New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Full Access IIA IIA-CIA-Part3-3P Tutorials

CIA Exam Part Three: Business Knowledge for Internal Auditing Questions and Answers

Question 21

A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital's patient records information system. From the hospital management's perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement?

Options:

A.

Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current

legislation requirements in both regions.

B.

Include a "right to audit" clause in the contract and impose detailed security obligations on the

outsourced vendor

C.

Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services

D.

Develop an incident monitoring and response plan to track breaches from internal and external sources

Question 22

Which component of an organization's cybersecurity risk assessment framework would allow management to implement user controls based on a user's role?

Options:

A.

Prompt response and remediation policy.

B.

Inventory of information assets.

C.

Information access management.

D.

Standard security configurations.

Question 23

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25,000 shirts. Actual sales total $300,000.

What is margin of safety sales for the company?

Options:

A.

$100,000

B.

$200,000

C.

$275,000

D.

$500,000

Question 24

According to MA guidance, which of the following would indicate poor change management control?

1) Low change success rate

2) Occasional planned outages

3) Low number of emergency changes.

4) Instances of unauthorized changes

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4