| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| Which of the following programs would a sound information
security policy MOST likely include to handle suspected
intrusions?
A. Response
B. Correction
C. Detection
D. Monitoring | | 1 |
| Which of the following is the MOST effective means of
determining which controls are functioning properly in an
operating system?
A. Consulting with the vendor
B. Reviewing the vendor installation guide
C. Consulting with the system programmer
D. Reviewing the system generation parameters | | 1 |
| Which of the following imaging technologies captures
handwriting from a preprinted form and converts it into an
electronic format?
A. Magnetic ink character recognition (MICR)
B. Intelligent voice recognition (IVR)
C. Bar code recognition (BCR)
D. Optical character recognition (OCR) | | 1 |
| After installing a network, an organization installed a
vulnerability assessment tool or security scanner to
identify possible weaknesses. Which is the MOST serious risk
associated with such tools?
A. Differential reporting
B. False positive reporting
C. False negative reporting
D. Less detail reporting | | 1 |
| Which of the following data entry controls provides the
GREATEST assurance that the data is entered correctly?
A. Using key verification
B. Segregating the data entry function from data entry
verification
C. Maintaining a log/record detailing the time, date,
employee's initials/user id and progress of various data
preparation and verification tasks
D. Adding check digits | | 2 |
| To reduce the possibility of losing data during processing,
the FIRST point at which control totals should be
implemented is:
A. during data preparation.
B. in transit to the computer.
C. between related computer runs.
D. during the return of the data to the user department. | | 2 |
| To prevent an organization's computer systems from becoming
part of a distributed denial-of-service attack, IP packets
containing addresses that are listed as unroutable can be
isolated by:
A. establishing outbound traffic filtering.
B. enabling broadcast blocking.
C. limiting allowable services.
D. network performance monitoring. | | 1 |
| While copying files from a floppy disk a user introduced a
virus into the network. Which of the following would MOST
effectively detect the existence of the virus? A:
A. scan of all floppy disks before use
B. virus monitor on the network file server
C. scheduled daily scan of all network drives
D. virus monitor on the user's personal computer | | 1 |
| Which of the following would an IS auditor consider a
weakness when performing an audit of an organization that
uses a public key infrastructure with digital certificates
for its business-to-consumer transactions via the Internet?
A. Customers are widely dispersed geographically, but not
the certificate authorities.
B. Customers can make their transactions from any computer
or mobile device.
C. The certificate authority has several data processing
subcenters to administrate certificates.
D. The organization is the owner of the certificate authority. | | 1 |
| Which of the following will help detect changes made by an
intruder to the system log of a server?
A. Mirroring of the system log on another server
B. Simultaneously duplicating the system log on a write-once
disk
C. Write protecting the directory containing the system log
D. Storing the backup of the system log offsite | | 1 |
| Which of the following is the MOST important criterion for
the selection of a location for an offsite storage facility
for IS backup files? The offsite facility must be:
A. physically separated from the data center and not subject
to the same risks.
B. given the same level of protection as that of the
computer data center.
C. outsourced to a reliable third party.
D. equipped with surveillance capabilities. | | 3 |
| Which of the following is a control to detect an
unauthorized change in a production environment?
A. Denying programmers access to production data.
B. Requiring change request to include benefits and costs.
C. Periodically comparing control and current object and
source programs.
D. Establishing procedures for emergency changes. | | 1 |
| The implementation of cost-effective controls in an
automated system is ultimately the responsibility of the:
A. system administrator.
B. quality assurance function.
C. business unit management.
D. chief of internal audit. | | 1 |
| An IS auditor reviewing an outsourcing contract of IT
facilities would expect it to define the:
A. hardware configuration.
B. access control software.
C. ownership of intellectual property.
D. application development methodology. | | 1 |
| Which of the following controls will detect MOST effectively
the presence of bursts of errors in network transmissions?
A. Parity check
B. Echo check
C. Block sum check
D. Cyclic redundancy check | | 1 |
| Which of the following controls would be the MOST
comprehensive in a remote access network with multiple and
diverse subsystems?
A. Proxy server
B. Firewall installation
C. Network administrator
D. Password implementation and administration | | 1 |
| Which tests is an IS auditor performing when certain program
is selected to determine if the source and object versions
are the same? | | 2 |
| A hub is a device that connects:
A. two LANs using different protocols.
B. a LAN with a WAN.
C. a LAN with a metropolitan area network (MAN).
D. two segments of a single LAN. | | 1 |
| Which of the following devices extends the network and has
the capacity to store frames and act as a storage and
forward device?
A. Router
B. Bridge
C. Repeater
D. Gateway | | 1 |
| IS auditors reviewing access control should review data
classification to ensure that encryption parameters are
classified as:
A. sensitive.
B. confidential.
C. critical.
D. private. | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
Site Map