| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| The MOST effective method for limiting the damage of an
attack by a software virus is:
A. software controls.
B. policies, standards and procedures.
C. logical access controls.
D. data communication standards. | | 1 |
| In a system that records all receivables for a company, the
receivables are posted on a daily basis. Which of the
following would ensure that receivables balances are
unaltered between postings?
A. Range checks
B. Record counts
C. Sequence checking
D. Run-to-run control totals | | 1 |
| During a post-implementation review of an enterprise
resource management system, an IS auditor would MOST likely:
A. review access control configuration.
B. evaluate interface testing.
C. review detailed design documentation.
D. evaluate system testing. | | 1 |
| A team conducting a risk analysis is having difficulty
projecting the financial losses that could result from a
risk. To evaluate the potential losses the team should:
A. compute the amortization of the related assets.
B. calculate a return on investment (ROI).
C. apply a qualitative approach.
D. spend the time needed to define exactly the loss amount. | | 1 |
| Which of the following programs would a sound information
security policy MOST likely include to handle suspected
intrusions?
A. Response
B. Correction
C. Detection
D. Monitoring | | 1 |
| Losses can be minimized MOST effectively by using outside
storage facilities to do which of the following?
A. Provide current, critical information in backup files
B. Ensure that current documentation is maintained at the
backup facility
C. Test backup hardware
D. Train personnel in backup procedures | | 1 |
| Which of the following information valuation methods is
LEAST likely to be used during a security review?
A. Processing cost
B. Replacement cost
C. Unavailability cost
D. Disclosure cost | | 1 |
| An advantage of using sanitized live transactions in test
data is that:
A. all transaction types will be included.
B. every error condition is likely to be tested.
C. no special routines are required to assess the results.
D. test transactions are representative of live processing. | | 1 |
| Which of the following is a check (control) for completeness?
A. Check digits
B. Parity bits
C. One-for-one checking
D. Prerecorded input | | 1 |
| Which of the following risks would be increased by the
installation of a database system?
A. Programming errors
B. Data entry errors
C. Improper file access
D. Loss of parity | | 1 |
| When developing a risk management program, the FIRST
activity to be performed is a/an:
A. threats assessment.
B. classification of data.
C. inventory of assets.
D. criticality analysis. | | 1 |
| Which of the following BEST describes an integrated test
facility?
A. A technique that enables the IS auditor to test a
computer application for the purpose of verifying correct
processing
B. The utilization of hardware and/or software to review and
test the functioning of a computer system
C. A method of using special programming options to permit
printout of the path through a computer program taken to
process a specific transaction
D. A procedure for tagging and extending transactions and
master records that are used by an IS auditor for tests | | 1 |
| Which of the following should be included in an
organization's IS security policy?
A. A list of key IT resources to be secured
B. The basis for access authorization
C. Identity of sensitive security features
D. Relevant software security features | | 1 |
| Which of the following security techniques is the BEST
method for authenticating a user's identity?
A. Smart card
B. Biometrics
C. Challenge-response token
D. User ID and password | | 1 |
| During a review of a customer master file an IS auditor
discovered numerous customer name duplications arising from
variations in customer first names. To determine the extent
of the duplication the IS auditor would use:
A. test data to validate data input.
B. test data to determine system sort capabilities.
C. generalized audit software to search for address field
duplications.
D. generalized audit software to search for account field
duplications. | | 1 |
| With the help of the security officer, granting access to
data is the responsibility of:
A. data owners.
B. programmers.
C. system analysts.
D. librarians. | | 1 |
| Which of the following data entry controls provides the
GREATEST assurance that the data is entered correctly?
A. Using key verification
B. Segregating the data entry function from data entry
verification
C. Maintaining a log/record detailing the time, date,
employee's initials/user id and progress of various data
preparation and verification tasks
D. Adding check digits | | 1 |
| In the ISO/OSI model, which of the following protocols is
the FIRST to establish security for the user application?
A. Session layer.
B. Transport layer
C. Network layer
D. Presentation layer | | 1 |
| What data should be used for regression testing?
A. Different data than used in the previous test
B. The most current production data
C. The data used in previous tests
D. Data produced by a test data generator | | 1 |
| The MOST effective method of preventing unauthorized use of
data files is:
A. automated file entry.
B. tape librarian.
C. access control software.
D. locked library. | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
Site Map