ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part3
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When executive compensation is based on the organization's financial results, which of the following situations is most likely to arise?
Which of the following contract concepts is typically given in exchange for the execution of a promise?
An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team's performance related to how project tasks are completed?
Which of the following statements is true regarding a project life cycle?
An internal auditor observed that the organization's disaster recovery solution will make use of a cold site in a town several miles away. Which of the following is likely to be a characteristic of this disaster recover/ solution?
An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks. The auditor grouped the related risks into three categories; - Risks specific to the organization itself. - Risks specific to the service provider. - Risks shared by both the organization and the service provider Which of the following risks should the auditor classify as specific to the service provider?
A newly appointed board member received an email that appeared to be from the company's CEO. The email stated: "Good morning. As you remember, the closure of projects is our top priority. Kindly organize prompt payment of the attached invoice for our new solar energy partners." The board member quickly replied to the email and asked under which project the expense should be accounted. Only then did he realize that the sender 's mail domain was different from the company's. Which of the following cybersecurity risks nearly occurred in the situation described?
An employee was promoted within the organization and relocated to a new office in a different building. A few months later, security personnel discovered that the employee's smart card was being used to access the building where she previously worked. Which of the following security controls could prevent such an incident from occurring?
Which of the following best describes the use of predictive analytics?
Which of the following characteristics applies to an organization that adopts a flat structure?

Question 314 - IIA-CIA-Part3 discussion

Report
Export

According to IIA guidance, which of the following statements is true regarding penetration testing?

A.
Testing should not be announced to anyone within the organization to solicit a real-life response.
Answers
A.
Testing should not be announced to anyone within the organization to solicit a real-life response.
B.
Testing should take place during heavy operational time periods to test system resilience.
Answers
B.
Testing should take place during heavy operational time periods to test system resilience.
C.
Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.
Answers
C.
Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.
D.
Testing should address the preventive controls and management's response.
Answers
D.
Testing should address the preventive controls and management's response.
Suggested answer: B
Show Answer
asked 18/09/2024
vladimir nezgoda
34 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms