IIA iia cia part3 3p practice test

CIA Exam Part 3: Business Knowledge for Internal Auditing

Last exam update: Apr 18 ,2024
Page 1 out of 33. Viewing questions 1-15 out of 488

Question 1

A manager decided to build his team's enthusiasm by giving encouraging talks about employee
empowerment, hoping to change the perception that management should make all decisions in the
department.
The manager is most likely trying to impact which of the following components of his team's
attitude?
A. Affective component.
B. Cognition component.
C. Thinking component.
D. Behavioral component.

Answer:

A

Discussions
0 / 1000

Question 2

Which of the following can be classified as debt investments?

  • A. Investments in the capital stock of a corporation.
  • B. Acquisition of government bonds.
  • C. Contents of an investment portfolio.
  • D. Acquisition of common of a stock corporation.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://www.investopedia.com/terms/g/government-bond.asp

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following devices best controls both physical and logical access to information systems?

  • A. Plenum.
  • B. Biometric lock.
  • C. Identification card.
  • D. Electromechanical lock.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://mytechdecisions.com/physical-security/biometrics-access-control-technology/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from
being installed on an organization's systems?

  • A. Boundary defense.
  • B. Malware defense.
  • C. Penetration tests.
  • D. Wireless access controls.
Answer:

B

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%

Reference:
https://www.techtarget.com/searchsecurity/tip/6-common-types-of-cyber-attacks-and-
how-to-prevent-them

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following activities best illustrates a user's authentication control?

  • A. Identity requests are approved in two steps.
  • B. Logs are checked for misaligned identities and access rights.
  • C. Users have to validate their identity with a smart card.
  • D. Functions can be performed based on access rights.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
fernandoms88
10 months, 1 week ago

correct answer C

2

Question 6

A company produces water buckets with the following costs per bucket:
Direct labor = $2
Direct material = $5
Fixed manufacturing = $3.50
Variable manufacturing = $2.50
The water buckets are usually sold for $15. However, the company received a special order for
50,000 water buckets at $11 each.
Assuming there is adequate manufacturing capacity and all other variables are constant, what is the
relevant cost per unit to consider when deciding whether to accept this special order at the reduced
price?

  • A. $9.50
  • B. $10.50
  • C. $11
  • D. $13
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
fernandoms88
10 months, 1 week ago

CORRECT ANSWER LETTER A

1

Question 7

Which of the following IT disaster recovery plans includes a remote site designated for recovery with
available space for basic services, such as internet and telecommunications, but does not have
servers or infrastructure equipment?

  • A. Frozen site.
  • B. Cold site.
  • C. Warm site.
  • D. Hot site.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://www.sciencedirect.com/topics/computer-science/disaster-recovery

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which of the following organization structures would most likely be able to cope with rapid changes
and uncertainties?

  • A. Decentralized.
  • B. Centralized.
  • C. Departmentalized.
  • D. Tall structure.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://hbr.org/2017/12/when-to-decentralize-decision-making-and-when-not-to

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

A chief audit executive wants to implement an enterprisewide resource planning software.
Which of the following internal audit assessments could provide overall assurance on the likelihood
of the software implementation's success?

  • A. Readiness assessment.
  • B. Project risk assessment.
  • C. Post-implementation review.
  • D. Key phase review.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://www.oecd.org/daf/ca/risk-management-corporate-governance.pdf

Discussions
vote your answer:
A
B
C
D
0 / 1000
johnyparker
8 months, 4 weeks ago

C. Post-implementation review.

A post-implementation review (PIR) is an internal audit assessment that could provide overall assurance on the likelihood of the software implementation's success. A PIR is conducted after the implementation of a project, such as the enterprise resource planning (ERP) software, to evaluate the results and outcomes achieved.

0

Question 10

Which of the following statements is true regarding change management?

  • A. The degree of risk associated with a proposed change determines whether the change request requires authorization.
  • B. Program changes generally are developed and tested in the production environment.
  • C. Changes are only required by software programs.
  • D. To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%202%20-
%20Change%20and%20Patch%20Management%20Controls%20Critical%20for%20Organizational
%20Success_2nd%20ed.pdf

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

During disaster recovery planning, the organization established a recovery point objective. Which of
the following best describes this concept?

  • A. The maximum tolerable downtime after the occurrence of an incident.
  • B. The maximum tolerable data loss after the occurrence of an incident.
  • C. The maximum tolerable risk related to the occurrence of an incident.
  • D. The minimum recovery resources needed after the occurrence of an incident.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://www.druva.com/glossary/what-is-a-disaster-recovery-plan-definition-and-
related-faqs/#:~:text=The%20recovery%20point%20objective%20refers,hour%20to%20meet%20this
%20objective

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which of the following statements is true regarding user-developed applications (UDAs) and
traditional IT applications?

  • A. UDAs and traditional IT applications typically follow a similar development life cycle.
  • B. A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.
  • C. Unlike traditional IT applications, UDAs typically are developed with little consideration of controls.
  • D. IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
fernandoms88
10 months, 1 week ago

correct one C

0
johnyparker
8 months, 4 weeks ago

Correct Answer is A

While there may be some differences in the development processes, such as the level of formality and expertise, both UDAs and traditional IT applications go through similar stages in their development life cycle, which may include: Requirements Gathering: Understanding the business needs and functional requirements of the application.

Design: Creating the application's architecture and user interface based on the requirements.

Development: Writing the code and building the application.

Testing: Evaluating the application to ensure it functions as intended and is free from errors.

Implementation: Deploying the application into the production environment.

Maintenance: Making updates and improvements to the application as needed.

0

Question 13

In reviewing an organization's IT infrastructure risks, which of the following controls is to be tested as
part of reviewing workstations?

  • A. Input controls.
  • B. Segregation of duties.
  • C. Physical controls.
  • D. Integrity controls.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
johnyparker
8 months, 4 weeks ago

C. Physical controls.

0
johnyparker
8 months, 4 weeks ago

Correct answer is
C. Physical controls
other options are logical controls

0

Question 14

Which of the following is an example of internal auditors applying data mining techniques for
exploratory purposes?

  • A. Internal auditors perform reconciliation procedures to support an external audit of financial reporting.
  • B. Internal auditors perform a systems-focused analysis to review relevant controls.
  • C. Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan.
  • D. Internal auditors test IT general controls with regard to operating effectiveness versus design.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://www.researchgate.net/publication/221174455_Data_Mining_Technique_in_the_Internal_Au
diting_of_Enterprise_Groups

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following is likely to occur when an organization decides to adopt a decentralized
organizational structure?

  • A. A slower response to external change.
  • B. Less controlled decision making.
  • C. More burden on higher-level managers.
  • D. Less use of employees' true skills and abilities.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://opentextbc.ca/principlesofaccountingv2openstax/chapter/differentiate-between-
centralized-and-decentralized-management/

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2