| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| While designing the business continuity plan (BCP) for an
airline reservation system, the MOST appropriate method of
data transfer/back up at an offsite location would be:
A. shadow file processing.
B. electronic vaulting.
C. hard-disk mirroring.
D. hot-site provisioning. | | 2 |
| The PRIMARY purpose of undertaking a parallel run of a new
system is to:
A. verify that the system provides required business
functionality.
B. validate the operation of the new system against its
predecessor.
C. resolve any errors in the program and file interfaces.
D. verify that the system can process the production load. | | 2 |
| Which of the following would an IS auditor consider to be
the MOST important to review when conducting a business
continuity audit?
A. A hot site is contracted for and available as needed.
B. A business continuity manual is available and current.
C. Insurance coverage is adequate and premiums are current.
D. Media backups are performed on a timely basis and stored
offsite. | | 1 |
| To identify the value of inventory that has been kept for
more than eight weeks, an IS auditor would MOST likely use:
A. test data.
B. statistical sampling.
C. an integrated test facility.
D. generalized audit software. | | 1 |
| Losses can be minimized MOST effectively by using outside
storage facilities to do which of the following?
A. Provide current, critical information in backup files
B. Ensure that current documentation is maintained at the
backup facility
C. Test backup hardware
D. Train personnel in backup procedures | | 1 |
| An IS auditor conducting a review of software usage and
licensing discovers that numerous PCs contain unauthorized
software. Which of the following actions should the IS
auditor take?
A. Personally delete all copies of the unauthorized software.
B. Inform auditee of the unauthorized software, and follow
up to confirm deletion.
C. Report the use of the unauthorized software to auditee
management and the need to prevent recurrence.
D. Take no action, as it is a commonly accepted practice and
operations management is responsible for monitoring such use. | | 1 |
| When developing a risk-based audit strategy, an IS auditor
should conduct a risk assessment to ensure that: | | 5 |
| At the end of a simulation of an operational contingency
test, the IS auditor performed a review of the recovery
process. The IS auditor concluded that the recovery took
more than the critical time frame allows. Which of the
following actions should the auditor recommend?
A. Widen the physical capacity to accomplish better mobility
in a shorter time.
B. Shorten the distance to reach the hot site.
C. Perform an integral review of the recovery tasks.
D. Increase the number of human resources involved in the
recovery process. | | 1 |
| Use of asymmetric encryption in an Internet e-commerce site,
where there is one private key for the hosting server and
the public key is widely distributed to the customers, is
MOST likely to provide comfort to the:
A. customer over the authenticity of the hosting organization.
B. hosting organization over the authenticity of the customer.
C. customer over the confidentiality of messages from the
hosting organization.
D. hosting organization over the confidentiality of messages
passed to the customer. | | 1 |
| Which of the following functions, if combined, would be the
GREATEST risk to an organization?
A. Systems analyst and database administrator
B. Quality assurance and computer operator
C. Tape librarian and data entry clerk
D. Application programmer and tape librarian | | 1 |
| Which of the following controls would BEST detect intrusion?
A. User ids and user privileges are granted through
authorized procedures.
B. Automatic logoff is used when a workstation is inactive
for a particular period of time.
C. Automatic logoff of the system after a specified number
of unsuccessful attempts.
D. Unsuccessful logon attempts are monitored by the security
administrator. | | 2 |
| Which of the following procedures would MOST effectively
detect the loading of illegal software packages onto a network?
A. The use of diskless workstations
B. Periodic checking of hard drives
C. The use of current antivirus software
D. Policies that result in instant dismissal if violated | | 1 |
| Which of the following provides a mechanism for coding and
compiling programs interactively?
A. Firmware
B. Utility programs
C. Online programming facilities
D. Network management software | | 1 |
| Which of the following can consume valuable network bandwidth?
A. Trojan horses
B. Trap doors
C. Worms
D. Vaccines | | 1 |
| Responsibility and reporting lines cannot always be
established when auditing automated systems since:
A. diversified control makes ownership irrelevant.
B. staff traditionally change jobs with greater frequency.
C. ownership is difficult to establish where resources are
shared.
D. duties change frequently in the rapid development of
technology. | | 1 |
| Which of the following normally would be the MOST reliable
evidence for an auditor?
A. A confirmation letter received from a third party
verifying an account balance
B. Assurance from line management that an application is
working as designed
C. Trend data obtained from World Wide Web (Internet) sources
D. Ratio analysis developed by the IS auditor from reports
supplied by line management | | 1 |
| An IS auditor has recently discovered that because of a
shortage of skilled operations personnel, the security
administrator has agreed to work one late-night shift a
month as the senior computer operator. The MOST appropriate
course of action for the IS auditor is to:
A. advise senior management of the risk involved.
B. agree to work with the security officer on these shifts
as a form of preventative control.
C. develop a computer-assisted audit technique to detect
instances of abuses of this arrangement.
D. review the system log for each of the late-night shifts
to determine whether any irregular actions occurred. | | 1 |
| Which of the following is a control over component
communication failure/errors?
A. Restricting operator access and maintaining audit trails
B. Monitoring and reviewing system engineering activity
C. Providing network redundancy
D. Establishing physical barriers to the data transmitted
over the network | | 1 |
| An organization has outsourced network and desktop support.
Although the relationship has been reasonably successful,
risks remain due to connectivity issues. Which of the
following controls should FIRST be performed to assure the
organization reasonably mitigates these possible risks?
A. Network defense program
B. Encryption/Authentication
C. Adequate reporting between organizations
D. Adequate definition in contractual relationship | | 2 |
| Large-scale systems development efforts:
A. are not affected by the use of prototyping tools.
B. can be carried out independent of other organizational
practices.
C. require that business requirements be defined before the
project begins.
D. require that project phases and deliverables be defined
during the duration of the project. | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
Did you received any Funny E-Mails from your Friends and like to share with rest of our friends? Yeah!! you can post that stuff 
Site Map