Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium IIA IIA-CIA-Part3 Dumps Questions Answers

Business Knowledge for Internal Auditing Questions and Answers

Question 1

Which of the following networks is suitable for an organization that has operations In multiple cities and countries?

Options:

A.

Wide area network.

B.

Local area network

C.

Metropolitan area network.

D.

Storage area network.

Buy Now
Question 2

Which of the following items best describes the strategy of outsourcing?

Options:

A.

Contracting the work to Foreign Service providers to obtain lower costs

B.

Contracting functions or knowledge-related work with an external service provider.

C.

Contract -ng operation of some business functions with an internal service provider

D.

Contracting a specific external service provider to work with an internal service provider

Question 3

The budgeted cost of work performed is a metric best used to measure which project management activity?

Options:

A.

Resource planning.

B.

Cost estimating

C.

Cost budgeting.

D.

Cost control.

Question 4

The chief audit executive (CAE) has embraced a total quality management approach to improving the internal audit activity's (lAArs) processes. He would like to reduce the time to complete audits and improve client ratings of the IAA. Which of the following staffing approaches is the CAE most likely lo select?

Options:

A.

Assign a team with a trained audit manager to plan each audit and distribute field work tasks to various staff auditors.

B.

Assign a team of personnel who have different specialties to each audit and empower Team members to participate fully in key decisions

C.

Assign a team to each audit, designate a single person to be responsible for each phase of the audit, and limit decision making outside of their area of responsibility.

D.

Assign a team of personnel who have similar specialties to specific engagements that would benefit from those specialties and limit Key decisions to the senior person.

Question 5

An organization buys equity securities for trading purposes and sells them within a short time period. Which of the following is the correct way to value and report those securities at a financial statement date?

Options:

A.

At fair value with changes reported in the shareholders' equity section.

B.

At fair value with changes reported in net income.

C.

At amortized cost in the income statement.

D.

As current assets in the balance sheet

Question 6

Which of the following is a characteristic of big data?

Options:

A.

Big data is often structured.

B.

Big data analytic results often need to be visualized.

C.

Big data is often generated slowly and is highly variable.

D.

Big data comes from internal sources kept in data warehouses.

Question 7

A third party who provides payroll services to the organization was asked to create audit or “read-only 1 functionalities in their systems. Which of the following statements is true regarding this request?

Options:

A.

This will support execution of the right-to-audit clause.

B.

This will enforce robust risk assessment practices

C.

This will address cybersecurity considerations and concerns.

D.

This will enhance the third party's ability to apply data analytics

Question 8

Which of the following controls is the most effective for ensuring confidentially of transmitted information?

Options:

A.

Firewall.

B.

Antivirus software.

C.

Passwords.

D.

Encryption.

Question 9

An organization with a stable rating, as assessed by International rating agencies, has issued a bond not backed by assets or collateral. Payments of the interests and the principal to bondholders are guaranteed by the organization. Which type of bond did the organization issue?

Options:

A.

A sinking fund bond.

B.

A secured bond.

C.

A junk bond.

D.

A debenture bond

Question 10

In accounting, which of the following statements is true regarding the terms debit and credit?

Options:

A.

Debit indicates the right side of an account and credit the left side

B.

Debit means an increase in an account and credit means a decrease.

C.

Credit indicates the right side of an account and debit the left side.

D.

Credit means an increase in an account and debit means a decrease

Question 11

Which of the following is an example of a physical control designed to prevent security breaches?

Options:

A.

Preventing database administrators from initiating program changes

B.

Blocking technicians from getting into the network room.

C.

Restricting system programmers' access to database facilities

D.

Using encryption for data transmitted over the public internet

Question 12

Which of the following physical access controls often functions as both a preventive and detective control?

Options:

A.

Locked doors.

B.

Firewalls.

C.

Surveillance cameras.

D.

Login IDs and passwords.

Question 13

An organization prepares a statement of privacy to protect customers' personal information. Which of the following might violate the privacy principles?

Options:

A.

Customers can access and update personal information when needed.

B.

The organization retains customers' personal information indefinitely.

C.

Customers reserve the right to reject sharing personal information with third parties.

D.

The organization performs regular maintenance on customers' personal information.

Question 14

Internal auditors want to increase the likelihood of identifying very small control and transaction anomalies in their testing that could potentially be exploited to cause material breaches. Which of the following techniques would best meet this objective?

Options:

A.

Analysis of the full population of existing data.

B.

Verification of the completeness and integrity of existing data.

C.

Continuous monitoring on a repetitive basis.

D.

Analysis of the databases of partners, such as suppliers.

Question 15

An organization has decided to allow its managers to use their own smart phones at work. With this change, which of the following is most important to Include In the IT department's comprehensive policies and procedures?

Options:

A.

Required documentation of process for discontinuing use of the devices

B.

Required removal of personal pictures and contacts.

C.

Required documentation of expiration of contract with service provider.

D.

Required sign-off on conflict of interest statement.

Question 16

Which of the following common quantitative techniques used in capital budgeting is best associated with the use of a table that describes the present value of an annuity?

Options:

A.

Cash payback technique.

B.

Discounted cash flow technique: net present value.

C.

Annual rate of return

D.

Discounted cash flow technique: internal rate of return.

Question 17

According to Maslow's hierarchy of needs theory, which of the following would likely have the most impact on retaining staff, if their lower-level needs are already met?

Options:

A.

Social benefits.

B.

Compensation.

C.

Job safety.

D.

Recognition

Question 18

During disaster recovery planning, the organization established a recovery point objective. Which of the following best describes this concept?

Options:

A.

The maximum tolerable downtime after the occurrence of an incident.

B.

The maximum tolerable data loss after the occurrence of an incident.

C.

The maximum tolerable risk related to the occurrence of an incident

D.

The minimum recovery resources needed after the occurrence of an incident

Question 19

Which of the following backup methodologies would be most efficient in backing up a database in the production environment?

Options:

A.

Disk mirroring of the data being stored on the database.

B.

A differential backup that is performed on a weekly basis.

C.

An array of independent disks used to back up the database.

D.

An incremental backup of the database on a daily basis.

Question 20

What is the primary purpose of data and systems backup?

Options:

A.

To restore all data and systems immediately after the occurrence of an incident.

B.

To set the maximum allowable downtime to restore systems and data after the occurrence of an incident.

C.

To set the point in time to which systems and data must be recovered after the occurrence of an incident.

D.

To restore data and systems to a previous point in time after the occurrence of an incident

Question 21

An internal auditor reviewed Finance Department records to obtain a list of current vendor addresses. The auditor then compared the vendor addresses to a record of employee addresses maintained by the Payroll Department Which of the following types of data analysis did the auditor perform?

Options:

A.

Duplicate testing.

B.

Joining data sources.

C.

Gap analysis.

D.

Classification

Question 22

An IT auditor is evaluating IT controls of a newly purchased information system. The auditor discovers that logging is not configured al database and application levels. Operational management explains that they do not have enough personnel to manage the logs and they see no benefit in keeping logs. Which of the fallowing responses best explains risks associated with insufficient or absent logging practices?

Options:

A.

The organization will be unable to develop preventative actions based on analytics.

B.

The organization will not be able to trace and monitor the activities of database administers.

C.

The organization will be unable to determine why intrusions and cyber incidents took place.

D.

The organization will be unable to upgrade the system to newer versions.

Question 23

Which of the following is most appropriately placed in the financing section of an organization's cash budget?

Options:

A.

Collections from customers

B.

Sale of securities.

C.

Purchase of trucks.

D.

Payment of debt, including interest

Question 24

Which of the following organization structures would most likely be able to cope with rapid changes and uncertainties?

Options:

A.

Decentralized

B.

Centralized

C.

Departmentalized

D.

Tall structure

Question 25

Management has established a performance measurement focused on the accuracy of disbursements. The disbursement statistics, provided daily to ail accounts payable and audit staff, include details of payments stratified by amount and frequency. Which of the following is likely to be the greatest concern regarding this performance measurement?

Options:

A.

Articulation of the data

B.

Availability of the data.

C.

Measurability of the data

D.

Relevance of the data.

Question 26

Which of the following can be classified as debt investments?

Options:

A.

Investments in the capital stock of a corporation

B.

Acquisition of government bonds.

C.

Contents of an investment portfolio,

D.

Acquisition of common stock of a corporation

Question 27

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Options:

A.

Relationship with supervisor

B.

Salary

C.

Security.

D.

Achievement

Question 28

Which of the following best describes the use of predictive analytics?

Options:

A.

A supplier of electrical parts analyzed an instances where different types of spare parts were out of stock prior to scheduled deliveries of those parts.

B.

A supplier of electrical parts analyzed sales, applied assumptions related to weather conditions, and identified locations where stock levels would decrease more quickly.

C.

A supplier of electrical parts analyzed all instances of a part being, out of stock poor to its scheduled delivery date and discovered that increases in sales of that part consistently correlated with stormy weather.

D.

A supplier of electrical parts analyzed sales and stock information and modelled different scenarios for making decisions on stock reordering and delivery

Question 29

How can the concept of relevant cost help management with behavioral analyses?

Options:

A.

It explains the assumption mat both costs and revenues are linear through the relevant range

B.

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

Question 30

Which of the following statements is true regarding user developed applications (UDAs) and traditional IT applications?

Options:

A.

UDAs arid traditional JT applications typically follow a similar development life cycle

B.

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

C.

Unlike traditional IT applications. UDAs typically are developed with little consideration of controls.

D.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Question 31

Which of the following statements is true regarding a project life cycle?

Options:

A.

Risk and uncertainty increase over the life of the project.

B.

Costs and staffing levels are typically high as the project draws to a close.

C.

Costs related to making changes increase as the project approaches completion.

D.

The project life cycle corresponds with the life cycle of the product produced by or modified by the project.

Question 32

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.

There is a higher reliance on organizational culture.

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed.

D.

There is a defined code for employee behavior.

Question 33

During a payroll audit, the internal auditor is assessing the security of the local area network of the payroll department computers. Which of the following IT controls should the auditor test?

Options:

A.

IT application-based controls

B.

IT systems development controls

C.

Environmental controls

D.

IT governance controls

Question 34

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals

C.

Suboptimal decision-making

D.

Duplication of business activities

Question 35

The IT department maintains logs of user identification and authentication for all requests for access to the network. What is the primary purpose of these logs?

Options:

A.

To ensure proper segregation of duties

B.

To create a master repository of user passwords

C.

To enable monitoring for systems efficiencies

D.

To enable tracking of privileges granted to users over time

Question 36

What is the primary purpose of an integrity control?

Options:

A.

To ensure data processing is complete, accurate, and authorized

B.

To ensure data being processed remains consistent and intact

C.

To monitor the effectiveness of other controls

D.

To ensure the output aligns with the intended result

Question 37

Which of the following IT-related activities is most commonly performed by the second line of defense?

Options:

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide an independent assessment of IT security.

Question 38

Which of the following physical access controls is most likely to be based on the "something you have" concept?

Options:

A.

A retina characteristics reader.

B.

A PIN code reader.

C.

A card-key scanner.

D.

A fingerprint scanner.

Question 39

Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?

Options:

A.

Risk tolerance.

B.

Performance.

C.

Threats and opportunities.

D.

Governance.

Question 40

Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?

Options:

A.

Anti-malware software

B.

Authentication

C.

Spyware

D.

Rooting

Question 41

How do data analysis technologies affect internal audit testing?

Options:

A.

They improve the effectiveness of spot check testing techniques

B.

They allow greater insight into high-risk areas

C.

They reduce the overall scope of the audit engagement

D.

They increase the internal auditor’s objectivity

Question 42

Which of the following statements is most accurate concerning the management and audit of a web server?

Options:

A.

The file transfer protocol (FTP) should always be enabled

B.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts

C.

The number of ports and protocols allowed to access the web server should be maximized

D.

Secure protocols for confidential pages should be used instead of clear-text protocols such as HTTP or FTP

Question 43

Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Options:

A.

High-yield bonds

B.

Commodity-backed bonds

C.

Zero-coupon bonds

D.

Junk bonds

Question 44

When using data analytics during a review of the procurement process, what is the first step in the analysis process?

Options:

A.

Identify data anomalies and outliers

B.

Define questions to be answered

C.

Identify data sources available

D.

Determine the scope of the data extract

Question 45

Which of the following is an example of a physical control?

Options:

A.

Providing fire detection and suppression equipment

B.

Establishing a physical security policy and promoting it throughout the organization

C.

Performing business continuity and disaster recovery planning

D.

Keeping an offsite backup of the organization’s critical data

Question 46

According to Maslow’s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?

Options:

A.

Esteem by colleagues

B.

Self-fulfillment

C.

Sense of belonging in the organization

D.

Job security

Question 47

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?

Options:

A.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters

B.

Orders, commands, and advice are sent to the subsidiaries from headquarters

C.

People of local nationality are developed for the best positions within their own country

D.

There is a significant amount of collaboration between headquarters and subsidiaries

Question 48

Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of infringement on local regulations, such as copyright or privacy laws?

Options:

A.

Not installing anti-malware software.

B.

Updating operating software in a haphazard manner.

C.

Applying a weak password for access to a mobile device.

D.

Jailbreaking a locked smart device.

Question 49

An organization’s account for office supplies on hand had a balance of $9,000 at the end of year one. During year two, the organization recorded an expense for purchasing office supplies. At the end of year two, a physical count determined that the organization has $11,500 in office supplies on hand. Based on this information, what would be recorded in the adjusting entry at the end of year two?

Options:

A.

A debit to office supplies on hand for $2,500

B.

A debit to office supplies on hand for $11,500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Question 50

Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

A clothing company designs, makes, and sells a new item

B.

A commercial construction company is hired to build a warehouse

C.

A city department sets up a new firefighter training program

D.

A manufacturing organization acquires component parts from a contracted vendor

Question 51

Which of the following application controls is the most dependent on the password owner?

Options:

A.

Password selection.

B.

Password aging.

C.

Password lockout.

D.

Password rotation.

Question 52

Capital budgeting involves choosing among various capital projects to find the one(s) that will maximize a company's return on its financial investment. Which of the following parties approves the capital budget?

Options:

A.

Board of directors.

B.

Senior management.

C.

Chief financial officer.

D.

Accounting personnel.

Question 53

Which of the following authentication device credentials is the most difficult to revoke when an employee's access rights need to be removed?

Options:

A.

A traditional key lock.

B.

A biometric device.

C.

A card-key system.

D.

A proximity device.

Question 54

According to IIA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?

Options:

A.

Report identifying data that is outside of system parameters.

B.

Report identifying general ledger transactions by time and individual.

C.

Report comparing processing results with original input.

D.

Report confirming that the general ledger data was processed without error.

Question 55

Which of the following statements best describes the current state of data privacy regulation?

Options:

A.

Regulations related to privacy are evolving and complex, and the number of laws is increasing

B.

Most privacy laws are prescriptive and focused on organizations’ privacy rights

C.

The concept of data privacy is well established, privacy regulations are mature, and minimal regulatory changes are expected

D.

Because the concept of privacy is different around the world, data privacy is relatively unregulated

Question 56

According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?

Options:

A.

Individual workstation computer controls are not as important as companywide server controls

B.

Particular attention should be paid to housing workstations away from environmental hazards

C.

Cybersecurity issues can be controlled at an enterprise level, making workstation-level controls redundant

D.

With security risks near an all-time high, workstations should not be connected to the company network

Question 57

Given the information below, which organization is in the weakest position to pay short-term debts?

Organization A: Current assets constitute $1,200,000; Current liabilities are $400,000

Organization B: Current assets constitute $1,000,000; Current liabilities are $1,000,000

Organization C: Current assets constitute $900,000; Current liabilities are $300,000

Organization D: Current assets constitute $1,000,000; Current liabilities are $250,000

Options:

A.

Organization A

B.

Organization B

C.

Organization C

D.

Organization D

Question 58

With regard to project management, which of the following statements about project crashing is true?

Options:

A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially.

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added to the project.

Question 59

Which of the following differentiates a physical access control from a logical access control?

Options:

A.

Physical access controls secure tangible IT resources, whereas logical access controls secure software and data internal to the IT system.

B.

Physical access controls secure software and data internal to the IT system, whereas logical access controls secure tangible IT resources.

C.

Physical access controls include firewalls, user IDs, and passwords, whereas logical access controls include locks and security guards.

D.

Physical access controls include input processing and output controls, whereas logical access controls include locked doors and security guards.

Question 60

An internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?

Options:

A.

The auditor is normalizing data in preparation for analyzing it.

B.

The auditor is analyzing the data in preparation for communicating the results.

C.

The auditor is cleaning the data in preparation for determining which processes may be involved.

D.

The auditor is reviewing the data prior to defining the question.

Question 61

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income. Which of the following terms would the investor most likely label this investment in her portfolio?

Options:

A.

A star

B.

A cash cow

C.

A question mark

D.

A dog

Question 62

When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

Options:

A.

Direct product costs

B.

Indirect costs

C.

Direct period costs

D.

Indirect period costs

Question 63

Which of the following types of accounts must be closed at the end of the period?

Options:

A.

Income statement accounts.

B.

Balance sheet accounts.

C.

Permanent accounts.

D.

Real accounts.

Question 64

An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data.

What would be the most appropriate directive control in this area?

Options:

A.

Require a Service Organization Controls (SOC) report from the service provider

B.

Include a data protection clause in the contract with the service provider.

C.

Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.

D.

Encrypt the employees ' data before transmitting it to the service provider

Question 65

Which of the following best explains the matching principle?

Options:

A.

Revenues should be recognized when earned.

B.

Revenue recognition is matched with cash.

C.

Expense recognition is tied to revenue recognition.

D.

Expenses are recognized at each accounting period.

Question 66

Which of the following situations best illustrates a "false positive" in the performance of a spam filter?

Options:

A.

The spam filter removed Incoming communication that included certain keywords and domains.

B.

The spam filter deleted commercial ads automatically, as they were recognized as unwanted.

C.

The spam filter routed to the "junk|r folder a newsletter that appeared to include links to fake websites.

D.

The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.

Question 67

Which of the following storage options would give the organization the best chance of recovering data?

Options:

A.

Encrypted physical copies of the data, and their encryption keys are stored together at the organization and are readily available upon request.

B.

Encrypted physical copies of the data are stored separately from their encryption keys, and both are held in secure locations a few hours away from the organization.

C.

Encrypted reports on usage and database structure changes are stored on a cloud-based, secured database that is readily accessible.

D.

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readilyavailable.

Question 68

Which of the following security controls focuses most on prevention of unauthorized access to the power plant?

Options:

A.

An offboarding procedure is initiated monthly to determine redundant physical access rights.

B.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

C.

Requests for additional access rights are sent for approval and validation by direct supervisors.

D.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Question 69

An organization decided to reorganize into a flatter structure. Which of the following changes would be expected with this new structure?

Options:

A.

Lower costs.

B.

Slower decision making at the senior executive level.

C.

Limited creative freedom in lower-level managers.

D.

Senior-level executives more focused on short-term, routine decision making

Question 70

Which of the following actions is likely to reduce the risk of violating transfer pricing regulations?

Options:

A.

The organization sells inventory to an overseas subsidiary at fair value.

B.

The local subsidiary purchases inventory at a discounted price.

C.

The organization sells inventory to an overseas subsidiary at the original cost.

D.

The local subsidiary purchases inventory at the depreciated cost.A

Question 71

Which of the following attributes of data is most likely to be compromised in an organization with a weak data governance culture?

Options:

A.

Variety.

B.

Velocity.

C.

Volume.

D.

Veracity.

Question 72

Which of the following best describes depreciation?

Options:

A.

It is a process of allocating cost of assets between periods.

B.

It is a process of assets valuation.

C.

It is a process of accumulating adequate funds to replace assets.

D.

It is a process of measuring decline in the value of assets because of obsolescence

Question 73

According to 11A guidance on IT, which of the following are indicators of poor change management?

1. Inadequate control design.

2. Unplanned downtime.

3. Excessive troubleshooting .

4. Unavailability of critical services.

Options:

A.

2 and 3 only.

B.

1, 2, and 3 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Question 74

Which of the following actions would senior management need to consider as part of new IT guidelines regarding the organization's cybersecurity policies?

Options:

A.

Assigning new roles and responsibilities for senior IT management.

B.

Growing use of bring your own devices for organizational matters.

C.

Expansion of operations into new markets with limited IT access.

D.

Hiring new personnel within the IT department for security purposes.

Question 75

An internal auditor identified a database administrator with an incompatible dual role. Which of the following duties should not be performed by the identified administrator?

Options:

A.

Designing and maintaining the database.

B.

Preparing input data and maintaining the database.

C.

Maintaining the database and providing its security,

D.

Designing the database and providing its security

Question 76

An organization has a declining inventory turnover but an increasing gross margin rate. Which of the following statements can best explain this situation?

Options:

A.

he organization's operating expenses are increasing.

B.

The organization has adopted just-in-time inventory.

C.

The organization is experiencing inventory theft.

D.

The organization's inventory is overstated.

Question 77

Which of the following should software auditors do when reporting internal audit findings related to enterprisewide resource planning?

Options:

A.

Draft separate audit reports for business and IT management.

B.

Conned IT audit findings to business issues.

C.

Include technical details to support IT issues.

D.

Include an opinion on financial reporting accuracy and completeness.

Question 78

For which of the following scenarios would the most recent backup of the human resources database be the best source of information to use?

Options:

A.

An incorrect program fix was implemented just prior to the database backup.

B.

The organization is preparing to train all employees on the new self-service benefits system.

C.

There was a data center failure that requires restoring the system at the backup site.

D.

There is a need to access prior year-end training reports for all employees in the human resources database

Question 79

Which of the following is an effective preventive control for data center security?

Options:

A.

Motion detectors.

B.

Key card access to the facility.

C.

Security cameras.

D.

Monitoring access to data center workstations

Question 80

Which of the following is a sound network configuration practice to enhance information security?

Options:

A.

Change management practices to ensure operating system patch documentation is retained.

B.

User role requirements are documented in accordance with appropriate application-level control needs.

C.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

D.

Interfaces reinforce segregation of duties between operations administration and database development.

Question 81

An internal auditor reviews a data population and calculates the mean, median, and range. What is the most likely purpose of performing this analytic technique?

Options:

A.

To inform the classification of the data population.

B.

To determine the completeness and accuracy of the data.

C.

To identify whether the population contains outliers.

D.

To determine whether duplicates in the data inflate the range.

Question 82

Which of the following would an organization execute to effectively mitigate and manage risks created by a crisis or event?

Options:

A.

Only preventive measures.

B.

Alternative and reactive measures.

C.

Preventive and alternative measures.

D.

Preventive and reactive measures.

Question 83

An organization created a formalized plan for a large project. Which of the following should be the first step in the project management plan?

Options:

A.

Estimate time required to complete the whole project.

B.

Determine the responses to expected project risks.

C.

Break the project into manageable components.

D.

Identify resources needed to complete the project

Question 84

Which of the following measures would best protect an organization from automated attacks whereby the attacker attempts to identify weak or leaked passwords in order to log into employees' accounts?

Options:

A.

Requiring users to change their passwords every two years.

B.

Requiring two-step verification for all users

C.

Requiring the use of a virtual private network (VPN) when employees are out of the office.

D.

Requiring the use of up-to-date antivirus, security, and event management tools.

Question 85

An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team's performance related to how project tasks are completed?

Options:

A.

A balanced scorecard.

B.

A quality audit

C.

Earned value analysis.

D.

Trend analysis

Question 86

Which of the following is a benefit from the concept of Internet of Things?

Options:

A.

Employees can choose from a variety of devices they want to utilize to privately read work emails without their employer’s knowledge.

B.

Physical devices, such as thermostats and heat pumps, can be set to react to electricity market changes and reduce costs.

C.

Information can be extracted more efficiently from databases and transmitted to relevant applications for in-depth analytics.

D.

Data mining and data collection from internet and social networks is easier, and the results are more comprehensive

Question 87

An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational capability in the event of a disaster, Which of the following best describes this approach to disaster recovery planning?

Options:

A.

Cold recovery plan,

B.

Outsourced recovery plan.

C.

Storage area network recovery plan.

D.

Hot recovery plan

Question 88

Which of the following best describes owner's equity?

Options:

A.

Assets minus liabilities.

B.

Total assets.

C.

Total liabilities.

D.

Owners contribution plus drawings.

Question 89

Which of the following techniques would best detect an inventory fraud scheme?

Options:

A.

Analyze Invoice payments just under individual authorization limits.

B.

Analyze stratification of inventory adjustments by warehouse location.

C.

Analyze inventory invoice amounts and compare with approved contract amounts.

D.

Analyze differences discovered during duplicate payment testing

Question 90

Which of the following would most likely serve as a foundation for individual operational goats?

Options:

A.

Individual skills and capabilities.

B.

Alignment with organizational strategy.

C.

Financial and human resources of the unit.

D.

Targets of key performance indicators

Question 91

An internal auditor is assigned to perform data analytics. Which of the following is the next step the auditor should undertake after she has ascertained the value expected from the review?

Options:

A.

Normalize the data,

B.

Obtain the data

C.

Identify the risks.Analyze the data.

Question 92

Which of the following concepts of managerial accounting is focused on achieving a point of low or no inventory?

Options:

A.

Theory of constraints.

B.

Just-in-time method.

C.

Activity-based costing.

D.

Break-even analysis

Question 93

A company records income from an investment in common stock when it does which of the following?

Options:

A.

Purchases bonds.

B.

Receives interest.

C.

Receives dividends

D.

Sells bonds.

Question 94

Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

Clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Question 95

Which of the following IT-related activities is most commonly performed by the second line of defense?

Options:

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide independent assessment of IT security.

Question 96

Based on lest results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

Options:

A.

Requested backup tapes were not returned from the offsite vendor In a timely manner.

B.

Returned backup tapes from the offsite vendor contained empty spaces.

C.

Critical systems have boon backed up more frequently than required.

D.

Critical system backup tapes are taken off site less frequently than required

Question 97

During which phase of the contracting process ere contracts drafted for a proposed business activity?

Options:

A.

Initiation phase.

B.

Bidding phase

C.

Development phase

D.

Management phase

Question 98

Which of the following is the best example of IT governance controls?

Options:

A.

Controls that focus on segregation of duties, financial, and change management,

B.

Personnel policies that define and enforce conditions for staff in sensitive IT areas.

C.

Standards that support IT policies by more specifically defining required actions

D.

Controls that focus on data structures and the minimum level of documentation required

Question 99

Which of the following statements. Is most accurate concerning the management and audit of a web server?

Options:

A.

The file transfer protocol (FTP) should always be enabled.

B.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.

C.

The number of ports and protocols allowed to access the web server should be maximized.

D.

Secure protocols for confidential pages should be used instead of dear-text protocols such as HTTP or FTP.

Question 100

An internal auditor found the following information while reviewing the monthly financial siatements for a wholesaler of safety

The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?

Options:

A.

Average cost method

B.

First-in, first-out (FIFO) method

C.

Specific identification method

D.

Activity-based costing method

Question 101

An internal auditor is assessing the risks related to an organization's mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internal

Auditor be most concerned about?

Options:

A.

Compliance.

B.

Privacy

C.

Strategic

D.

Physical security

Question 102

An organization and its trading partner rely on a computer-to-computer exchange of digital business documents. Which of the following best describes this scenario?

Options:

A.

Use of a central processing unit

B.

Use of a database management system

C.

Use of a local area network

D.

Use of electronic data Interchange

Question 103

Which of the following risks would Involve individuals attacking an oil company's IT system as a sign of solidarity against drilling in a local area?

Options:

A.

Tampering

B.

Hacking

C.

Phishing

D.

Piracy

Question 104

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

A.

An extranet

B.

A local area network

C.

An Intranet

D.

The internet

Question 105

According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?

Options:

A.

Hot recovery plan

B.

Warm recovery plan

C.

Cold recovery plan

D.

Absence of recovery plan

Question 106

Which of the following should be included in a data privacy poky?

1. Stipulations for deleting certain data after a specified period of time.

2. Guidance on acceptable methods for collecting personal data.

3. A requirement to retain personal data indefinitely to ensure a complete audit trail,

4. A description of what constitutes appropriate use of personal data.

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 4 only

D.

2, 3, and 4 only

Question 107

A retail organization mistakenly did have include $10,000 of Inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?

Options:

A.

Cost of sales and net income are understated.

B.

Cost of sales and net income are overstated.

C.

Cost of sales is understated and not income is overstated.

D.

Cost of sales is overstated and net Income is understated.

Question 108

Which of the following principles s shared by both hierarchies and open organizational structures?

1. A superior can delegate the authority to make decisions but cannot delegate the ultimate responsibility for the results of those decisions.

2. A supervisor's span of control should not exceed seven subordinates.

3. Responsibility should be accompanied by adequate authority.

4. Employees at all levels should be empowered to make decisions.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 109

While auditing an organization's customer call center, an internal auditor notices that Key performance indicators show a positive trend, despite the fact that there have been increasing customer complaints over the same period. Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Options:

A.

Review the call center script used by customer service agents to interact with callers, and update the script if necessary.

B.

Be-emphasize the importance of call center employees completing a certain number of calls per hour.

C.

Retrain call center staff on area processes and common technical issues that they will likely be asked to resolve.

D.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Question 110

Which of the following physical access control is most likely to be based on ’’something you have" concept?

Options:

A.

A retina characteristics reader

B.

A P3M code reader

C.

A card-key scanner

D.

A fingerprint scanner

Question 111

A new manager received computations of the internal fate of return regarding the project proposal. What should the manager compare the computation results to in order to determine whether the project is potentially acceptable?

Options:

A.

Compare to the annual cost of capital

B.

Compare to the annual interest data.

C.

Compare to the required rate of return.

D.

Compare to the net present value.

Question 112

An organization's account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?

Options:

A.

A debit to office supplies on hand for S2.500

B.

A debit to office supplies on hand for $11.500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Question 113

Which of the following is a disadvantage in a centralized organizational structure?

Options:

A.

Communication conflicts

B.

Slower decision making.

C.

Loss of economies of scale

D.

Vulnerabilities in sharing knowledge

Question 114

Which of the following scenarios best illustrates a spear phishing attack?

Options:

A.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

B.

A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.

C.

A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

D.

Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.

Question 115

The head of the research arid development department at a manufacturing organization believes that his team lacks expertise in some areas, and he decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

1. Favorable labor efficiency variance.

2. Adverse labor rate variance.

3. Adverse labor efficiency variance.

4. Favorable labor rate variance.

Options:

A.

1 and 2

B.

1 and 4

C.

3 and A

D.

2 and 3

Question 116

According to Herzberg's Two-Factor Theory of Motivation, which of the following factors arc mentioned most often by satisfied employees?

Options:

A.

Salary and status

B.

Responsibility and advancement

C.

Work conditions and security

D.

Peer relationships and personal life

Question 117

Which of the following best explains why an organization would enter into a capital lease contract?

Options:

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization's free cash flow from operations

C.

To Improve the organization's free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Question 118

Which of the following is a result of Implementing on e-commerce system, which relies heavily on electronic data interchange and electronic funds transfer, for purchasing and biting?

Options:

A.

Higher cash flow and treasury balances.

B.

Higher inventory balances

C.

Higher accounts receivable.

D.

Higher accounts payable

Question 119

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

Options:

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Question 120

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic cate interchange?

Options:

A.

A just-in-time purchasing environment

B.

A Large volume of custom purchases

C.

A variable volume sensitive to material cost

D.

A currently inefficient purchasing process

Question 121

Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?

Options:

A.

Nondisclosure agreements between the firm and its employees.

B.

Logs of user activity within the information system.

C.

Two-factor authentication for access into the information system.

D.

limited access so information, based on employee duties

Question 122

What kind of strategy would be most effective for an organization to adopt in order to Implement a unique advertising campaign for selling identical product lines across all of its markets?

Options:

A.

Export strategy.

B.

Transnational strategy

C.

Multi-domestic strategy

D.

Globalization strategy

Question 123

An internal auditor observed that the organization's disaster recovery solution will make use of a cold site in a town several miles away. Which of the following is likely to be a characteristic of this disaster recover/ solution?

Options:

A.

Data is synchronized in real time

B.

Recovery time is expected to be less than one week

C.

Servers are not available and need to be procured

D.

Recovery resources end data restore processes have not been defined.

Question 124

An organization has a declining inventory turnover but an Increasing gross margin rate, Which of the following statements can best explain this situation?

Options:

A.

The organization's operating expenses are increasing.

B.

The organization has adopted just-in-time inventory.

C.

The organization is experiencing Inventory theft

D.

The organization's inventory is overstated.