| Other CISA Certification Interview Questions |
|| Asked @
|When two or more systems are integrated, input/output
controls must be reviewed by the IS auditor in the:
A. systems receiving the output of other systems.
B. systems sending output to other systems.
C. systems sending and receiving data.
D. interfaces between the two systems.
|Which of the following is a check (control) for completeness?
A. Check digits
B. Parity bits
C. One-for-one checking
D. Prerecorded input
|Authentication is the process by which the:
A. system verifies that the user is entitled to input the
B. system verifies the identity of the user.
C. user identifies himself to the system.
D. user indicates to the system that the transaction was
|Which of the following information valuation methods is
LEAST likely to be used during a security review?
A. Processing cost
B. Replacement cost
C. Unavailability cost
D. Disclosure cost
|Web and e-mail filtering tools are PRIMARILY valuable to an
organization because they:
A. Safeguard the organizationís image.
B. Maximize employee performance.
C. Protect the organization from viruses and nonbusiness
D. Assist the organization in preventing legal issues.
A. protect against virus infection.
B. protect against improper disclosure of data.
C. provide program integrity from unauthorized changes.
D. provide central storage for a group of users.
|In a system development project the purpose of the program
and procedure development phase is to:
A. prepare, test and document all programs and manual
B. document a business or system problem to a level at which
management can select a solution.
C. prepare a high-level design of a proposed system solution
and present reasons for adopting a solution.
D. expand the general design of an approved solution so that
program and procedure writing can begin.
|Which of the following types of controls is designed to
provide the ability to verify data and record values through
the stages of application processing?
A. Range checks
B. Run-to-run totals
C. Limit checks on calculated amounts
D. Exception reports
|When performing an audit of access rights, an IS auditor
should be suspicious of which of the following if allocated
to a computer operator?
A. READ access to data
B. DELETE access to transaction data files
C. Logged READ/EXECUTE access to programs
D. UPDATE access to job control language/script files
|Which of the following encrypt/decrypt steps provides the
GREATEST assurance in achieving confidentiality, message
integrity and nonrepudiation by either sender or recipient?
A. The recipient uses his/her private key to decrypt the
B. The encrypted pre-hash code and the message are encrypted
using a secret key.
C. The encrypted pre-hash code is derived mathematically
from the message to be sent.
D. The recipient uses the sender's public key, verified with
a certificate authority, to decrypt the pre-hash code.
|The PRIMARY purpose of undertaking a parallel run of a new
system is to:
A. verify that the system provides required business
B. validate the operation of the new system against its
C. resolve any errors in the program and file interfaces.
D. verify that the system can process the production load.
|Applying a retention date on a file will ensure that:
A. data cannot be read until the date is set.
B. data will not be deleted before that date.
C. backup copies are not retained after that date.
D. datasets having the same name are differentiated.
|For more CISA Certification Interview Questions Click Here |