IIA-CIA-Part3 Practice Exam Questions and Answers

A.  

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.  

Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C.  

Applying administrative privileges to ensure right to access controls are appropriate.

D.  

Creating a standing cyber-security committee to identify and manage risks related to data security

A.  

Divesting product lines expected to have negative profitability.

B.  

Increasing the diversity of strategic business units.

C.  

Increasing investment in research and development for a new product.

D.  

Relocating the organization's manufacturing to another country.

A.  

Normalize the data,

B.  

Obtain the data

C.  

Identify the risks.

Analyze the data.

A.  

A star

B.  

A cash cow

C.  

A question mark

D.  

A dog

A.  

Initiation phase.

B.  

Bidding phase

C.  

Development phase

D.  

Management phase

A.  

Report identifying data that is outside of system parameters

B.  

Report identifying general ledger transactions by time and individual.

C.  

Report comparing processing results with original Input

D.  

Report confirming that the general ledger data was processed without error

A.  

The company's code of ethics.

B.  

The third-party management risk register.

C.  

The signed service-level agreement.

D.  

The subcontractors' annual satisfaction survey.

A.  

The organization's operating expenses are increasing.

B.  

The organization has adopted just-in-time inventory.

C.  

The organization is experiencing Inventory theft

D.  

The organization's inventory is overstated.

A.  

Revenues should be recognized when earned.

B.  

Revenue recognition is matched with cash.

C.  

Expense recognition is tied to revenue recognition.

D.  

Expenses are recognized at each accounting period.

A.  

Debit indicates the right side of an account and credit the left side

B.  

Debit means an increase in an account and credit means a decrease.

C.  

Credit indicates the right side of an account and debit the left side.

D.  

Credit means an increase in an account and debit means a decrease

A.  

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

B.  

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

C.  

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

D.  

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

A.  

Analysis of the full population of existing data.

B.  

Verification of the completeness and integrity of existing data.

C.  

Continuous monitoring on a repetitive basis.

D.  

Analysis of the databases of partners, such as suppliers.

A.  

Measure product performance against an established standard.

B.  

Develop standard methods for performing established activities.

C.  

Require the grouping of activities under a single manager.

D.  

Assign each employee a reasonable workload.

A.  

Lower costs.

B.  

Slower decision making at the senior executive level.

C.  

Limited creative freedom in lower-level managers.

D.  

Senior-level executives more focused on short-term, routine decision making

A.  

It explains the assumption mat both costs and revenues are linear through the relevant range

B.  

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.  

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.  

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

A.  

Capital investment and not marketing

B.  

Marketing and not capital investment

C.  

Efficiency and not input economy

D.  

Effectiveness and not efficiency

A.  

Cost of sales and net income are understated.

B.  

Cost of sales and net income are overstated.

C.  

Cost of sales is understated and not income is overstated.

D.  

Cost of sales is overstated and net Income is understated.

A.  

Less use of policies and procedures.

B.  

Less organizational commitment by employees.

C.  

Less emphasis on extrinsic rewards.

D.  

Less employee’s turnover.

A.  

Motion detectors.

B.  

Key card access to the facility.

C.  

Security cameras.

D.  

Monitoring access to data center workstations

A.  

Project portfolio.

B.  

Project development

C.  

Project governance.

D.  

Project management methodologies

A.  

Operating system

B.  

Control environment

C.  

Network.

D.  

Application program code

A.  

Access to personally identifiable information is limited to those who need It to perform their job.

B.  

Confidential data must be backed up and recoverable within a 24-hour period.

C.  

Updates to systems containing sensitive data must be approved before being moved to production.

D.  

A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods

A.  

Cash payback

B.  

Annual rate of return

C.  

Incremental analysis

D.  

Net present value

A.  

Higher cash flow and treasury balances.

B.  

Higher inventory balances

C.  

Higher accounts receivable.

D.  

Higher accounts payable

A.  

Controls to ensure data is unable to be accessed without authorization.

B.  

Controls to calculate batch totals to identify an error before approval.

C.  

Controls to encrypt the data so that corruption is likely ineffective.

D.  

Controls to quickly identify malicious intrusion attempts.

A.  

Income statement accounts.

B.  

Balance sheet accounts.

C.  

Permanent accounts.

D.  

Real accounts.

A.  

When there's a dispute between the contracting parties

B.  

When ail contractual obligations have been discharged.

C.  

When there is a force majenre.

D.  

When the termination clause is enacted.

A.  

Testing should not be announced to anyone within the organization to solicit a real-life response.

B.  

Testing should take place during heavy operational time periods to test system resilience.

C.  

Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.

D.  

Testing should address the preventive controls and management's response.

A.  

Volume.

B.  

Velocity.

C.  

Variety.

D.  

Veracity.

A.  

To exploit core competence.

B.  

To increase market synergy.

C.  

To deliver enhanced value.

D.  

To reduce costs.

A.  

Estimate time required to complete the whole project.

B.  

Determine the responses to expected project risks.

C.  

Break the project into manageable components.

D.  

Identify resources needed to complete the project

A.  

Excessive collecting of information

B.  

Application of social engineering

C.  

Retention of incomplete information.

D.  

Undue disclosure of information

A.  

Users can only see certain screens in the system.

B.  

Users are making frequent password change requests.

C.  

Users Input Incorrect passwords and get denied system access

D.  

Users are all permitted uniform access to the system.

A.  

A recovery strategy whereby a separate site has not yet been determined, but hardware has been reserved for purchase and data backups.

B.  

A recovery strategy whereby a separate site has been secured and is ready for use, with fully configured hardware and real-time synchronized data

C.  

A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved.

D.  

A recovery strategy whereby a separate site has been secured with configurable hardware and data backups.

A.  

Descriptive.

B.  

Diagnostic.

C.  

Prescriptive.

D.  

Prolific.

A.  

Six Sigma,

B.  

Quality circle.

C.  

Value chain analysis.

D.  

Theory of constraints.

A.  

Risk tolerance

B.  

Performance

C.  

Threats and opportunities

D.  

Governance

A.  

Esteem by colleagues.

B.  

Self-fulfillment

C.  

Series of belonging in the organization

D.  

Job security

A.  

Reiterating the importance of compliance with established policies and procedures.

B.  

Celebrating employees' individual excellence.

C.  

Periodically rotating operational managers.

D.  

Avoiding status differences among employees.

A.  

Whether every call that the service provider received was logged by the help desk.

B.  

Whether a unique identification number was assigned to each issue identified by the service provider

C.  

Whether the service provider used its own facilities to provide help desk services

D.  

Whether the provider's responses and resolutions were well defined according to the service-level agreement.

A.  

Approval of identity request

B.  

Access logging.

C.  

Monitoring privileged accounts

D.  

Audit of access rights

A.  

Cold recovery plan,

B.  

Outsourced recovery plan.

C.  

Storage area network recovery plan.

D.  

Hot recovery plan

A.  

Password selection

B.  

Password aging

C.  

Password lockout

D.  

Password rotation

A.  

Assets minus liabilities.

B.  

Total assets.

C.  

Total liabilities.

D.  

Owners contribution plus drawings.

A.  

Initiation.

B.  

Planning.

C.  

Execution.

D.  

Monitoring.

A.  

Whether it would be more secure to replace numeric values with characters.

B.  

What happens in the situations where users continue using the initial password.

C.  

What happens in the period between the creation of the account and the password change.

D.  

Whether users should be trained on password management features and requirements.

A.  

IT database administrator.

B.  

IT data center manager.

C.  

IT help desk function.

D.  

IT network administrator.

A.  

Wide area network.

B.  

Local area network

C.  

Metropolitan area network.

D.  

Storage area network.

A.  

To ensure availability of production facilities.

B.  

To decrease direct expenses related to production.

C.  

To incur stable costs despite operating capacity.

D.  

To increase the total unit cost under absorption costing

A.  

Direct, product costs.

B.  

Indirect product costs.

C.  

Direct period costs,

D.  

Indirect period costs

A.  

Resource planning.

B.  

Cost estimating

C.  

Cost budgeting.

D.  

Cost control.