IIA-CIA-Part3 Practice Test Questions

333 Questions


Which of the following best describes a potential benefit of using data analyses?


A. It easily aligns with existing internal audit competencies to reduce expenses


B. It provides a more holistic view of the audited area.


C. Its outcomes can be easily interpreted into audit: conclusions.


D. Its application increases internal auditors' adherence to the Standards





C.   Its outcomes can be easily interpreted into audit: conclusions.

The budgeted cost of work performed is a metric best used to measure which project management activity?


A. Resource planning


B. Cost estimating


C. Cost budgeting


D. Cost control





D.   Cost control

An internal auditor for a pharmaceutical company as planning a cybersecurity audit and conducting a risk assessment. Which of the following would be considered the most significant cyber threat to the organization?


A. Cybercriminals hacking into the organization's time and expense system to collect employee personal data.


B. Hackers breaching the organization's network to access research and development reports


C. A denial-of-service attack that prevents access to the organization's website


D. A hacker accessing she financial information of the company





B.   Hackers breaching the organization's network to access research and development reports

Which of the following is the best example of a compliance risk that Is likely to arise when adopting a bring-your-own-device (BYOD) policy?


A. The risk that users try to bypass controls and do not install required software updates


B. The risk that smart devices can be lost or stolen due to their mobile nature.


C. The risk that an organization intrusively monitors personal Information stored on smart devices.


D. The risk that proprietary information is not deleted from the device when an employee leaves.





D.   The risk that proprietary information is not deleted from the device when an employee leaves.

Which of the following is a sound network configuration practice to enhance information security?


A. Change management practices to ensure operating system patch documentation is retained.


B. User role requirements are documented in accordance with appropriate application-level control needs.


C. Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.


D. Interfaces reinforce segregation of duties between operations administration and database development.





C.   Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

Which of the following security controls would be me most effective in preventing security breaches?


A. Approval of identity request


B. Access logging


C. Monitoring privileged accounts


D. Audit of access rights





D.   Audit of access rights

Which of the following common quantitative techniques used in capital budgeting is best associated with the use of a table that describes the present value of an annuity?


A. Cash payback technique.


B. Discounted cash flow technique: net present value


C. Annual rate of return


D. Discounted cash flow technique: internal rate of return.





B.   Discounted cash flow technique: net present value

Which of the following would be a concern related to the authorization controls utilized for a system?


A. Users can only see certain screens in the system.


B. Users are making frequent password change requests


C. Users Input Incorrect passwords and get denied system access


D. Users are all permitted uniform access to the system





A.   Users can only see certain screens in the system.

An organization has decided to allow its managers to use their own smart phones at work. With this change, which of the following is most important to Include In the IT department's comprehensive policies and procedures?


A. Required documentation of process for discontinuing use of the devices


B. Required removal of personal pictures and contacts.


C. Required documentation of expiration of contract with service provider


D. Required sign-off on conflict of interest statement





A.   Required documentation of process for discontinuing use of the devices

Which of the following parties is most likely to be responsible for maintaining the infrastructure required to prevent the failure of a real-time backup of a database?


A. IT database administrator.


B. IT data center manager


C. IT help desk function


D. IT network administrator





B.   IT data center manager

Focus An organization has decided to have all employees work from home. Which of the following network types would securely enable this approach?


A. A wireless local area network (WLAN ).


B. A personal area network (PAN).


C. A wide area network (WAN).


D. A virtual private network (VPN)





D.   A virtual private network (VPN)

Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?


A. Clothing company designs, makes, and sells a new item.


B. A commercial construction company is hired to build a warehouse.


C. A city department sets up a new firefighter training program.


D. A manufacturing organization acquires component parts from a contracted vendor





B.   A commercial construction company is hired to build a warehouse.


Page 1 out of 28 Pages