| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| An integrated test facility is considered a useful audit
tool because it:
A. is a cost-efficient approach to auditing application
controls.
B. enables the financial and IS auditors to integrate their
audit tests.
C. compares processing output with independently calculated
data.
D. provides the IS auditor with a tool to analyze a large
range of information. | | 2 |
| The rate of change of technology increases the importance of:
A. outsourcing the IS function.
B. implementing and enforcing good processes.
C. hiring personnel willing to make a career within the
organization.
D. meeting user requirements. | | 1 |
| In a risk-based audit approach, an IS auditor, in addition
to risk, would be influenced by:
A. the availability of CAATs.
B. management's representation.
C. organizational structure and job responsibilities.
D. the existence of internal and operational controls | | 1 |
| Detection risk refers to:
A. concluding that material errors do not exist, when in
fact they do.
B. controls that fail to detect an error.
C. controls that detect high-risk errors.
D. detecting an error but failing to report it. | | 1 |
| Which of the following issues should be included in the
business continuity plan?
A. The staff required to maintain critical business
functions in the short, medium and long term
B. The potential for a natural disaster to occur, such as an
earthquake
C. Disastrous events impacting information systems
processing and end-user functions
D. A risk analysis that considers systems malfunctions,
accidental file deletions or other failures | | 1 |
| When a complete segregation of duties cannot be achieved in
an online system environment, which of the following
functions should be separated from the others?
A. Origination
B. Authorization
C. Recording
D. Correction | | 1 |
| Which of the following BEST describes an integrated test
facility?
A. A technique that enables the IS auditor to test a
computer application for the purpose of verifying correct
processing
B. The utilization of hardware and/or software to review and
test the functioning of a computer system
C. A method of using special programming options to permit
printout of the path through a computer program taken to
process a specific transaction
D. A procedure for tagging and extending transactions and
master records that are used by an IS auditor for tests | | 1 |
| Which of the following devices extends the network and has
the capacity to store frames and act as a storage and
forward device?
A. Router
B. Bridge
C. Repeater
D. Gateway | | 1 |
| An IS auditor finds that not all employees are aware of the
enterprise's information security policy. The IS auditor
should conclude that:
A. this lack of knowledge may lead to unintentional
disclosure of sensitive information.
B. information security is not critical to all functions.
C. IS audit should provide security training to the employees.
D. the audit finding will cause management to provide
continuous training to staff. | | 1 |
| The use of a GANTT chart can:
A. aid in scheduling project tasks.
B. determine project checkpoints.
C. ensure documentation standards.
D. direct the post-implementation review. | | 1 |
| While planning an audit, an assessment of risk should be
made to provide:
A. reasonable assurance that the audit will cover material
items.
B. definite assurance that material items will be covered
during the audit work.
C. reasonable assurance that all items will be covered by
the audit.
D. sufficient assurance that all items will be covered
during the audit work. | | 1 |
| Which of the following systems or tools can recognize that a
credit card transaction is more likely to have resulted from
a stolen credit card than from the holder of the credit card?
A. Intrusion detection systems
B. Data mining techniques
C. Firewalls
D. Packet filtering routers | | 1 |
| The BEST method of proving the accuracy of a system tax
calculation is by:
A. detailed visual review and analysis of the source code of
the calculation programs.
B. recreating program logic using generalized audit software
to calculate monthly totals.
C. preparing simulated transactions for processing and
comparing the results to predetermined results.
D. automatic flowcharting and analysis of the source code of
the calculation programs. | | 2 |
| Which of the following duties would be a concern if
performed along with systems administration?
A. Maintenance of access rules
B. Review of system audit trail
C. Data librarian
D. Performance monitoring | | 1 |
| Which of the following is LEAST likely to be contained in a
digital certificate for the purposes of verification by a
trusted third party (TTP)/certification authority (CA)?
A. Name of the TTP/CA
B. Public key of the sender
C. Name of the public key holder
D. Time period for which the key is valid | | 1 |
| Which of the following is the BEST audit procedure to
determine if a firewall is configured in compliance with an
organization's security policy?
A. Review the parameter settings
B. Interview the firewall administrator
C. Review the actual procedures
D. Review the device's log file for recent attacks | | 1 |
| Sales orders are automatically numbered sequentially at each
of a retailer's multiple outlets. Small orders are processed
directly at the outlets, with large orders sent to a central
production facility. The MOST appropriate control to ensure
that all orders transmitted to production are received and
processed would be to:
A. send and reconcile transaction counts and totals.
B. have data transmitted back to the local site for comparison.
C. compare data communications protocols with parity checking.
D. track and account for the numerical sequence of sales
orders at the production facility. | | 1 |
| An IS auditor performing a review of the backup processing
facilities should be MOST concerned that:
A. adequate fire insurance exists.
B. regular hardware maintenance is performed.
C. offsite storage of transaction and master files exists.
D. backup processing facilities are tested fully. | | 1 |
| An IS auditor conducting a review of software usage and
licensing discovers that numerous PCs contain unauthorized
software. Which of the following actions should the IS
auditor take?
A. Personally delete all copies of the unauthorized software.
B. Inform auditee of the unauthorized software, and follow
up to confirm deletion.
C. Report the use of the unauthorized software to auditee
management and the need to prevent recurrence.
D. Take no action, as it is a commonly accepted practice and
operations management is responsible for monitoring such use. | | 1 |
| The interface that allows access to lower or higher level
network services is called:
A. firmware.
B. middleware.
C. X.25 interface.
D. utilities. | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
along with your userid / name. ThanQ
Site Map