| Other CISA Certification Interview Questions |
|| Asked @
|Which of the following is the MOST effective control
procedure for security of a stand-alone small business
A. Supervision of computer usage
B. Daily management review of the trouble log
C. Storage of computer media in a locked cabinet
D. Independent review of an application system design
|Which audit technique provides the BEST evidence of the
segregation of duties in an IS department?
A. Discussion with management
B. Review of the organization chart
C. Observation and interviews
D. Testing of user access rights
|An IS auditor should be involved in:
A. observing tests of the disaster recovery plan.
B. developing the disaster recovery plan.
C. maintaining the disaster recovery plan.
D. reviewing the disaster recovery requirements of supplier
|A data center has a badge-entry system. Which of the
following is MOSTimportant to protect the computing assets
in the center?
A. Badge readers are installed in locations where tampering
would be noticed
B. The computer that controls the badge system is backed up
C. A process for promptly deactivating lost or stolen badges
D. All badge entry attempts are logged
|A programmer managed to gain access to the production
library, modified a program that was then used to update a
sensitive table in the payroll database and restored the
original program. Which of the following methods would MOST
effectively detect this type of unauthorized changes?
A. Source code comparison
B. Executable code comparison
C. Integrated test facilities (ITF)
D. Review of transaction log files
|The use of statistical sampling procedures helps minimize:
A. sampling risk.
B. detection risk.
C. inherent risk.
D. control risk.
|Which of the following is an example of a passive attack,
initiated through the Internet?
A. Traffic analysis
C. Denial of service
D. E-mail spoofing
|When planning an audit of a network set up, the IS auditor
should give highest priority to obtaining which of the
following network documentation?
A. Wiring and schematic diagram
B. Users list and responsibilities
C. Applications list and their details
D. Backup and recovery procedures
|A web-based bookstore has included the customer relationship
management (CRM) system in its operations. An IS auditor has
been assigned to perform a call center review. Which of the
following is the MOST appropriate first step for the IS
auditor to take?
A. Review the company's performance since the CRM was
B. Review the IT strategy.
C. Understand the business focus of the bookstore.
D. Interview salespeople and supervisors.
|Which tests is an IS auditor performing when certain program
is selected to determine if the source and object versions
are the same?
|1. which of the following is used to achieve accountability.
a.identification b. authentication c. authorization d.
|An organization is considering installing a LAN in a site
under construction. If system availability is the main
concern, which of the following topologies is MOST appropriate?
|For more CISA Certification Interview Questions Click Here |