Essential CISA Interview Questions & Answers:

1. To develop a successful business continuity plan, end-user involvement is critical during which of the following phases?

1. Business recovery strategy
2. Detailed plan development
3. Business impact analysis (BIA)
4. Testing and maintenance

Answer: C

2. An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?

1. False-acceptance rate (FAR)
2. Equal-error rate (EER)
3. False-rejection rate (FRR)
4. False-identification rate (FIR)

Answer: A

3. A certifying authority (CA) can delegate the processes of:

1. revocation and suspension of a subscriber's certificate.
2. generation and distribution of the CA public key.
3. establishing a link between the requesting entity and its public key.
4. issuing and distributing subscriber certificates.

Answer: C

4. Which of the following is the MOST effective control when granting temporary access to vendors?

1. Vendor access corresponds to the service level agreement (SLA).
2. User accounts are created with expiration dates and are based on services provided.
3. Administrator access is provided for a limited period.
4. User IDs are deleted when the work is completed.

Answer: B

5. Which of the following acts as a decoy to detect active Internet attacks?

1. Honeypots
2. Firewalls
3. Trapdoors
4. Traffic analysis

Answer: A

6. Which of the following cryptography options would increase overhead/cost?

1. The encryption is symmetric rather than asymmetric.
2. A long asymmetric encryption key is used.
3. The hash is encrypted rather than the message.
4. A secret key is used.

Answer: B

7. An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

1. A secure sockets layer (SSL) has been implemented for user authentication and remote administration of the firewall.
2. On the basis of changing requirements, firewall policies are updated.
3. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted.
4. The firewall is placed on top of the commercial operating system with all installation options.

Answer: D

8. An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses wireless transport layer security (WTLS) and secure socket layers (SSL) technology for protecting their customers payment information. The IS auditor should be MOST concerned, if a hacker:

1. compromised the wireless application protocol (WAP) gateway.
2. installed a sniffing program in front of the server.
3. stole a customer's PDA.
4. listened to the wireless transmission.

Answer: A

9. An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?

1. Availability of online network documentation
2. Support of terminal access to remote hosts
3. Handling file transfer between hosts and interuser communications
4. Performance management, audit and control

Answer: A

10. In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether:

1. there is an integration of IS and business staffs within projects.
2. there is a clear definition of the IS mission and vision.
3. there is a strategic information technology planning methodology in place.
4. the plan correlates business objectives to IS goals and objectives.

Answer: A