Special Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

IIA IIA-CIA-Part3 Dumps

Business Knowledge for Internal Auditing Questions and Answers

Question 1

An internal auditor is reviewing results from software development integration testing. What is the purpose of integration testing?

Options:

A.

To verify that the application meets stated user requirements.

B.

To verify that standalone programs match code specifications.

C.

To verify that the application would work appropriately for the intended number of users.

D.

To verify that all software and hardware components work together as intended.

Question 2

Which of the following best describes the purpose of fixed manufacturing costs?

Options:

A.

To ensure availability of production facilities.

B.

To decrease direct expenses related to production.

C.

To incur stable costs despite operating capacity.

D.

To increase the total unit cost under absorption costing

Question 3

Which of the following describes a mechanistic organizational structure?

Options:

A.

Primary direction of communication tends to be lateral.

B.

Definition of assigned tasks tends to be broad and general.

C.

Type of knowledge required tends to be broad and professional.

D.

Reliance on self-control tends to be low.

Question 4

Which of the following is an established systems development methodology?

Options:

A.

Waterfall.

B.

Projects in Controlled Environments (PRINCE2).

C.

Information Technology Infrastructure Library (ITIL).

D.

COBIT

Question 5

In light of increasing emission taxes in the European Union, a car manufacturer introduced a new middle-class hybrid vehicle specifically for the European market only. Which of the following competitive strategies has the manufacturer used?

Options:

A.

Reactive strategy.

B.

Cost leadership strategy.

C.

Differentiation strategy.

D.

Focus strategy

Question 6

An organization's technician was granted a role that enables him to prioritize projects throughout the organization. Which type of authority will the technician most likely be exercising?

Options:

A.

Legitimate authority

B.

Coercive authority.

C.

Referent authority.

D.

Expert authority.

Question 7

Which of the following measures the operating success of a company for a given period of time?

Options:

A.

Liquidity ratios.

B.

Profitability ratios.

C.

Solvency ratios.

D.

Current ratios.

Question 8

When would a contract be dosed out?

Options:

A.

When there's a dispute between the contracting parties

B.

When ail contractual obligations have been discharged.

C.

When there is a force majenre.

D.

When the termination clause is enacted.

Question 9

Which of the following activities best illustrates a user's authentication control?

Options:

A.

Identity requests are approved in two steps.

B.

Logs are checked for misaligned identities and access rights.

C.

Users have to validate their identity with a smart card.

D.

Functions can toe performed based on access rights

Question 10

What relationship exists between decentralization and the degree, importance, and range of lower-level decision making?

Options:

A.

Mutually exclusive relationship.

B.

Direct relationship.

C.

Intrinsic relationship.

D.

Inverse relationship.

Question 11

Which of the following IT layers would require the organization to maintain communication with a vendor in a tightly controlled and monitored manner?

Options:

A.

Applications

B.

Technical infrastructure.

C.

External connections.

D.

IT management

Question 12

An internal auditor reviews a data population and calculates the mean, median, and range. What is the most likely purpose of performing this analytic technique?

Options:

A.

To inform the classification of the data population.

B.

To determine the completeness and accuracy of the data.

C.

To identify whether the population contains outliers.

D.

To determine whether duplicates in the data inflate the range.

Question 13

Which of the following actions would senior management need to consider as part of new IT guidelines regarding the organization's cybersecurity policies?

Options:

A.

Assigning new roles and responsibilities for senior IT management.

B.

Growing use of bring your own devices for organizational matters.

C.

Expansion of operations into new markets with limited IT access.

D.

Hiring new personnel within the IT department for security purposes.

Question 14

Which of the following is an effective preventive control for data center security?

Options:

A.

Motion detectors.

B.

Key card access to the facility.

C.

Security cameras.

D.

Monitoring access to data center workstations

Question 15

Which of the following is a benefit from the concept of Internet of Things?

Options:

A.

Employees can choose from a variety of devices they want to utilize to privately read work emails without their employer’s knowledge.

B.

Physical devices, such as thermostats and heat pumps, can be set to react to electricity market changes and reduce costs.

C.

Information can be extracted more efficiently from databases and transmitted to relevant applications for in-depth analytics.

D.

Data mining and data collection from internet and social networks is easier, and the results are more comprehensive

Question 16

An attacker, posing as a bank representative, convinced an employee to release certain, financial information that ultimately resulted in fraud. Which of the following best describes this cybersecurity risk?

Options:

A.

Shoulder suiting

B.

Pharming,

C.

Phishing.

D.

Social engineering.

Question 17

Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?

Options:

A.

Key performance indicators.

B.

Reports of software customization.

C.

Change and patch management.

D.

Master data management

Question 18

Which of the following biometric access controls uses the most unique human recognition characteristic?

Options:

A.

Facial comparison using photo identification.

B.

Signature comparison.

C.

Voice comparison.

D.

Retinal print comparison.

Question 19

Which of the following disaster recovery plans includes recovery resources available at the site, but they may need to be configured to support the production system?

Options:

A.

Warm site recovery plan.

B.

Hot site recovery plan.

C.

Cool site recovery plan.

D.

Cold site recovery plan.

Question 20

According to 11A guidance on IT, which of the following are indicators of poor change management?

1. Inadequate control design.

2. Unplanned downtime.

3. Excessive troubleshooting .

4. Unavailability of critical services.

Options:

A.

2 and 3 only.

B.

1, 2, and 3 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Question 21

Which of the following best describes a transformational leader, as opposed to a transactional leader?

Options:

A.

The leader searches for deviations from the rules and standards and intervenes when deviations exist.

B.

The leader intervenes only when performance standards are not met.

C.

The leader intervenes to communicate high expectations.

D.

The leader does not intervene to promote problem-solving

Question 22

Which of the following practices circumvents administrative restrictions on smart devices, thereby increasing data security risks?

Options:

A.

Rooting.

B.

Eavesdropping.

C.

Man in the middle.

D.

Session hijacking.

Question 23

An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team's performance related to how project tasks are completed?

Options:

A.

A balanced scorecard.

B.

A quality audit

C.

Earned value analysis.

D.

Trend analysis

Question 24

Which of the following best describes a detective control designed to protect an organization from cyberthreats and attacks?

Options:

A.

A list of trustworthy, good traffic and a list of unauthorized, blocked traffic.

B.

Monitoring for vulnerabilities based on industry intelligence.

C.

Comprehensive service level agreements with vendors.

D.

Firewall and other network perimeter protection tools.

Question 25

According to IIA guidance on IT, which of the following strategies would provide the most effective access control over an automated point-of-sale system?

Options:

A.

Install and update anti-virus software.

B.

Implement data encryption techniques.

C.

Set data availability by user need.

D.

Upgrade firewall configuration

Question 26

A newly appointed board member received an email that appeared to be from the company's CEO. The email stated:

“Good morning. As you remember, the closure of projects is our top priority. Kindly organize prompt payment of the attached invoice for our new solar energy partners.” The board member quickly replied to the email and asked under which project the expense should be accounted. Only then did he realize that the sender 's mail domain was different from the company's. Which of the following cybersecurity risks nearly occurred in the situation described?

Options:

A.

A risk of spyware and malware.

B.

A risk of corporate espionage.

C.

A ransomware attack risk.

D.

A social engineering risk.

Question 27

While performing an audit of a car tire manufacturing plant, an internal auditor noticed a significant decrease in the number of tires produced from the previous operating

period. To determine whether worker inefficiency caused the decrease, what additional information should the auditor request?

Options:

A.

Total tire production labor hours for the operating period.

B.

Total tire production costs for the operating period.

C.

Plant production employee headcount average for the operating period.

D.

The production machinery utilization rates.

Question 28

An analytical model determined that on Friday and Saturday nights the luxury brands stores should be open for extended hours and with a doubled number of employees

present; while on Mondays and Tuesdays costs can be minimized by reducing the number of employees to a minimum and opening only for evening hours Which of the

following best categorizes the analytical model applied?

Options:

A.

Descriptive.

B.

Diagnostic.

C.

Prescriptive.

D.

Prolific.

Question 29

According to 11A guidance on it; which of the following statements is true regarding websites used in e-commerce transactions?

Options:

A.

HTTP sites provide sufficient security to protect customers' credit card information.

B.

Web servers store credit cardholders' information submitted for payment.

C.

Database servers send cardholders’ information for authorization in clear text.

D.

Payment gatewaysauthorizecredit cardonlinepayments.

Question 30

Which of the following statements is true regarding user-developed applications (UDAs)?

Options:

A.

UDAs are less flexible and more difficult to configure than traditional IT applications.

B.

Updating UDAs may lead to various errors resulting from changes or corrections.

C.

UDAs typically are subjected to application development and change management controls.

D.

Using UDAs typically enhances the organization's ability to comply with regulatory factors.

Question 31

An organization decided to reorganize into a flatter structure. Which of the following changes would be expected with this new structure?

Options:

A.

Lower costs.

B.

Slower decision making at the senior executive level.

C.

Limited creative freedom in lower-level managers.

D.

Senior-level executives more focused on short-term, routine decision making

Question 32

Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?

Options:

A.

Phishing.

B.

Ransomware.

C.

Hacking.

D.

Makvare

Question 33

An internal auditor for a pharmaceutical company as planning a cybersecurity audit and conducting a risk assessment. Which of the following would be considered the most significant cyber threat to the organization?

Options:

A.

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

B.

Hackers breaching the organization's network to access research and development reports

C.

A denial-of-service attack that prevents access to the organization's website.

D.

A hacker accessing she financial information of the company

Question 34

An organization prepares a statement of privacy to protect customers' personal information. Which of the following might violate the privacy principles?

Options:

A.

Customers can access and update personal information when needed.

B.

The organization retains customers' personal information indefinitely.

C.

Customers reserve the right to reject sharing personal information with third parties.

D.

The organization performs regular maintenance on customers' personal information.

Question 35

While conducting' audit procedures at the organization's data center an internal auditor noticed the following:

- Backup media was located on data center shelves.

- Backup media was organized by date.

- Backup schedule was one week in duration.

The system administrator was able to present restore logs.

Which of the following is reasonable for the internal auditor to conclude?

Options:

A.

Backup media is not properly stored, as the storage facility should be off-site.

B.

Backup procedures are adequate and appropriate according to best practices.

C.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

D.

Backup schedule is not sufficient, as full backup should be conducted daily.

Question 36

How can the concept of relevant cost help management with behavioral analyses?

Options:

A.

It explains the assumption mat both costs and revenues are linear through the relevant range

B.

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

Question 37

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Options:

A.

Relationship with supervisor

B.

Salary

C.

Security.

D.

Achievement

Question 38

The chief audit executive (CAE) has been asked to evaluate the chief technology officer's proposal to outsource several key functions in the organization's IT department. Which of the following would be the most appropriate action for the CAE to determine whether the proposal aligns with the organization's strategy?

Options:

A.

Understand strategic context and evaluate whether supporting information is reliable and complete.

B.

Ascertain whether governance and approval processes are transparent, documented, and completed.

C.

Perform a due diligence review or asses management's review of provider operations.

D.

Identify key performance measures and data sources.

Question 39

In an organization that produces chocolate, the leadership team decides that the organization will open a milk production facility for its milk chocolate. Which of the following strategies have the organization chosen?

Options:

A.

Vertical integration.

B.

Unrelated diversification.

C.

Differentiation

D.

Focus

Question 40

When examining; an organization's strategic plan, an internal auditor should expect to find which of the following components?

Options:

A.

Identification of achievable goals and timelines

B.

Analysis of the competitive environment.

C.

Plan for the procurement of resources

D.

Plan for progress reporting and oversight.

Question 41

Which of the following controls is the most effective for ensuring confidentially of transmitted information?

Options:

A.

Firewall.

B.

Antivirus software.

C.

Passwords.

D.

Encryption.

Question 42

Which of the following statements Is true regarding the use of centralized authority to govern an organization?

Options:

A.

Fraud committed through collusion is more likely when authority is centralized.

B.

Centralized managerial authority typically enhances certainty and consistency within an organization.

C.

When authority is centralized, the alignment of activities to achieve business goals typically is decreased.

D.

Using separation of duties to mitigate collusion is reduced only when authority is centralized.

Question 43

A bond that matures after one year has a face value of S250,000 and a coupon of $30,000. if the market price of the bond is 5265,000, which of the following would be the market interest rate?

Options:

A.

Less than 12 percent.

B.

12 percent.

C.

Between 12.01 percent and 12.50 percent.

D.

More than 12 50 percent.

Question 44

According to I1A guidance on IT. which of the following activities regarding information security Is most likely to be the responsibility of line management as opposed to executive management, internal auditors, or the board?

Options:

A.

Review and monitor security controls.

B.

Dedicate sufficient security resources.

C.

Provide oversight to the security function.

D.

Assess information control environments.

Question 45

Which of the following business practices promotes a culture of high performance?

Options:

A.

Reiterating the importance of compliance with established policies and procedures.

B.

Celebrating employees' individual excellence.

C.

Periodically rotating operational managers.

D.

Avoiding status differences among employees.

Question 46

Which of the following statements distinguishes a router from a typical switch?

Options:

A.

A router operates at layer two. while a switch operates at layer three of the open systems interconnection model.

B.

A router transmits data through frames, while a switch sends data through packets.

C.

A router connects networks, while a switch connects devices within a network.

D.

A router uses a media access control address during the transmission of data, whie a switch uses an internet protocol address.

Question 47

An organization suffered significant damage to its local: file and application servers as a result of a hurricane. Fortunately, the organization was able to recover all information backed up by its overseas third-party contractor. Which of the following approaches has been used by the organization?

Options:

A.

Application management

B.

Data center management

C.

Managed security services

D.

Systems integration

Question 48

Which of the following would be the strongest control to prevent unauthorized wireless network access?

Options:

A.

Allowing access to the organization's network only through a virtual private network.

B.

Logging devices that access the network, including the date. time, and identity of the user.

C.

Tracking all mobile device physical locations and banning access from non-designated areas.

D.

Permitting only authorized IT personnel to have administrative control of mobile devices.

Question 49

Which component of an organization's cybersecurity risk assessment framework would allow management to implement user controls based on a user's role?

Options:

A.

Prompt response and remediation policy

B.

Inventory of information assets

C.

Information access management

D.

Standard security configurations

Question 50

A new clerk in the managerial accounting department applied the high-low method and computed the difference between the high and low levels of maintenance costs. Which type of maintenance costs did the clerk determine?

Options:

A.

Fixed maintenance costs.

B.

Variable maintenance costs.

C.

Mixed maintenance costs.

D.

Indirect maintenance costs.

Question 51

Which of the following networks is suitable for an organization that has operations In multiple cities and countries?

Options:

A.

Wide area network.

B.

Local area network

C.

Metropolitan area network.

D.

Storage area network.

Question 52

While conducting an audit of the accounts payable department, an internal auditor found that 3% of payments made during the period under review did not agree with the submitted invoices. Which of the following key performance indicators (KPIs) for the department would best assist the auditor in determining the significance of the test results?

Options:

A.

A KPI that defines the process owner's tolerance for performance deviations.

B.

A KPI that defines the importance of performance levels and disbursement statistics being measured.

C.

A KPI that defines timeliness with regard to reporting disbursement data errors to authorized personnel.

D.

A KPI that defines operating ratio objectives of the disbursement process.

Question 53

An IT auditor is evaluating IT controls of a newly purchased information system. The auditor discovers that logging is not configured al database and application levels. Operational management explains that they do not have enough personnel to manage the logs and they see no benefit in keeping logs. Which of the fallowing responses best explains risks associated with insufficient or absent logging practices?

Options:

A.

The organization will be unable to develop preventative actions based on analytics.

B.

The organization will not be able to trace and monitor the activities of database administers.

C.

The organization will be unable to determine why intrusions and cyber incidents took place.

D.

The organization will be unable to upgrade the system to newer versions.

Question 54

An employee was promoted within the organization and relocated to a new office in a different building. A few months later, security personnel discovered that the employee's smart card was being used to access the building where she previously worked. Which of the following security controls could prevent such an incident from occurring?

Options:

A.

Regular review of logs.

B.

Two-level authentication.

C.

Photos on smart cards.

D.

Restriction of access hours.

Question 55

During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

Options:

A.

Initiation phase

B.

Bidding phase

C.

Development phase

D.

Negotiation phase

Question 56

An organization was forced to stop production unexpectedly, as raw materials could not be delivered due to a military conflict in the region. Which of the following plans have most likely failed to support the organization?

Options:

A.

Just-in-time delivery plans.

B.

Backup plans.

C.

Contingency plans.

D.

Standing plans.

Question 57

Following an evaluation of an organization's IT controls, an internal auditor suggested improving the process where results are compared against the input. Which of the following IT controls would the Internal auditor recommend?

Options:

A.

Output controls.

B.

Input controls

C.

Processing controls.

D.

Integrity controls.

Question 58

Which of the following best describes a man-in-the-middle cyber-attack?

Options:

A.

The perpetrator is able to delete data on the network without physical access to the device.

B.

The perpetrator is able to exploit network activities for unapproved purposes.

C.

The perpetrator is able to take over control of data communication in transit and replace traffic.

D.

The perpetrator is able to disable default security controls and introduce additional vulnerabilities

Question 59

A chief audit executive wants to implement an enterprisewide resource planning software. Which of the following internal audit assessments could provide overall assurance on the likelihood of the software implementation's success?

Options:

A.

Readiness assessment.

B.

Project risk assessment.

C.

Post-implementation review.

D.

Key phase review.

Question 60

Which of the following can be viewed as a potential benefit of an enterprisewide resource planning system?

Options:

A.

Real-time processing of transactions and elimination of data redundancies.

B.

Fewer data processing errors and more efficient data exchange with trading partners.

C.

Exploitation of opportunities and mitigation of risks associated with e-business.

D.

Integration of business processes into multiple operating environments and databases.

Question 61

In accounting, which of the following statements is true regarding the terms debit and credit?

Options:

A.

Debit indicates the right side of an account and credit the left side

B.

Debit means an increase in an account and credit means a decrease.

C.

Credit indicates the right side of an account and debit the left side.

D.

Credit means an increase in an account and debit means a decrease

Question 62

Which of the following is most appropriately placed in the financing section of an organization's cash budget?

Options:

A.

Collections from customers

B.

Sale of securities.

C.

Purchase of trucks.

D.

Payment of debt, including interest

Question 63

An internal auditor was asked to review an equal equity partnership. In one sampled transaction, Partner A transferred equipment into the partnership with a self-declared value of $10,000, and Partner B contributed equipment with a self-declared value of $15,000. The capital accounts of each partner were subsequently credited with $12,500. Which of the following statements is true regarding this transaction?

Options:

A.

The capital accounts of the partners should be increased by the original cost of the contributed equipment.

B.

The capital accounts should be increased using a weighted average based on the current percentage of ownership.

C.

No action is necessary as the capital account of each partner was increased by the correct amount.

D.

The capital accounts of the partners should be increased by the fair market value of their contribution.

Question 64

According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Options:

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Question 65

Which of the following is an example of an application control?

Options:

A.

Automated password change requirements.

B.

System data backup process.

C.

User testing of system changes.

D.

Formatted data fields.

Question 66

Which of the following statements best describes the current state of data privacy regulation?

Options:

A.

Regulations related to privacy are evolving and complex, and the number of laws is increasing

B.

Most privacy laws are prescriptive and focused on organizations’ privacy rights

C.

The concept of data privacy is well established, privacy regulations are mature, and minimal regulatory changes are expected

D.

Because the concept of privacy is different around the world, data privacy is relatively unregulated

Question 67

Which of the following is the most appropriate way to record each partner’s initial investment in a partnership?

Options:

A.

At the value agreed upon by the partners

B.

At book value

C.

At fair value

D.

At the original cost

Question 68

Which of the following describes the primary advantage of using data analytics in internal auditing?

Options:

A.

It helps support the internal audit conclusions with factual evidence.

B.

It reduces the time and effort needed to prepare the audit report.

C.

It helps prevent internal auditors from unknowingly disregarding key process risks.

D.

It enables internal auditors to meet their responsibility for monitoring controls.

Question 69

IT governance begins with which of the following activities?

Options:

A.

Identification of risk-mitigating options.

B.

Definition of IT objectives.

C.

Identification of IT risk events.

D.

Definition of risk response policies.

Question 70

Which of the following is an example of a phishing attack?

Options:

A.

An organization’s website becomes flooded with malicious traffic on the first day of the online shopping season, causing the website to crash and preventing customers from purchasing deals online

B.

The employees of a retail organization responded to emails with a link to malware that enabled a hacker to access the point-of-sale system and obtain customers’ credit card information

C.

An organization’s employees clicked on a link that allowed a worm to infiltrate and encrypt the organization’s operating system, rendering it unusable. A group of hackers is demanding payment to unlock the encryption

D.

A group of online activists hacked into the private email and confidential records of the local police department and released the information online to expose the corrupt practices of the department

Question 71

Which of the following responsibilities would ordinarily fall under the help desk function of an organization?

Options:

A.

Maintenance service items such as production support

B.

Management of infrastructure services, including network management

C.

Physical hosting of mainframes and distributed servers

D.

End-to-end security architecture design

Question 72

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various functions.

C.

Authority, responsibility, and accountability of the units involved may vary based on the project's life or the organization's culture.

D.

It is best suited for firms with scattered locations or for multi-line, large-scale firms.

Question 73

Which of the following risks would involve individuals attacking an oil company’s IT system as a sign of solidarity against drilling in a local area?

Options:

A.

Tampering

B.

Hacking

C.

Phishing

D.

Piracy

Question 74

The head of the research and development department at a manufacturing organization believes that his team lacks expertise in some areas and decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

Favorable labor efficiency variance

Adverse labor rate variance

Adverse labor efficiency variance

Favorable labor rate variance

Options:

A.

1 and 2.

B.

1 and 4.

C.

3 and 4.

D.

2 and 3.

Question 75

Which of the following is improved by the use of smart devices?

Options:

A.

Version control

B.

Privacy

C.

Portability

D.

Secure authentication

Question 76

Which of the following statements is true regarding data backup?

Options:

A.

System backups should always be performed in real-time.

B.

Backups should be stored in a secured location onsite for easy access.

C.

The tape rotation schedule affects how long data is retained.

D.

Backup media should be restored only in case of a hardware or software failure.

Question 77

Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

Options:

A.

There is a greater need for organizations to rely on users to comply with policies and procedures.

B.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

C.

Incident response times are less critical in the BYOD environment compared to a traditional environment.

D.

There is greater sharing of operational risk in a BYOD environment.

Question 78

Which of the following controls refers to requiring employees to use a combination of PINs, passwords, and/or biometrics to access an organization's smart device apps and data?

Options:

A.

Remote wipe.

B.

Software encryption.

C.

Device encryption.

D.

Authentication.

Question 79

Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

Options:

A.

Requested backup tapes were not returned from the offsite vendor in a timely manner

B.

Returned backup tapes from the offsite vendor contained empty spaces

C.

Critical systems have been backed up more frequently than required

D.

Critical system backup tapes are taken off site less frequently than required

Question 80

An internal auditor is assessing the risks related to an organization’s mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internal auditor be most concerned about?

Options:

A.

Compliance.

B.

Privacy.

C.

Strategic.

D.

Physical security.

Question 81

Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?

Options:

A.

Anti-malware software

B.

Authentication

C.

Spyware

D.

Rooting

Question 82

A motivational technique generally used to overcome monotony and job-related boredom is:

Options:

A.

Job specification.

B.

Job objectives.

C.

Job rotation.

D.

Job description.

Question 83

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income. Which of the following terms would the investor most likely label this investment in her portfolio?

Options:

A.

A star

B.

A cash cow

C.

A question mark

D.

A dog

Question 84

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange (EDI)?

Options:

A.

A just-in-time purchasing environment

B.

A large volume of custom purchases

C.

A variable volume sensitive to material cost

D.

A currently inefficient purchasing process

Question 85

Which of the following represents an example of a physical security control?

Options:

A.

Access rights are allocated according to the organization’s policy

B.

There is confirmation that data output is accurate and complete

C.

Servers are located in locked rooms to which access is restricted

D.

A record is maintained to track the process from data input to storage

Question 86

For employees, the primary value of implementing job enrichment is which of the following?

Options:

A.

Validation of the achievement of their goals and objectives

B.

Increased knowledge through the performance of additional tasks

C.

Support for personal growth and a meaningful work experience

D.

An increased opportunity to manage better the work done by their subordinates

Question 87

A large retail customer made an offer to buy 10,000 units at a special price of $7 per unit. The manufacturer usually sells each unit for $10. Variable manufacturing costs are $5 per unit and fixed manufacturing costs are $3 per unit. For the manufacturer to accept the offer, which of the following assumptions needs to be true?

Options:

A.

Fixed and variable manufacturing costs are less than the special offer selling price

B.

The manufacturer can fulfill the order without expanding the capacities of the production facilities

C.

Costs related to accepting this offer can be absorbed through the sale of other products

D.

The manufacturer’s production facilities are currently operating at full capacity

Question 88

Which of the following lists is comprised of computer hardware only?

Options:

A.

A central processing unit, a scanner, and a value-added network

B.

A computer chip, a data warehouse, and a router

C.

A server, a firewall, and a smartphone

D.

A workstation, a modem, and a disk drive

Question 89

Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

A clothing company designs, makes, and sells a new item

B.

A commercial construction company is hired to build a warehouse

C.

A city department sets up a new firefighter training program

D.

A manufacturing organization acquires component parts from a contracted vendor

Question 90

Which of the following risks is best addressed by encryption?

Options:

A.

Information integrity risk.

B.

Privacy risk.

C.

Access risk.

D.

Software risk.

Question 91

Which of the following best explains why an organization would enter into a capital lease contract?

Options:

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization’s free cash flow from operations

C.

To improve the organization’s free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Question 92

Which of the following statements is true regarding the management-by-objectives (MBO) approach?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks

C.

Management by objectives helps organizations to keep employees motivated

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals

Question 93

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization’s network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage

D.

Use management software to scan and then prompt patch reminders when devices connect to the network

Question 94

For employees, the primary value of implementing job enrichment is which of the following?

Options:

A.

Validation of the achievement of their goals anti objectives

B.

Increased knowledge through the performance of additional tasks

C.

Support for personal growth and a meaningful work experience

D.

An increased opportunity to manage better the work done by their subordinates

Question 95

While auditing an organization's customer call center, an internal auditor notices that Key performance indicators show a positive trend, despite the fact that there have been increasing customer complaints over the same period. Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Options:

A.

Review the call center script used by customer service agents to interact with callers, and update the script if necessary.

B.

Be-emphasize the importance of call center employees completing a certain number of calls per hour.

C.

Retrain call center staff on area processes and common technical issues that they will likely be asked to resolve.

D.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Question 96

An internal auditor found the following information while reviewing the monthly financial siatements for a wholesaler of safety

as

The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?

Options:

A.

Average cost method

B.

First-in, first-out (FIFO) method

C.

Specific identification method

D.

Activity-based costing method

Question 97

Which of the following statements. Is most accurate concerning the management and audit of a web server?

Options:

A.

The file transfer protocol (FTP) should always be enabled.

B.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.

C.

The number of ports and protocols allowed to access the web server should be maximized.

D.

Secure protocols for confidential pages should be used instead of dear-text protocols such as HTTP or FTP.

Question 98

Which of the following statements is true regarding the management-by-objectives method?

Options:

A.

Management by objectives is most helpful in organizations that have rapid changes.

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.

Question 99

An organization requires an average of 5S days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables. If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?

Options:

A.

26 days.

B.

90 days,

C.

100 days.

D.

110 days

Question 100

A one-time password would most likely be generated in which of the following situations?

Options:

A.

When an employee accesses an online digital certificate

B.

When an employee's biometrics have been accepted.

C.

When an employee creates a unique digital signature,

D.

When an employee uses a key fob to produce a token.

Question 101

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

D.

Use management software scan and then prompt parch reminders when devices connect to the network

Question 102

Which of the following should be included in a data privacy poky?

1. Stipulations for deleting certain data after a specified period of time.

2. Guidance on acceptable methods for collecting personal data.

3. A requirement to retain personal data indefinitely to ensure a complete audit trail,

4. A description of what constitutes appropriate use of personal data.

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 4 only

D.

2, 3, and 4 only

Question 103

According to Herzberg's Two-Factor Theory of Motivation, which of the following factors arc mentioned most often by satisfied employees?

Options:

A.

Salary and status

B.

Responsibility and advancement

C.

Work conditions and security

D.

Peer relationships and personal life

Question 104

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic cate interchange?

Options:

A.

A just-in-time purchasing environment

B.

A Large volume of custom purchases

C.

A variable volume sensitive to material cost

D.

A currently inefficient purchasing process

Question 105

Which of the following is the best example of IT governance controls?

Options:

A.

Controls that focus on segregation of duties, financial, and change management,

B.

Personnel policies that define and enforce conditions for staff in sensitive IT areas.

C.

Standards that support IT policies by more specifically defining required actions

D.

Controls that focus on data structures and the minimum level of documentation required

Question 106

A small software development firm designs and produces custom applications for businesses. The application development team consists of employees from multiple departments who all report to a single project manager. Which of the following organizational structures does this situation represent?

Options:

A.

Functional departmentalization.

B.

Product departmentalization

C.

Matrix organization.

D.

Divisional organization

Question 107

Which of the following job design techniques would most likely be used to increase employee motivation through job responsibility and recognition?

Options:

A.

Job complicating

B.

Job rotation

C.

Job enrichment

D.

Job enlargement

Question 108

At one organization, the specific terms of a contract require both the promisor end promise to sign the contract in the presence of an independent witness.

What is the primary role to the witness to these signatures?

Options:

A.

A witness verifies the quantities of the copies signed.

B.

A witness verifies that the contract was signed with the free consent of the promisor and promise.

C.

A witness ensures the completeness of the contract between the promisor and promise.

D.

A witness validates that the signatures on the contract were signed by tire promisor and promise.

Question 109

Which of the following responsibilities would ordinary fall under the help desk function of an organization?

Options:

A.

Maintenance service items such as production support.

B.

Management of infrastructure services, including network management.

C.

Physical hosting of mainframes and distributed servers

D.

End-to -end security architecture design.

Question 110

An internal auditor was asked to review an equal equity partnership, in one sampled transaction. Partner A transferred equipment into the partnership with a Self-declared value of 510 ,000, and Partner B contributed equipment with a self-declared value of 515,000. The capital accounts reach partner were subsequently credited with $12,500. Which of the following statements Is true regarding this transection?

Options:

A.

The capital accounts of the partners should be increased by she original cost of the contributed equipment.

B.

The capital accounts should be increased using a weighted average based by the current percentage of ownership.

C.

No action is needed, as the capital account of each partner was increased by the correct amount,

D.

The capital accounts of the partners should be increased by She fair market value of their contribution.

Question 111

A rapidly expanding retail organisation continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

Options:

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals

C.

Suboptimal decision making

D.

Duplication of business activities

Question 112

A retail organization mistakenly did have include $10,000 of Inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?

Options:

A.

Cost of sales and net income are understated.

B.

Cost of sales and net income are overstated.

C.

Cost of sales is understated and not income is overstated.

D.

Cost of sales is overstated and net Income is understated.

Question 113

Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of Infringement on local regulations, such as copyright or privacy laws?

Options:

A.

Not installing anti-malware software

B.

Updating operating software in a haphazard manner,

C.

Applying a weak password for access to a mobile device.

D.

JoIIbreaking a locked smart device

Question 114

With regard to project management, which of the following statements about project crashing Is true?

Options:

A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially.

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added so the project.

Question 115

Which of the following items represents the first thing that should be done with obtained dote in the data analytics process?

Options:

A.

Verify completeness and accuracy.

B.

Verify existence and accuracy.

C.

Verify completeness and integrity.

D.

Verify existence and completeness.

Question 116

Management is designing its disaster recovery plan. In the event that there is significant damage to the organization's IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration. Which of the following is the ideal solution for management in this scenario?

Options:

A.

A warm recovery plan.

B.

A cold recovery plan.

C.

A hot recovery plan.

D.

A manual work processes plan

Question 117

Which of the following is on example of a smart device security control intended to prevent unauthorized users from gaining access to a device's data or applications?

Options:

A.

Anti-malware software

B.

Authentication

C.

Spyware

D.

Rooting

Question 118

During which phase of the contracting process ere contracts drafted for a proposed business activity?

Options:

A.

Initiation phase.

B.

Bidding phase

C.

Development phase

D.

Management phase

Question 119

According to IIA guidance, which of the following is a broad collection of integrated policies, standards, and procedures used to guide the planning and execution of a project?

Options:

A.

Project portfolio.

B.

Project development

C.

Project governance.

D.

Project management methodologies

Question 120

Which of the following is a primary driver behind the creation and prloritteation of new strategic Initiatives established by an organization?

Options:

A.

Risk tolerance

B.

Performance

C.

Threats and opportunities

D.

Governance

Question 121

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.

There is a higher reliance on organizational culture.

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed

D.

There is a defined code far employee behavior.

Question 122

Which of the following statements is true regarding cost-volume-profit analysis?

Options:

A.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

B.

Breakeven point is the amount of units sold to cover variable costs.

C.

Breakeven occurs when the contribution margin covers fixed costs.

D.

Following breakover1, he operating income will increase by the excess of fixed costs less the variable costs per units sold.

Question 123

An organization that soils products to a foreign subsidiary wants to charge a price that wilt decrease import tariffs. Which of the following is the best course of action for the organization?

Options:

A.

Decrease the transfer price

B.

Increase the transfer price

C.

Charge at the arm's length price

D.

Charge at the optimal transfer price

Question 124

An investor has acquired an organization that has a dominant position in a mature. slew-growth Industry and consistently creates positive financial income.

Which of the following terms would the investor most likely label this investment in her portfolio?

Options:

A.

A star

B.

A cash cow

C.

A question mark

D.

A dog

Page: 1 / 42
Total 416 questions