Independence Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

IIA IIA-CIA-Part3 Business Knowledge for Internal Auditing Exam Practice Test

Demo: 39 questions
Total 266 questions

Business Knowledge for Internal Auditing Questions and Answers

Question 1

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

Options:

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Question 2

According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Options:

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Question 3

Which of the following lists best describes the classification of manufacturing costs?

Options:

A.

Direct materials, indirect materials, raw materials.

B.

Overhead costs, direct labor, direct materials.

C.

Direct materials, direct labor, depreciation on factory buildings.

D.

Raw materials, factory employees' wages, production selling expenses.

Question 4

Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

Options:

A.

There is a greater need for organizations to rely on users to comply with policies and procedures.

B.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

C.

Incident response times are less critical in the BYOD environment, compared to a traditional environment

D.

There is greater sharing of operational risk in a BYOD environment

Question 5

Which of the following is true regarding the use of remote wipe for smart devices?

Options:

A.

It can restore default settings and lock encrypted data when necessary.

B.

It enables the erasure and reformatting of secure digital (SD) cards.

C.

It can delete data backed up to a desktop for complete protection if required.

D.

It can wipe data that is backed up via cloud computing

Question 6

A small chain of grocery stores made a reporting error and understated its ending inventory. What effect would this have on the income statement for the following year?

Options:

A.

Net income would be understated.

B.

Net income would not be affected.

C.

Net income would be overstated.

D.

Net income would be negative.

Question 7

Which of the following scenarios best illustrates a spear phishing attack?

Options:

A.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

B.

A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.

C.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

D.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Question 8

An internal auditor for a pharmaceutical company as planning a cybersecurity audit and conducting a risk assessment. Which of the following would be considered the most significant cyber threat to the organization?

Options:

A.

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

B.

Hackers breaching the organization's network to access research and development reports

C.

A denial-of-service attack that prevents access to the organization's website.

D.

A hacker accessing she financial information of the company

Question 9

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

A.

An extranet

B.

A local area network

C.

An Intranet

D.

The internet

Question 10

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

Options:

A.

Relationship with supervisor

B.

Salary

C.

Security.

D.

Achievement

Question 11

Which of the following should be included in a data privacy poky?

1. Stipulations for deleting certain data after a specified period of time.

2. Guidance on acceptable methods for collecting personal data.

3. A requirement to retain personal data indefinitely to ensure a complete audit trail,

4. A description of what constitutes appropriate use of personal data.

Options:

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 4 only

D.

2, 3, and 4 only

Question 12

Which of the following security controls focuses most on prevention of unauthorized access to the power plant?

Options:

A.

An offboarding procedure is initiated monthly to determine redundant physical access rights.

B.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

C.

Requests for additional access rights are sent for approval and validation by direct supervisors.

D.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Question 13

Which of the following job design techniques would most likely be used to increase employee motivation through job responsibility and recognition?

Options:

A.

Job complicating

B.

Job rotation

C.

Job enrichment

D.

Job enlargement

Question 14

An internal auditor identified a database administrator with an incompatible dual role. Which of the following duties should not be performed by the identified administrator?

Options:

A.

Designing and maintaining the database.

B.

Preparing input data and maintaining the database.

C.

Maintaining the database and providing its security,

D.

Designing the database and providing its security

Question 15

Which of the following is a sound network configuration practice to enhance information security?

Options:

A.

Change management practices to ensure operating system patch documentation is retained.

B.

User role requirements are documented in accordance with appropriate application-level control needs.

C.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

D.

Interfaces reinforce segregation of duties between operations administration and database development.

Question 16

In accounting, which of the following statements is true regarding the terms debit and credit?

Options:

A.

Debit indicates the right side of an account and credit the left side

B.

Debit means an increase in an account and credit means a decrease.

C.

Credit indicates the right side of an account and debit the left side.

D.

Credit means an increase in an account and debit means a decrease

Question 17

While performing an audit of a car tire manufacturing plant, an internal auditor noticed a significant decrease in the number of tires produced from the previous operating

period. To determine whether worker inefficiency caused the decrease, what additional information should the auditor request?

Options:

A.

Total tire production labor hours for the operating period.

B.

Total tire production costs for the operating period.

C.

Plant production employee headcount average for the operating period.

D.

The production machinery utilization rates.

Question 18

When determining the level of physical controls required for a workstation, which of the following factors should be considered?

Options:

A.

Ease of use.

B.

Value to the business.

C.

Intrusion prevention.

D.

Ergonomic model.

Question 19

Which of the following is the most appropriate way lo record each partner's initial Investment in a partnership?

Options:

A.

At the value agreed upon by the partners.

B.

At book value.

C.

At fair value

D.

At the original cost.

Question 20

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?

Options:

A.

Determining the frequency with which backups will be performed.

B.

Prioritizing the order in which business systems would be restored.

C.

Assigning who in the IT department would be involved in the recovery procedures.

D.

Assessing the resources needed to meet the data recovery objectives.

Question 21

Which of the following controls would an internal auditor consider the most relevant to reduce risks of project cost overruns?

Options:

A.

Scope change requests are reviewed and approved by a manager with a proper level of authority.

B.

Cost overruns are reviewed and approved by a control committee led by the project manager.

C.

There is a formal quality assurance process to review scope change requests before they are implemented

D.

There is a formal process to monitor the status of the project and compare it to the cost baseline

Question 22

An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two. Which of the following could be the reason for the decline in the net profit margin for year two?

Options:

A.

Cost of sales increased relative to sales.

B.

Total sales increased relative to expenses.

C.

The organization had a higher dividend payout rate in year two.

D.

The government increased the corporate tax rate

Question 23

An organization's technician was granted a role that enables him to prioritize projects throughout the organization. Which type of authority will the technician most likely be exercising?

Options:

A.

Legitimate authority

B.

Coercive authority.

C.

Referent authority.

D.

Expert authority.

Question 24

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Options:

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

D.

Use management software scan and then prompt parch reminders when devices connect to the network

Question 25

Which of the following is most appropriately placed in the financing section of an organization's cash budget?

Options:

A.

Collections from customers

B.

Sale of securities.

C.

Purchase of trucks.

D.

Payment of debt, including interest

Question 26

Which of the following represents a basis for consolidation under the International Financial Reporting Standards?

Options:

A.

Variable entity approach.

B.

Control ownership.

C.

Risk and reward.

D.

Voting interest.

Question 27

Which of the following attributes of data is most likely to be compromised in an organization with a weak data governance culture?

Options:

A.

Variety.

B.

Velocity.

C.

Volume.

D.

Veracity.

Question 28

Which of the following cost of capital methods identifies the time period required to recover She cost of the capital investment from the annual inflow produced?

Options:

A.

Cash payback technique

B.

Annual rate of return technique.

C.

Internal rate of return method.

D.

Net present value method.

Question 29

Which of the following attributes of data are cybersecurity controls primarily designed to protect?

Options:

A.

Veracity, velocity, and variety.

B.

Integrity, availability, and confidentiality.

C.

Accessibility, accuracy, and effectiveness.

D.

Authorization, logical access, and physical access.

Question 30

According to IIA guidance on IT, which of the following controls the routing of data packets to link computers?

Options:

A.

Operating system

B.

Control environment

C.

Network.

D.

Application program code

Question 31

The head of the research arid development department at a manufacturing organization believes that his team lacks expertise in some areas, and he decides to hire more experienced researchers to assist in the development of a new product. Which of the following variances are likely to occur as the result of this decision?

1. Favorable labor efficiency variance.

2. Adverse labor rate variance.

3. Adverse labor efficiency variance.

4. Favorable labor rate variance.

Options:

A.

1 and 2

B.

1 and 4

C.

3 and A

D.

2 and 3

Question 32

According to lIA guidance on IT, which of the following plans would pair the identification of critical business processes with recovery time objectives?

Options:

A.

The business continuity management charter.

B.

The business continuity risk assessment plan.

C.

The business Impact analysis plan

D.

The business case for business continuity planning

Question 33

Which of the following biometric access controls uses the most unique human recognition characteristic?

Options:

A.

Facial comparison using photo identification.

B.

Signature comparison.

C.

Voice comparison.

D.

Retinal print comparison.

Question 34

Which of the following best describes the primary objective of cybersecurity?

Options:

A.

To protect the effective performance of IT general and application controls.

B.

To regulate users' behavior it the web and cloud environment.

C.

To prevent unauthorized access to information assets.

D.

To secure application of protocols and authorization routines.

Question 35

Which of the following authentication device credentials is the most difficult to revoke when an employee s access rights need to be removed?

Options:

A.

A traditional key lock

B.

A biometric device

C.

A card-key system

D.

A proximity device

Question 36

Which of the following statements, is true regarding the capital budgeting procedure known as discounted payback period?

Options:

A.

It calculates the overall value of a project.

B.

It ignores the time value of money.

C.

It calculates the time a project takes to break even.

D.

It begins at time zero for the project.

Question 37

Which of the following application controls is the most dependent on the password owner?

Options:

A.

Password selection

B.

Password aging

C.

Password lockout

D.

Password rotation

Question 38

When reviewing application controls using the four-level model, which of the following processes are associated with level 4 of the business process method?

Options:

A.

Activity

B.

Subprocess

C.

Major process

D.

Mega process

Question 39

While conducting' audit procedures at the organization's data center an internal auditor noticed the following:

- Backup media was located on data center shelves.

- Backup media was organized by date.

- Backup schedule was one week in duration.

The system administrator was able to present restore logs.

Which of the following is reasonable for the internal auditor to conclude?

Options:

A.

Backup media is not properly stored, as the storage facility should be off-site.

B.

Backup procedures are adequate and appropriate according to best practices.

C.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

D.

Backup schedule is not sufficient, as full backup should be conducted daily.

Demo: 39 questions
Total 266 questions