IIA-CIA-Part3 Business Knowledge for Internal Auditing Questions and Answers

Train all employees on bring-your-own-device (BYOD) policies.

Understand what procedures are in place for locking lost devices

Obtain a list of all smart devices in use

Test encryption of all smart devices

Allowing access to the organization's network only through a virtual private network.

Logging devices that access the network, including the date. time, and identity of the user.

Tracking all mobile device physical locations and banning access from non-designated areas.

Permitting only authorized IT personnel to have administrative control of mobile devices.

The maximum tolerable downtime after the occurrence of an incident.

The maximum tolerable data loss after the occurrence of an incident.

The maximum tolerable risk related to the occurrence of an incident

The minimum recovery resources needed after the occurrence of an incident

Verify whether the organization uses the most recent database software version.

Verify whether the database software version is supported by the vendor.

Verify whether the database software version has been recently upgraded.

Verify whether .access to database version information is appropriately restricted.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

Breakeven point is the amount of units sold to cover variable costs.

Breakeven occurs when the contribution margin covers fixed costs.

Following breakover1, he operating income will increase by the excess of fixed costs less the variable costs per units sold.

Income statement.

Owner's equity statement.

Balance sheet.

Statement of cash flows.

A debit to office supplies on hand for S2.500

A debit to office supplies on hand for $11.500

A debit to office supplies on hand for $20,500

A debit to office supplies on hand for $42,500

Greater cost-effectiveness

Increased economies of scale

Larger talent pool

Strong internal controls

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing she financial information of the company

Testing should not be announced to anyone within the organization to solicit a real-life response.

Testing should take place during heavy operational time periods to test system resilience.

Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.

Testing should address the preventive controls and management's response.

Face or finger recognition equipment,

Radiofrequency identification chips to authenticate employees with cards.

A requirement to clock in and clock out with a unique personal identification number.

A combination of a smart card and a password to clock in and clock out.

Perform gap testing.

Join different data sources.

Perform duplicate testing.

Calculate statistical parameters.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

Use management software scan and then prompt parch reminders when devices connect to the network

Disk mirroring of the data being stored on the database.

A differential backup that is performed on a weekly basis.

An array of independent disks used to back up the database.

An incremental backup of the database on a daily basis.

Management by objectives is most helpful in organizations that have rapid changes.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

Management by objectives helps organizations to keep employees motivated.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.

Waterfall.

Projects in Controlled Environments (PRINCE2).

Information Technology Infrastructure Library (ITIL).

COBIT

A potential assessment of additional income tax.

Possible product warranty costs.

The threat of a lawsuit by a competitor.

The remote possibility of a contract breach.

IT database administrator.

IT data center manager.

IT help desk function.

IT network administrator.

Assessments of third parties and suppliers.

Recruitment and retention of certified IT talent.

Classification of data and design of access privileges.

Creation and maintenance of secure network and device configuration.

Excessive collecting of information

Application of social engineering

Retention of incomplete information.

Undue disclosure of information

An incorrect program fix was implemented just prior to the database backup.

The organization is preparing to train all employees on the new self-service benefits system.

There was a data center failure that requires restoring the system at the backup site.

There is a need to access prior year-end training reports for all employees in the human resources database

High-yield bonds

Commodity-backed bonds

Zero coupon bonds

Junk bonds

When an employee accesses an online digital certificate

When an employee's biometrics have been accepted.

When an employee creates a unique digital signature,

When an employee uses a key fob to produce a token.

Requiring users to change their passwords every two years.

Requiring two-step verification for all users

Requiring the use of a virtual private network (VPN) when employees are out of the office.

Requiring the use of up-to-date antivirus, security, and event management tools.

Authorization

Architecture model

Firewall

Virtual private network

An offboarding procedure is initiated monthly to determine redundant physical access rights.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

Requests for additional access rights are sent for approval and validation by direct supervisors.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Contracting the work to Foreign Service providers to obtain lower costs

Contracting functions or knowledge-related work with an external service provider.

Contract -ng operation of some business functions with an internal service provider

Contracting a specific external service provider to work with an internal service provider

Error listings.

Distribution controls.

Transaction logging.

Systems development controls.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

It can restore default settings and lock encrypted data when necessary.

It enables the erasure and reformatting of secure digital (SD) cards.

It can delete data backed up to a desktop for complete protection if required.

It can wipe data that is backed up via cloud computing

To increase the ability to borrow additional funds from creditors

To reduce the organization's free cash flow from operations

To Improve the organization's free cash flow from operations

To acquire the asset at the end of the lease period at a price lower than the fair market value

Facial comparison using photo identification.

Signature comparison.

Voice comparison.

Retinal print comparison.

A traditional key lock

A biometric device

A card-key system

A proximity device

Articulation of the data

Availability of the data.

Measurability of the data

Relevance of the data.

Session hijacking.

Jailbreaking

Eavesdropping,

Authentication.

Monitoring network traffic.

Using whitelists and blacklists to manage network traffic.

Restricting access and blocking unauthorized access to the network

Educating employees throughout the company to recognize phishing attacks.

Estimate time required to complete the whole project.

Determine the responses to expected project risks.

Break the project into manageable components.

Identify resources needed to complete the project

Lower shareholder control

lower indebtedness

Higher company earnings per share.

Higher overall company earnings

A retina characteristics reader

A P3M code reader

A card-key scanner

A fingerprint scanner

Controls that focus on segregation of duties, financial, and change management,

Personnel policies that define and enforce conditions for staff in sensitive IT areas.

Standards that support IT policies by more specifically defining required actions

Controls that focus on data structures and the minimum level of documentation required

Cost of goods sold will be understated and net income will be overstated.

Cost of goods sold will be overstated and net income will be understated

Cost of goods sold will be understated and there Wi-Fi be no impact on net income.

There will be no impact on cost of goods sold and net income will be overstated

Liquidity

Profitability

Solvency

Efficiency

he organization's operating expenses are increasing.

The organization has adopted just-in-time inventory.

The organization is experiencing inventory theft.

The organization's inventory is overstated.

An ABC costing system is similar to conventional costing systems in how it treats the allocation of manufacturing overhead.

An ABC costing system uses a single unit-level basis to allocate overhead costs to products.

An ABC costing system may be used with either a job order or a process cost accounting system.

The primary disadvantage of an ABC costing system is less accurate product costing.

Cost-plus contract.

Turnkey contract.

Service contract.

Solutions contract.

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

The risk that database administrators could make hidden changes using privileged access.

Horizontal analysis

Vertical analysis

Ratio analysis

Trend analysis

Cash payback

Annual rate of return

Incremental analysis

Net present value