| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| The responsibilities of a disaster recovery relocation team
include:
A. obtaining, packaging and shipping media and records to
the recovery facilities, as well as establishing and
overseeing an offsite storage schedule.
B. locating a recovery site if one has not been
predetermined and coordinating the transport of company
employees to the recovery site.
C. managing the relocation project and conducting a more
detailed assessment of the damage to the facilities and
equipment.
D. coordinating the process of moving from the hot site to a
new location or to the restored original location. | | 1 |
| After a full operational contingency test, the IS auditor
performs a review of the recovery steps and concludes that
the elapsed time until the technological environment and
systems were actually functioning, exceeded the required
critical recovery time. Which of the following should the
auditor recommend?
A. Perform an integral review of the recovery tasks.
B. Broaden the processing capacity to gain recovery time.
C. Make improvements in the facility's circulation structure.
D. Increase the amount of human resources involved in the
recovery. | | 1 |
| When developing a risk management program, the FIRST
activity to be performed is a/an:
A. threats assessment.
B. classification of data.
C. inventory of assets.
D. criticality analysis. | | 1 |
| Which tests is an IS auditor performing when certain program
is selected to determine if the source and object versions
are the same? | | 2 |
| An offsite information processing facility having electrical
wiring, air conditioning and flooring, but no computer or
communications equipment is a:
A. cold site.
B. warm site.
C. dial-up site.
D. duplicate processing facility. | | 1 |
| Which of the following would be included in an IS strategic
plan?
A. Specifications for planned hardware purchases
B. Analysis of future business objectives
C. Target dates for development projects
D. Annual budgetary targets for the IS department | | 1 |
| An organization is considering installing a LAN in a site
under construction. If system availability is the main
concern, which of the following topologies is MOST appropriate?
A. Ring
B. Line
C. Star
D. Bus | | 1 |
| The extent to which data will be collected during an IS
audit should be determined, based on the:
A. availability of critical and required information.
B. auditor's familiarity with the circumstances.
C. auditee's ability to find relevant evidence.
D. purpose and scope of the audit being done. | | 2 |
| After installing a network, an organization installed a
vulnerability assessment tool or security scanner to
identify possible weaknesses. Which is the MOST serious risk
associated with such tools?
A. Differential reporting
B. False positive reporting
C. False negative reporting
D. Less detail reporting | | 1 |
| Confidential data residing on a PC is BEST protected by:
A. a password.
B. file encryption.
C. removable diskettes.
D. a key operated power source. | | 1 |
| A decrease in amplitude as a signal propagates along a
transmission medium is known as:
A. noise.
B. crosstalk.
C. attenuation.
D. delay distortion. | | 1 |
| In a system development project the purpose of the program
and procedure development phase is to:
A. prepare, test and document all programs and manual
procedures.
B. document a business or system problem to a level at which
management can select a solution.
C. prepare a high-level design of a proposed system solution
and present reasons for adopting a solution.
D. expand the general design of an approved solution so that
program and procedure writing can begin. | | 1 |
| A company has implemented a new client-server enterprise
resource planning (ERP) system. Local branches transmit
customer orders to a central manufacturing facility. Which
of the following would BEST ensure that the orders are
entered accurately and the corresponding products are produced?
A. Verifying production to customer orders
B. Logging all customer orders in the ERP system
C. Using hash totals in the order transmitting process
D. Approving (production supervisor) orders prior to production | | 1 |
| If inadequate, which of the following would be the MOST
likely contributor to a denial-of-service attack?
A. Router configuration and rules
B. Design of the internal network
C. Updates to the router system software
D. Audit testing and review techniques | | 2 |
| The risk that an IS auditor uses an inadequate test
procedure and concludes that material errors do not exist
when, in fact, they do, is an example of:
A. inherent risk.
B.control risk.
C. detection risk.
D. audit risk. | | 1 |
| An organization is moving its application maintenance
in-house from an outside source. Which of the following
should be the main concern of an IS auditor?
A. Regression testing
B. Job scheduling
C. User manuals
D. Change control procedures | | 2 |
| The PRIMARY benefit of database normalization is the:
A. minimization redundancy of information in tables required
to satisfy users? needs.
B. ability to satisfy more queries.
C. maximization of database integrity by providing
information in more than one table.
D. minimization of response time through faster processing
of information. | | 1 |
| A company uses a bank to process its weekly payroll. Time
sheets and payroll adjustment forms (e.g., hourly rate
changes, terminations) are completed and delivered to the
bank, which prepares checks (cheques) and reports for
distribution. To BEST ensure payroll data accuracy:
A. payroll reports should be compared to input forms.
B. gross payroll should be recalculated manually.
C. checks (cheques) should be compared to input forms.
D. checks (cheques) should be reconciled with output reports. | | 1 |
| The FIRST step in data classification is to:
A. establish ownership.
B. perform a criticality analysis.
C. define access rules.
D. create a data dictionary. | | 1 |
| In the development of an important application affecting the
entire organization, which of the following would be the
MOST appropriate project sponsor?
A. The information systems manager
B. A member of executive management
C. An independent management consultant
D. The manager of the key user department | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
along with your userid / name. ThanQ
Site Map