| Other CISA Certification Interview Questions |
|| Asked @
|An IS auditor performing an access controls review should be
LEAST concerned if:
A. audit trails were not enabled.
B. programmers have access to the live environment.
C. group logons are being used for critical functions.
D. the same user can initiate transactions and also change
|Which of the following BEST describes the early stages of an
A. Observing key organizational facilities.
B. Assessing the IS environment.
C. Understanding business process and environment applicable
to the review.
D. Reviewing prior IS audit reports.
|Which of the following has the LEAST effect on controlling
A. Access to the work area is restricted through a swipe card.
B. All physical assets have an identification tag and are
C. Access to the premises is restricted and all visitors
authorized for entry.
D. Visitors are issued a pass and escorted in and out by a
|A TCP/IP-based environment is exposed to the Internet. Which
of the following BEST ensures that complete encryption and
authentication protocols exist for protecting information
A. Work is completed in tunnel mode with IP security using
the nested services of authentication header (AH) and
encapsulating security payload (ESP).
B. A digital signature with RSA has been implemented.
C. Digital certificates with RSA are being used.
D. Work is being completed in.TCP services.
|Which of the following is the operating system mode in which
all instructions can be executed?
D. Standard processing
|After implementation of a disaster recovery plan (DRP),
pre-disaster and post-disaster operational cost for an
B. not change (remain the same).
D. increase or decrease depending upon nature of the business.
|An IS auditor attempting to determine whether access to
program documentation is restricted to authorized persons
would MOST likely:
A. evaluate the record retention plans for off-premises storage.
B. interview programmers about the procedures currently
C. compare utilization records to operations schedules.
D. review data file access records to test the librarian
|Which of the following types of controls is designed to
provide the ability to verify data and record values through
the stages of application processing?
A. Range checks
B. Run-to-run totals
C. Limit checks on calculated amounts
D. Exception reports
|Which of the following business recovery strategies would
require the least expenditure of funds?
A. Warm site facility
B. Empty shell facility
C. Hot site subscription
D. Reciprocal agreement
|When performing a review of the structure of an electronic
funds transfer (EFT) system, an IS auditor observes that the
technological infrastructure is based on a centralized
processing scheme that has been outsourced to a provider in
another country. Based on this information, which of the
following conclusions should be the main concern of the IS
A. There could be a question with regards to the legal
B. Having a provider abroad will cause excesive costs in
C. The auditing process will be difficult because of the
D. There could be different auditing norms.
|Utility programs that assemble software modules needed to
execute a machine instruction application program version are:
A. text editors.
B. program library managers.
C. linkage editors and loaders.
D. debuggers and development aids.
|A web-based bookstore has included the customer relationship
management (CRM) system in its operations. An IS auditor has
been assigned to perform a call center review. Which of the
following is the MOST appropriate first step for the IS
auditor to take?
A. Review the company's performance since the CRM was
B. Review the IT strategy.
C. Understand the business focus of the bookstore.
D. Interview salespeople and supervisors.
|For more CISA Certification Interview Questions Click Here |