The certified information systems auditor (CISA) exam tests you on your knowledge of security and control of IT systems. Once you take this exam, your opportunities will open in the world of information technology and security. Most CISA certification applicants later apply to jobs in the security field. Security interviews can be stressful and have many questions that the interviewer can use to filter out applicants. Here are some of the questions you might be asked when you interview for a position in the information technology security field.
- What is an RFC?
A: A request for change (RFC) is a process that sets up authorization for changes to the system. The CISA auditor must be able to identify and respond when changes could harm the security of the network. The RFC keeps track of any current and former changes to a system.
- What are some pitfalls of virtualized systems?
A: Working in the cloud gives people the advantage of working anywhere, but virtualization also leaves people open to security hacks such as man in the middle, keyloggers that steal passwords, and hackers that gain access to the main account where data is stored.
- What is change management?
A: Change management is usually a group of people who are in charge of identify the risk and impact of system changes. The CISA will be responsible for identifying risks of changes that affect security.
- What happens when a change damages a system or doesn’t roll out as planned?
A: The CISA and other change management personnel are responsible for calling a rollback. All changes should have a rollback plan in case something goes wrong with the deployment.
- What types of processes can you add to deployment plans to help security?
A: Have developers document each change. Have developers fill out forms that identify each change and document which systems are being changed during the deployment plan.
- What are some security systems in place to protect from unauthorized traffic?
A: Firewalls protect the internal network at the router or server level. Antivirus software stops virus software from installing, and penetration testing systems run scripts to identify any potential threats to the network.
- What is the purpose of a CISA audit trail?
A: Audit trails allow you and the company to track systems that have sensitive information. Audit trails are mainly used to track which user accessed data and track the time the data was accessed. These trails can help companies identify improper use of private data.
- What are some ways that companies can lose data?
A: Hackers and malware are the two primary reasons. Other reasons include unhappy or dishonest employees, accidental data leaks, or stolen property such as laptops.
- What is the standard protocol of the Internet?
A: The TCP/IP protocol is used by the Internet and most internal networks.
- How can a CISA auditor get a better idea of how the system works?
A: Talk to management, read documents, watch processes performed by other employees and read system logs and data.
Have you been having trouble setting yourself apart from other candidates in your auditing interviews? If so, you should earning the CISA to set yourself apart from the crowd. Fill out the form below for a course syllabus and pricing information on our instructor lead, live online and self paced training options.
CISA Instant Pricing- InfoSec