IIA iia-cia-part3-3p practice test

CIA Exam Part Three: Business Knowledge for Internal


Question 1

A manager decided to build his team's enthusiasm by giving encouraging talks about employee
empowerment, hoping to change the perception that management should make all decisions in the
department.
The manager is most likely trying to impact which of the following components of his team's
attitude?
A. Affective component.
B. Cognition component.
C. Thinking component.
D. Behavioral component.

Answer:

A
144/144

Discussions

Question 2

143/144
Questions & Answers PDF
P-
Which of the following can be classified as debt investments?

  • A. Investments in the capital stock of a corporation.
  • B. Acquisition of government bonds.
  • C. Contents of an investment portfolio.
  • D. Acquisition of common of a stock corporation.
Answer:

B

Reference:
https://www.investopedia.com/terms/g/government-bond.asp

Discussions

Question 3

Which of the following devices best controls both physical and logical access to information systems?

  • A. Plenum.
  • B. Biometric lock.
  • C. Identification card.
  • D. Electromechanical lock.
Answer:

B

Reference:
https://mytechdecisions.com/physical-security/biometrics-access-control-technology/

Discussions

Question 4

Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from
being installed on an organization's systems?

  • A. Boundary defense.
  • B. Malware defense.
  • C. Penetration tests.
  • D. Wireless access controls.
Answer:

B

Reference:
https://www.techtarget.com/searchsecurity/tip/6-common-types-of-cyber-attacks-and-
how-to-prevent-them

Discussions

Question 5

Which of the following activities best illustrates a user's authentication control?

  • A. Identity requests are approved in two steps.
  • B. Logs are checked for misaligned identities and access rights.
  • C. Users have to validate their identity with a smart card.
  • D. Functions can be performed based on access rights.
Answer:

A

Discussions

Question 6

A company produces water buckets with the following costs per bucket:
Direct labor = $2
Direct material = $5
Fixed manufacturing = $3.50
Variable manufacturing = $2.50
The water buckets are usually sold for $15. However, the company received a special order for
50,000 water buckets at $11 each.
Assuming there is adequate manufacturing capacity and all other variables are constant, what is the
relevant cost per unit to consider when deciding whether to accept this special order at the reduced
price?

  • A. $9.50
  • B. $10.50
  • C. $11
  • D. $13 142/144 Questions & Answers PDF P-
Answer:

B

Discussions

Question 7

Which of the following IT disaster recovery plans includes a remote site designated for recovery with
available space for basic services, such as internet and telecommunications, but does not have
servers or infrastructure equipment?

  • A. Frozen site.
  • B. Cold site.
  • C. Warm site.
  • D. Hot site.
Answer:

B

Reference:
https://www.sciencedirect.com/topics/computer-science/disaster-recovery

Discussions

Question 8

Which of the following organization structures would most likely be able to cope with rapid changes
141/144
Questions & Answers PDF
P-
and uncertainties?

  • A. Decentralized.
  • B. Centralized.
  • C. Departmentalized.
  • D. Tall structure.
Answer:

A

Reference:
https://hbr.org/2017/12/when-to-decentralize-decision-making-and-when-not-to

Discussions

Question 9

A chief audit executive wants to implement an enterprisewide resource planning software.
Which of the following internal audit assessments could provide overall assurance on the likelihood
of the software implementation's success?

  • A. Readiness assessment.
  • B. Project risk assessment.
  • C. Post-implementation review.
  • D. Key phase review.
Answer:

B

Reference:
https://www.oecd.org/daf/ca/risk-management-corporate-governance.pdf

Discussions

Question 10

Which of the following statements is true regarding change management?

  • A. The degree of risk associated with a proposed change determines whether the change request requires authorization.
  • B. Program changes generally are developed and tested in the production environment.
  • C. Changes are only required by software programs.
  • D. To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.
Answer:

D

Reference:
https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%202%20-
%20Change%20and%20Patch%20Management%20Controls%20Critical%20for%20Organizational
%20Success_2nd%20ed.pdf

Discussions
To page 2