IIA-CIA-Part3 Practice Test Questions

333 Questions


Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organizations systems?


A. Boundary defense


B. Malware defense.


C. Penetration tests


D. Wireless access controls





C.   Penetration tests

Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?


A. Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.


B. Review the password length, frequency of change, and list of users for the workstation's login process.


C. Review the list of people who attempted to access the workstation and failed, as well as error messages.


D. Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity





B.   Review the password length, frequency of change, and list of users for the workstation's login process.

According to IIA guidance, which of the following statements is true regarding penetration testing?


A. Testing should not be announced to anyone within the organization to solicit a real-life response.


B. Testing should take place during heavy operational time periods to test system resilience.


C. Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.


D. Testing should address the preventive controls and management's response.





B.   Testing should take place during heavy operational time periods to test system resilience.

What is the primary risk associated with an organization adopting a decentralized structure?


A. Inability to adapt.


B. Greater costs of control function.


C. Inconsistency in decision making.


D. Lack of resilience.





C.   Inconsistency in decision making.

According to IIA guidance, which of the following is an IT project success factor?


A. Streamlined decision-making, rather than building consensus among users.


B. Consideration of the facts, rather than consideration of the emotions displayed by project stakeholders.


C. Focus on flexibility and adaptability, rather than use of a formal methodology.


D. Inclusion of critical features, rather than inclusion of an array of supplementary features.





B.   Consideration of the facts, rather than consideration of the emotions displayed by project stakeholders.

Which of the following scenarios indicates an effective use of financial leverage?


A. An organisation has a rate of return on equity of 20% and a rate of return on assets of 15%.


B. An organization has a current ratio of 2 and an inventory turnover of 12.


C. An organization has a debt to total assets ratio of 0.2 and an interest coverage ratio of 10.


D. An organization has a profit margin of 30% and an assets turnover of 7%.





B.   An organization has a current ratio of 2 and an inventory turnover of 12.

An organization suffered significant damage to its local: file and application servers as a result of a hurricane. Fortunately, the organization was able to recover all information backed up by its overseas third-party contractor. Which of the following approaches has been used by the organization?


A. Application management


B. Data center management


C. Managed security services


D. Systems integration





C.   Managed security services

Which of the following best describes the primary objective of cybersecurity?


A. To protect the effective performance of IT general and application controls.


B. To regulate users' behavior it the web and cloud environment.


C. To prevent unauthorized access to information assets.


D. To secure application of protocols and authorization routines.





B.   To regulate users' behavior it the web and cloud environment.

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?


A. Determining the frequency with which backups will be performed.


B. Prioritizing the order in which business systems would be restored.


C. Assigning who in the IT department would be involved in the recovery procedures.


D. Assessing the resources needed to meet the data recovery objectives.





B.   Prioritizing the order in which business systems would be restored.

Which of the following is on example of a smart device security control intended to prevent unauthorized users from gaining access to a device's data or applications?


A. Anti-malware software


B. Authentication


C. Spyware


D. Rooting





B.   Authentication

An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?


A. The auditor is normalizing data in preparation for analyzing it.


B. The auditor is analyzing the data in preparation for communicating the results,


C. The auditor is cleaning the data in preparation for determining which processes may be involves .


D. The auditor is reviewing trio data prior to defining the question





A.   The auditor is normalizing data in preparation for analyzing it.

An organization with a stable rating, as assessed by International rating agencies, has issued a bond not backed by assets or collateral. Payments of the interests and the principal to bondholders are guaranteed by the organization. Which type of bond did the organization issue?


A. A sinking fund bond.


B. A secured bond.


C. A junk bond.


D. A junk bond.





D.   A junk bond.


Page 6 out of 28 Pages
Previous