3/27/22, 2:16 PM IT Auditor interview questions - Infosec Resources

Boot camps & training Awareness & anti-phishing Community

Certifications / ISACA CISA / IT Audit or int erview quest ions

ISACA CISA

IT Auditor interview
questions
October 19, 2017 by T yra Appleby Share: Enroll in a CISA Boot
Camp and earn one of the
industry’s most
respected certifications
IT auditors are responsible for performing independent verifications of
— guaranteed.
an organization’s security posture. T hese positions can have many name
variations on job boards, including: information technology auditor, IT
compliance analyst, internal auditor, CISA or business analyst. Live expert CISA
instruction
Exam Pass Guarantee
CISA exam voucher

GET PRICING

CISA - Exam Pass Guarantee

Learn about the course and Infosec's
guarantees In t his Series

Get Instant Pricing IT Audit or int erview quest ions

Averag e CISA salary [updat ed 2021]

10 t ips f or CISA exam success

IT auditor positions exist in almost every industry, with salaries ranging
[updat ed 2019]
from $50,000 to $175,000 depending on industry, company size and years
of experience. T o succeed in this role, you must understand networking, Cert if ied Inf ormat ion Syst em
Audit or (CISA) domain(s) overview
architecture, software and hardware deployment and integration, as well & exam mat erial [Updat ed 2019]
as security controls.
Job Out look f or CISA Prof essionals
[Updat ed 2019]
In the following list, we compiled 16 IT auditor interview questions to
help you prepare for your next interview. Cert if ied Inf ormat ion Syst ems
Audit or (CISA): Exam Det ails and
Processes [Updat ed 2019]
Describe t ools t hat can be used t o assess t he securit y post ure of


Maint aining your CISA

an ent erprise or company archit ect ure. cert if icat ion: Renewal
requirement s [Updat ed 2019]

Describe tools used in both Linux and Windows environments. T hese How t o become CISA cert if ied –
include: nmap, ping, traceroute, nslookup and scanners such as Nessus Cert if icat ion requirement s
[U d t d 2019]
and Wireshark. John the Ripper can be used to detect weak passwords,
and any of the current virus scanners can be used to detect viruses on the
Relat ed Boot camps
system: ClamAV, McAfee and Symantec are some of the most popular.

ISACA CISA
https://resources.infosecinstitute.com/certification/it-auditor-interview-questions/ 1/6
3/27/22, 2:16 PM IT Auditor interview questions - Infosec Resources

Describe t he purpose of ACL soft ware. ISACA CISM



ISACA CRISC
ACL is access control list software, such as Microsoft’s Active Directory, ISACA CGEIT
that is used to control a user’s accesses to system services, directories or ISACA CDPSE
other components.
COBIT

What do you know about t he company?



T his is not a technical question but is often used to see your capability to
perform research. Visit the company’s webpage and LinkedIn page to
learn as much information you can. Google recent press releases or news
stories that relate to the company. Make sure you can state what the
company’s mission and vision are, and how long they have been in
business. If you were able to go a few steps further and find out
information about their architecture structure, share that as well.
Join the quest for

How do you keep up wit h current indust ry t rends? new sk ills!

T his is a personal question. Mention any technical magazines and Get hands-on
newsletters you subscribe to. If you are in school, mention things you’ve experience
learned that are relevant. Use this question to illustrate your passion for Win over $1,000 in
the industry. prizes
New challenges every
What are your st rong point s?


month

T his is a frequently asked, non-technical question. Make sure you review JOIN MONT HLY
the requirements for the job and tailorCISA
your -answer
Exam to show
Pass how your
Guarantee CHALLENGE
strong points are a fit for the company and the position.
Learn about the course and Infosec's
guarantees
What is t he difference bet ween audit ing in a Windows and Linux


environment ? Get Instant Pricing

A lot of tools used in Windows are more automated, or launched through

a GUI. In Linux, you have to use the command line more often. An audit
policy in Windows is created through the GPO and distributed through
the domain controller. In Linux, it is normally done through the
/etc/audit.rules files and through use of the audited service. Because of
these differences in how the system pulls information for audit logs, the
controls for the two environments are different as well. In a Linux
environment, the ability to use a GRUB password to log into the system in
single-user mode is a feature an auditor would not need to review in a
Windows environment. T he overall file structure is different, so it is
important to understand /etc, /var, /home, /opt /usr and the /tmp
directories.

What is t he purpose of net work encrypt ion?



T o protect data from unauthorized access (which is its confidentiality).

What are t he big g est flaws in using Cloud-based applicat ions?



https://resources.infosecinstitute.com/certification/it-auditor-interview-questions/ 2/6
3/27/22, 2:16 PM IT Auditor interview questions - Infosec Resources

T he security issues related to cloud security are heavily debated, but

having information available to the public via Cloud services creates a
larger threat landscape.

If you find a defect or bug in an applicat ion, do you t ry t o fix it



yourself?

No. T he best option is to bring it to the attention of the engineering

team as well as the system owners. T he issue can also be documented in
the final report.

What is t he benefit of an IT audit for an org anizat ion?



IT audits help identify flaws and vulnerabilities in the system

architecture, which gives the organization useful information to further
harden their systems.

What is t he difference bet ween an int ernal and ext ernal audit ?


An internal audit is performed by employees of the company. External

audits are performed by members of an outside firm. Some industries
require an external audit in order to be compliant with industry
regulations.

How do you perform a risk assessment ?



Risk assessments can vary based on industry.

CISA - Some
Examindustries have pre-
Pass Guarantee
written risk assessment methodologiesLearn
thatabout
an auditor is obligated
the course to
and Infosec's
use. But the point of every risk assessment is to use available tools or
guarantees
methodologies to identify the vulnerabilities specific to the organization
being evaluated, and create a strategy to remediate the vulnerabilities.
Get Instant Pricing

Can you describe some of t he vulnerabilit ies list ed on t he OWASP



T op 10 Vulnerabilit ies list ?

T his list is updated yearly with the current top 10 application security
risks. Cross-site scripting is one item that has been on the list year after
year. But others on the most current list include injections such as SQL,
OS and LDAP, security misconfigurations, sensitive data exposure and
under-protected APIs.

N OT E: You can memorize the entire list, but most interviewers want to
know you are at least familiar with the list.

What are t he differences bet ween C and C++?



C is a procedural-only language and does not support the use of classes

and object. C++ is object-oriented.

How do you handle t oug h sit uat ions? Or, if a client was being


difficult and refused t o provide you wit h needed informat ion, how
https://resources.infosecinstitute.com/certification/it-auditor-interview-questions/ 3/6
3/27/22, 2:16 PM IT Auditor interview questions - Infosec Resources

would you handle t his?

T his is a great opportunity to share a personal experience where you

handled a difficult situation. IT auditors are not the favorite employees in
the industry. T hey can make life harder for other IT team members. With
that in mind, this question gives you the opportunity to showcase your
ability to defuse a potentially hostile situation. If you have never had this
experience, you can discuss methods you would use to deal with a hostile
person.

If you were asked t o help implement a new t ool, e.g ., a new



SharePoint sit e, what quest ions would you ask?

What is the business purpose and/or objective? What problem are you
trying to solve? Who will need to have access? T hese are three questions
an organization should ask before making major IT changes.

CISA - Exam Pass Guarantee

Learn about the course and Infosec's
guarantees

Conclusion Get Instant Pricing

Being able to answer these and related questions will boost your odds of
being selected for an IT auditor position. At the end of the interview, you
will likely be asked if you have questions for them. Always have questions
prepared. It shows you are truly interested in the job. For example:

What are your expectations for my first 90 days?



What is the synergy like with the team I will be supporting?



What types of things can I do to contribute to the culture of the



company?

Questions like this will show you are a team player who is focused on
making continued contributions to the organization.

Posted: October 19, 2017 Share:

Author
VIEW PROFILE
https://resources.infosecinstitute.com/certification/it-auditor-interview-questions/ 4/6
3/27/22, 2:16 PM IT Auditor interview questions - Infosec Resources
VIEW PROFILE
Tyra Appleby
Tyra Appleby is a CISSP certified lover of all things cybersecurity. After serving 4 years in the
Navy as a Cryptologic Technician, she continued supporting various DoD and government
agencies as a Systems Security Engineer. She has a passion for writing and research,
particularly in the areas of Reverse Engineering and Digital Forensics. When she’s not working,
you can find her at the beach with her Rottweiler Ava.

Leave a Reply
Your email address will not be published. Required fields are marked *
Comment *

Name *

Email *

Websit e

Post Comment

CISA - Exam Pass Guarantee

Learn about the course and Infosec's
Related Articles
guarantees

Get Instant Pricing

ISACA CISA ISACA CISA ISACA CISA

Average CISA salary 10 tips for CISA exam Certified Information

[updated 2021] success [updated System Auditor (CISA)
2019] domain(s) overview &
exam material
[Updated 2019]
Author Image December 16, 2020 Author Image July 11, 2019 Author Image July 11, 2019
Inf osec Claudio Dodt Claudio Dodt

https://resources.infosecinstitute.com/certification/it-auditor-interview-questions/ 5/6
3/27/22, 2:16 PM IT Auditor interview questions - Infosec Resources

ISACA CISA

Job Outlook for CISA

Professionals
[Updated 2019]
Author Image July 11, 2019
Hannah Georg e

T opics Cert if icat ions Careers Company

Hacking CISSP IT auditor Contact us
Penetration testing CCSP Cybersecurity architect About Infosec
Cyber ranges CGEIT Cybercrime investigator Work at Infosec
Capture the flag CEH Penetration tester Newsroom
Malware analysis CCNA Cybersecurity consultant Partner program
Professional development CISA CISA - Exam Pass Guarantee
Cybersecurity analyst
General security CISM Cybersecurity
Learn about the course engineer
and Infosec's
News CRISC guarantees Cybersecurity engineer
Security awareness A+ Incident responder
Phishing Network+ Information
Get Instant Pricing security auditor
Management, compliance & Security+ Information security manager
auditing CASP+ View all careers
Digital forensics PMP
Threat intelligence CySA+
DoD 8570 CMMC
View all topics Microsoft Azure
View all certifications

Newslet t er
Get the latest news, updates and offers straight to your inbox.

Enter your email address...

Subscribe

©2022 Infosec Institute, Inc. Trademarks Privacy Policy

Infosec, part of Cengage Group

https://resources.infosecinstitute.com/certification/it-auditor-interview-questions/ 6/6