IIA-CIA-Part3-3P Sample Questions Answers

Determine the optimal amount of resources for the organization to invest in CSR.

Align CSR program objectives with the organization's strategic plan.

Integrate CSR activities into the organization's decision-making process.

Determine whether the organization has an appropriate policy governing its CSR activities.

Cutbacks in preventive maintenance.

An inadequately trained and supervised labor force.

A large number of rush orders.

Production of more units than planned for in the master budget.

Exception report identifying payment anomalies.

Documented policy and procedures.

Periodic account reconciliation of contractor charges.

Monthly management review of all contractor activity.

50 units.

60 units.

100 units.

120 units.

1 and 2 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

That those employees who do not consent to MDM software cannot have an email account.

That personal data on the device cannot be accessed and deleted by system administrators.

That monitoring of employees' online activities is conducted in a covert way to avoid upsetting them.

That employee consent includes appropriate waivers regarding potential breaches to their privacy.

Servers optimize data processing by sharing it with other computers on the information system

Servers manage the interconnectivity of system hardware devices in the information system.

Servers manage the data stored in databases residing on the information system.

Servers enforce access controls between networks transmitting data on the information system

12-digit password feature.

Security question feature.

Voice recognition feature.

Two-level sign-on feature.

Fixed costs per unit for each additional unit sold

Variable costs per unit for each additional unit sold

Contribution margin per unit for each additional unit sold

Gross margin per unit for each additional unit sold

Cost method

Equity method

Consolidation method

Fair value method

Community institutional and agricultural banking.

Mortgages credit cards and savings

South southwest and east.

Teller manager and IT specialist

Verify whether the organization uses the most recent database software version

Verify whether the database software version is supported by the vendor.

Verify whether the database software version has been recently upgraded

Verify whether access to database version information is appropriately restricted

Focus

Cost leadership

Innovation

Differentiation

Input controls

Output controls

Processing controls

Integrity controls

The risk that users try to bypass controls and do not install required software updates.

The risk that smart devices can be lost or stolen due to their mobile nature.

The risk that an organization intrusively monitors personal information stored on smart devices.

The risk that proprietary information is not deleted from the device when an employee leaves.

There is a higher reliance on organizational culture

There are clear expectations set for employees

There are electronic monitoring techniques employed

There is a defined code for employee behavior

Password selection

Password aging

Password lockout

Password rotation

Suspend assumptions and negative feedback

Weight suggestions based on the speaker's level of authority.

Discuss the details of all options presented

Provide documentation to support their positions

Authorization

Architecture model

Firewall

Virtual private network

Input controls.

Output controls

Processing controls

Integrity controls

Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.

Workstation contains software that controls information flow between the organization's network and the Internet.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.

Workstation contains software that manages user's access and processing of stored data on the organization's network.

Giving assurance that risks are evaluated correctly.

Developing the risk management strategy for the board's approval.

Facilitating the identification and evaluation of risks.

Coaching management in responding to risk.

Lack of flexibility.

Incompatibility with client/server technology.

Employee resistance to change.

Inadequate technical support.

It is expected that there will be slow retaliation from incumbents.

The acquiring organization has information that the selling organization is weak.

The number of bidders to acquire the organization for sale is low.

The condition of the economy is poor.

$170,000

$280,000

$300,000

$540,000

Use an aging schedule to more closely estimate uncollectible accounts.

Eliminate the need for an allowance for doubtful accounts.

Emphasize the accuracy of the net realizable value of the receivables on the balance sheet.

Use a method that approximates the matching principle.

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

Weak entrance barriers.

Significant scale economies.

Steep experience curve.

Strong negotiation power with suppliers.

Relatively fast market entry.

Improved cash flow of the acquiring organization.

Increased diversity of corporate culture.

Opportunity to influence local government policy.

7 percent simple interest with a 10 percent compensating balance.

7 percent simple interest paid at the end of each year.

7 percent discount interest.

7 percent compounding interest.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Program design, system requirements, software design, analysis, coding, testing, operations.

System requirements, software design, analysis, program design, testing, coding, operations.

System requirements, software design, analysis, program design, coding, testing, operations.

System requirements, analysis, coding, software design, program design, testing, operations.

Firewalls can protect against computer viruses.

Firewalls monitor attacks from the Internet.

Firewalls provide network administrators tools to retaliate against hackers.

Firewalls may be software-based or hardware-based.

Formulate contingency plans.

Conduct a risk analysis.

Create a crisis management team.

Practice the response to a crisis.

Access to read application logs is restricted to authorized users.

Account balance information is encrypted in the database.

The web server used to host the application is located in a physically secure area.

Sensitive data, such as account numbers, are submitted using encrypted communications.

End users have their read-only applications approved by the information systems department before accessing the database.

Concurrency update controls are in place.

End-user applications are developed on personal computers before being implemented on the

mainframe.

A hierarchical database model is adopted so that multiple users can be served at the same time.

Government pressure on organizations to increase or maintain employment.

Production orientation of management.

Lack of credible market leader in the industry.

Company diversification.

1 only

4 only

2 and 4

3 and 4

The valuation will be incorrect it the inventory includes goods m transit shipped free on board (FOB) destination to another organization

The valuation will be correct if the inventory includes goods received on consignment from another organization

The valuation will be incorrect it the inventory includes goods in transit shipped FOB shipping point from another organization

The valuation will be correct it the inventory includes goods sent on consignment to another

organization

Due to their small size and portability smart devices and their associated data are typically less susceptible to physical loss

The Bluetooth and WI-FI features of smart devices enhance the security of data while in transit

The global positioning system (GPS) capability of smart devices could be exploited to plan cyberattacks

When the user fads to perform jailbreaking or rooting, data security and privacy risks we increased

Boundary defense.

Malware defense.

Penetration tests.

Wireless access controls.

Frozen site.

Cold site.

Warm site.

Hot site.

Application input controls

Firewall controls.

Transmission encryption controls

Change management controls

It uses the same products in all countries.

It centralizes control with little decision-making authority given to the local level.

It is an effective strategy when large differences exist between countries.

It provides cost advantages, improves coordinated activities, and speeds product development.

Users determine the optimal level of safety stocks.

They are applicable only to large organizations.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

They rely heavily on high quality materials.

High degree of masculinity.

Low uncertainty avoidance.

High collectivism.

Low long-term orientation.

Performing a system audit.

Making system changes.

Testing policy compliance.

Conducting system monitoring.

Cold recovery plan.

Outsourced recovery plan.

Storage area network recovery plan.

Hot recovery plan.

Deploy intrusion detection systems and conduct penetration testing

Administer security procedures, training, and testing.

Monitor incidents, key risk indicators, and remediation

implement vulnerability management with internal and external scans.

1, 2, 3, 4

2, 1, 4, 3

2, 4, 1, 3

4, 2, 1, 3

Providing fire detection and suppression equipment

Establishing a physical security policy and promoting it throughout the organization

Performing business continuity and disaster recovery planning

Keeping an offsite backup of the organization's critical data

An attempt at phishing.

An attempt at penetration testing

An attempt to patch the server

An attempt to launch malware

Cash discounts.

Quantity discounts.

Functional discounts.

Seasonal discounts.

Market price.

Negotiation-based.

Full absorption cost

Variable cost

Input controls

Output controls

Integrity controls

Processing controls

Tampering

Hacking

Phishing

Piracy

Identity requests are approved in two steps.

Logs are checked for misaligned identities and access rights.

Users have to validate their identity with a smart card.

Functions can be performed based on access rights.

A star

A cash cow

A Question mark

A dog

The business continuity management charter.

The business continuity risk assessment plan

The business impact analysis plan

The business case for business continuity planning

A clothing company designs makes and sells a new item.

A commercial constructor company is hired to build a warehouse.

A city department sets up a new firefighter training program.

A manufacturing organization acquires component parts from a contracted vendor

Risk tolerance

Performance.

Threats and opportunities.

Governance

Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

Review the password length, frequency of change, and list of users for the workstation's login process.

Review the list of people who attempted to access the workstation and failed, as well as error messages.

Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

An employee receives an email that appears to be from the organization's bank, though it is not. The employee replies to the email and sends the requested confidential information.

An organization's website has been hacked. The hacker added political content that is not consistent with the organization's views.

An organization's systems have been compromised by malicious software. The software locks the organization's operating system until d ransom is paid.

An organization's communication systems have been intercepted. A communication session is controlled by an unauthorized third party.

Report identifying data that is outside of system parameters

Report identifying general ledger transactions by time and individual

Report comparing processing results with original input

Report confirming that the general ledger data was processed without error.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

The goal of the change management process is to sustain and improve organizational operations.

The degree of risk associated with a proposed change determines if the change request requires authorization.

In order to protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.

All changes should be tested in a non-production environment before migrating to the production environment.

Improved integrity of programs and processing.

Enhanced ongoing maintenance of the system.

Greater accuracy of the testing phase.

Reduced need for unexpected software changes.

Key processes across the entity which impact quality must be identified and included.

The quality management system must be documented in the articles of incorporation, quality manual,

procedures, work instructions, and records.

Management must review the quality policy, analyze data about quality management system

performance, and assess opportunities for improvement and the need for change.

The entity must have processes for inspections, testing, measurement, analysis, and improvement.

Program versions are synchronized across the network.

Emergency move procedures are documented and followed.

Appropriate users are involved in program change testing.

Movement from the test library to the production library is controlled.

Buying an insurance policy to protect against loss events.

Hedging against natural gas price fluctuations.

Selling a non-strategic business unit.

Outsourcing a high risk process to a third party.