Certified Information Systems Auditor (CISA) Interview Questions

As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following are necessary to restore these files?
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:
Which of the following types of testing would determine whether a new or modified system can operate in its target environment without adversely impacting other existing systems?
Which of the following risks could result from inadequate software baselining?
A programmer, using firecall IDs, as provided in the manufactures manual, gained access to the production environment and made an unauthorized change. Which of the following could have prevented this from happening?
Which of the following is a dynamic analysis tool for the purpose of testing software modules?
Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by:
A retail company recently installed data warehousing client software at geographically diverse sites. Due to time zone differences between the sites, updates to the warehouse are not synchronized. Which of the following will be affected the MOST?
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?
Which of the following represents the GREATEST potential risk in an EDI environment?
Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by:
The PRIMARY advantage of a continuous audit approach is that it:
Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
IT control objectives are useful to IS auditors, as they provide the basis for understanding the:
In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether:
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?
An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses wireless transport layer security (WTLS) and secure socket layers (SSL) technology for protecting their customers payment information. The IS auditor should be MOST concerned, if a hacker:
An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?
Which of the following cryptography options would increase overhead/cost?
Which of the following acts as a decoy to detect active Internet attacks?
Which of the following is the MOST effective control when granting temporary access to vendors?
A certifying authority (CA) can delegate the processes of:
An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?
To develop a successful business continuity plan, end-user involvement is critical during which of the following phases?