Technology Act 2000 enable the authentication of records using digital signatures?(Or)To ensure that no unauthorized disclosure of the information will be made, proper authentication mechanism needs to be implemented. How Information Technology (Amendment) Act 2008 addresses this issue with reference to its Section 3? (RTP M-13+N-11)+MTP M-15+F-14+AUG-12+F-12+(asked in nov-13+N-09exams+may 2011 exams) 3.Discuss the main provisions provided in Information Technology Act 2000 to facilitate e- Governance. 4.Discuss the ‘Use of Electronic Records in Government and its agencies’ in the light ofSection 6 of Information Technology Act 2000.(RTP N-14+M-14+M-11) 5.Describe the ‘Power to make rules by Central Government in respect of Electronic Signature’ in the light of Section 10 of Information Technology Act 2000.(RTP M-16+M-14+N-13)(ASKED INNov-15 EXAMS+May 2012exams) 6.Describe the ‘Tampering with Computer Source Documents’ in the light of Section 65 of Information Technology Act 2000.(OR)‘Tampering with Computer Source Documents’ is a common threat for automated business modules. HowInformation Technology (Amendment) Act 2008 addresses this issue with reference to its Section 65?(RTP M-14) 7.Discuss ‘Punishment for sending offensive messages through communication service etc.’ in the light of Section 66A of Information Technology Act2000.(RTP M-15+N-14+N-10)+asked inmay-13 exams As per the decision of theSupreme Courtdated 24.03.2015; Section 66A of Information Technology Act, 2000 (Punishment for sending offensive messages through communication service, etc.) has been declaredUnconstitutionalas itis violative of Article 19(1)(a) related to freedom of speech and expressions. Now comments on social networking sites will not be offensive unless they come under the provisions of the Indian Penal Code, 1860. 8.Discuss ‘Power of the Controller to givedirections’ under Section 68 of Information Technology Act 2000.(RTP M-15+N-13) 9.Discuss ‘Power to issue directions for interception or monitoring or decryption of any information in any computer resource’ under Section 69 of Information Technology Act 2000. 10.Discuss ‘Penalty for publishing Electronic Signature Certificate false in certain particulars’ under Section 73 of Information Technology Act 2000. 11.What is the vision of National Cyber Security Policy 2013? Also explain its major objectives. 12.Discuss PDCA cyclic process under ISO27001.(MTPO-15+M-15+S-14)+asked in nov-14 exams) 13.Write a short note on ‘Service Strategy’ of IT Infrastructure Library (ITIL) framework. (Or) Discuss Information Technology Infrastructure Library (ITIL) Service Lifecycle.(RTP N-15)(asked in nov-15 exams).+only library (asked in may-12 exams) 14.What are the major provisions on ‘Retention of Electronic Records’ with reference to Information Technology Act 2000? Explain in brief.(RTP M-15)+MTP S-15+F-15+O-13+F-13+asked in may 2012 exams+may 2011 exams. 15.Briefly explain the following with respect to the Information Technology Act 2000: (i) [Section 66B] Punishment for dishonestly receiving stolen computer resource or communication device(RTP M-15+N-14)+asked in may-13 exams (ii) [Section 66C] Punishment for identity theft (iii) [Section 66D] Punishment for cheating by personation by using computer resource (iv) [Section 66E] Punishment for violation of privacy(RTP N-14)+asked in may-13 exams (v) [Section 66F] Punishment for cyberterrorism(RTP M-14)(asked in may-15 exams) 16.Explainthe ‘Power to issue directions for blocking public access of any information through any computer resource’ under Section 69A of the Information Technology Act 2000.(RTP N-15)+MTP O- 15 17.Explain the ‘Power to authorize to monitor and collect traffic dataor information through any computer resource for Cyber Security’ with reference to Section 69B of the Information Technology Act 2000.(RTP M-12+M-11)+MTP AUG-12 18.Write short notes on the following: (i) [Section 4] Legal Recognition of Electronic Records (ii) [Section 5] Legal Recognition of Electronic Signature 19.Write short notes on the following: (i) System Controls with reference to the requirement of RBI/IRDAfor System Control and Audit (ii)Requirements of SEBI for System Controls & Audit(asked in nov-14 exams)(sm pg no 7.33) (iii) Auditor Selection Norms with reference to the requirement of SEBI for System Control andaudit (RTP N-15)(asked in may-15 exams) 20. DiscussITIL Framework.(RTP M-14–ONLY SERVICE OPERATION)+MTP S-15+ (MTP F-14Service TransitionONLY).+SERVICE DESIGN (MTP S-13) 21.Discuss the guidelines recommended by Securities and Exchange Board of India (SEBI) to conduct audit of systems.(RTP M-16) 22.To retain their electronic records for specified period, what are the conditions laid down by Section 7, Chapter III of Information Technology Act, 2000?(RTP N-15+N-13+M-13+N-12+M- 11)+MTP O-14+F-12(asked in may-14exams+ may2010 exams) 23.Explain the penalty for failure to furnish information return under Section 44 of IT Act, 2000.(RTP N-15) 24.Whatare the powers of a Police Officer under the Information Technology (Amendment) Act, 2008 to enter and searchetc. (SECTION 80)?(RTP M-15+N-14+M-10) 25.Describe ‘Recognition of Foreign Certifying Authorities’ in the light of Section 19of Information Technology (Amendment) Act, 2008.(RTP M-14+M-12+N-11)+ MTP F-14+M-12+asked in may 13 exams. 26.Describe ‘Secure Electronic Signature’ in the light of Section 15 of Information Technology (Amendment) Act, 2008.(RTP N-13+M-11)+asked in nov 2010 exams 27.Discuss the ‘Acceptance of Digital Signature Certificate’ under Section 41 of Information Technology (Amendment) Act, 2008.(RTP N-13+N-12)+MTP M-12+asked in nov-2010 exams 28.Discuss the major functions, which may be performed by the Controller of CertifyingAuthorities under Section 18 of Information Technology (Amendment) Act, 2008.(RTP M-13)+(asked in nov-13 exams) 29.Power of State Government to make rules in the light of Section 90 of InformationTechnology (Amendment) Act, 2008.(RTP M-13+N-11)+MTP M-13 30.Discuss the Duties of Certifying Authorities under Section 30 of the Information Technology (Amendment) Act 2008 to facilitate e-Governance.(RTP N-12+M-12+M-11+N-08)+MTP M-13+asked in nov-12+may-11exams. 31.Discuss the composition of a Cyber Appellate Tribunal under Section 49 of Information Technology (Amendment) Act, 2008.(RTP N-12) 32.What is the procedure to apply for a license to issue electronic signature certificates, under Section 22, Information Technology (Amendment) Act, 2008?(RTP N-12)+MTP O-13+F-13+asked in may-13 exams+nov 2010 exams) 33.Discuss the Electronic Signature under Section 3A of Information Technology(Amendment) Act, 2008.(RTP M-12) 34.Describe “license to issue electronic signature certificates” with respect to the Section 21 of Information Technology (Amendment) Act, 2008.(RTP N-11) 35.Discuss “Appeal to Cyber Regulations Appellate Tribunal” under Section 57 of Information Technology (Amendment) Act, 2008(RTP N-11)+MTP A-14 36.Define the following terms with respect to Information Technology (Amendment) Act, 2008: (i)Access(RTP M-11) (ii)AppropriateGovernment(RTP M-11) (iii)ComputerNetwork(RTP M-11+N-10) (iv)SecureSystem(RTP M-11) (v)ElectronicSignature(RTP N-10+M-10+N-08) (vi)Electronic SignatureCertificate(RTP N-10+M-10) (vii)Intermediary+ chapter-XII(RTP N-10)(asked in may-15 exams+ may 14 exams) (viii)Computer SourceCode(RTP N-10) (ix)Electronicform(RTP N-08)+asked in may 2010 exams (x)Keypair(RTP N-08) (xi)Asymmetric cryptosystem(RTP N-08)+asked inmay 2010 exams (xii)Adjudicating officer.(RTP N-08) 37.Discuss the Delivery of Services by Service Provider with respect to the Section 6A of Information Technology (Amendment) Act, 2008.(RTP N-10) 38.Discuss National nodal agency with respect to theSection 70A of Information Technology (Amendment) Act, 2008.(RTP N-10) 39.Explain the power of Controller to make regulations under Section 89 of the Information Technology (Amended) Act 2008.(RTP M-10) 40.Briefly explain the Punishment forpublishing or transmitting of material containing sexually explicit act, etc. in electronic form as per Section 67 A of the Information Technology (Amended) Act 2008.(RTP M-10) 41.Discuss ‘Publication of rules, regulation etc. in Electronic Gazette’ with reference to Section 8 under Information Technology (Amendment) Act 2008.(MTP F-14) 42. In informationTechnology (Amended) Act2008, what do section 25 and 26 say about suspension of licence to issue electronic signature certificate.(asked in nov-12 exams) 43. Constitution of CRAC u/s 88.(asked in nov-12 exams+nov-11exams) 44.SA 402(MTP O-14) CHPATER-8: EmergingTechnologies(ET)(ADDED FROM NOV-14 EXAMS) 1.What is Cloud Computing? Explain some pertinent similarities and differencesbetween Cloud and Grid computing.(RTP N-15)+MTP S-15 2.Discuss the major goals of Cloud Computing in brief.OR pertinent objectives in order to achieve the goals of cloud computing.(RTP N-14)(MTP S-14)(Askedin nov-14 exams) 3.Describe Front end and Backend architecture with reference to Cloud Computing.(RTP M-15) 4.What do you understand by Public cloud? Also discuss its major advantages in brief.(RTP N-14) 5.What is Private cloud? Also explain its major advantages in brief. 6.Explain the following withreference to cloud computing: (I)Infrastructure as a Service (IaaS)(MTP M-15) (II)Platform as a Service (PaaS)(RTP M-15) + (MTP O-14) (III)Software as a Service (SaaS)(RTP M-15) (iv)Network as a Service (NaaS) (v) Communication as a Service (CaaS). 7.Explain, in brief, the characteristics of CloudComputing(MTP F-15) 8.Briefly discuss the advantages of Cloud Computing.(MTP O-14)(Askedin nov-15 exams) 9.Discuss any fivechallenges to Cloud Computing in brief.(RTP N-14)(Askedin may-15 exams) 10.Explain some of the tangible benefits of mobile computing.(MTP S-14+M-15+O-15) 11.Write short notes on the following: (i) Hybrid Cloud (ii) Mobile Computing (iii)BYOD(MTP S-15) (iv) Web 2.0 (v) Green ITbestpractices(MTP O-15) (asked in may15 exams) 12.‘The work habits of computer users and businesses can be modified to minimize adverse impact on the global environment’. Discuss some of such steps, which can be followed for Green IT.(Or) what are your recommendations for efficient use of computer and IT resources to achieve the objectives of ‘Green Computing’?(RTP N-14)+ (MTP F-15)(asked in nov-14 exams) 13.Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) are two of the three main categories of cloud computing. What's thethird category? Explain in brief. 14.Explain Web 2.0 with their applications. 15.ExplainMobile Computingand BYOD with an example. 16. What is Green Computing? Discuss security issues of Green computing in brief. 17.If you consider Web 2.0 as anideal platform for implementing and helping social networks to grow, what are the major components of Web 2.0?(RTP N-15) 18.What are the emerging threats under “Bring Your Own Device (BYOD)?(RTP M-16)+MTP S-15) (asked in nov-15 exams)(or)if theemployees of the company are allowed to use personal devices such as laptop, smart phones, tablets etc.to connect and access the data, what could be the security risks involved? Classify and elaborate such risks. 19.Life Cycle of SocialNetworks(MTP S-15) 20.Discussthe issues ‘Threshold Policy’ and ‘Interoperability’ in Cloud Computing.(MTP O-15) KEY TERMS: MTP = MOCK TEST PAPER O=OCTOBER A=APRIL F=FEB S=SEP AUG=AUGUST RTP = REVISION TEST PAPER M=MAY N=NOVEMBER