New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

IIA-CIA-Part3 Business Knowledge for Internal Auditing Questions and Answers

Questions 4

Which of the following is the most appropriate beginning step of a work program for an assurance engagement involving smart devices?

Options:

A.

Train all employees on bring-your-own-device (BYOD) policies.

B.

Understand what procedures are in place for locking lost devices

C.

Obtain a list of all smart devices in use

D.

Test encryption of all smart devices

Buy Now
Questions 5

Which of the following would be the strongest control to prevent unauthorized wireless network access?

Options:

A.

Allowing access to the organization's network only through a virtual private network.

B.

Logging devices that access the network, including the date. time, and identity of the user.

C.

Tracking all mobile device physical locations and banning access from non-designated areas.

D.

Permitting only authorized IT personnel to have administrative control of mobile devices.

Buy Now
Questions 6

During disaster recovery planning, the organization established a recovery point objective. Which of the following best describes this concept?

Options:

A.

The maximum tolerable downtime after the occurrence of an incident.

B.

The maximum tolerable data loss after the occurrence of an incident.

C.

The maximum tolerable risk related to the occurrence of an incident

D.

The minimum recovery resources needed after the occurrence of an incident

Buy Now
Questions 7

Which of the following is most important for an internal auditor to check with regard to the database version?

Options:

A.

Verify whether the organization uses the most recent database software version.

B.

Verify whether the database software version is supported by the vendor.

C.

Verify whether the database software version has been recently upgraded.

D.

Verify whether .access to database version information is appropriately restricted.

Buy Now
Questions 8

Which of the following statements is true regarding cost-volume-profit analysis?

Options:

A.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

B.

Breakeven point is the amount of units sold to cover variable costs.

C.

Breakeven occurs when the contribution margin covers fixed costs.

D.

Following breakover1, he operating income will increase by the excess of fixed costs less the variable costs per units sold.

Buy Now
Questions 9

Which of the following financial statements provides the best disclosure of how a company's money was used during a particular period?

Options:

A.

Income statement.

B.

Owner's equity statement.

C.

Balance sheet.

D.

Statement of cash flows.

Buy Now
Questions 10

An organization's account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?

Options:

A.

A debit to office supplies on hand for S2.500

B.

A debit to office supplies on hand for $11.500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Buy Now
Questions 11

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

Options:

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Buy Now
Questions 12

An internal auditor for a pharmaceutical company as planning a cybersecurity audit and conducting a risk assessment. Which of the following would be considered the most significant cyber threat to the organization?

Options:

A.

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

B.

Hackers breaching the organization's network to access research and development reports

C.

A denial-of-service attack that prevents access to the organization's website.

D.

A hacker accessing she financial information of the company

Buy Now
Questions 13

According to IIA guidance, which of the following statements is true regarding penetration testing?

Options:

A.

Testing should not be announced to anyone within the organization to solicit a real-life response.

B.

Testing should take place during heavy operational time periods to test system resilience.

C.

Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.

D.

Testing should address the preventive controls and management's response.

Buy Now
Questions 14

An organization discovered fraudulent activity involving the employee time-tracking system. One employee regularly docked in and clocked out her co-worker friends on their days off, inflating their reported work hours and increasing their wages. Which of the following physical authentication devices would be most effective at disabling this fraudulent scheme?

Options:

A.

Face or finger recognition equipment,

B.

Radiofrequency identification chips to authenticate employees with cards.

C.

A requirement to clock in and clock out with a unique personal identification number.

D.

A combination of a smart card and a password to clock in and clock out.

Buy Now
Questions 15

Which of the following analytical techniques would an internal auditor use to verify that none of an organization's employees are receiving fraudulent invoice payments?

Options:

A.

Perform gap testing.

B.

Join different data sources.

C.

Perform duplicate testing.

D.

Calculate statistical parameters.

Buy Now
Questions 16

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

D.

Use management software scan and then prompt parch reminders when devices connect to the network

Buy Now
Questions 17

Which of the following backup methodologies would be most efficient in backing up a database in the production environment?

Options:

A.

Disk mirroring of the data being stored on the database.

B.

A differential backup that is performed on a weekly basis.

C.

An array of independent disks used to back up the database.

D.

An incremental backup of the database on a daily basis.

Buy Now
Questions 18

Which of the following statements is true regarding the management-by-objectives method?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes.

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.

Buy Now
Questions 19

Which of the following is an established systems development methodology?

Options:

A.

Waterfall.

B.

Projects in Controlled Environments (PRINCE2).

C.

Information Technology Infrastructure Library (ITIL).

D.

COBIT

Buy Now
Questions 20

Which of the following is an example of a contingent liability that a company should record?

Options:

A.

A potential assessment of additional income tax.

B.

Possible product warranty costs.

C.

The threat of a lawsuit by a competitor.

D.

The remote possibility of a contract breach.

Buy Now
Questions 21

Which of the following parties is most likely to be responsible for maintaining the infrastructure required to prevent the failure of a real-time backup of a database?

Options:

A.

IT database administrator.

B.

IT data center manager.

C.

IT help desk function.

D.

IT network administrator.

Buy Now
Questions 22

According to The IIA's Three Lines Model, which of the following IT security activities is commonly shared by all three lines?

Options:

A.

Assessments of third parties and suppliers.

B.

Recruitment and retention of certified IT talent.

C.

Classification of data and design of access privileges.

D.

Creation and maintenance of secure network and device configuration.

Buy Now
Questions 23

After purchasing shoes from an online retailer, a customer continued to receive additional unsolicited offers from the retailer and other retailers who offer similar products.

Which of the following is the most likely control weakness demonstrated by the seller?

Options:

A.

Excessive collecting of information

B.

Application of social engineering

C.

Retention of incomplete information.

D.

Undue disclosure of information

Buy Now
Questions 24

For which of the following scenarios would the most recent backup of the human resources database be the best source of information to use?

Options:

A.

An incorrect program fix was implemented just prior to the database backup.

B.

The organization is preparing to train all employees on the new self-service benefits system.

C.

There was a data center failure that requires restoring the system at the backup site.

D.

There is a need to access prior year-end training reports for all employees in the human resources database

Buy Now
Questions 25

Which type of bond sells at & discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Options:

A.

High-yield bonds

B.

Commodity-backed bonds

C.

Zero coupon bonds

D.

Junk bonds

Buy Now
Questions 26

A one-time password would most likely be generated in which of the following situations?

Options:

A.

When an employee accesses an online digital certificate

B.

When an employee's biometrics have been accepted.

C.

When an employee creates a unique digital signature,

D.

When an employee uses a key fob to produce a token.

Buy Now
Questions 27

Which of the following measures would best protect an organization from automated attacks whereby the attacker attempts to identify weak or leaked passwords in order to log into employees' accounts?

Options:

A.

Requiring users to change their passwords every two years.

B.

Requiring two-step verification for all users

C.

Requiring the use of a virtual private network (VPN) when employees are out of the office.

D.

Requiring the use of up-to-date antivirus, security, and event management tools.

Buy Now
Questions 28

Which of the following is a security feature that Involves the use of hardware and software to filter or prevent specific Information from moving between the inside network and the outs de network?

Options:

A.

Authorization

B.

Architecture model

C.

Firewall

D.

Virtual private network

Buy Now
Questions 29

Which of the following security controls focuses most on prevention of unauthorized access to the power plant?

Options:

A.

An offboarding procedure is initiated monthly to determine redundant physical access rights.

B.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

C.

Requests for additional access rights are sent for approval and validation by direct supervisors.

D.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Buy Now
Questions 30

Which of the following items best describes the strategy of outsourcing?

Options:

A.

Contracting the work to Foreign Service providers to obtain lower costs

B.

Contracting functions or knowledge-related work with an external service provider.

C.

Contract -ng operation of some business functions with an internal service provider

D.

Contracting a specific external service provider to work with an internal service provider

Buy Now
Questions 31

Which of the following would be classified as IT general controls?

Options:

A.

Error listings.

B.

Distribution controls.

C.

Transaction logging.

D.

Systems development controls.

Buy Now
Questions 32

Which of the following scenarios best illustrates a spear phishing attack?

Options:

A.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

B.

A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.

C.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

D.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Buy Now
Questions 33

Which of the following is true regarding the use of remote wipe for smart devices?

Options:

A.

It can restore default settings and lock encrypted data when necessary.

B.

It enables the erasure and reformatting of secure digital (SD) cards.

C.

It can delete data backed up to a desktop for complete protection if required.

D.

It can wipe data that is backed up via cloud computing

Buy Now
Questions 34

Which of the following best explains why an organization would enter into a capital lease contract?

Options:

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization's free cash flow from operations

C.

To Improve the organization's free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Buy Now
Questions 35

Which of the following biometric access controls uses the most unique human recognition characteristic?

Options:

A.

Facial comparison using photo identification.

B.

Signature comparison.

C.

Voice comparison.

D.

Retinal print comparison.

Buy Now
Questions 36

Which of the following authentication device credentials is the most difficult to revoke when an employee s access rights need to be removed?

Options:

A.

A traditional key lock

B.

A biometric device

C.

A card-key system

D.

A proximity device

Buy Now
Questions 37

Management has established a performance measurement focused on the accuracy of disbursements. The disbursement statistics, provided daily to ail accounts payable and audit staff, include details of payments stratified by amount and frequency. Which of the following is likely to be the greatest concern regarding this performance measurement?

Options:

A.

Articulation of the data

B.

Availability of the data.

C.

Measurability of the data

D.

Relevance of the data.

Buy Now
Questions 38

Which of the following practices impacts copyright issues related to the manufacturer of a smart device?

Options:

A.

Session hijacking.

B.

Jailbreaking

C.

Eavesdropping,

D.

Authentication.

Buy Now
Questions 39

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?

Options:

A.

Monitoring network traffic.

B.

Using whitelists and blacklists to manage network traffic.

C.

Restricting access and blocking unauthorized access to the network

D.

Educating employees throughout the company to recognize phishing attacks.

Buy Now
Questions 40

An organization created a formalized plan for a large project. Which of the following should be the first step in the project management plan?

Options:

A.

Estimate time required to complete the whole project.

B.

Determine the responses to expected project risks.

C.

Break the project into manageable components.

D.

Identify resources needed to complete the project

Buy Now
Questions 41

Which of the following is true of bond financing, compared to common stock, when alJ other variables are equal?

Options:

A.

Lower shareholder control

B.

lower indebtedness

C.

Higher company earnings per share.

D.

Higher overall company earnings

Buy Now
Questions 42

Which of the following physical access control is most likely to be based on ’’something you have" concept?

Options:

A.

A retina characteristics reader

B.

A P3M code reader

C.

A card-key scanner

D.

A fingerprint scanner

Buy Now
Questions 43

Which of the following is the best example of IT governance controls?

Options:

A.

Controls that focus on segregation of duties, financial, and change management,

B.

Personnel policies that define and enforce conditions for staff in sensitive IT areas.

C.

Standards that support IT policies by more specifically defining required actions

D.

Controls that focus on data structures and the minimum level of documentation required

Buy Now
Questions 44

At an organization that uses a periodic inventory system, the accountant accidentally understated the organization s beginning inventory. How would the accountant's accident impact the income statement?

Options:

A.

Cost of goods sold will be understated and net income will be overstated.

B.

Cost of goods sold will be overstated and net income will be understated

C.

Cost of goods sold will be understated and there Wi-Fi be no impact on net income.

D.

There will be no impact on cost of goods sold and net income will be overstated

Buy Now
Questions 45

The management of working capital is most crucial for which of the following aspects of business?

Options:

A.

Liquidity

B.

Profitability

C.

Solvency

D.

Efficiency

Buy Now
Questions 46

An organization has a declining inventory turnover but an increasing gross margin rate. Which of the following statements can best explain this situation?

Options:

A.

he organization's operating expenses are increasing.

B.

The organization has adopted just-in-time inventory.

C.

The organization is experiencing inventory theft.

D.

The organization's inventory is overstated.

Buy Now
Questions 47

Which of the following statements is true regarding activity-based costing (ABC)?

Options:

A.

An ABC costing system is similar to conventional costing systems in how it treats the allocation of manufacturing overhead.

B.

An ABC costing system uses a single unit-level basis to allocate overhead costs to products.

C.

An ABC costing system may be used with either a job order or a process cost accounting system.

D.

The primary disadvantage of an ABC costing system is less accurate product costing.

Buy Now
Questions 48

An organization contracted a third-party service provider to plan, design, and build a new facility. Senior management would like to transfer all of the risk to the builder. Which type of procurement contract would the organization use?

Options:

A.

Cost-plus contract.

B.

Turnkey contract.

C.

Service contract.

D.

Solutions contract.

Buy Now
Questions 49

When auditing databases, which of the following risks would an Internal auditor keep In mind In relation to database administrators?

Options:

A.

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

B.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

C.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

D.

The risk that database administrators could make hidden changes using privileged access.

Buy Now
Questions 50

An internal auditor considers the financial statement of an organization as part of a financial assurance engagement. The auditor expresses the organization's electricity and depreciation expenses as a percentage of revenue to be 10% and 7% respectively. Which of the following techniques was used by the internal auditor In this calculation?

Options:

A.

Horizontal analysis

B.

Vertical analysis

C.

Ratio analysis

D.

Trend analysis

Buy Now
Questions 51

Which of the following capital budgeting techniques considers the expected total net cash flows from investment?

Options:

A.

Cash payback

B.

Annual rate of return

C.

Incremental analysis

D.

Net present value

Buy Now
Exam Code: IIA-CIA-Part3
Exam Name: Business Knowledge for Internal Auditing
Last Update: Dec 25, 2024
Questions: 340
IIA-CIA-Part3 pdf

IIA-CIA-Part3 PDF

$25.5  $84.99
IIA-CIA-Part3 Engine

IIA-CIA-Part3 Testing Engine

$30  $99.99
IIA-CIA-Part3 PDF + Engine

IIA-CIA-Part3 PDF + Testing Engine

$40.5  $134.99