| Other CISA Certification Interview Questions |
|| Asked @
|An IS auditor performing a telecommunication access control
review should be concerned PRIMARILY with the:
A. maintenance of access logs of usage of various system
B. authorization and authentication of the user prior to
granting access to system resources.
C. adequate protection of stored data on servers by
encryption or other means.
D. accountability system and the ability to identify any
terminal accessing system resources.
|The development of an IS security policy is ultimately the
responsibility of the:
A. IS department.
B. security committee.
C. security administrator.
D. board of directors.
|Which of the following devices extends the network and has
the capacity to store frames and act as a storage and
|The PRIMARY objective of a business continuity and disaster
recovery plan should be to:
A. safeguard critical IS assets.
B. provide for continuity of operations.
C. minimize the loss to an organization.
D. protect human life.
|A goal of processing controls is to ensure that:
A. the data are delivered without compromised confidentiality.
B. all transactions are authorized.
C. accumulated data are accurate and complete through
D. only authorized individuals perform sensitive functions.
|IS auditors are MOST likely to perform compliance tests of
internal controls if, after their initial evaluation of the
controls, they conclude that:
A. a substantive test would be too costly.
B. the control environment is poor.
C. inherent risk is low.
D. control risks are within the acceptable limits.
|Which of the following would allow a company to extend it?s
enterprise?s intranet across the Internet to it?s business
A. Virtual private network
C. Dial-Up access
D. Network service provider
|Which of the following physical access controls would
provide the highest degree of security over unauthorized access?
A. Bolting door lock
B. Cipher lock
C. Electronic door lock
D. Fingerprint scanner
|A control for a company that wants to prevent virus-infected
programs (or other type of unauthorized modified programs)
would be to:
A. utilize integrity checkers.
B. verify program's lengths.
C. backup the source and object code.
D. implement segregation of duties.
|Which of the following is a practice that should be
incorporated into the plan for testing disaster recovery
A. Invite client participation.
B. Involve all technical staff.
C. Rotate recovery managers.
D. Install locally stored backup.
|A data administrator is responsible for:
A. maintaining database system software.
B. defining data elements, data names and their relationship.
C. developing physical database structures.
D. developing data dictionary system software.
|The PRIMARY reason for replacing checks (cheques) with EFT
systems in the accounts payable area is to:
A. make the payment process more efficient.
B. comply with international EFT banking standards.
C. decrease the number of paper-based payment forms.
D. reduce the risk of unauthorized changes to payment
|For more CISA Certification Interview Questions Click Here |