| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| The rate of change of technology increases the importance of:
A. outsourcing the IS function.
B. implementing and enforcing good processes.
C. hiring personnel willing to make a career within the
organization.
D. meeting user requirements. | | 1 |
| A retail company recently installed data warehousing client
software at geographically diverse sites. Due to time zone
differences between the sites, updates to the warehouse are
not synchronized. Which of the following will be affected
the MOST?
A. Data availability
B. Data completeness
C. Data redundancy
D. Data inaccuracy | | 1 |
| Which of the following reports is a measure of
telecommunication transmissions and determines whether
transmissions are completed accurately?
A. Online monitor reports
B. Downtime reports
C. Help desk reports
D. Response time reports | | 1 |
| When auditing security for a data center, an IS auditor
should look for the presence of a voltage regulator to
ensure that the:
A. hardware is protected against power surges.
B. integrity is maintained if the main power is interrupted.
C. immediate power will be available if the main power is lost.
D. hardware is protected against long-term power fluctuations. | | 1 |
| For an online transaction processing system, transactions
per second is a measure of:
A. throughput.
B. response time.
C. turnaround time.
D. uptime. | | 1 |
| An organization provides information to its supply-chain
partners and customers through an extranet infrastructure.
Which of the following should be the GREATEST concern to an
IS auditor reviewing the firewall security architecture?
A. A secure socket layer (SSL) has been implemented for user
authentication and remote administration of the firewall.
B. On the basis of changing requirements, firewall policies
are updated.
C. Inbound traffic is blocked unless the traffic type and
connections have been specifically permitted.
D. The firewall is placed on top of the commercial operating
system with all installation options. | | 1 |
| A utility is available to update critical tables in case of
data inconsistency. This utility can be executed at the OS
prompt or as one of menu options in an application. The BEST
control to mitigate the risk of unauthorized manipulation of
data is to:
A. delete the utility software and install it as and when
required.
B. provide access to utility on a need-to-use basis.
C. provide access to utility to user management
D. define access so that the utility can be only executed in
menu option. | | 1 |
| When performing a review of the structure of an electronic
funds transfer (EFT) system, an IS auditor observes that the
technological infrastructure is based on a centralized
processing scheme that has been outsourced to a provider in
another country. Based on this information, which of the
following conclusions should be the main concern of the IS
auditor?
A. There could be a question with regards to the legal
jurisdiction.
B. Having a provider abroad will cause excesive costs in
future audits.
C. The auditing process will be difficult because of the
distances.
D. There could be different auditing norms. | | 1 |
| Corrective action has been taken by an auditee immediately
after the identification of a reportable finding. The
auditor should:
A. include the finding in the final report because the IS
auditor is responsible for an accurate report of all findings.
B. not include the finding in the final report because the
audit report should include only unresolved findings.
C. not include the finding in the final report because
corrective action can be verified by the IS auditor during
the audit.
D. include the finding in the closing meeting for discussion
purposes only. | | 1 |
| Which of the following network topologies yields the
GREATEST redundancy in the event of the failure of one node?
A. Mesh
B. Star
C. Ring
D. Bus | | 1 |
| Once an organization has finished the business process
reengineering (BPR) of all its critical operations, the IS
auditor would MOST likely focus on a review of:
A. pre-BPR process flowcharts.
B. post-BPR process flowcharts.
C. BPR project plans.
D. continuous improvement and monitoring plans. | | 1 |
| The PRIMARY objective of conducting a post-implementation
review is to assess whether the system
A) achieved the desired objectives
B) provides for backup and recovery
C) provides for information security
D) documentation is clear and understandable | | 1 |
| An IS auditor conducting a review of disaster recovery
planning at a financial processing organization has
discovered the following:
* The existing disaster recovery plan was compiled two years
ago by a systems analyst in the organization's IT department
using transaction flow projections from the operations
department.
* The plan was presented to the deputy CEO for approval and
formal issue, but it is still awaiting his attention.
* The plan has never been updated, tested or circulated to
key management and staff, though interviews show that each
would know what action to take for their area in the event
of a disruptive incident.
The IS auditor's report should recommend that:
A. the deputy CEO be censured for his failure to approve the
plan.
B. a board of senior managers be set up to review the
existing plan.
C. the existing plan be approved and circulated to all key
management and staff.
D. a manager coordinate the creation of a new or revised
plan within a defined time limit. | | 1 |
| Which of the following audit techniques would an IS auditor
place the MOST reliance on when determining whether an
employee practices good preventive and detective security
measures?
A. Observation
B. Detail testing
C. Compliance testing
D. Risk assessment | | 1 |
| The FIRST task an IS auditor should complete when performing
an audit in an unfamiliar area is to:
A. design the audit programs for each system or function
involved.
B. develop a set of compliance tests and substantive tests.
C. gather background information pertinent to the new audit.
D. assign human and economical resources. | | 1 |
| An IS auditor reviewing back-up procedures for software need
only determine that:
A. object code libraries are backed up.
B. source code libraries are backed up.
C. both object and source codes libraries are backed up.
D. program patches are maintained at the originating site. | | 1 |
| In which of the following network configurations would
problem resolution be the easiest?
A. Bus
B. Ring
C.Star
D. Mesh | | 1 |
| Which of the following provides the GREATEST assurance of
message authenticity?
A. The pre-hash code is derived mathematically from the
message being sent.
B. The pre-hash code is encrypted using the sender's private
key.
C. Encryption of the pre-hash code and the message using the
secret key.
D. Sender attains the recipient's public key and verifies
the authenticity of its digital certificate with a
certificate authority. | | 1 |
| A team conducting a risk analysis is having difficulty
projecting the financial losses that could result from a
risk. To evaluate the potential losses the team should:
A. compute the amortization of the related assets.
B. calculate a return on investment (ROI).
C. apply a qualitative approach.
D. spend the time needed to define exactly the loss amount. | | 1 |
| The application test plans are developed in which of the
following systems development life cycle (SDLC) phases?
A. Design
B. Testing
C. Requirement
D. Development | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
To Refer this Site to Your Friends 
Site Map