Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free IIA IIA-CIA-Part3 Practice Exam with Questions & Answers | Set: 2

Questions 16

What would be the most relevant risk related to a bring-your-own-device policy?

Options:
A.

Data leakage due to the devices having access to the network.

B.

Lack of understanding of the technology and concept of the tool.

C.

Missing noncurrent assets capitalization.

D.

Financial losses due to smart device theft.

IIA IIA-CIA-Part3 Premium Access
Questions 17

With regard to project management, which of the following statements about project crashing is true?

Options:
A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially.

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added to the project.

Questions 18

On the last day of the year, a total cost of S 150.000 was incurred in indirect labor related to one of the key products an organization makes. How should the expense be reported on that year ' s financial statements?

Options:
A.

It should be reported as an administrative expense on the income statement.

B.

It should be reported as period cost other than a product cost on the management accounts

C.

It should be reported as cost of goods sold on the income statement.

D.

It should be reported on the balance sheet as part of inventory.

Questions 19

The chief audit executive hired a consultant to update the internal audit function’s methodologies. Which of the following would best ensure that the internal audit function will adhere to the updated methodologies?

Options:
A.

Placing the updated methodologies in an easily accessible location for reference

B.

Requiring a signed acknowledgment that each auditor will comply with the updated methodologies

C.

Preparing a recorded training that reviews the updated methodologies

D.

Sharing a one-page summary of the updated methodologies during an internal audit function meeting

Questions 20

An internal auditor is assessing the risks related to an organization’s mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internal auditor be most concerned about?

Options:
A.

Compliance.

B.

Privacy.

C.

Strategic.

D.

Physical security.

Questions 21

Which of the following types of data analytics would be used by a hospital to determine which patients are likely to require readmittance for additional treatment?

Options:
A.

Predictive analytics

B.

Prescriptive analytics

C.

Descriptive analytics

D.

Diagnostic analytics

Questions 22

Which of the following does not provide operational assurance that a computer system is operating properly?

Options:
A.

Performing a system audit.

B.

Making system changes.

C.

Testing policy compliance.

D.

Conducting system monitoring.

Questions 23

Which of the following functions of access control systems involves keeping logs of a user ' s activity in a system?

Options:
A.

Identification.

B.

Authentication.

C.

Authorization.

D.

Accountability.

Questions 24

Employees of an organization noticed that an exterior surface of the office building was deteriorating. Upon investigation, it was found that the deterioration was caused by harsh cleaning chemicals used to remove excessive bird droppings, and that the birds were drawn to the building to feed from a spider infestation. Which of the following best represents a root cause-based recommendation for this situation?

Options:
A.

Repair the surface of the building

B.

Discontinue the use of the cleaning chemicals

C.

Scare the birds away by installing scarecrows

D.

Enhance cleaning of the building to displace spiders

Questions 25

The market price is the most appropriate transfer price to be charged by one department to another in the same organization for a service provided when:

Options:
A.

There is an external market for that service.

B.

The selling department operates at 50 percent of its capacity.

C.

The purchasing department has more negotiating power than the selling department.

D.

There is no external market for that service.

Questions 26

An organization ' s internal audit activity performed an engagement regarding recent contract bidding. Who should the internal audit activity meet with in order to obtain reliable and relevant information about potential questionable practices related to the contract bidding?

Options:
A.

Senior management, to obtain an understanding about the justification for contract bidding.

B.

Personnel responsible for the organization ' s fraud and ethics hotline, to obtain information related to contract bidding.

C.

Potential vendors, to obtain information about the bid packages related to contract bidding.

D.

Contracting department personnel to obtain information related to contract bidding practices.

Questions 27

Which of the following controls would be most efficient to protect business data from corruption and errors?

Options:
A.

Controls to ensure data is unable to be accessed without authorization.

B.

Controls to calculate batch totals to identify an error before approval.

C.

Controls to encrypt the data so that corruption is likely ineffective.

D.

Controls to quickly identify malicious intrusion attempts.

Questions 28

Which of the following is not a method for implementing a new application system?

Options:
A.

Direct cutover.

B.

Parallel.

C.

Pilot.

D.

Test.

Questions 29

When reviewing application controls using the four-level model, which of the following processes are associated with level 4 of the business process method?

Options:
A.

Activity

B.

Subprocess

C.

Major process

D.

Mega process

Questions 30

A data classification policy would most likely assist in achieving which of the following control objectives?

Options:
A.

Confirming the validity of the data record.

B.

Ensuring the completeness of the data.

C.

Eliminating redundant data records.

D.

Complying with data protection regulations.