IIA IIA-CIA-Part3 Business Knowledge for Internal Auditing Exam Practice Test

Greater cost-effectiveness

Increased economies of scale

Larger talent pool

Strong internal controls

Formulas and static data are locked or protected.

The spreadsheet is stored on a network server that is backed up daily.

The purpose and use of the spreadsheet are documented.

Check-in and check-out software is used to control versions.

Direct materials, indirect materials, raw materials.

Overhead costs, direct labor, direct materials.

Direct materials, direct labor, depreciation on factory buildings.

Raw materials, factory employees' wages, production selling expenses.

There is a greater need for organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment, compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment

It can restore default settings and lock encrypted data when necessary.

It enables the erasure and reformatting of secure digital (SD) cards.

It can delete data backed up to a desktop for complete protection if required.

It can wipe data that is backed up via cloud computing

Net income would be understated.

Net income would not be affected.

Net income would be overstated.

Net income would be negative.

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing she financial information of the company

An extranet

A local area network

An Intranet

The internet

Relationship with supervisor

Salary

Security.

Achievement

1 and 2 only

2 and 3 only

1, 2 and 4 only

2, 3, and 4 only

An offboarding procedure is initiated monthly to determine redundant physical access rights.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

Requests for additional access rights are sent for approval and validation by direct supervisors.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Job complicating

Job rotation

Job enrichment

Job enlargement

Designing and maintaining the database.

Preparing input data and maintaining the database.

Maintaining the database and providing its security,

Designing the database and providing its security

Change management practices to ensure operating system patch documentation is retained.

User role requirements are documented in accordance with appropriate application-level control needs.

Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity.

Interfaces reinforce segregation of duties between operations administration and database development.

Debit indicates the right side of an account and credit the left side

Debit means an increase in an account and credit means a decrease.

Credit indicates the right side of an account and debit the left side.

Credit means an increase in an account and debit means a decrease

Total tire production labor hours for the operating period.

Total tire production costs for the operating period.

Plant production employee headcount average for the operating period.

The production machinery utilization rates.

Ease of use.

Value to the business.

Intrusion prevention.

Ergonomic model.

At the value agreed upon by the partners.

At book value.

At fair value

At the original cost.

Determining the frequency with which backups will be performed.

Prioritizing the order in which business systems would be restored.

Assigning who in the IT department would be involved in the recovery procedures.

Assessing the resources needed to meet the data recovery objectives.

Scope change requests are reviewed and approved by a manager with a proper level of authority.

Cost overruns are reviewed and approved by a control committee led by the project manager.

There is a formal quality assurance process to review scope change requests before they are implemented

There is a formal process to monitor the status of the project and compare it to the cost baseline

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate

Legitimate authority

Coercive authority.

Referent authority.

Expert authority.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

Use management software scan and then prompt parch reminders when devices connect to the network

Collections from customers

Sale of securities.

Purchase of trucks.

Payment of debt, including interest

Variable entity approach.

Control ownership.

Risk and reward.

Voting interest.

Variety.

Velocity.

Volume.

Veracity.

Cash payback technique

Annual rate of return technique.

Internal rate of return method.

Net present value method.

Veracity, velocity, and variety.

Integrity, availability, and confidentiality.

Accessibility, accuracy, and effectiveness.

Authorization, logical access, and physical access.

Operating system

Control environment

Network.

Application program code

1 and 2

1 and 4

3 and A

2 and 3

The business continuity management charter.

The business continuity risk assessment plan.

The business Impact analysis plan

The business case for business continuity planning

Facial comparison using photo identification.

Signature comparison.

Voice comparison.

Retinal print comparison.

To protect the effective performance of IT general and application controls.

To regulate users' behavior it the web and cloud environment.

To prevent unauthorized access to information assets.

To secure application of protocols and authorization routines.

A traditional key lock

A biometric device

A card-key system

A proximity device

It calculates the overall value of a project.

It ignores the time value of money.

It calculates the time a project takes to break even.

It begins at time zero for the project.

Password selection

Password aging

Password lockout

Password rotation

Activity

Subprocess

Major process

Mega process

Backup media is not properly stored, as the storage facility should be off-site.

Backup procedures are adequate and appropriate according to best practices.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

Backup schedule is not sufficient, as full backup should be conducted daily.