Certified Information Systems Auditor (CISA) Interview Questions And Answers

Download CISA Interview Questions and Answers PDF

Prepare comprehensively for your CISA interview with our extensive list of 25 questions. Each question is crafted to challenge your understanding and proficiency in CISA. Suitable for all skill levels, these questions are essential for effective preparation. Download the free PDF to have all 25 questions at your fingertips. This resource is designed to boost your confidence and ensure you're interview-ready.

25 CISA Questions and Answers:

CISA Job Interview Questions Table of Contents:

CISA Job Interview Questions and Answers
CISA Job Interview Questions and Answers

1 :: As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following are necessary to restore these files?

1. The previous day's backup file and the current transaction tape
2. The previous day's transaction file and the current transaction tape
3. The current transaction tape and the current hard copy transaction log
4. The current hard copy transaction log and the previous day's transaction file

Answer: 1
Read More

2 :: While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:

1. shadow file processing.
2. electronic vaulting.
3. hard-disk mirroring.
4. hot-site provisioning.

Answer: 1
Read More

3 :: Which of the following types of testing would determine whether a new or modified system can operate in its target environment without adversely impacting other existing systems?

1. Parallel testing
2. Pilot testing
3. Interface/integration testing
4. Sociability testing

Answer: 4
Read More

4 :: Which of the following risks could result from inadequate software baselining?

1. Scope creep
2. Sign-off delays
3. Software integrity violations
4. Inadequate controls

Answer: 1
Read More

5 :: A programmer, using firecall IDs, as provided in the manufactures manual, gained access to the production environment and made an unauthorized change. Which of the following could have prevented this from happening?

1. Deactivation
2. Monitoring
3. Authorization
4. Resetting

Answer: 4
Read More

6 :: Which of the following is a dynamic analysis tool for the purpose of testing software modules?

1. Black box test
2. Desk checking
3. Structured walk-through
4. Design and code

Answer: 1
Read More

7 :: Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by:

1. database integrity checks.
2. validation checks.
3. input controls.
4. database commits and rollbacks.

Answer: 4
Read More

8 :: A retail company recently installed data warehousing client software at geographically diverse sites. Due to time zone differences between the sites, updates to the warehouse are not synchronized. Which of the following will be affected the MOST?

1. Data availability
2. Data completeness
3. Data redundancy
4. Data inaccuracy

Answer: 2
Read More

9 :: An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?

1. Allow changes to be made only with the DBA user account.
2. Make changes to the database after granting access to a normal user account
3. Use the DBA user account to make changes, log the changes and review the change log the following day.
4. Use the normal user account to make changes, log the changes and review the change log the following day.

Answer: 3
Read More

10 :: Which of the following represents the GREATEST potential risk in an EDI environment?

1. Transaction authorization
2. Loss or duplication of EDI transmissions
3. Transmission delay
4. Deletion or manipulation of transactions prior to or after establishment of application controls

Answer: 1
Read More

11 :: Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:

1. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings.
2. not include the finding in the final report because the audit report should include only unresolved findings.
3. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit.
4. include the finding in the closing meeting for discussion purposes only.

Answer: A
Read More

12 :: In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by:

1. the availability of CAATs.
2. management's representation.
3. organizational structure and job responsibilities.
4. the existence of internal and operational controls

Answer: D
Read More

13 :: The PRIMARY advantage of a continuous audit approach is that it:

1. does not require an IS auditor to collect evidence on system reliability while processing is taking place.
2. requires the IS auditor to review and follow up immediately on all information collected.
3. can improve system security when used in time-sharing environments that process a large number of transactions.
4. does not depend on the complexity of an organization's computer systems.

Answer: C
Read More

14 :: Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

1. User management coordination does not exist.
2. Specific user accountability cannot be established.
3. Unauthorized users may have access to originate, modify or delete data.
4. Audit recommendations may not be implemented.

Answer: C
Read More

15 :: IT control objectives are useful to IS auditors, as they provide the basis for understanding the:

1. desired result or purpose of implementing specific control procedures.
2. best IT security control practices relevant to a specific entity.
3. techniques for securing information.
4. security policy.

Answer: A
Read More

16 :: In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether:

1. there is an integration of IS and business staffs within projects.
2. there is a clear definition of the IS mission and vision.
3. there is a strategic information technology planning methodology in place.
4. the plan correlates business objectives to IS goals and objectives.

Answer: A
Read More

17 :: An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?

1. Availability of online network documentation
2. Support of terminal access to remote hosts
3. Handling file transfer between hosts and interuser communications
4. Performance management, audit and control

Answer: A
Read More

18 :: An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses wireless transport layer security (WTLS) and secure socket layers (SSL) technology for protecting their customers payment information. The IS auditor should be MOST concerned, if a hacker:

1. compromised the wireless application protocol (WAP) gateway.
2. installed a sniffing program in front of the server.
3. stole a customer's PDA.
4. listened to the wireless transmission.

Answer: A
Read More

19 :: An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

1. A secure sockets layer (SSL) has been implemented for user authentication and remote administration of the firewall.
2. On the basis of changing requirements, firewall policies are updated.
3. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted.
4. The firewall is placed on top of the commercial operating system with all installation options.

Answer: D
Read More

20 :: Which of the following cryptography options would increase overhead/cost?

1. The encryption is symmetric rather than asymmetric.
2. A long asymmetric encryption key is used.
3. The hash is encrypted rather than the message.
4. A secret key is used.

Answer: B
Read More

21 :: Which of the following acts as a decoy to detect active Internet attacks?

1. Honeypots
2. Firewalls
3. Trapdoors
4. Traffic analysis

Answer: A
Read More

22 :: Which of the following is the MOST effective control when granting temporary access to vendors?

1. Vendor access corresponds to the service level agreement (SLA).
2. User accounts are created with expiration dates and are based on services provided.
3. Administrator access is provided for a limited period.
4. User IDs are deleted when the work is completed.

Answer: B
Read More

23 :: A certifying authority (CA) can delegate the processes of:

1. revocation and suspension of a subscriber's certificate.
2. generation and distribution of the CA public key.
3. establishing a link between the requesting entity and its public key.
4. issuing and distributing subscriber certificates.

Answer: C
Read More

24 :: An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?

1. False-acceptance rate (FAR)
2. Equal-error rate (EER)
3. False-rejection rate (FRR)
4. False-identification rate (FIR)

Answer: A
Read More

25 :: To develop a successful business continuity plan, end-user involvement is critical during which of the following phases?

1. Business recovery strategy
2. Detailed plan development
3. Business impact analysis (BIA)
4. Testing and maintenance

Answer: C
Read More