Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

IIA IIA-CIA-Part3 - Business Knowledge for Internal Auditing

IIA IIA-CIA-Part3 Premium Access     Download Demo    
Page: 5 / 13
Total 416 questions

According to IIA guidance, which of the following statements is true regarding analytical procedures?

A.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist

B.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined

C.

Data relationships cannot include comparisons between operational and statistical data

D.

Analytical procedures can be used to identify differences, but cannot be used to identify the absence of differences

According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?

A.

Individual workstation computer controls are not as important as companywide server controls

B.

Particular attention should be paid to housing workstations away from environmental hazards

C.

Cybersecurity issues can be controlled at an enterprise level, making workstation-level controls redundant

D.

With security risks near an all-time high, workstations should not be connected to the company network

According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data?

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations

B.

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause

C.

Applying administrative privileges to ensure right-to-access controls are appropriate

D.

Creating a standing cybersecurity committee to identify and manage risks related to data security

Which of the following describes the most appropriate set of tests for auditing a workstation’s logical access controls?

A.

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room

B.

Review the password length, frequency of change, and list of users for the workstation’s login process

C.

Review the list of people who attempted to access the workstation and failed, as well as error messages

D.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?

A.

Hot recovery plan

B.

Warm recovery plan

C.

Cold plan

D.

Absence of recovery plan

Which of the following are the most common characteristics of big data?

A.

Visibility, validity, vulnerability

B.

Velocity, variety, volume

C.

Complexity, completeness, constancy

D.

Continuity, control, convenience

The IT department maintains logs of user identification and authentication for all requests for access to the network. What is the primary purpose of these logs?

A.

To ensure proper segregation of duties

B.

To create a master repository of user passwords

C.

To enable monitoring for systems efficiencies

D.

To enable tracking of privileges granted to users over time

According to IIA guidance on IT, which of the following plans would pair the identification of critical business processes with recovery time objectives?

A.

The business continuity management charter

B.

The business continuity risk assessment plan

C.

The business impact analysis plan

D.

The business case for business continuity planning

Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?

A.

The risk that users try to bypass controls and do not install required software updates

B.

The risk that smart devices can be lost or stolen due to their mobile nature

C.

The risk that an organization intrusively monitors personal information stored on smart devices

D.

The risk that proprietary information is not deleted from the device when an employee leaves

Which of the following best explains why an organization would enter into a capital lease contract?

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization’s free cash flow from operations

C.

To improve the organization’s free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value