| Other CISA Certification Interview Questions |
| |
| Question | Asked @ | Answers |
| |
| Which of the following is the BEST audit procedure to
determine if a firewall is configured in compliance with an
organization's security policy?
A. Review the parameter settings
B. Interview the firewall administrator
C. Review the actual procedures
D. Review the device's log file for recent attacks | | 1 |
| An IS auditor performing an audit of the company's IS
strategy would be LEAST likely to:
A. assess IS security procedures.
B. review both short- and long-term IS strategies.
C. interview appropriate corporate management personnel.
D. ensure that the external environment has been considered. | | 1 |
| In a risk-based audit approach an IS auditor should FIRST
complete a/an:
A. inherent risk assessment.
B. control risk assessment.
C. test of control assessment.
D. substantive test assessment. | | 1 |
| Which of the following is an object-oriented technology
characteristic that permits an enhanced degree of security
over data?
A. Inheritance
B. Dynamic warehousing
C. Encapsulation
D. Polymorphism | | 1 |
| The PKI element that manages the certificate life cycle,
including certificate directory maintenance and certificate
revocation list (CRL) maintenance and publication is the:
A. certificate authority.
B. digital certificate.
C. certification practice statement.
D. registration authority. | | 2 |
| The purpose of debugging programs is to:
A. generate random data that can be used to test programs
before implementing them.
B. protect, during the programming phase, valid changes from
being overwritten by other changes.
C. define the program development and maintenance costs to
be include in the feasibility study.
D. ensure that program abnormal terminations and program
coding flaws are detected and corrected. | | 2 |
| Which of the following is a form of an Internet attack?
A. Searching for software design errors
B. Guessing user passwords based on their personal information
C. Breaking the deadman's door to gain entry
D. Planting a trojan horse | | 1 |
| In the ISO/OSI model, which of the following protocols is
the FIRST to establish security for the user application?
A. Session layer.
B. Transport layer
C. Network layer
D. Presentation layer | | 1 |
| Applying a digital signature to data traveling in a network
provides:
A. confidentiality and integrity.
B. security and nonrepudiation.
C. integrity and nonrepudiation.
D. confidentiality and nonrepudiation. | | 1 |
| Which of the following BEST describes an IT department?s
strategic planning process?
A. The IT department will have either short-range or
long-range plans depending on the organization?s broader
plans and objectives.
B. The IT department?s strategic plan must be time and
project oriented, but not so detailed as to address and help
determine priorities to meet business needs.
C. Long-range planning for the IT department should
recognize organizational goals, technological advances and
regulatory requirements.
D. Short-range planning for the IT department does not need
to be integrated into the short-range plans of the
organization since technological advances will drive the IT
department plans much quicker than organizational plans. | | 1 |
| Which of the following procedures would MOST effectively
detect the loading of illegal software packages onto a network?
A. The use of diskless workstations
B. Periodic checking of hard drives
C. The use of current antivirus software
D. Policies that result in instant dismissal if violated | | 1 |
| Which of the following is the MOST important issue to the IS
auditor in a business process re-engineering (BPR) project
would be?
A. The loss of middle management, which often is a result of
a BPR project
B. That controls are usually given low priority in a BPR project
C. The considerable negative impact that information
protection could have on BPR
D. The risk of failure due to the large size of the task
usually undertaken in a BPR project | | 2 |
| The FIRST task an IS auditor should complete when performing
an audit in an unfamiliar area is to:
A. design the audit programs for each system or function
involved.
B. develop a set of compliance tests and substantive tests.
C. gather background information pertinent to the new audit.
D. assign human and economical resources. | | 1 |
| A manufacturer has been purchasing materials and supplies
for its business through an e-commerce application. Which of
the following should this manufacturer rely on to prove that
the transactions were actually made?
A. Reputation
B. Authentication
C. Encryption
D. Nonrepudiation | | 1 |
| In which of the following network configurations would
problem resolution be the easiest?
A. Bus
B. Ring
C.Star
D. Mesh | | 1 |
| Data edits are an example of:
A. preventive controls.
B. detective controls.
C. corrective controls.
D. compensating controls. | | 1 |
| A digital signature contains a message digest to:
A. show if the message has been altered after transmission.
B. define the encryption algorithm.
C. confirm the identity of the originator.
D. enable message transmission in a digital format. | | 1 |
| The BEST method of proving the accuracy of a system tax
calculation is by:
A. detailed visual review and analysis of the source code of
the calculation programs.
B. recreating program logic using generalized audit software
to calculate monthly totals.
C. preparing simulated transactions for processing and
comparing the results to predetermined results.
D. automatic flowcharting and analysis of the source code of
the calculation programs. | | 1 |
| The most likely error to occur when implementing a firewall is:
A. incorrectly configuring the access lists.
B. compromising the passwords due to social engineering.
C. connecting a modem to the computers in the network.
D. inadequately protecting the network and server from virus
attacks. | | 1 |
| As updates to an online order entry system are processed,
the updates are recorded on a transaction tape and a
hard-copy transaction log. At the end of the day, the order
entry files are backed up on tape. During the backup
procedure, a drive malfunctions and the order entry files
are lost. Which of the following are necessary to restore
these files?
A. The previous day's backup file and the current
transaction tape
B. The previous day's transaction file and the current
transaction tape
C. The current transaction tape and the current hard-copy
transaction log
D. The current hard-copy transaction log and the previous
day's transaction file | | 1 |
| |
| For more CISA Certification Interview Questions Click Here |
Site Map