Fatskills
Practice. Master. Repeat.
Study Guide: All The Useful CISA Interview Questions & Answers
Source: https://www.fatskills.com/cisa-certified-information-systems-auditor/chapter/all-the-useful-cisa-interview-questions-answers

All The Useful CISA Interview Questions & Answers

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~5 min read

Question 1. What Is An Rfc?
A request for change (RFC) is a process that sets up authorization for changes to the system. The CISA auditor must be able to identify and respond when changes could harm the security of the network. The RFC keeps track of any current and former changes to a system.

Question 2. What Are Some Pitfalls Of Virtualized Systems?
Working in the cloud gives people the advantage of working anywhere, but virtualization also leaves people open to security hacks such as man in the middle, keyloggers that steal passwords, and hackers that gain access to the main account where data is stored.

Question 3. What Is Change Management?
Change management is usually a group of people who are in charge of identify the risk and impact of system changes. The CISA will be responsible for identifying risks of changes that affect security.

Question 4. What Happens When A Change Damages A System Or Doesn’t Roll Out As Planned?
The CISA and other change management personnel are responsible for calling a rollback. All changes should have a rollback plan in case something goes wrong with the deployment.

Question 5. What Types Of Processes Can You Add To Deployment Plans To Help Security?
Have developers document each change. Have developers fill out forms that identify each change and document which systems are being changed during the deployment plan.

Question 6. What Are Some Security Systems In Place To Protect From Unauthorized Traffic?
Firewalls protect the internal network at the router or server level. Antivirus software stops virus software from installing, and penetration testing systems run scripts to identify any potential threats to the network.

Question 7. What Is The Purpose Of A Cisa Audit Trail?
Audit trails allow you and the company to track systems that have sensitive information. Audit trails are mainly used to track which user accessed data and track the time the data was accessed. These trails can help companies identify improper use of private data.

Question 8. What Are Some Ways That Companies Can Lose Data?
Hackers and malware are the two primary reasons. Other reasons include unhappy or dishonest employees, accidental data leaks, or stolen property such as laptops.

Question 9. What Is The Standard Protocol Of The Internet?
The TCP/IP protocol is used by the Internet and most internal networks.

Question 10. How Can A Cisa Auditor Get A Better Idea Of How The System Works?
Talk to management, read documents, watch processes performed by other employees and read system logs and data.

Question 11. What is a BIA and what is it used for?
The Business Impact Analysis, which is useful in creating the Business Continuity Plan.

Question 12. In evaluating the use of a biometric system in an environment that has high security requirements, what is an item that is important to consider?
The false-acceptance rate.

Question 13. Which control should be implemented when granting account access to third-party vendors?
Creating a temporary account that has a set expiration date and limited access.

Question 14. Describe a honeypot
A security device used to deflect unauthorized access by creating an enticing trap containing data that appears legitimate.

Question 15. What is a disadvantage of using long asymmetric encryption keys?
Even though asymmetric encryption technology is generally more secure, it is a slower method and increases the overhead costs.

Question 16. You’re an auditor evaluating the network of a company that provides wireless access for a fee, requiring them to process financial data. The company’s wireless network connection has implemented the use of SSL and WTLS. What is one of the top concerns?
That a hacker may compromise the WAP gateway.

Question 17. When an auditor evaluates an IT system, what user features should be evaluated?
The auditor should ensure all users have access to system documentation and user guides.

Question 18. Auditors are used to review security controls and policy. What are the pitfalls of inadequate control implementation and policy definitions?
Giving users unauthorized accesses, increasing the likelihood of a breach, improper load balancing or other poor network configurations can cause bottlenecked or degraded performance, data exfiltration, or noncompliance.

Question 19. What are other benefits to having continuous auditing?
It improves the overall security posture of an organization.

Question 20. What is the BCP?
The Business Continuity Plan (BCP)
is the written organizational policy used in incident response. In writing the BCP, the Business Impact Analysis is analyzed and a risk assessment is performed to determine potential risks to the organization and the best way to mitigate those risks based on the company’s needs.

Question 21. What is sociability testing?
A type of test performed to determine if an application is working as expected in a specified environment.

Question 22. Name two types of backup methods used for remote backup sites
Shadow file processing and electronic vaulting.

Question 23. What is the CA used for? And what processes can it delegate?
The CA is the certificate authority in PKI technology. It issues the certificates. The CA is able to delegate the process of establishing a link between the requesting entity and its public key.

Question 24. What is the purpose of network encryption?
To protect the confidentiality of information that passes through the network.

Question 25. When you find a flaw in the system while performing an audit, what is the best response?
Auditors do not fix system flaws, they are noted in the final report and submitted to the system owners for their review. It is their duty to determine what to do concerning the flaw.
 



ADVERTISEMENT