| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| The PRIMARY reason for replacing checks (cheques) with EFT
systems in the accounts payable area is to:
A. make the payment process more efficient.
B. comply with international EFT banking standards.
C. decrease the number of paper-based payment forms.
D. reduce the risk of unauthorized changes to payment
transactions. | | 1 |
| Which of the following types of controls is designed to
provide the ability to verify data and record values through
the stages of application processing?
A. Range checks
B. Run-to-run totals
C. Limit checks on calculated amounts
D. Exception reports | | 3 |
| Which of the following procedures can a biometric system
perform?
A. Measure airborne contamination.
B. Provide security over physical access.
C. Monitor temperature and humidity levels.
D. Detect hazardous electromagnetic fields in an area. | | 1 |
| A PRIMARY benefit derived from an organization employing
control self-assessment (CSA) techniques is that it:
A. can identify high-risk areas that might need a detailed
review later.
B. allows IS auditors to independently assess risk.
C. can be used as a replacement for traditional audits.
D. allows management to relinquish responsibility for control. | | 1 |
| Which of the following represents the GREATEST risk created
by a reciprocal agreement for disaster recovery made between
two companies?
A. Developments may result in hardware and software
incompatibility.
B. Resources may not be available when needed.
C. The recovery plan cannot be tested.
D. The security infrastructures in each company may be
different. | | 1 |
| An IS auditor reviewing an organization's IT strategic plan
should FIRST review:
A. the existing IT environment.
B. the business plan.
C. the present IT budget.
D. current technology trends. | | 1 |
| Security administration procedures require read-only access to:
A. access control tables.
B. security log files.
C. logging options.
D. user profiles. | | 1 |
| The MOST important responsibility of a data security officer
in an organization is:
A. recommending and monitoring data security policies.
B. promoting security awareness within the organization.
C. establishing procedures for IT security policies.
D. administering physical and logical access controls. | | 1 |
| Which of the following concerns associated with the World
Wide Web would be addressed by a firewall?
A. Unauthorized access from outside the organization
B. Unauthorized access from within the organization
C. A delay in Internet connectivity
D. A delay in downloading using file transfer protocol (FTP) | | 1 |
| The quality assurance group is typically responsible for:
A. ensuring that the output received from system processing
is complete.
B. monitoring the execution of computer processing tasks.
C. ensuring that programs and program changes and
documentation adhere to established standards.
D. designing procedures to protect data against accidental
disclosure, modification or destruction. | | 1 |
| An internal audit department, that organizationally reports
exclusively to the chief financial officer (CFO) rather than
to an audit committee, is MOST likely to:
A. have its audit independence questioned.
B. report more business-oriented and relevant findings.
C. enhance the implementation of the auditor's recommendations.
D. result in more effective action being taken on the
recommendations. | | 1 |
| In a business continuity plan, there are several methods of
providing telecommunication continuity. One method is
diverse routing which involves:
A. providing extra capacity with the intent of using the
surplus capacity should the normal primary transmission
capability not be available.
B. routing information via other alternate media such as
copper cable or fiber optics.
C. providing diverse long-distance network availability
utilizing T-1 circuits among the major long-distance carriers.
D. routing traffic through split-cable facilities or
duplicate-cable facilities. | CISA | 1 |
| Which of the following is a detective control?
A. Physical access controls
B. Segregation of duties
C. Backup procedures
D. Audit trails | | 1 |
| Which of the following is an object-oriented technology
characteristic that permits an enhanced degree of security
over data?
A. Inheritance
B. Dynamic warehousing
C. Encapsulation
D. Polymorphism | | 1 |
| Which of the following is the MOST important consideration
when developing a business continuity plan for a bank?
A. Antivirus software
B. Naming standards
C. Customer balance list
D. Password policy | | 1 |
| Which of the following would be the BEST population to take
a sample from when testing program changes?
A. Test library listings
B. Source program listings
C. Program change requests
D. Production library listings | | 1 |
| An IS auditor reviewing operating system access discovers
that the system is not secured properly. In this situation,
the IS auditor is LEAST likely to be concerned that the user
might:
A. create new users.
B. delete database and log files.
C. access the system utility tools.
D. access the system writeable directories. | | 1 |
| Which of the following are data file controls?
A. Internal and external labeling
B. Limit check and logical relationship checks
C. Total items and hash totals
D. Report distribution procedures | | 2 |
| A probable advantage to an organization that has outsourced
its data processing services is that:
A. needed IS expertise can be obtained from the outside.
B. greater control can be exercised over processing.
C. processing priorities can be established and enforced
internally.
D. greater user involvement is required to communicate user
needs. | | 1 |
| To identify the value of inventory that has been kept for
more than eight weeks, an IS auditor would MOST likely use:
A. test data.
B. statistical sampling.
C. an integrated test facility.
D. generalized audit software. | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
along with your userid / name. ThanQ
Site Map
