IIA-CIA-Part3 Sample Questions Answers

Functional departmentalization.

Product departmentalization

Matrix organization.

Divisional organization

Providing fire detection and suppression equipment

Establishing a physical security policy and promoting it throughout the organization

Performing business continuity and disaster recovery planning

Keeping an offsite backup of the organization's critical data

Cash.

Dividends.

Gross margin.

Net income.

The cash dividends received increase the investee investment account accordingly.

The investee must adjust the investment account by the ownership interest

The investment account is adjusted downward by the percentage of ownership.

The investee must record the cash dividends as dividend revenue

Logical access controls monitor application usage and generate audit trails.

The development process is designed to prevent, detect, and correct errors that may occur.

A record is maintained to track the process of data from Input, to output to storage.

Business users' requirements are documented, and their achievement is monitored

Not installing anti-malware software

Updating operating software in a haphazard manner,

Applying a weak password for access to a mobile device.

JoIIbreaking a locked smart device

Social benefits.

Compensation.

Job safety.

Recognition

Customers can access and update personal information when needed.

The organization retains customers' personal information indefinitely.

Customers reserve the right to reject sharing personal information with third parties.

The organization performs regular maintenance on customers' personal information.

Cash payback technique

Annual rate of return technique.

Internal rate of return method.

Net present value method.

Scope change requests are reviewed and approved by a manager with a proper level of authority.

Cost overruns are reviewed and approved by a control committee led by the project manager.

There is a formal quality assurance process to review scope change requests before they are implemented

There is a formal process to monitor the status of the project and compare it to the cost baseline

Disk mirroring of the data being stored on the database.

A differential backup that is performed on a weekly basis.

An array of independent disks used to back up the database.

An incremental backup of the database on a daily basis.

Block unauthorized traffic.

Encrypt data.

Review disaster recovery test results.

Provide independent assessment of IT security.

Testing should not be announced to anyone within the organization to solicit a real-life response.

Testing should take place during heavy operational time periods to test system resilience.

Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.

Testing should address the preventive controls and management's response.

Firewall.

Antivirus software.

Passwords.

Encryption.

Phishing.

Ransomware.

Hacking.

Makvare

Information integrity risk

Privacy risk

Access risk

Software risk

It easily aligns with existing internal audit competencies to reduce expenses

It provides a more holistic view of the audited area.

Its outcomes can be easily interpreted into audit: conclusions.

Its application increases internal auditors' adherence to the Standards

Horizontal analysis

Vertical analysis

Ratio analysis

Trend analysis

The structure is dispersed geographically

The hierarchy levels are more numerous.

The span of control is wide

The tower-level managers are encouraged to exercise creativity when solving problems

Waterfall.

Projects in Controlled Environments (PRINCE2).

Information Technology Infrastructure Library (ITIL).

COBIT

Ease of use.

Value to the business.

Intrusion prevention.

Ergonomic model.

Theory of constraints.

Just-in-time method.

Activity-based costing.

Break-even analysis

Authorization

Architecture model

Firewall

Virtual private network

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing she financial information of the company

A potential assessment of additional income tax.

Possible product warranty costs.

The threat of a lawsuit by a competitor.

The remote possibility of a contract breach.

Perform gap testing.

Join different data sources.

Perform duplicate testing.

Calculate statistical parameters.

Cold recovery plan,

Outsourced recovery plan.

Storage area network recovery plan.

Hot recovery plan

System backups should always be performed real time.

Backups should be stored in a secured location onsite for easy access.

The tape rotation schedule affects how long data is retained

Backup media should be restored only m case of a hardware or software failure

Anti-malware software

Authentication

Spyware

Rooting

Hot recovery plan

Warm recovery plan

Cold recovery plan

Absence of recovery plan

Encrypted physical copies of the data, and their encryption keys are stored together at the organization and are readily available upon request.

Encrypted physical copies of the data are stored separately from their encryption keys, and both are held in secure locations a few hours away from the organization.

Encrypted reports on usage and database structure changes are stored on a cloud-based, secured database that is readily accessible.

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readily

available.

Underground oil deposits

Copyright

Trademark

Land

Acid-test (quick) ratio

Average collection period

Current ratio.

Inventory turnover.

Use of a central processing unit

Use of a database management system

Use of a local area network

Use of electronic data Interchange

The organization's operating expenses are increasing.

The organization has adopted just-in-time inventory.

The organization is experiencing Inventory theft

The organization's inventory is overstated.

Nondisclosure agreements between the firm and its employees.

Logs of user activity within the information system.

Two-factor authentication for access into the information system.

limited access so information, based on employee duties

Maintenance service items such as production support.

Management of infrastructure services, including network management.

Physical hosting of mainframes and distributed servers

End-to -end security architecture design.

The board should be fully satisfied that there is an effective system of governance in place through accurate, quality information provided.

Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.

Key compliance and risk metrics can be tracked and compared throughout the enterprise, aiding in identifying problem departments.

Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization.

The user's facial geometry and voice recognition.

The user's password and a separate passphrase.

The user's key fob and a smart card.

The user's fingerprint and a personal Identification number.

Increased dependence on suppliers.

Increased importance of market strategy.

Decreased sensitivity to government regulation

Decreased focus on costs

To increase the ability to borrow additional funds from creditors

To reduce the organization's free cash flow from operations

To Improve the organization's free cash flow from operations

To acquire the asset at the end of the lease period at a price lower than the fair market value

Purchases bonds.

Receives interest.

Receives dividends

Sells bonds.

Applications

Technical infrastructure.

External connections.

IT management

Legitimate authority

Coercive authority.

Referent authority.

Expert authority.

Fixed and Variable manufacturing costs are less than the special offer selling price.

The manufacturer can fulfill the order without expanding the capacities of the production facilities.

Costs related to accepting this offer can be absorbed through the sale of other products.

The manufacturer’s production facilities are currently operating at full capacity.

Compliance.

Privacy

Strategic

Physical security

A witness verifies the quantities of the copies signed.

A witness verifies that the contract was signed with the free consent of the promisor and promisee.

A witness ensures the completeness of the contract between the promisor and promisee.

A witness validates that the signatures on the contract were signed by the promisor and promisee.

Application program code

Database system

Operating system

Networks

Using a jailbroken or rooted smart device feature.

Using only smart devices previously approved by the organization.

Obtaining written assurance from the employee that security policies and procedures are followed.

Introducing a security question known only by the employee.

Inability to adapt.

Greater costs of control function.

Inconsistency in decision making.

Lack of resilience.

1 and 3 only

1 and 4 only

2 and 3 only

3 and 4 only

Require a Service Organization Controls (SOC) report from the service provider

Include a data protection clause in the contract with the service provider.

Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.

Encrypt the employees ' data before transmitting it to the service provider

Clothing company designs, makes, and sells a new item.

A commercial construction company is hired to build a warehouse.

A city department sets up a new firefighter training program.

A manufacturing organization acquires component parts from a contracted vendor

Version control

Privacy

Portability

Secure authentication

The risk that database administrators will disagree with temporarily preventing user access to the database for auditing purposes.

The risk that database administrators do not receive new patches from vendors that support database software in a timely fashion.

The risk that database administrators set up personalized accounts for themselves, making the audit time consuming.

The risk that database administrators could make hidden changes using privileged access.

There is a higher reliance on organizational culture.

There are clear expectations set for employees.

There are electronic monitoring techniques employed

There is a defined code far employee behavior.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Identity requests are approved in two steps.

Logs are checked for misaligned identities and access rights.

Users have to validate their identity with a smart card.

Functions can toe performed based on access rights

A sinking fund bond.

A secured bond.

A junk bond.

A debenture bond

Verify whether the organization uses the most recent database software version.

Verify whether the database software version is supported by the vendor.

Verify whether the database software version has been recently upgraded.

Verify whether .access to database version information is appropriately restricted.

1 and 2 only

2 and 3 only

1, 2 and 4 only

2, 3, and 4 only

Authentication logs.

Card key readers.

Biometric devices

Video surveillance.

Articulation of the data

Availability of the data.

Measurability of the data

Relevance of the data.

Corrective

Detective

Preventive

Discretionary

Reviewing the customer's wire activity to determine whether the request is typical.

Calling the customer at the phone number on record to validate the request.

Replying to the customer via email to validate the sender and request.

Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.

Revenues should be recognized when earned.

Revenue recognition is matched with cash.

Expense recognition is tied to revenue recognition.

Expenses are recognized at each accounting period.

The ability to use the software with ease to perform the data analysis to meet the engagement objectives.

The ability to purchase upgraded features of the software that allow for more In-depth analysis of the big data.

The ability to ensure that big data entered into the software is secure from potential compromises or loss.

The ability to download the software onto the appropriate computers for use in analyzing the big data.

The risk that users try to bypass controls and do not install required software updates.

The risk that smart devices can be lost or stolen due to their mobile nature..

The risk that an organization intrusively monitors personal Information stored on smart devices.

The risk that proprietary information is not deleted from the device when an employee leaves.

$100.000

$200,000

$275,000

$500,000

Settlement of short-term obligations may become difficult.

Cash may be bed up in items not generating financial value.

Collection policies of the organization are ineffective.

The organization is efficient in using assets to generate revenue.

Lower shareholder control

lower indebtedness

Higher company earnings per share.

Higher overall company earnings

Income statement.

Owner's equity statement.

Balance sheet.

Statement of cash flows.

Investments in the capital stock of a corporation

Acquisition of government bonds.

Contents of an investment portfolio,

Acquisition of common stock of a corporation

To restore all data and systems immediately after the occurrence of an incident.

To set the maximum allowable downtime to restore systems and data after the occurrence of an incident.

To set the point in time to which systems and data must be recovered after the occurrence of an incident.

To restore data and systems to a previous point in time after the occurrence of an incident

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

Use management software scan and then prompt parch reminders when devices connect to the network

Assets minus liabilities.

Total assets.

Total liabilities.

Owners contribution plus drawings.

Cost of goods sold will be understated and net income will be overstated.

Cost of goods sold will be overstated and net income will be understated

Cost of goods sold will be understated and there Wi-Fi be no impact on net income.

There will be no impact on cost of goods sold and net income will be overstated

Real-time processing of transactions and elimination of data redundancies.

Fewer data processing errors and more efficient data exchange with trading partners.

Exploitation of opportunities and mitigation of risks associated with e-business.

Integration of business processes into multiple operating environments and databases.

An offboarding procedure is initiated monthly to determine redundant physical access rights.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

Requests for additional access rights are sent for approval and validation by direct supervisors.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Security.

Status.

Recognition.

Relationship with coworkers

Normalization

Velocity

Structuration

Veracity

Residual income

A flexible budget

Variance analysis.

A contribution margin income statement by segment.

Big data is being generated slowly due to volume.

Big data must be relevant for the purposes of organizations.

Big data comes from a single type of formal.

Big data is always changing

Net income would be understated.

Net income would not be affected.

Net income would be overstated.

Net income would be negative.

A risk of spyware and malware.

A risk of corporate espionage.

A ransomware attack risk.

A social engineering risk.

Prompt response and remediation policy

Inventory of information assets

Information access management

Standard security configurations

At fair value with changes reported in the shareholders' equity section.

At fair value with changes reported in net income.

At amortized cost in the income statement.

As current assets in the balance sheet

Mutually exclusive relationship.

Direct relationship.

Intrinsic relationship.

Inverse relationship.

Report identifying data that is outside of system parameters

Report identifying general ledger transactions by time and individual.

Report comparing processing results with original Input

Report confirming that the general ledger data was processed without error

Whether it would be more secure to replace numeric values with characters.

What happens in the situations where users continue using the initial password.

What happens in the period between the creation of the account and the password change.

Whether users should be trained on password management features and requirements.

The sole responsibility for change management is assigned to an experienced and competent IT team

Change management follows a consistent process and is done in a controlled environment.

Internal audit participates in the implementation of change management throughout the organisation.

All changes to systems must be approved by the highest level of authority within an organization.

Just-in-time delivery plans.

Backup plans.

Contingency plans.

Standing plans.

Password selection

Password aging

Password lockout

Password rotation

Regular review of logs.

Two-level authentication.

Photos on smart cards.

Restriction of access hours.

Analysis of the full population of existing data.

Verification of the completeness and integrity of existing data.

Continuous monitoring on a repetitive basis.

Analysis of the databases of partners, such as suppliers.

An organisation has a rate of return on equity of 20% and a rate of return on assets of 15%.

An organization has a current ratio of 2 and an inventory turnover of 12.

An organization has a debt to total assets ratio of 0.2 and an interest coverage ratio of 10.

An organization has a profit margin of 30% and an assets turnover of 7%.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences

Debit indicates the right side of an account and credit the left side

Debit means an increase in an account and credit means a decrease.

Credit indicates the right side of an account and debit the left side.

Credit means an increase in an account and debit means a decrease