| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| Assumptions while planning an IS project involve a high
degree of risk because they are:
A. based on known constraints.
B. based on objective past data.
C. a result of lack of information.
D. often made by unqualified people. | | 1 |
| Which of the following functions, if performed by scheduling
and operations personnel, would be in conflict with a policy
requiring a proper segregation of duties?
A. Job submission
B. Resource management
C. Code correction
D. Output distribution | | 1 |
| The PRIMARY objective of a business continuity and disaster
recovery plan should be to:
A. safeguard critical IS assets.
B. provide for continuity of operations.
C. minimize the loss to an organization.
D. protect human life. | | 1 |
| A hacker could obtain passwords without the use of computer
tools or programs through the technique of:
A. social engineering.
B. sniffers.
C. backdoors.
D. trojan horses. | | 1 |
| Which of the following would be of MOST concern to an IS
auditor reviewing a VPN implementation? Computers on the
network that are located:
A. on the enterprise's facilities.
B. at the backup site.
C. in employees' homes.
D. at the enterprise's remote offices. | | 1 |
| The MOST significant level of effort for business continuity
planning (BCP) generally is required during the:
A. testing stage.
B. evaluation stage.
C. maintenance stage.
D. early stages of planning. | | 1 |
| Access rules normally are included in which of the following
documentation categories?
A. Technical reference documentation
B. User manuals
C. Functional design specifications
D. System development methodology documents | | 1 |
| Which of the following would BEST support 24/7 availability?
A. Daily backup
B. Offsite storage
C. Mirroring
D. Periodic testing | | 1 |
| Is it appropriate for an IS auditor from a company that is
considering outsourcing its IS processing to request and
review a copy of each vendor's business continuity plan?
A. Yes, because the IS auditor will evaluate the adequacy of
the service bureau's plan and assist his/her company in
implementing a complementary plan.
B. Yes, because, based on the plan, the IS auditor will
evaluate the financial stability of the service bureau and
its ability to fulfill the contract.
C. No, because the backup to be provided should be specified
adequately in the contract.
D. No, because the service bureau's business continuity plan
is proprietary information. | | 1 |
| In a risk-based audit approach an IS auditor should FIRST
complete a/an:
A. inherent risk assessment.
B. control risk assessment.
C. test of control assessment.
D. substantive test assessment. | | 1 |
| An IS auditor attempting to determine whether access to
program documentation is restricted to authorized persons
would MOST likely:
A. evaluate the record retention plans for off-premises storage.
B. interview programmers about the procedures currently
being followed.
C. compare utilization records to operations schedules.
D. review data file access records to test the librarian
function. | | 1 |
| Which of the following provides the GREATEST assurance of
message authenticity?
A. The pre-hash code is derived mathematically from the
message being sent.
B. The pre-hash code is encrypted using the sender's private
key.
C. Encryption of the pre-hash code and the message using the
secret key.
D. Sender attains the recipient's public key and verifies
the authenticity of its digital certificate with a
certificate authority. | | 1 |
| Failure to adequately define or manage the requirements for
a system can result in a number of risks. The GREATEST risk is:
A. inadequate user involvement.
B. inadequate allocation of resources.
C. scope creep.
D. an incorrect estimation of the critical path. | | 1 |
| A control for a company that wants to prevent virus-infected
programs (or other type of unauthorized modified programs)
would be to:
A. utilize integrity checkers.
B. verify program's lengths.
C. backup the source and object code.
D. implement segregation of duties. | | 2 |
| An IS auditor, in evaluating proposed biometric control
devices reviews the false rejection rates (FRRs), false
acceptance rates (FARs) and equal error rates (ERRs) of
three different devices. The IS auditor should recommend
acquiring the device having the:
A. least ERR.
B. most ERR.
C. least FRR but most FAR.
D. least FAR but most FRR. | | 1 |
| Which of the following activities should the business
continuity manager perform FIRST after the replacement of
hardware at the primary information processing facility?
A. Verify compatibility with the hot site.
B. Review the implementation report.
C. Perform a walk-through of the DRP.
D. Update the IS assets inventory. | | 1 |
| Which of the following controls would BEST detect intrusion?
A. User ids and user privileges are granted through
authorized procedures.
B. Automatic logoff is used when a workstation is inactive
for a particular period of time.
C. Automatic logoff of the system after a specified number
of unsuccessful attempts.
D. Unsuccessful logon attempts are monitored by the security
administrator. | | 2 |
| When reviewing a business process reengineering (BPR)
project, which of the following is the MOST important for an
IS auditor to evaluate?
A. The impact of removed controls.
B. The cost of new controls.
C. The BPR project plans.
D. The continuous improvement and monitoring plans. | | 1 |
| Which of the following BEST describes the necessary
documentation for an enterprise product reengineering (EPR)
software installation?
A. Specific developments only
B. Business requirements only
C. All phases of the installation must be documented
D. No need to develop a customer specific documentation | | 1 |
| The PRIMARY reason for using digital signatures is to ensure
data:
A. confidentiality.
B. integrity.
C. availability.
D. timeliness. | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
along with your userid / name. ThanQ
Site Map