“200”, Aptitude Test
Questions and Answers for Mkaguzi Daraja la II – Ukaguzi wa Usalama wa Mifumo
ya TEHAMA – the National Audit Office (NAOT).
ABSTRACT
This set of 200 questions assesses knowledge in IT auditing and cybersecurity, covering access control, network and cloud security, data protection, encryption, vulnerability management, incident response, and audit trails. It includes both theoretical and practical questions, testing understanding of risks, security controls, policies, and best practices. Designed for IT auditors, cybersecurity professionals, and students, the compilation emphasizes analytical thinking, decision-making, and application of security principles in organizational environments.
Prepared by: Cyber Security Team
Compiled by Johnson Yesaya Mgelwa.
A lawyer stationed in Dar-es-salaam.
0628729934.
Date: June 10, 2025
Dear applicants,
This collection of questions and answers
has been prepared to help all of you to understand the key areas tested during
the interview. The goal is to provide a useful, and practical study guide so you
can all perform confidently and fairly in the selection process. I wish you the
best of luck, and may this resource support you in achieving success!
Warm regards,
Johnson Yesaya Mgelwa
For Personal Use by Applicants Preparing
for Mkaguzi Daraja la II – Ukaguzi wa Usalama wa Mifumo ya TEHAMA – the
National Audit Office (NAOT).
ALL
QUESTIONS ARE COMPILED TOGETHER.
1. During an IT audit, which tool would best help identify open ports and potential unauthorized services on a government server?
A. Wireshark B. Nessus C. Nmap D. Snort
Answer: C. Nmap
Rationale: Nmap (Network Mapper) is a network scanning tool used by
auditors to discover open ports, running services, and potential
vulnerabilities. It helps in identifying unauthorized network exposure, a
crucial first step in security assessments.
2. An IS auditor detects that user passwords are stored in plain text within the database. What is the most appropriate recommendation?
A. Use a simple encryption algorithm B. Implement password hashing C. Restrict access to passwords D. Back up passwords regularly
Answer: B. Implement password hashing
Rationale: Password hashing ensures that actual passwords are not stored
or retrievable, only their cryptographic representations are. It is stronger
than encryption for authentication systems since hashing is one-way and
prevents password disclosure even if the database is compromised.
3. Which of the following best describes a firewall’s main function?
A. Encrypting all data leaving the network B. Monitoring server performance C. Controlling inbound and outbound network traffic D. Managing user accounts
Answer: C. Controlling inbound and outbound network traffic
Rationale: A firewall acts as a barrier between trusted and untrusted
networks, filtering packets based on defined security rules. It does not manage
accounts or perform encryption but ensures traffic complies with organizational
access policies.
4. While auditing a system, you find that administrators share one account to manage servers. What is the primary risk?
A. Slow network performance B. Loss of audit trail C. Increased password strength D. Reduced administrative costs
Answer: B. Loss of audit trail
Rationale: Shared accounts prevent traceability, making it impossible to
hold specific users accountable for actions. This weakens internal control and
undermines forensic or accountability processes during audits.
5. Which tool would be most useful for capturing and analyzing
real-time network traffic?
A. Nmap B. Burp Suite C. Metasploit D. Wireshark
Answer: D. Wireshark
Rationale: Wireshark allows packet-level inspection of network data in
real time. It helps auditors identify unauthorized communication, unencrypted
transmissions, or suspicious activity, providing evidence during network
audits.
6. An auditor is verifying the effectiveness of IDS/IPS systems. What should be the focus of testing?
A. The capability to detect and block malicious traffic B. The number of users logged in C. Server
uptime D. Log file sizes
Answer: A. The capability to detect and block malicious traffic
Rationale: IDS/IPS systems are intrusion detection and prevention
mechanisms. Their effectiveness is measured by their ability to identify and
respond to unauthorized activities in the network.
7. What is the main reason for maintaining audit trails in
information systems?
A. To improve system performance B. To store old data for backups C. To track
and reconstruct system activities D. To reduce disk space usage
Answer: C. To track and reconstruct system activities
Rationale: Audit trails provide chronological logs of user and system
activities. They are vital for detecting fraud, investigating incidents, and
ensuring compliance with accountability requirements.
8. During a security review, an auditor observes that backup tapes
are stored in the same building as production servers. What is the key risk?
A. Physical disaster could destroy both backups and originals B. Unauthorized
data deletion C. Slow recovery speed D. Excessive storage cost
Answer: A. Physical disaster could destroy both backups and originals
Rationale: Storing backups in the same location as primary systems
exposes them to identical physical threats such as fire or flooding. Off-site
or cloud storage mitigates this risk.
9. The best method to ensure data confidentiality during
transmission over public networks is:
A. Compression B. Mirroring C. Auditing D. Encryption
Answer: D. Encryption
Rationale: Encryption converts plaintext into ciphertext, ensuring that
intercepted data remains unreadable to unauthorized entities, thereby
preserving confidentiality across insecure channels.
10. A vulnerability assessment identifies outdated antivirus
software on multiple workstations. What should be the auditor’s immediate
recommendation?
A. Disable antivirus B. Update antivirus signatures C. Replace all workstations D.
Uninstall unused application
Answer: B. Update antivirus signatures
Rationale: Outdated antivirus software cannot detect new malware
variants. Regular updates ensure the system recognizes and mitigates the latest
threats, a key control in endpoint protection.
11. The purpose of penetration testing in IT audit is to:
A. Train new IT staff B. Simulate real-world attacks to identify
vulnerabilities C. Evaluate physical infrastructure D. Improve user interfaces
Answer: B. Simulate real-world attacks to identify vulnerabilities
Rationale: Penetration testing (ethical hacking) helps assess how
systems withstand actual attack scenarios. It identifies weaknesses before
malicious actors can exploit them.
12. Which of the following best ensures integrity of system data?
A. Regular data backup B. Encryption C. Hashing and validation controls D.
Antivirus updates
Answer: C. Hashing and validation controls
Rationale: Data integrity means accuracy and consistency. Hashing and
input validation controls detect unauthorized modifications and prevent data
corruption.
13. When conducting an IT audit, segregation of duties primarily
prevents:
A. System downtime B. Unauthorized changes or fraud C. Data duplication D.
System overload
Answer: B. Unauthorized changes or fraud
Rationale: Segregation of duties ensures that no single individual has
control over all critical processes. It reduces risk of intentional
manipulation and error by enforcing independent checks.
14. Which is the best method to verify that backups can be
successfully restored?
A. Checking the backup log B. Running a test restoration process C. Verifying
file timestamps D. Scanning with antivirus
Answer: B. Running a test restoration process
Rationale: Backup integrity can only be confirmed through actual
restoration. Logs alone don’t guarantee recoverability, making test restores
essential in audit evaluations.
15. The main objective of risk assessment in information systems
auditing is to:
A. Eliminate all system risks B. Identify, prioritize, and mitigate potential
threats C. Increase system performance D. Comply with HR policies
Answer: B. Identify, prioritize, and mitigate potential threats
Rationale: Risk assessment systematically identifies vulnerabilities and
determines their likelihood and impact, allowing prioritization and efficient
allocation of controls.
16. In network auditing, which device helps monitor network traffic
for suspicious patterns?
A. Firewall B. Router C. Intrusion Detection System D. Switch
Answer: C. Intrusion Detection System
Rationale: IDS continuously monitors network traffic, analyzing it for
anomalies or attack signatures. It alerts administrators when unusual behavior
is detected, enabling prompt investigation.
17. Which of the following is a primary preventive control?
A. Audit trail B. Firewall C. Incident report D. System log analysis
Answer: B. Firewall
Rationale: Preventive controls stop security incidents before they
occur. A firewall filters traffic at the entry point, unlike audit trails or
logs which are detective controls.
18. What is the main purpose of encryption standards like AES?
A. To improve data transfer speed B. To compress files C. To protect data
confidentiality and integrity D. To remove malware
Answer: C. To protect data confidentiality and integrity
Rationale: AES (Advanced Encryption Standard) secures data by making it
unreadable to unauthorized users and ensures that tampering is detectable,
preserving integrity and confidentiality.
19. Which of the following would best detect unauthorized data
modification?
A. Audit trail review B. Antivirus software C. Firewall D. Data compression
Answer: A. Audit trail review
Rationale: Reviewing audit trails allows detection of abnormal
transactions or changes, revealing unauthorized activities that might
compromise data integrity.
20. An auditor finds that system administrators can modify their
own access logs. What control weakness does this indicate?
A. Lack of input validation B. Inadequate segregation of duties C. Weak
password policy D. Insufficient hardware
Answer: B. Inadequate segregation of duties
Rationale: Allowing administrators to alter their logs compromises
accountability and hides traces of unauthorized actions. Duties related to log
management should be separated from system administration.
21. The most effective way to ensure continuous system availability
is through:
A. RAID storage and redundant systems B. Antivirus installation C. Encryption
of all files D. Network monitoring
Answer: A. RAID storage and redundant systems
Rationale: Redundancy ensures service continuity even when hardware
fails. RAID storage combines drives for fault tolerance, a crucial control for
maintaining uptime.
22. A system uses multi-factor authentication (MFA). What is its
main advantage?
A. Reduces bandwidth usage B. Strengthens user verification by combining
multiple credentials C. Simplifies password management D. Hides user identity
Answer: B. Strengthens user verification by combining multiple credentials
Rationale: MFA requires two or more verification factors (e.g., password
+ OTP). It significantly reduces unauthorized access risk even if one factor is
compromised.
23. Which type of control ensures data can be recovered after
system failure?
A. Detective control B. Preventive control C. Corrective control D.
Compensating control
Answer: C. Corrective control
Rationale: Corrective controls, like backups and disaster recovery
procedures, restore normal operations after incidents. They address the impact
rather than preventing the cause.
24. An auditor wants to assess whether data transmissions between
branches are secure. Which test should be performed?
A. Packet capture and analysis B. Password strength test C. Database indexing D.
Load balancing test
Answer: A. Packet capture and analysis
Rationale: Capturing and analyzing packets using tools like Wireshark
reveals whether data is transmitted in encrypted or plain text form, verifying
communication security.
25. During an audit, it is discovered that terminated employees
still have active system accounts. What risk does this pose?
A. Increased storage cost B. Unauthorized access to systems C. Slower login
process D. Poor user training
Answer: B. Unauthorized access to systems
Rationale: Failure to promptly disable inactive or terminated users’
accounts exposes systems to insider threats and breaches, undermining access
control effectiveness.
26. An auditor discovers that system updates are done manually and
irregularly. What is the primary risk?
A. System instability B. Unauthorized access C. Exposure to known
vulnerabilities D. Poor user experience
Answer: C. Exposure to known vulnerabilities
Rationale: Irregular updates mean the system misses critical security
patches, leaving it exposed to threats already fixed by vendors. Automated
updates help close known security holes promptly.
27. When performing a wireless network audit, what finding would
most likely indicate a security weakness?
A. WPA3 encryption B. Hidden SSID C. Open network without encryption D. Use of
MAC address filtering
Answer: C. Open network without encryption
Rationale: An open Wi-Fi network allows anyone to connect and intercept
communications. Encryption (like WPA3) is critical to ensure data
confidentiality in wireless environments.
28. Which of the following best describes the function of an
intrusion prevention system (IPS)?
A. Detects and logs network intrusions B. Identifies and blocks malicious
traffic in real time C. Analyzes audit trails D. Filters spam emails
Answer: B. Identifies and blocks malicious traffic in real time
Rationale: Unlike IDS, which only detects, an IPS actively blocks
attacks as they occur by inspecting traffic and enforcing policies to stop
harmful activity.
29. An IT auditor finds that access logs are overwritten every 24
hours. What control weakness does this indicate?
A. Excessive logging B. Insufficient log retention C. Strong log encryption D.
Proper log rotation
Answer: B. Insufficient log retention
Rationale: Logs are essential for investigations and trend analysis.
Overwriting them too soon erases evidence and violates good audit trail
management practices.
30. During a vulnerability scan, which result should concern the
auditor most?
A. Outdated printer drivers B. Unpatched operating systems C. Multiple user
logins D. Frequent log rotations
Answer: B. Unpatched operating systems
Rationale: Unpatched systems are high-risk vulnerabilities because
attackers can exploit known flaws easily. It represents an immediate threat to
data and system integrity.
📘 Get the Full Aptitude Test Questions PDF through your Gmail (Questions 1–200)
You’ve just accessed the first 30 questions. The full set of 200 expertly prepared Aptitude Test questions for Mkaguzi Daraja la II – Ukaguzi wa Usalama wa Mifumo ya TEHAMA at – the National Audit Office (NAOT). Is available, pay, and get access.
To get access to the full PDF, please make a payment of Tsh 10,000 to the LIPA numbers below:
After payment, please send a text message to notify us of your payment:
⚠️ Important Notice
- The PDF will be watermarked with your name and phone number and protected for personal use only.
- Redistribution, sharing, screenshotting, or copying the contents is strictly prohibited. When you share unlawfully, your name and phone number are visible and easy to trace as you leaked a document to other third parties.
- Legal action may be taken against the misuse of this material.
Thank you for supporting quality content. Best of luck in your interview preparation!
%20(10).png)
.){kind=link}
0 Comments
PLACE YOUR COMMENT HERE
WARNING: DO NOT USE ABUSIVE LANGUAGE BECAUSE IT IS AGAINST THE LAW.
THE COMMENTS OF OUR READERS IS NOT OUR RESPONSIBILITY.