Frequently Asked Interview Questions-IT Audit Profile





Sr.No.Frequently Asked Interview Questions
1What are the most important three objectives of conducting IT Audit ? (Confidentiality/Integrity/Availability)
2What measurements would you take to protect an internal network from external threats?
3How you distinguish between a router and a firewall ?
4What is the difference between symmetric and asymmetric encryption ?
5How you will secure a wireless network ?
6How you distinguish between traditional audit & IS audit ?
7What policies would you create to ensure our employees properly use technological resources?
8How you distinguish between encryption & digital signature ?
9For data confidentiality what would suggest to use. Encryption or Digital Signature ?
10What is the objective of using digital signature ?
11How you distinguish between compliance testing and substantive testing?
12What are the biggest flaws of cloud applications?
13What kinds of internal systems do you audit more frequently? Why?
14What’s your biggest challenge explaining technical details to a non-technical audience? Why?
15What’s the purpose of network encryption?
16Are you familiar with server virtualization? Tell us about any experience you have using tools like VMware or VirtualBox.
17What resources do you use to keep up-to-date with IT trends (e.g. forums, websites and books?)
18Have you ever worked in a stressful environment where you had to audit various IT systems on tight deadlines? If so, how did you work under deadlines while also meeting quality standards?
19How have you helped improve a system’s efficiency in your current or previous position?
20How you manage outsourcing risk ?
21What methods you prefer for increasing user awareness about information security?
22What is a virtualized environment?
23List few of the checkpoints for audit of SDLC.
24List few of the checkpoints for audit of logical access controls.
25List few of the checkpoints for audit of physical controls.
26What is the difference between Inherent Risk & Residual Risk?
27List few contents of the Acceptable Usage Policy ?
28List few checkpoints for the audit of Email Usage & Management ?
29What is two factor authorization ?
30What are the risk involved in biometrics authorisation ?