| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| When reviewing the implementation of a LAN the IS auditor
should FIRST review the:
A. node list.
B. acceptance test report.
C. network diagram.
D. user's list. | | 1 |
| Which of the following is an implementation risk within the
process of decision support systems?
A. Management control
B. Semistructured dimensions
C. Inability to specify purpose and usage patterns
D. Changes in decision processes | | 1 |
| Which of the following is the MOST reasonable option for
recovering a noncritical system?
A. Warm site
B. Mobile site
C. Hot site
D. Cold site | | 2 |
| Which of the following provides the GREATEST assurance of
message authenticity?
A. The pre-hash code is derived mathematically from the
message being sent.
B. The pre-hash code is encrypted using the sender's private
key.
C. Encryption of the pre-hash code and the message using the
secret key.
D. Sender attains the recipient's public key and verifies
the authenticity of its digital certificate with a
certificate authority. | | 1 |
| Which of the following development methods uses a prototype
that can be updated continually to meet changing user or
business requirements?
A. Data-oriented development (DOD)
B. Object-oriented development (OOD)
C. Business process reengineering (BPR)
D. Rapid application development (RAD) | | 1 |
| An organization is considering connecting a critical
PC-based system to the Internet. Which of the following
would provide the BEST protection against hacking?
A. An application-level gateway
B. A remote access server
C. A proxy server
D. Port scanning | | 2 |
| Which audit technique provides the BEST evidence of the
segregation of duties in an IS department?
A. Discussion with management
B. Review of the organization chart
C. Observation and interviews
D. Testing of user access rights | | 1 |
| When logging on to an online system, which of the following
processes would the system perform FIRST?
A. Initiation
B. Verification
C. Authorization
D. Authentication | | 1 |
| A database administrator is responsible for:
A. defining data ownership.
B. establishing operational standards for the data dictionary.
C. creating the logical and physical database.
D. establishing ground rules for ensuring data integrity and
security. | | 1 |
| In reviewing the IS short-range (tactical) plan, the IS
auditor should determine whether:
A. there is an integration of IS and business staffs within
projects.
B. there is a clear definition of the IS mission and vision.
C. there is a strategic information technology planning
methodology in place.
D. the plan correlates business objectives to IS goals and
objectives. | | 1 |
| The interface that allows access to lower or higher level
network services is called:
A. firmware.
B. middleware.
C. X.25 interface.
D. utilities. | | 1 |
| A web-based bookstore has included the customer relationship
management (CRM) system in its operations. An IS auditor has
been assigned to perform a call center review. Which of the
following is the MOST appropriate first step for the IS
auditor to take?
A. Review the company's performance since the CRM was
implemented.
B. Review the IT strategy.
C. Understand the business focus of the bookstore.
D. Interview salespeople and supervisors. | | 1 |
| A disaster recovery plan (DRP) for an organization should:
A. reduce the length of the recovery time and the cost of
recovery.
B. increase the length of the recovery time and the cost of
recovery.
C. reduce the duration of the recovery time and increase the
cost of recovery.
D. not affect the recovery time nor the cost of recovery. | | 1 |
| A utility is available to update critical tables in case of
data inconsistency. This utility can be executed at the OS
prompt or as one of menu options in an application. The BEST
control to mitigate the risk of unauthorized manipulation of
data is to:
A. delete the utility software and install it as and when
required.
B. provide access to utility on a need-to-use basis.
C. provide access to utility to user management
D. define access so that the utility can be only executed in
menu option. | | 2 |
| Which of the following is intended to detect the loss or
duplication of input?
A. Hash totals
B. Check digits
C. Echo checks
D. Transaction codes | | 1 |
| An IS auditor is conducting substantive audit tests of a new
accounts receivable module. The IS auditor has a tight
schedule and limited computer expertise. Which would be the
BEST audit technique to use in this situation?
A. Test data
B. Parallel simulation
C. Integrated test facility
D. Embedded audit module | | 1 |
| An IS auditor auditing hardware monitoring procedures should
review
A. system availability reports.
B. cost-benefit reports.
C. response time reports.
D. database utilization reports. | | 1 |
| During a post-implementation review of an enterprise
resource management system, an IS auditor would MOST likely:
A. review access control configuration.
B. evaluate interface testing.
C. review detailed design documentation.
D. evaluate system testing. | | 2 |
| Which of the following is a control to detect an
unauthorized change in a production environment?
A. Denying programmers access to production data.
B. Requiring change request to include benefits and costs.
C. Periodically comparing control and current object and
source programs.
D. Establishing procedures for emergency changes. | | 1 |
| Which of the following business recovery strategies would
require the least expenditure of funds?
A. Warm site facility
B. Empty shell facility
C. Hot site subscription
D. Reciprocal agreement | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
along with your userid / name. ThanQ
Site Map