Comprehensive 100 MCQ question covering System Controls, Security Measures, and Technology & Analytics (Section F, 25% weightage for 2025) — fully aligned with US CMA / CIA / CPA syllabus domains on IT controls, information systems, and analytics.
🧩 A. General Accounting System Controls (1–20)
1. Which of the following is a preventive control in an accounting system?
B. Backup of data
C. Password authentication
D. Audit trail
✅ Answer: C
2. Segregation of duties aims to:
A. Reduce cost of control
B. Prevent fraud and errors
C. Increase employee efficiency
D. Improve data storage
✅ Answer: B
3. Which control ensures transactions are recorded accurately?
A. Processing control
B. Output control
C. Accuracy control
D. Input validation
✅ Answer: D
4. Limiting user access to financial modules is an example of:
B. Preventive control
C. Corrective control
D. Compensating control
✅ Answer: B
5. Which of the following is a detective control?
A. Log review
B. Access restriction
C. Input validation
D. Firewall
✅ Answer: A
6. Physical access control in an accounting system includes:
A. Encryption
B. Password policy
C. Biometric entry
D. Data backup
✅ Answer: C
7. Which principle ensures accountability in system access?
A. Principle of Least Privilege
B. Principle of Segregation
C. Principle of Redundancy
D. Principle of Confidentiality
✅ Answer: A
8. A change management system ensures:
A. Faster processing
B. Controlled modification of system code
C. Increase in user privileges
D. Automatic backups
✅ Answer: B
9. System logs are primarily used for:
A. Backup recovery
B. Audit trails
C. Data storage
D. File transfer
✅ Answer: B
10. Which control prevents unauthorized changes to master files?
A. File integrity check
B. Data encryption
C. Password control
D. Change log review
✅ Answer: D
11. Which control type deals with system downtime?
A. Preventive
B. Corrective
C. Detective
D. Monitoring
✅ Answer: B
12. Authorization control ensures:
A. Only valid data are processed
B. Only authorized users can initiate transactions
C. All transactions are recorded
D. Transactions are duplicated
✅ Answer: B
13. Dual control refers to:
A. Two persons sharing one password
B. Two approvals required for high-value transactions
C. Two layers of encryption
D. Two audit logs
✅ Answer: B
14. Which control helps maintain confidentiality of accounting data?
A. Encryption
B. Backup
C. Output control
D. Authorization
✅ Answer: A
15. Control that ensures every transaction is processed only once:
A. Completeness control
C. Data reconciliation
D. Run-to-run total
✅ Answer: B
16. Which ensures accuracy during system upgrades?
A. Version control
B. Access control
C. Audit log
D. Firewall
✅ Answer: A
17. Password expiration policies are:
A. Preventive
B. Detective
C. Corrective
D. Directive
✅ Answer: A
18. Firewalls primarily control:
A. Internal fraud
B. Unauthorized network access
C. Data accuracy
D. Backup processes
✅ Answer: B
19. Input control examples include:
A. Hash totals
B. Batch totals
C. Sequence check
D. All of the above
✅ Answer: D
20. Audit trail is useful for:
A. Real-time prevention
B. Post-event analysis
C. Increasing speed
D. Automating backups
✅ Answer: B
🧩 B. Application and Transaction Controls (21–40)
21. Application controls are designed to:
A. Monitor hardware performance
B. Ensure integrity of data input, processing, and output
C. Manage network security
D. Handle system backups
✅ Answer: B
22. Which control verifies input completeness?
A. Limit test
B. Sequence check
C. Reasonableness test
D. Check digit verification
✅ Answer: B
23. Batch control totals are used to detect:
A. Unauthorized access
B. Processing errors
C. System downtime
D. Password misuse
✅ Answer: B
24. A system rejects entries where “Invoice Amount < 0.” This is:
A. Reasonableness test
B. Field check
C. Sign check
D. Sequence check
✅ Answer: C
25. Which ensures data accuracy in master files?
A. Control totals
B. Key verification
C. File protection
D. Audit log
✅ Answer: C
26. A control that flags transactions exceeding approval limits:
A. Limit check
B. Validity check
C. Sequence check
D. Range check
✅ Answer: A
27. Edit tests are typically applied:
A. During input
B. During processing
C. During output
D. During storage
✅ Answer: A
28. Run-to-run totals are used to verify:
A. Completeness of processing
B. Input validity
C. Access control
D. Data encryption
✅ Answer: A
29. Which ensures output is sent only to authorized users?
A. Output distribution log
B. Sequence check
C. Limit test
D. File protection
✅ Answer: A
30. Which is not an application control?
A. Input validation
B. File backup
C. Output review
D. Sequence check
✅ Answer: B
31. Control that prevents duplicate entries:
A. Sequence control
B. Duplicate check
C. Hash total
D. Limit check
✅ Answer: B
32. Cross-footing balances ensure:
A. Access security
B. Logical consistency between columns and totals
C. Audit trail clarity
D. Sequential numbering
✅ Answer: B
33. Which detects missing batch numbers?
A. Sequence check
B. Field check
C. Limit test
D. Reasonableness check
✅ Answer: A
34. Audit software used to test application control is called:
A. Expert system
B. Test data
C. Embedded audit module
D. CAAT
✅ Answer: D
35. Reconciliation is a type of:
A. Preventive control
B. Detective control
C. Corrective control
D. Redundant control
✅ Answer: B
36. Which control prevents incomplete transactions from posting?
A. Transaction completeness check
B. Range validation
C. Reasonableness test
D. Input matching
✅ Answer: A
37. Parallel simulation is used to:
A. Verify system outputs
B. Train employees
C. Backup data
D. Encrypt records
✅ Answer: A
38. Which is a processing control?
A. Limit check
B. Run-to-run control
C. Range check
D. Edit test
✅ Answer: B
39. System log review is an example of:
A. Application control
B. General control
C. Backup control
D. Continuity control
✅ Answer: B
40. Control ensuring totals match before and after processing:
A. Run-to-run total
B. Batch total
C. Hash total
D. Control total
✅ Answer: A
🧩 C. Network and Backup Controls (41–60)
41. Encryption ensures:
A. Availability
B. Integrity
C. Confidentiality
D. Auditability
✅ Answer: C
42. Firewall filters:
A. Outgoing messages only
B. Unauthorized network traffic
C. Data redundancy
D. Backup files
✅ Answer: B
43. Intrusion detection systems (IDS) are:
A. Preventive
B. Detective
C. Corrective
D. Compensating
✅ Answer: B
44. Redundant network paths improve:
A. Confidentiality
B. Availability
C. Accuracy
D. Integrity
✅ Answer: B
45. Network access control includes:
A. Biometric logins
B. Encryption
C. Firewall setup
D. All of the above
✅ Answer: D
46. VPNs secure data by:
A. Changing file format
B. Encrypting data between endpoints
C. Blocking viruses
D. Using backup servers
✅ Answer: B
47. Backup that saves only new or changed data since last full backup:
A. Differential backup
B. Incremental backup
C. Full backup
D. Snapshot backup
✅ Answer: B
48. Backup that copies all data each time:
A. Differential
B. Incremental
C. Full
D. Continuous
✅ Answer: C
49. Hot site means:
A. Backup site with all systems operational
B. Location for data archives only
C. Site for staff training
D. Offsite document storage
✅ Answer: A
50. Cold site means:
A. No hardware or software installed
B. Fully equipped data center
C. Automated failover system
D. Live backup
✅ Answer: A
### General Accounting System Controls
51
- A role-based access control (RBAC) limits file access based on user roles. What type of control is this?
- A. Technical
- B. Managerial
- C. Operational
- D. Physical
**Answer:** A. Technical [1]
52
- Monthly bank reconciliation is an example of which type of control?
- A. Preventive
- B. Detective
- C. Corrective
- D. Directive
**Answer:** B. Detective [2]
### Application and Transaction Controls
53
- What is the primary purpose of application controls?
- A. Enforcing organizational policies
- B. Ensuring individual transaction accuracy
- C. Physical security of hardware
- D. Network monitoring
**Answer:** B. Ensuring individual transaction accuracy [8]
54
- At which stage of the sales cycle would a company review a customer's creditworthiness?
- A. Order processing
- B. Dispatch
- C. Payment
- D. Reporting
**Answer:** A. Order processing [2]
55
- What control ensures only authorized transactions are processed?
- A. Supervisory review
- B. Access controls
- C. Bank reconciliation
- D. Environment controls
**Answer:** B. Access controls [8]
### Network Controls
56
- What is the main function of a network firewall?
- A. Backing up data
- B. Restricting illegal network traffic
- C. Encrypting emails
- D. Processing purchase orders
**Answer:** B. Restricting illegal network traffic [1][3]
57
- Log monitoring software that constantly examines network traffic is which type of control?
- A. Detective
- B. Preventive
- C. Directive
- D. Corrective
**Answer:** A. Detective [1]
### Backup Controls
58
- After a cyber incident, restoring systems from recent backups demonstrates which control?
- A. Corrective
- B. Preventive
- C. Directive
- D. Detective
**Answer:** A. Corrective [1][9]
59
- What is the role of regular backup procedures?
- A. Prevent data loss
- B. Detect unauthorized access
- C. Monitor system uptime
- D. Limit physical access
**Answer:** A. Prevent data loss [9]
### Business Continuity Planning
60
- What does a business continuity plan primarily ensure?
- A. Regulatory compliance
- B. Ongoing operations after disruptions
- C. Financial reporting accuracy
- D. Customer data encryption
**Answer:** B. Ongoing operations after disruptions
(Questions 61–100) covering:
• Business Continuity & Disaster Recovery Controls
• System Development Life Cycle (SDLC)
• Technology-Enabled Finance Transformation (RPA, AI, Cloud, Blockchain)
• Data Governance & Cybersecurity
• Data Analytics & Business Intelligence (BI)
🧩 D. Business Continuity & Disaster Recovery Controls (61–75)
61. The main goal of business continuity planning (BCP) is:
A. To protect profit margin
B. To ensure continued operations during disruptions
C. To reduce staff turnover
D. To improve marketing reach
✅ Answer: B
62. The first step in developing a BCP is:
A. Develop recovery strategies
B. Perform business impact analysis (BIA)
C. Test the plan
D. Train employees
✅ Answer: B
63. A disaster recovery plan (DRP) focuses primarily on:
A. Human resources continuity
B. IT infrastructure and data recovery
C. Financial forecasting
D. Vendor management
✅ Answer: B
64. Which of the following best defines RTO (Recovery Time Objective)?
A. Maximum tolerable data loss
B. Target time to restore operations after disruption
C. Time required for backups
D. Duration of normal downtime
✅ Answer: B
65. RPO (Recovery Point Objective) refers to:
A. Maximum time to restore systems
B. Maximum acceptable data loss measured in time
C. Backup cycle time
D. Service level agreement
✅ Answer: B
66. Which of these should be tested regularly?
A. DRP only
B. BCP only
C. Both DRP and BCP
D. Neither
✅ Answer: C
67. What is the purpose of an alternate site?
A. For data backup storage only
B. For continued processing during main site outage
C. For training auditors
D. For storing physical records
✅ Answer: B
68. Which BCP component ensures that essential staff know their responsibilities?
A. Business impact analysis
B. Communication plan
C. Crisis management plan
D. Employee roster
✅ Answer: C
69. The best control for preventing total data loss is:
A. Regular off-site backups
B. Password protection
C. Firewall configuration
D. Encryption
✅ Answer: A
70. Which of the following tests the full restoration process?
A. Tabletop test
B. Simulation test
C. Parallel test
D. Full-interruption test
✅ Answer: D
71. What is the role of insurance in BCP?
A. Prevent disasters
B. Recover financial losses
C. Back up data
D. Provide audit assurance
✅ Answer: B
72. The term single point of failure refers to:
A. One person responsible for all operations
B. A system component whose failure stops all processing
C. Incomplete transaction log
D. Backup duplication
✅ Answer: B
73. Which policy ensures data are stored safely and can be restored?
A. Data retention policy
B. Data classification policy
C. Access control policy
D. Password policy
✅ Answer: A
74. The primary responsibility for maintaining a BCP lies with:
A. IT department
B. Top management
C. Internal audit
D. System developers
✅ Answer: B
75. Which of the following should be included in a DRP?
A. Vendor contact list
B. Hardware inventory
C. Backup frequency
D. All of the above
✅ Answer: D
🧩 E. System Development Life Cycle (SDLC) & Finance Transformation (76–85)
76. The SDLC begins with which phase?
A. Implementation
B. Design
C. Planning
D. Testing
✅ Answer: C
77. The main objective of SDLC is:
A. To replace audit testing
B. To develop systems efficiently and securely
C. To document employee procedures
D. To ensure data backup
✅ Answer: B
78. A feasibility study is performed during:
A. Design phase
B. Planning phase
C. Implementation phase
D. Testing phase
✅ Answer: B
79. Which SDLC stage involves user acceptance testing (UAT)?
A. Development
B. Implementation
C. Design
D. Maintenance
✅ Answer: B
80. Change management in SDLC ensures:
A. Developers can modify code freely
B. All system changes are authorized and documented
C. Reduced audit trail
D. Deletion of obsolete data
✅ Answer: B
81. Which technology automates repetitive accounting tasks?
A. AI
B. RPA (Robotic Process Automation)
C. Blockchain
D. Big Data
✅ Answer: B
82. Cloud computing service that provides software via internet:
A. IaaS
B. PaaS
C. SaaS
D. DaaS
✅ Answer: C
83. Which of these is an advantage of using ERP systems?
A. Isolated data silos
B. Real-time integration of functions
C. Increased redundancy
D. Reduced internal controls
✅ Answer: B
84. Blockchain enhances system control by providing:
A. Centralized data control
B. Immutable transaction records
C. Encrypted passwords only
D. Reduced transparency
✅ Answer: B
85. Smart contracts operate on which principle?
A. Manual approval
B. Automatic execution when conditions are met
C. Periodic review
D. Legal override
✅ Answer: B
🧩 F. Data Governance & Cybersecurity (86–93)
86. Data governance primarily ensures:
A. Marketing effectiveness
B. Consistency, accuracy, and security of data
C. Data duplication
D. Randomized backups
✅ Answer: B
87. Which is the first stage of data governance life cycle?
A. Data disposal
B. Data collection
C. Data storage
D. Data analysis
✅ Answer: B
88. Record retention policy defines:
A. Who accesses the database
B. How long data must be kept before deletion
C. How to encrypt data
D. When to upgrade systems
✅ Answer: B
89. Data preprocessing involves:
A. Data cleaning and transformation
B. System shutdown
C. Network setup
D. Payroll processing
✅ Answer: A
90. Cybersecurity policies are part of which control framework?
A. Operational control
B. Governance and risk management
C. Marketing management
D. Production control
✅ Answer: B
91. A common protection against phishing attacks is:
A. Strong encryption
B. Two-factor authentication and staff training
C. Backup scheduling
D. File compression
✅ Answer: B
92. Data breach response plan should include:
A. Silence until investigation
B. Immediate notification and containment measures
C. Deleting affected files
D. Ignoring small breaches
✅ Answer: B
93. The CIA triad in information security stands for:
A. Confidentiality, Integrity, Availability
B. Control, Integration, Authorization
C. Cyber, Internet, Access
D. Central, Internal, Audit
✅ Answer: A
🧩 G. Data Analytics & Business Intelligence (94–100)
94. Big Data is characterized by the “4Vs.” They are:
A. Volume, Velocity, Variety, Veracity
B. Volume, Value, Verification, Validation
C. Version, View, Vector, Value
D. Value, Vision, Venture, Volume
✅ Answer: A
95. Descriptive analytics focuses on:
A. What happened in the past
B. Why it happened
C. What will happen
D. What should we do
✅ Answer: A
96. Predictive analytics is primarily used to:
A. Summarize data
B. Forecast future outcomes
C. Report financial statements
D. Create dashboards
✅ Answer: B
97. Prescriptive analytics helps:
A. Describe past performance
B. Recommend optimal decisions
C. Collect unstructured data
D. Create backups
✅ Answer: B
98. Business Intelligence (BI) systems are used for:
A. Transaction processing
B. Decision support through dashboards and reports
C. Payroll automation
D. Inventory control only
✅ Answer: B
99. Data mining involves:
A. Extracting useful patterns from large datasets
B. Cleaning data manually
C. Deleting duplicates
D. Backing up data
✅ Answer: A
100. The purpose of data visualization tools like Power BI or Tableau is to:
A. Hide complex data
B. Convert data into understandable visuals for insights
C. Encrypt data
D. Replace ERP systems
✅ Answer: B
✅ Total = 100 MCQs with Answers
🎯 Covers:
• Internal Controls (System, Application, Network, Backup)
• Business Continuity & DRP
• SDLC & Finance Transformation (AI, RPA, Cloud, Blockchain)
• Data Governance, Cybersecurity
• Data Analytics & BI
www.gmsisuccess.in
Feel free to discuss with me if you have any questions ‼️ Call or Text on 9773464206.
