IIA-CIA-Part3 Practice Test Questions

333 Questions


When determining the level of physical controls required for a workstation, which of the following factors should be considered?


A. Ease of use.


B. Value to the business.


C. Intrusion prevention.


D. Ergonomic model.





B.   Value to the business.

An internal auditor is reviewing results from software development integration testing. What is the purpose of integration testing?


A. To verify that the application meets stated user requirements.


B. To verify that standalone programs match code specifications


C. To verify that the application would work appropriately for the intended number of users.


D. To verify that all software and hardware components work together as intended





C.   To verify that the application would work appropriately for the intended number of users.

A multinational organization allows its employees to access work email via personal smart devices. However, users are required to consent to the installation of mobile device management (MDM) software that will remotely wipe data in case of theft or other incidents. Which of the following should the organization ensure in exchange for the employees' consent?


A. That those employees who do not consent to MDM software cannot have an email account.


B. That personal data on the device cannot be accessed and deleted by system administrators.


C. That monitoring of employees' online activities is conducted in a covert way to avoid upsetting them


D. That employee consent includes appropriate waivers regarding potential breaches to their privacy





B.   That personal data on the device cannot be accessed and deleted by system administrators.

Which of the following is most appropriately placed in the financing section of an organization's cash budget?


A. Collections from customers


B. Sale of securities.


C. Purchase of trucks.


D. Payment of debt, including interest





D.   Payment of debt, including interest

According to The IIA's Three Lines Model, which of the following IT security activities is commonly shared by all three lines?


A. Assessments of third parties and suppliers.


B. Recruitment and retention of certified IT talent.


C. Classification of data and design of access privileges.


D. Creation and maintenance of secure network and device configuration.





C.   Classification of data and design of access privileges.

An organization that soils products to a foreign subsidiary wants to charge a price that wilt decrease import tariffs. Which of the following is the best course of action for the organization?


A. Decrease the transfer price


B. Increase the transfer price


C. Charge at the arm's length price


D. Charge at the optimal transfer price





A.   Decrease the transfer price

What is the primary purpose of data and systems backup?


A. To restore all data and systems immediately after the occurrence of an incident.


B. To set the maximum allowable downtime to restore systems and data after the occurrence of an incident.


C. To set the point in time to which systems and data must be recovered after the occurrence of an incident.


D. To restore data and systems to a previous point in time after the occurrence of an incident





D.   To restore data and systems to a previous point in time after the occurrence of an incident

In accounting, which of the following statements is true regarding the terms debit and credit?


A. Debit indicates the right side of an account and credit the left side


B. Debit means an increase in an account and credit means a decrease.


C. Credit indicates the right side of an account and debit the left side.


D. Credit means an increase in an account and debit means a decrease





D.   Credit means an increase in an account and debit means a decrease

Which of the following describes a third-party network that connects an organization specifically with its trading partners?


A. Value-added network (VAN).


B. Local area network (LAN).


C. Metropolitan area network (MAN).


D. Wide area network (WAN).





A.   Value-added network (VAN).

Which of the following physical access control is most likely to be based on ’’something you have" concept?


A. A retina characteristics reader


B. A P3M code reader


C. A card-key scanner


D. A fingerprint scanner





C.   A card-key scanner

What is the primary purpose of an Integrity control?


A. To ensure data processing is complete, accurate, and authorized.


B. To ensure data being processed remains consistent and intact.


C. To ensure data being processed remains consistent and intact.


D. To ensure the output aligns with the intended result.





A.   To ensure data processing is complete, accurate, and authorized.

Which of the following situations best illustrates a "false positive" in the performance of a spam filter?


A. The spam filter removed Incoming communication that included certain keywords and domains.


B. The spam filter deleted commercial ads automatically, as they were recognized as unwanted.


C. The spam filter routed to the "junk|r folder a newsletter that appeared to include links to fake websites.


D. The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.





D.   The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.


Page 8 out of 28 Pages
Previous