According to 11A guidance on it; which of the following statements is true regarding websites used in e-commerce transactions?

Payment gatewaysauthorizecredit cardonlinepayments.

HTTP sites provide sufficient security to protect customers' credit card information.

Web servers store credit cardholders' information submitted for payment.

Database servers send cardholders' information for authorization in clear text.

Payment gatewaysauthorizecredit cardonlinepayments.

Which of the following is a benefit from the concept of Internet of Things?

Physical devices, such as thermostats and heat pumps, can be set to react to electricity market changes and reduce costs.

Employees can choose from a variety of devices they want to utilize to privately read work emails without their employer's knowledge.

Physical devices, such as thermostats and heat pumps, can be set to react to electricity market changes and reduce costs.

Information can be extracted more efficiently from databases and transmitted to relevant applications for in-depth analytics.

Data mining and data collection from internet and social networks is easier, and the results are more comprehensive

Which of the following controls would an internal auditor consider the most relevant to reduce risks of project cost overruns?

There is a formal process to monitor the status of the project and compare it to the cost baseline

Scope change requests are reviewed and approved by a manager with a proper level of authority.

Cost overruns are reviewed and approved by a control committee led by the project manager.

There is a formal quality assurance process to review scope change requests before they are implemented

There is a formal process to monitor the status of the project and compare it to the cost baseline

What relationship exists between decentralization and the degree, importance, and range of lowerlevel decision making?

Mutually exclusive relationship.

When would a contract be dosed out?

When ail contractual obligations have been discharged.

When there's a dispute between the contracting parties

When ail contractual obligations have been discharged.

When the termination clause is enacted.

Which of the following attributes of data are cybersecurity controls primarily designed to protect?

Accessibility, accuracy, and effectiveness.

Veracity, velocity, and variety.

Integrity, availability, and confidentiality.

Accessibility, accuracy, and effectiveness.

Authorization, logical access, and physical access.

An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks. The auditor grouped the related risks into three categories;- Risks specific to the organization itself.- Risks specific to the service provider.- Risks shared by both the organization and the service providerWhich of the following risks should the auditor classify as specific to the service provider?

Violation of contractual terms.

Unexpected increases in outsourcing costs.

Violation of contractual terms.

Which of the following is true regarding the use of remote wipe for smart devices?

It enables the erasure and reformatting of secure digital (SD) cards.

It can restore default settings and lock encrypted data when necessary.

It enables the erasure and reformatting of secure digital (SD) cards.

It can delete data backed up to a desktop for complete protection if required.

It can wipe data that is backed up via cloud computing

While performing an audit of a car tire manufacturing plant, an internal auditor noticed a significant decrease in the number of tires produced from the previous operating period. To determine whether worker inefficiency caused the decrease, what additional information should the auditor request?

Plant production employee headcount average for the operating period.

Total tire production labor hours for the operating period.

Total tire production costs for the operating period.

Plant production employee headcount average for the operating period.

The production machinery utilization rates.

Which of the following storage options would give the organization the best chance of recovering data?

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readily available.

Encrypted physical copies of the data, and their encryption keys are stored together at the organization and are readily available upon request.

Encrypted physical copies of the data are stored separately from their encryption keys, and both are held in secure locations a few hours away from the organization.

Encrypted reports on usage and database structure changes are stored on a cloud-based, secured database that is readily accessible.

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readily available.

A small chain of grocery stores made a reporting error and understated its ending inventory. What effect would this have on the income statement for the following year?

Net income would be overstated.

Net income would be understated.

Net income would not be affected.

Net income would be overstated.

When evaluating the help desk services provided by a third-party service provider which of the following is likely to be the internal auditor's greatest concern?

Whether the provider's responses and resolutions were well defined according to the service-level agreement.

Whether every call that the service provider received was logged by the help desk.

Whether a unique identification number was assigned to each issue identified by the service provider

Whether the service provider used its own facilities to provide help desk services

Whether the provider's responses and resolutions were well defined according to the service-level agreement.

An internal auditor reviews a data population and calculates the mean, median, and range. What is the most likely purpose of performing this analytic technique?

To identify whether the population contains outliers.

To inform the classification of the data population.

To determine the completeness and accuracy of the data.

To identify whether the population contains outliers.

To determine whether duplicates in the data inflate the range.

What is the primary risk associated with an organization adopting a decentralized structure?

Inconsistency in decision making.

Greater costs of control function.

Inconsistency in decision making.

An organization discovered fraudulent activity involving the employee time-tracking system. One employee regularly docked in and clocked out her co-worker friends on their days off, inflating their reported work hours and increasing their wages. Which of the following physical authentication devices would be most effective at disabling this fraudulent scheme?

Face or finger recognition equipment,

Radio-frequency identification chips to authenticate employees with cards.

A requirement to clock in and clock out with a unique personal identification number.

A combination of a smart card and a password to clock in and clock out.

Which of the following is a result of Implementing on e-commerce system, which relies heavily on electronic data interchange and electronic funds transfer, for purchasing and biting?

Higher cash flow and treasury balances.

Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of Infringement on local regulations, such as copyright or privacy laws?

JoIIbreaking a locked smart device

Not installing anti-malware software

Updating operating software in a haphazard manner,

Applying a weak password for access to a mobile device.

JoIIbreaking a locked smart device

Which of the following is the most appropriate way lo record each partner's initial Investment in a partnership?

At the value agreed upon by the partners.

Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

There is a greater need for organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment, compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment

According to lIA guidance on IT, which of the following plans would pair the identification of critical business processes with recovery time objectives?

The business Impact analysis plan

The business continuity management charter.

The business continuity risk assessment plan.

The business Impact analysis plan

The business case for business continuity planning

Which of the following is an example of an application control?

Automated password change requirements.

User testing of system changes.

An organization has a declining inventory turnover but an Increasing gross margin rate, Which of the following statements can best explain this situation?

The organization has adopted just-in-time inventory.

The organization's operating expenses are increasing.

The organization has adopted just-in-time inventory.

The organization is experiencing Inventory theft

The organization's inventory is overstated.

An internal auditor was asked to review an equal equity partnership, in one sampled transaction.Partner A transferred equipment into the partnership with a Self-declared value of 510 ,000, and Partner B contributed equipment with a self-declared value of 515,000. The capital accounts reach partner were subsequently credited with $12,500. Which of the following statements Is true regarding this transection?

No action is needed, as the capital account of each partner was increased by the correct amount,

The capital accounts of the partners should be increased by she original cost of the contributed equipment.

The capital accounts should be increased using a weighted average based by the current percentage of ownership.

No action is needed, as the capital account of each partner was increased by the correct amount,

The capital accounts of the partners should be increased by She fair market value of their contribution.

An organization with global headquarters in the United States has subsidiaries in eight other nations.If the organization operates with an ethnocentric attitude, which of the following statements is true?

Orders, commands, and advice are sent to the subsidiaries from headquarters.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.

Orders, commands, and advice are sent to the subsidiaries from headquarters.

Poop o of local nationality are developed for the best positions within their own country.

There is a significant amount of collaboration between headquarters and subs diaries.

According to IIA guidance, which of the following statements is true regarding analytical procedures?

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

There are clear expectations set for employees.

There is a higher reliance on organizational culture.

There are clear expectations set for employees.

There are electronic monitoring techniques employed

There is a defined code far employee behavior.

What is the primary purpose of an Integrity control?

To ensure data processing is complete, accurate, and authorized.

To ensure data being processed remains consistent and intact.

To monitor the effectiveness of other controls

To ensure the output aligns with the intended result.

According to Maslow's hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?

Series of belonging in the organization

An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the dat a. Which of the following statements is true regarding this scenario?

The auditor is normalizing data in preparation for analyzing it.

The auditor is analyzing the data in preparation for communicating the results,

The auditor is cleaning the data in preparation for determining which processes may be involves .

The auditor is reviewing trio data prior to defining the question

IIA IIA-CIA-Part3 Practice Test 3 - Free Online Exam Prep & Questions

Question 1 / 40

Which of the following measures would best protect an organization from automated attacks whereby the attacker attempts to identify weak or leaked passwords in order to log into employees' accounts?

Requiring users to change their passwords every two years.

Requiring two-step verification for all users

Requiring the use of a virtual private network (VPN) when employees are out of the office.

Requiring the use of up-to-date antivirus, security, and event management tools.

Comment (0)

IIA IIA-CIA-Part3 Practice Test 3

Question

IIA IIA-CIA-Part3 Practice Tests

Practice Tests