IIA-CIA-Part3 Practice Exam Questions with Answers Business Knowledge for Internal Auditing Certification

Lawfulness.

Consideration.

Agreement.

Discharge

Warm site recovery plan.

Hot site recovery plan.

Cool site recovery plan.

Cold site recovery plan.

Export strategy.

Transnational strategy

Multi-domestic strategy

Globalization strategy

Management by objectives is most helpful in organizations that have rapid changes.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

Management by objectives helps organizations to keep employees motivated.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.

Approval of identity request

Access logging.

Monitoring privileged accounts

Audit of access rights

Management must ensure information storage systems are appropriately defined and processes to update critical data elements are clear.

External auditors must ensure that analytical models are periodically monitored and maintained.

The board must implement controls around data quality dimensions to ensure that they are effective.

Internal auditors must ensure the quality and security of data, with a heightened focus on the riskiest data elements.

Variable entity approach.

Control ownership.

Risk and reward.

Voting interest.

Fixed and Variable manufacturing costs are less than the special offer selling price.

The manufacturer can fulfill the order without expanding the capacities of the production facilities.

Costs related to accepting this offer can be absorbed through the sale of other products.

The manufacturer’s production facilities are currently operating at full capacity.

A revenue calculation spreadsheet supported with price and volume reports from the production department.

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions.

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantities.

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances

Transaction logs are maintained to capture a history of system processing.

System security settings require the use of strong passwords and access controls.

Failed system login attempts are recorded and analyzed to identify potential security incidents.

System servers are secured by locking mechanisms with access granted to specific individuals.

Top management does little monitoring of the decisions made at lower levels.

The decisions made at the lower levels of management are considered very important.

Decisions made at lower levels in the organizational structure are few.

Reliance is placed on top management decision making by few of the organization's departments.

Veracity, velocity, and variety.

Integrity, availability, and confidentiality.

Accessibility, accuracy, and effectiveness.

Authorization, logical access, and physical access.

Data center operations manager

Response and support team.

Database administrator,

Network administrator

It is particularly helpful to management when the organization is facing rapid change.

It is a more successful approach when adopted by mechanistic organizations.

It is mere successful when goal setting is performed not only by management, but by all team members, including lower-level staff.

It is particularly successful in environments that are prone to having poor employer-employee relations.

Whether customers are asked to renew their consent for their data processing at least quarterly.

Whether private data is processed in accordance with the purpose for which the consent was obtained?

Whether the organization has established explicit and entitywide policies on data transfer to third parties.

Whether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

Collections from customers

Sale of securities.

Purchase of trucks.

Payment of debt, including interest

Identification of achievable goals and timelines

Analysis of the competitive environment.

Plan for the procurement of resources

Plan for progress reporting and oversight.

Initiation.

Planning.

Execution.

Monitoring.

Initiation phase.

Bidding phase

Development phase

Management phase

The perpetrator is able to delete data on the network without physical access to the device.

The perpetrator is able to exploit network activities for unapproved purposes.

The perpetrator is able to take over control of data communication in transit and replace traffic.

The perpetrator is able to disable default security controls and introduce additional vulnerabilities

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

Review the password length, frequency of change, and list of users for the workstation's login process.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

Clothing company designs, makes, and sells a new item.

A commercial construction company is hired to build a warehouse.

A city department sets up a new firefighter training program.

A manufacturing organization acquires component parts from a contracted vendor

Cash payback

Annual rate of return

Incremental analysis

Net present value

Motion detectors.

Key card access to the facility.

Security cameras.

Monitoring access to data center workstations

Lack of coordination among different business units

Operational decisions are inconsistent with organizational goals

Suboptimal decision making

Duplication of business activities

HTTP sites provide sufficient security to protect customers' credit card information.

Web servers store credit cardholders' information submitted for payment.

Database servers send cardholders’ information for authorization in clear text.

Payment gatewaysauthorizecredit cardonlinepayments.

A value-added network.

A local area network.

A metropolitan area network.

A wide area network.

A router operates at layer two. while a switch operates at layer three of the open systems interconnection model.

A router transmits data through frames, while a switch sends data through packets.

A router connects networks, while a switch connects devices within a network.

A router uses a media access control address during the transmission of data, whie a switch uses an internet protocol address.

To protect the effective performance of IT general and application controls.

To regulate users' behavior it the web and cloud environment.

To prevent unauthorized access to information assets.

To secure application of protocols and authorization routines.

Debit indicates the right side of an account and credit the left side

Debit means an increase in an account and credit means a decrease.

Credit indicates the right side of an account and debit the left side.

Credit means an increase in an account and debit means a decrease

The company's code of ethics.

The third-party management risk register.

The signed service-level agreement.

The subcontractors' annual satisfaction survey.

It should be reported as an administrative expense on the income statement.

It should be reported as period cost other than a product cost on the management accounts

It should be reported as cost of goods sold on the income statement.

It should be reported on the balance sheet as part of inventory.

Customers can access and update personal information when needed.

The organization retains customers' personal information indefinitely.

Customers reserve the right to reject sharing personal information with third parties.

The organization performs regular maintenance on customers' personal information.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences

Communication conflicts

Slower decision making.

Loss of economies of scale

Vulnerabilities in sharing knowledge

Use of a central processing unit

Use of a database management system

Use of a local area network

Use of electronic data Interchange

Users can only see certain screens in the system.

Users are making frequent password change requests.

Users Input Incorrect passwords and get denied system access

Users are all permitted uniform access to the system.

Reviewing the customer's wire activity to determine whether the request is typical.

Calling the customer at the phone number on record to validate the request.

Replying to the customer via email to validate the sender and request.

Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.

$100.000

$200,000

$275,000

$500,000

Infrastructure as a Service (laaS).

Platform as a Service (PaaS).

Enterprise as a Service (EaaS).

Software as a Service (SaaS).

That those employees who do not consent to MDM software cannot have an email account.

That personal data on the device cannot be accessed and deleted by system administrators.

That monitoring of employees' online activities is conducted in a covert way to avoid upsetting them.

That employee consent includes appropriate waivers regarding potential breaches to their privacy.

Application program code.

Database system.

Operating system.

Networks.

Cash payback technique

Annual rate of return technique.

Internal rate of return method.

Net present value method.

The cash dividends received increase the investee investment account accordingly.

The investee must adjust the investment account by the ownership interest

The investment account is adjusted downward by the percentage of ownership.

The investee must record the cash dividends as dividend revenue

The auditor is normalizing data in preparation for analyzing it.

The auditor is analyzing the data in preparation for communicating the results,

The auditor is cleaning the data in preparation for determining which processes may be involves .

The auditor is reviewing trio data prior to defining the question