| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| The editing/validation of data entered at a remote site
would be performed MOST effectively at the:
A. central processing site after running the application system.
B. central processing site during the running of the
application system.
C. remote processing site after transmission to the central
processing site.
D. remote processing site prior to transmission of the data
to the central processing site. | | 1 |
| The difference between a vulnerability assessment and a
penetration test is that a vulnerability assessment:
A. searches and checks the infrastructure to detect
vulnerabilities, whereas penetration testing intends to
exploit the vulnerabilities to probe the damage that could
result from the vulnerabilities.
B. and penetration tests are different names for the same
activity.
C. is executed by automated tools, whereas penetration
testing is a totally manual process.
D. is executed by commercial tools, whereas penetration
testing is executed by public processes. | | 1 |
| Which of the following should be of MOST concern to an IS
auditor?
A. Lack of reporting of a successful attack on the network
B. Failure to notify police of an attempted intrusion
C. Lack of periodic examination of access rights
D. Lack of notification to the public of an intrusion | | 1 |
| Reconfiguring which of the following firewall types will
prevent inward downloading of files through the file
transfer protocol (FTP)?
A. Circuit gateway
B. Application gateway
C. Packet filter
D. Screening router | | 1 |
| Which of the following would be the BEST method for ensuring
that critical fields in a master record have been updated
properly?
A. Field checks
B. Control totals
C. Reasonableness checks
D. A before-and-after maintenance report | | 1 |
| A single digitally signed instruction was given to a
financial institution to credit a customer's account. The
financial institution received the instruction three times
and credited the account three times. Which of the following
would be the MOST appropriate control against such multiple
credits?
A. Encrypting the hash of the payment instruction with the
public key of the financial institution.
B. Affixing a time stamp to the instruction and using it to
check for duplicate payments.
C. Encrypting the hash of the payment instruction with the
private key of the instructor.
D. Affixing a time stamp to the hash of the instruction
before being digitally signed by the instructor. | | 1 |
| Which of the following is a substantive test? | | 2 |
| Which of the following is MOST effective in controlling
application maintenance?
A. Informing users of the status of changes
B. Establishing priorities on program changes
C. Obtaining user approval of program changes
D. Requiring documented user specifications for changes | | 1 |
| If a database is restored using before-image dumps, where
should the process be restarted following an interruption?
A. Before the last transaction
B. After the last transaction
C. The first transaction after the latest checkpoint
D. The last transaction before the latest checkpoint | | 1 |
| An advantage of using sanitized live transactions in test
data is that:
A. all transaction types will be included.
B. every error condition is likely to be tested.
C. no special routines are required to assess the results.
D. test transactions are representative of live processing. | | 1 |
| Which of the following BEST describes the early stages of an
IS audit?
A. Observing key organizational facilities.
B. Assessing the IS environment.
C. Understanding business process and environment applicable
to the review.
D. Reviewing prior IS audit reports. | | 1 |
| In which of the following network configurations would
problem resolution be the easiest?
A. Bus
B. Ring
C.Star
D. Mesh | | 1 |
| Which of the following is a substantive audit test?
A. Verifying that a management check has been performed
regularly
B. Observing that user IDs and passwords are required to
sign on the computer
C. Reviewing reports listing short shipments of goods received
D. Reviewing an aged trial balance of accounts receivable | | 1 |
| The PRIMARY objective of a firewall is to protect:
A. internal systems from exploitation by external threats.
B. external systems from exploitation by internal threats.
C. internal systems from exploitation by internal threats.
D. itself and attached systems against being used to attack
other systems. | | 1 |
| A control for a company that wants to prevent virus-infected
programs (or other type of unauthorized modified programs)
would be to:
A. utilize integrity checkers.
B. verify program's lengths.
C. backup the source and object code.
D. implement segregation of duties. | | 2 |
| Data flow diagrams are used by IS auditors to:
A. order data hierarchically.
B. highlight high-level data definitions.
C. graphically summarize data paths and storage.
D. portray step-by-step details of data generation. | | 1 |
| When reviewing a business process reengineering (BPR)
project, which of the following is the MOST important for an
IS auditor to evaluate?
A. The impact of removed controls.
B. The cost of new controls.
C. The BPR project plans.
D. The continuous improvement and monitoring plans. | | 1 |
| Business continuity/disaster recovery is PRIMARILY the
responsibility of:
A. IS management.
B. business unit managers.
C. the security administrator.
D. the board of directors. | | 1 |
| When reviewing the implementation of a LAN the IS auditor
should FIRST review the:
A. node list.
B. acceptance test report.
C. network diagram.
D. user's list. | | 1 |
| The BEST defense against network eavesdropping is:
A. encryption.
B. moving the defense perimeter outward.
C. reducing the amplitude of the communication signal.
D. masking the signal with noise. | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
Site Map
