| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| A company has contracted with an external consulting firm to
implement a commercial financial system to replace its
existing in-house developed system. In reviewing the
proposed development approach, which of the following would
be of GREATEST concern?
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on initial
implementation.
D. Prototyping is being used to confirm that the system
meets business requirements. | | 1 |
| With reference to the risk management process, which of the
following statements is correct?
A. Vulnerabilities can be exploited by a threat.
B. Vulnerabilities are events with the potential to cause
harm to IS resources.
C. Vulnerability exists because of threats associated with
use of information resources.
D. Lack of user knowledge is an example of a threat. | | 1 |
| Analysis of which of the following would MOST likely enable
the IS auditor to determine if a non-approved program
attempted to access sensitive data?
A. Abnormal job termination reports
B. Operator problem reports
C. System logs
D. Operator work schedules | | 1 |
| The general ledger setup function in an enterprise resource
package (ERP) allows for setting accounting periods. Access
to this function has been permitted to users in finance, the
warehouse and order entry. The MOST likely reason for such
broad access is the:
A. need to change accounting periods on a regular basis..
B. requirement to post entries for a closed accounting period.
C. lack of policies and procedures for the proper
segregation of duties.
D. need to create/modify the chart of accounts and its
allocations. | | 1 |
| Which of the following is the MOST important criterion for
the selection of a location for an offsite storage facility
for IS backup files? The offsite facility must be:
A. physically separated from the data center and not subject
to the same risks.
B. given the same level of protection as that of the
computer data center.
C. outsourced to a reliable third party.
D. equipped with surveillance capabilities. | | 3 |
| Which of the following audit techniques would an IS auditor
place the MOST reliance on when determining whether an
employee practices good preventive and detective security
measures?
A. Observation
B. Detail testing
C. Compliance testing
D. Risk assessment | | 1 |
| Accountability for the maintenance of appropriate security
measures over information assets resides with the:
A. security administrator.
B. systems administrator.
C. data and systems owners.
D. systems operations group. | | 2 |
| Which of the following is the MOST reliable sender
authentication method?
A. Digital signatures
B. Asymmetric cryptography
C. Digital certificates
D. Message authentication code | | 1 |
| Which of the following is a substantive audit test?
A. Verifying that a management check has been performed
regularly
B. Observing that user IDs and passwords are required to
sign on the computer
C. Reviewing reports listing short shipments of goods received
D. Reviewing an aged trial balance of accounts receivable | | 1 |
| The PRIMARY purpose of compliance tests is to verify whether:
A. controls are implemented as prescribed.
B. documentation is accurate and current.
C. access to users is provided as specified.
D. data validation procedures are provided. | | 1 |
| A data administrator is responsible for:
A. maintaining database system software.
B. defining data elements, data names and their relationship.
C. developing physical database structures.
D. developing data dictionary system software. | | 1 |
| An IS auditor is assigned to perform a post implementation
review of an application system. Which of the following
situations may have impaired the independence of the IS
auditor? The IS auditor:
A. implemented a specific control during the development of
the application system.
B. designed an embedded audit module exclusively for
auditing the application system.
C. participated as a member of the application system
project team, but did not have operational responsibilities.
D.provided consulting advice concerning application system
best practices. | | 2 |
| Applying a digital signature to data traveling in a network
provides:
A. confidentiality and integrity.
B. security and nonrepudiation.
C. integrity and nonrepudiation.
D. confidentiality and nonrepudiation. | | 1 |
| At the end of a simulation of an operational contingency
test, the IS auditor performed a review of the recovery
process. The IS auditor concluded that the recovery took
more than the critical time frame allows. Which of the
following actions should the auditor recommend?
A. Widen the physical capacity to accomplish better mobility
in a shorter time.
B. Shorten the distance to reach the hot site.
C. Perform an integral review of the recovery tasks.
D. Increase the number of human resources involved in the
recovery process. | | 1 |
| In a small organization, an employee performs computer
operations and, when the situation demands, program
modifications. Which of the following should the IS auditor
recommend?
A. Automated logging of changes to development libraries
B. Additional staff to provide separation of duties
C. Procedures that verify that only approved program changes
are implemented
D. Access controls to prevent the operator from making
program modifications | | 1 |
| A hacker could obtain passwords without the use of computer
tools or programs through the technique of:
A. social engineering.
B. sniffers.
C. backdoors.
D. trojan horses. | | 1 |
| The responsibility for designing, implementing and
maintaining a system of internal control lies with:
A. the IS auditor.
B. management.
C. the external auditor.
D. the programming staff. | | 1 |
| An IS auditor discovers that an organization?s business
continuity plan provides for an alternate processing site
that will accommodate fifty percent of the primary
processing capability. Based on this, which of the following
actions should the IS auditor take?
A. Do nothing, because generally, less than twenty-five
percent of all processing is critical to an organization?s
survival and the backup capacity, therefore is adequate.
B. Identify applications that could be processed at the
alternate site and develop manual procedures to backup other
processing.
C. Ensure that critical applications have been identified
and that the alternate site could process all such applications.
D. Recommend that the information processing facility
arrange for an alternate processing site with the capacity
to handle at least seventy-five percent of normal processing. | | 1 |
| Which of the following would be of the LEAST value to an IS
auditor attempting to gain an understanding of an
organization's IT process?
A. IT planning documents with deliverables and performance
results
B. Policies and procedures relating to planning, managing,
monitoring and reporting on performance
C. Prior audit reports
D. Reports of IT functional activities | | 1 |
| IS management has recently informed the IS auditor of its
decision to disable certain referential integrity controls
in the payroll system to provide users with a faster report
generator. This will MOST likely increase the risk of:
A. data entry by unauthorized users.
B. a nonexistent employee being paid.
C. an employee receiving an unauthorized raise.
D. duplicate data entry by authorized users. | | 2 |
| |
| For more CISA Certification Interview Questions Click Here |
Site Map