| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| Which of the following pairs of functions should not be
combined to provide proper segregation of duties?
A. Tape librarian and computer operator
B. Application programming and data entry
C. Systems analyst and database administrator
D. Security administrator and quality assurance | | 3 |
| Which of the following is the MOST effective control
procedure for security of a stand-alone small business
computer environment?
A. Supervision of computer usage
B. Daily management review of the trouble log
C. Storage of computer media in a locked cabinet
D. Independent review of an application system design | | 1 |
| During an IT audit of a large bank, an IS auditor observes
that no formal risk assessment exercise has been carried out
for the various business applications to arrive at their
relative importance and recovery time requirements. The risk
that the bank is exposed to is that the:
A. business continuity plan may not have been calibrated to
the relative risk that disruption of each application poses
to the organization.
B. business continuity plan may not include all relevant
applications and therefore may lack completeness in terms of
its coverage.
C. business impact of a disaster may not have been
accurately understood by the management.
D. business continuity plan may lack an effective ownership
by the business owners of such applications. | | 1 |
| A LAN administrator normally would be restricted from:
A. having end-user responsibilities.
B. reporting to the end-user manager.
C. having programming responsibilities.
D. being responsible for LAN security administration. | | 1 |
| The MOST appropriate person to chair the steering committee
for a system development project with significant impact on
a business area would be the:
A. business analyst.
B. chief information officer.
C. project manager.
D. executive level manager. | | 1 |
| An IS auditor recommends that an initial validation control
be programmed into a credit card transaction capture
application. The initial validation process would MOST likely:
A. check to ensure the type of transaction is valid for that
card type.
B. verify the format of the number entered then locate it on
the database.
C. ensure that the transaction entered is within the
cardholder's credit limit.
D. confirm that the card is not shown as lost or stolen on
the master file. | | 1 |
| Which of the following functions is performed by a virtual
private network (VPN)?
A. Hiding information from sniffers on the net
B. Enforcing security policies
C. Detecting misuse or mistakes
D. Regulating access | | 1 |
| An IS auditor conducting a review of disaster recovery
planning at a financial processing organization has
discovered the following:
* The existing disaster recovery plan was compiled two years
ago by a systems analyst in the organization's IT department
using transaction flow projections from the operations
department.
* The plan was presented to the deputy CEO for approval and
formal issue, but it is still awaiting his attention.
* The plan has never been updated, tested or circulated to
key management and staff, though interviews show that each
would know what action to take for their area in the event
of a disruptive incident.
The IS auditor's report should recommend that:
A. the deputy CEO be censured for his failure to approve the
plan.
B. a board of senior managers be set up to review the
existing plan.
C. the existing plan be approved and circulated to all key
management and staff.
D. a manager coordinate the creation of a new or revised
plan within a defined time limit. | | 1 |
| The act that describes a computer intruder capturing a
stream of data packets and inserting these packets into the
network as if it were another genuine message stream is called:
A. eavesdropping.
B. message modification.
C. a brute-force attack.
D. packet replay. | | 1 |
| The MOST likely explanation for the use of applets in an
Internet application is that:
A. it is sent over the network from the server.
B. the server does not run the program and the output is not
sent over the network.
C. they improve the performance of both the web server and
network.
D. it is a JAVA program downloaded through the web browser
and executed by the web server of the client machine. | | 1 |
| Which of the following would an IS auditor expect to find in
a console log?
A. Names of system users
B. Shift supervisor identification
C. System errors
D. Data edit errors | | 1 |
| Before reporting results of an audit to senior management,
an IS auditor should:
A. Confirm the findings with auditees.
B. Prepare an executive summary and send it to auditee
management.
C. Define recommendations and present the findings to the
audit committee.
D. Obtain agreement from the auditee on findings and actions
to be taken. | | 1 |
| Requiring passwords to be changed on a regular basis,
assigning a new one-time password when a user forgets
his/hers, and requiring users not to write down their
passwords are all examples of:
A. audit objectives.
B. audit procedures.
C. controls objectives.
D. control procedures. | | 1 |
| The PRIMARY advantage of a continuous audit approach is that it:
A. does not require an IS auditor to collect evidence on
system reliability while processing is taking place.
B. requires the IS auditor to review and follow up
immediately on all information collected.
C. can improve system security when used in time-sharing
environments that process a large number of transactions.
D. does not depend on the complexity of an organization's
computer systems. | | 1 |
| Confidential data residing on a PC is BEST protected by:
A. a password.
B. file encryption.
C. removable diskettes.
D. a key operated power source. | | 1 |
| Birth date and marriage date items were switched while
entering data. Which of the following data validation checks
could detect this?
A. Logical relationship
B. Sequence
C. Reasonableness
D. Validity | | 1 |
| Which of the following can identify attacks and penetration
attempts to a network?
A. Firewall
B. Packet filters
C. Stateful inspection
D. Intrusion detection system (IDs) | | 1 |
| An IS auditor has just completed a review of an organization
that has a mainframe and a client-server environment where
all production data reside. Which of the following
weaknesses would be considered the MOST serious?
A. The security officer also serves as the database
administrator (DBA.)
B. Password controls are not administered over the
client/server environment.
C. There is no business continuity plan for the mainframe
system?s non-critical applications.
D. Most LANs do not back up file server fixed disks regularly. | | 1 |
| Which of the following BEST describes the role of a systems
analyst?
A. Defines corporate databases
B. Designs systems based on the needs of the user
C. Schedules computer resources
D. Tests and evaluates programmer and optimization tools | | 1 |
| Which of the following would be the BEST population to take
a sample from when testing program changes?
A. Test library listings
B. Source program listings
C. Program change requests
D. Production library listings | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
To Refer this Site to Your Friends 
Site Map