Actual IIA-CIA-Part3-3P Dumps Updated [2022] For Quick Success

test2022-08-30T09:29:19+00:00

By test Actual IIA-CIA-Part3-3P Dumps, IIA-CIA-Part3-3P practice exam, IIA-CIA-Part3-3P real questions and answers 0 Comments

If you’re afraid about passing the IIA-CIA-Part3-3P exam because you’re not prepared, you don’t have to worry about it anymore. Get the most up-to-date IIA-CIA-Part3-3P Dumps with 100% accurate answers. FreeTestShare team compiled the most comprehensive collection of IIA-CIA-Part3-3P questions and answers to help you pass your IIA-CIA-Part3-3P Exam. We have accumulated real questions and answers in this IIA-CIA-Part3-3P Dumps so that you can prepare and pass the IIA-CIA-Part3-3P exam on your first try.

To put your skills to the test, try IIA-CIA-Part3-3P free questions!

Page 1 of 13

1. Which of the following cybersecurity-related activities is most likely to be performed by the second line of defense?

Deploy intrusion detection systems and conduct penetration testing

Administer security procedures, training, and testing.

Monitor incidents, key risk indicators, and remediation

implement vulnerability management with internal and external scans.

2. In the years after the mind-service point of a depreciable asset which of the following depreciation methods will result in the highest depreciation expense?

Sum of the years' digits

Declining balance

Double-declining balance

Straight line

3. Which of the following is likely to occur when an organization decides to adopt a decentralized organizational structure?

A slower response to external change.

Less controlled decision making.

More burden on higher-level managers.

Less use of employees' true skills and abilities.

4. When using data analytics during a review of the procurement process, what is the first step in the analysis process?

Identify data anomalies and outliers

Define questions to be answered

Identify data sources available

Determine the scope of the data extract.

5. in which of the following technical infrastructure audits should attention be turned to physical security and environmental controls?

Database review

Data center review

Network configuration review

Operating systems review

6. A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.

Which of the following controls would best address this risk?

Establish separate vendor creation and approval teams.

Develop and distribute a code of conduct that prohibits conflicts of interest.

Perform a regular review of the vendor master file.

Require submission of a conflict-of-interest declaration.

7. Which of the following are the most common characteristics of big data?

Visibility, validity, vulnerability

Velocity, variety volume.

Complexity completeness constancy

Continuity, control convenience

8. In which type of business environment are price cutting strategies and franchising strategies most appropriate?

Embryonic, focused.

Fragmented, decline.

Mature, fragmented.

Competitive, embryonic.

9. Which of me following represents an inventory costing technique that can be manipulated by management to boost net income by selling units purchased at a low cost?

First-in first-out method (FIFO)

Last-in first-out method (LIFO)

Specific identification method

Average-cost method

10. An organization has a complex systems infrastructure consisting of multiple internally developed, off the shelf, and purchased but significantly customized applications. Some of these applications share databases or process data that is used by another stand-alone application, and interfaces have been written to move data between these applications as needed through batch processing.

Which of the following situations presents the greatest risk exposure given this environment?

Documentation of each system and its interactions, interfaces, and dependencies with other systems and databases is not gathered and maintained.

Batch processing jobs include key financial data that is not posted to the accounting system until the next day. preventing real-time queries.

The job scheduling tool frequently malfunctions, causing scheduled jobs not to run. An error message is sent to IT personnel when a job fails.

The implementation of a major update for a key application is delayed until any potential interdependencies are identified and analyzed.

Page 2 of 13

11. Multinational organizations generally spend more time and effort to identify and evaluate:

Internal strengths and weaknesses.

Break-even points.

External trends and events.

Internal risk factors.

12. The internal audit activity completed an initial risk analysis of the organization's data storage center and found several areas of concern .

Which of the following is the most appropriate next step?

Risk response.

Risk identification.

Identification of context.

Risk assessment.

13. A global business organization is selecting managers to post to various international (expatriate) assignments.

In the screening process, which of the following traits would be required to make a manager a successful expatriate?

1) Superior technical competence.

2) Willingness to attempt to communicate in a foreign language.

3) Ability to empathize with other people.

1 and 2 only

1 and 3 only

2 and 3 only

1, 2, and 3

14. The first stage in the development of a crisis management program is to:

Formulate contingency plans.

Conduct a risk analysis.

Create a crisis management team.

Practice the response to a crisis.

15. An organization with an annual demand of 25.000 units correctly computes its economic order quantity to be 1,000 units Its safety stock is 300 units and the lead time is two days

If there are 250 production days in a year what is the reorder point1?

200 units.

300 units.

500 units.

1,000 units.

16. Which of the following actions would senior management need to consider as pan of new IT guidelines regarding the organization's cybersecurity policies?

Assigning new roles and responsibilities for senior IT management.

Growing use of bring your own devices tor organizational matters

Expansion of operations into new markets with united IT access

Hiring new personnel within the IT department tor security purposes

17. Which of the following application controls, implemented by management, monitors data being processed to ensure the data remains consistent and accurate?

Management trail controls.

Output controls.

Integrity controls.

Input controls.

18. Which of the following types of analytics would be used by an organization to examine metrics by business units and identity the most profitable business units?

Detailed analytics

Predictive analytics

Diagnostic analytics

Prescriptive analytics

19. Which of the following are the most appropriate measures for evaluating the change in an organization's liquidity position?

Times interest earned, return on assets, and inventory turnover.

Accounts receivable turnover, inventory turnover in days, and the current ratio.

Accounts receivable turnover, return on assets, and the current ratio.

Inventory turnover in days, the current ratio, and return on equity.

20. An internal auditor is evaluating an organization's business continuity management program According to the guidance on IT.

Which of the following tests would best demonstrate the ability to perform Key processes without significant problems?

End-to-end testing

IT systems and application walkthrough

Tabletop or boardroom-style testing

Desk check testing

Page 3 of 13

21. A manager decided to build his team's enthusiasm by giving encouraging talks about employee empowerment, hoping to change the perception that management should make all decisions in the department.

The manager is most likely trying to impact which of the following components of his team's attitude?

Affective component.

Cognition component.

Thinking component.

Behavioral component.

22. During a review of a web-based application used by customers to check the status of their bank accounts, it would be most important for the internal auditor to ensure that:

Access to read application logs is restricted to authorized users.

Account balance information is encrypted in the database.

The web server used to host the application is located in a physically secure area.

Sensitive data, such as account numbers, are submitted using encrypted communications.

23. Organizations use matrix management to accomplish which of the following?

To improve the chain of command.

To strengthen corporate headquarters.

To focus better on a single market.

To increase lateral communication.

24. A bank uses customer departmentalization to categorize its departments .

Which of the following groups best exemplifies this method of categorization?

Community institutional and agricultural banking.

Mortgages credit cards and savings

South southwest and east.

Teller manager and IT specialist

25. Which of the following is a limiting factor for capacity expansion?

Government pressure on organizations to increase or maintain employment.

Production orientation of management.

Lack of credible market leader in the industry.

Company diversification.

26. Which of the following describes the result if an organization records merchandise as a purchase, but fails to include it in the closing inventory count?

The cost of goods sold for the period will be understated.

The cost of goods sold for the period will be overstated.

The net income for the period will be understated.

There will be no effect on the cost of goods sold or the net income for the period.

27. According to IIA guidance, which of the following statements is true with regard to workstation computers that access company information stored on the network?

individual workstation computer controls are not as important as companywide server controls.

Particular attention should be paid to housing workstations away from environmental hazards.

Cybersecurity issues can be controlled at an enterprise level making workstation level controls redundant

With security risks near an all-time high workstations should not be connected to the company network

28. Which of the following are likely indicators of ineffective change management?

1) IT management is unable to predict how a change will impact interdependent systems or business processes.

2) There have been significant increases in trouble calls or in support hours logged by programmers.

3) There is a lack of turnover in the systems support and business analyst development groups.

4) Emergency changes that bypass the normal control process frequently are deemed necessary.

1 and 3 only

2 and 4 only

1, 2, and 4 only

1, 2, 3, and 4

29. Which of the following is the most effective control to prevent unauthorized entrance of a former employee of the organization?

Revoking the former employee's biometrics from the entrance systems

Installing security guards who have undergone a background check at all entrances.

Installing multiple high-powered surveillance cameras throughout the organization

Keeping doors locked and accessible with a key that is provided only to employees

30. An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational capability in the event of a disaster.

Which of the following best describes this approach to disaster recovery planning?

Cold recovery plan.

Outsourced recovery plan.

Storage area network recovery plan.

Hot recovery plan.

Page 4 of 13

31. Which of the following characteristics is most important specifically for a global manager to possess in order to be successful?

Knowledge of different languages.

Understanding of uncertainty avoidance differences

Emotional intelligence

Cultural intelligence

32. Which of the following statements pertaining to a market skimming pricing strategy is not true?

The strategy is favored when unit costs fall with the increase in units produced.

The strategy is favored when buyers are relatively insensitive to price increases.

The strategy is favored when there is insufficient market capacity and competitors cannot increase market capacity.

The strategy is favored when high price is perceived as high quality.

33. According to MA guidance, which of the following would indicate poor change management control?

1) Low change success rate

2) Occasional planned outages

3) Low number of emergency changes.

4) Instances of unauthorized changes

1 and 3

1 and 4

2 and 3

2 and 4

34. Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

There is a greater need Kr organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment. compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment.

35. According to HA guidance or IT which of the following spreadsheets is most likely to be considered a high-risk user-develop application?

A revenue calculation spreadsheet supported with price and volume reports from the production department

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantitates

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances.

36. With regard to project management when of the following statements about prefect crashing is true?

It leads to an increase in risk and often results in rework

It is an optimization technique where activities are performed in parallel rather than sequentially

It involves a revaluation of protect requirements and/or scope.

It is a compression technique in which resources are added to the protect

37. Which of the following is an element of effective negotiating?

Ensuring that the other party has a personal stake in the agreement.

Focusing on interests rather than on obtaining a winning position.

Considering a few select choices during the settlement phase.

Basing the agreement on negotiating power and positioning leverage.

38. An internal auditor is reviewing the organization's performance appraisal process .

Which of the following methods would be most effective to identify stereotyping?

Use a behaviorally anchored rating scale to Break down jobs into their components.

Analyze and compare the ratings for different classes or groupings of employees.

Compare the ratings of selective employees with their previous appraisals.

Analyze the number and percentages of employee appraisals that fall into each rating category

39. Which of the following statements about mentoring is true?

1) Mentoring can be used effectively for increasing employee retention

2) Mentoring can be used effectively in reducing employees frustration.

3) Mentoring can be used effectively for increasing organization communication.

4) Mentoring can be used effectively as a short term activity consisting of instruction and training

1 2. and 3 only.

1. 2 and 4 only

1, 3. and 4 only.

1,2. 3, and 4

40. Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:

Motivation.

Performance.

Organizational structure.

Communication.

Page 5 of 13

41. Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?

Increasing complexity over time.

Interface with corporate systems.

Ability to meet user needs.

Hidden data columns or worksheets.

42. Which of the following application-based controls is an example of a programmed edit check?

Reasonableness check.

Transaction log.

Input error correction.

Authorization for access.

43. Within an enterprise, IT governance relates to the:

1) Alignment between the enterprise's IT long term plan and the organization's objectives.

2) Organizational structures of the company that are designed to ensure that IT supports the organization's strategies and objectives.

3) Operational plans established to support the IT strategies and objectives.

4) Role of the company's leadership in ensuring IT supports the organization's strategies and objectives.

1 and 2 only

3 and 4 only

1, 2, and 4 only

2, 3, and 4 only

44. According to MA guidance on IT. which of the following controls the routing of data packets to link computers?

Operating system.

Control environment.

Network.

Application program code.

45. A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system .

Which of the following is most likely the cause of the difficulty?

High degree of masculinity.

Low uncertainty avoidance.

High collectivism.

Low long-term orientation.

46. An organization is considering the outsourcing of its business processes related to payroll and information technology functions .

Which of the following is the most significant area of concern for management regarding this proposed agreement?

Ensuring that payments to the vendor are appropriate and timely for the services delivered.

Ensuring that the vendor has complete management control of the outsourced process.

Ensuring that there are means of monitoring the efficiency of the outsourced process.

Ensuring that there are means of monitoring the effectiveness of the outsourced process.

47. Which of me following responsibilities would ordinary fall under the help desk function of an organization?

Maintenance service items such as production support

Management of infrastructure services including network management

Physical hosting of mainframes and distributed servers

End-to-end security architecture design

48. Which of the following statements regarding database management systems is not correct?

Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files.

The database management system acts as a layer between the application software and the operating system.

Applications pass on the instructions for data manipulation which are then executed by the database management system.

The data within the database management system can only be manipulated directly by the database management system administrator.

49. Which of the following attributes of data is the most significantly impacted by the internet of things?

Normalization.

Velocity.

Structurization.

Veracity.

50. A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made.

The most likely structure for this organization would be:

Functional departmentalization.

Product departmentalization.

Matrix organization.

Divisional organization.

Page 6 of 13

51. The board of directors wants to implement an incentive program for senior management that is specifically tied to the long-term health of the organization.

Which of the following methods of compensation would be best to achieve this goal?

Commissions.

Stock options.

Gain-sharing bonuses.

Allowances.

52. In creating a risk-based plan, which of the following best describes a top-down approach to understanding business processes?

Identifying the processes at the activity level.

Analyzing the organization's strategic plan where the business processes are defined.

Analyzing the organization's objectives and identifying the processes needed to achieve the objectives.

Identifying the risks affecting the organization, the objectives, and then the processes concerned.

53. What is the most significant potential problem introduced by just-in-time inventory systems?

They require significant computer resources.

They are susceptible to supply-chain disruptions.

They require complicated materials-supply contracts.

They prevent manufacturers from scaling up or down to meet changing demands.

54. Which of the following is not a barrier to effective communication?

Filtering.

Communication overload.

Similar frames of reference.

Lack of source credibility.

55. A brand manager in a consumer food products organization suspected that several days of the point-of-sale data on the spreadsheet from one grocery chain were missing.

The best approach for detecting missing rows in spreadsheet data would be to:

Sort on product identification code and identify missing product identification codes.

Review store identification code and identify missing product identification codes.

Compare product identification codes for consecutive periods.

Compare product identification codes by store for consecutive periods.

56. An internationally recognized brand name is an entrance barrier to new competitors because new competitors would:

Have to initiate a price war in order to enter the industry.

Face increased production costs.

Face increased marketing costs.

Face higher learning costs, which would increase fixed costs.

57. Which of the following is a likely result of outsourcing?

Increased dependence on suppliers.

Increased importance of market strategy.

Decreased sensitivity to government regulation.

Decreased focus on costs.

58. Which of the following characteristics applies to an organization that adopts a flat structure?

The structure is dispersed geographically.

The hierarchy levels are more numerous.

The span of control is wide.

The lower-level managers are encouraged to exercise creativity when solving problems.

59. An internal auditor reviewed Finance Department records to obtain a list of current vendor addresses. The auditor then compared the vendor addresses to a record of employee addresses maintained by the Payroll Department

Which of the following types of data analysis did the auditor perform?

Duplicate testing.

Joining data sources

Gap analysis

Classification

60. An organization engages in questionable financial reporting practices due to pressure to meet unrealistic performance targets .

Which internal control component is most negatively affected?

Monitoring.

Control activities.

Risk assessment.

Control environment.

Page 7 of 13

61. The balanced scorecard approach differs from traditional performance measurement approaches because it adds which of the following measures?

1) Financial measures

2) Internal business process measures.

3) Client satisfaction measures

4) Innovation and learning measures

1 only.

2 and 4 only.

3 and 4 only.

2, 3, and 4 only

62. A remote location contains a data center with hardware available to support critical production systems as required in the recovery plan IT personnel periodically test and update systems at the data center.

This is an example of which of the following recovery solutions?

Cold recovery plan

Critical recovery plan

Warm recovery plan

Tested recovery plan

63. Which of the following statements about matrix organizations is false?

In a matrix organization, conflict between functional and product managers may arise.

In a matrix organization, staff under dual command is more likely to suffer stress at work.

Matrix organizations offer the advantage of greater flexibility.

Matrix organizations minimize costs and simplify communication.

64. An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two.

Which of the following could be the reason for the decline in the net profit margin for year two?

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate.

65. When using cost-volume-profit analysts which of the following will increase operating income once the break-even point has been reached?

Fixed costs per unit for each additional unit sold

Variable costs per unit for each additional unit sold

Contribution margin per unit for each additional unit sold

Gross margin per unit for each additional unit sold

66. When writing a business memorandum, the writer should choose a writing style that achieves all of the following except:

Draws positive attention to the writing style.

Treats all receivers with respect.

Suits the method of presentation and delivery.

Develops ideas without overstatement.

67. An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement .

Which of the following approaches is most appropriate to address this concern?

The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.

The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.

The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.

The organization should work with the service provider to review the current agreement and expectations relating to objectives, processes, and overall performance.

68. Organizations mat adopt just-in-time purchasing systems often experience which of the following?

A slight increase in carrying costs.

A greater need for inspection of goods as the goods arrive.

A greater need for linkage with a vendor s computerized order entry system.

An increase in the number of suitable suppliers

69. Senior management is trying to decide whether to use the direct write-off or allowance method for recording bad debt on accounts receivables.

Which of the following would be the best argument for using the direct write-off method?

It is useful when losses are considered insignificant.

It provides a better alignment with revenue.

It is the preferred method according to The II

It states receivables at net realizable value on the balance sheet.

70. Which of the following analytical techniques would an internal auditor use to verify that none of an organization's employees are receiving fraudulent invoice payments?

Perform gap testing.

Join different data sources.

Perform duplicate testing.

Calculate statistical parameters.

Page 8 of 13

71. Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

Cost method

Equity method

Consolidation method

Fair value method

72. According to HerzBerg's Two-Factor Theory of Motivation, which of the following factors ate mentioned most often By satisfied employees?

Salary and status

Responsibility and advancement

Work conditions and security

Peer relationships and personal life

73. Which of the following statements is true regarding an organization's servers?

Servers optimize data processing by sharing it with other computers on the information system

Servers manage the interconnectivity of system hardware devices in the information system.

Servers manage the data stored in databases residing on the information system.

Servers enforce access controls between networks transmitting data on the information system

74. Which of the following is the most likely reason an organization may decide to undertake a stock split?

To keep stock price constant.

To keep shareholders' equity constant.

To increase shareholders' equity.

To enhance the stock liquidity.

75. In an organization's established accounts payable department employees perform highly structured activities follow clearly defined procedures and have strict deadlines for performing their tasks. The head of the department recently retired, and a new department head was hired.

To achieve the greatest benefit for this department and avoid redundancy the new leader should adopt which of the following leadership styles?

Achievement-oriented style

People-oriented style

Goal-oriented style

Task-oriented style

76. Which component of an organization's cybersecurity risk assessment framework would allow management to implement user controls based on a user's role?

Prompt response and remediation policy.

Inventory of information assets.

Information access management.

Standard security configurations.

77. An internal auditor observed that the organization's disaster recovery solution will make use of a code site in a town several miles away.

Which of the following is likely to be a characteristic of this disaster recovery solution?

Data is synchronized in real lime

Recovery time is expected to be less than one week

Servers are not available and need to be procured

Recovery resources and data restore processes have not been defined

78. In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?

The underlying causes of the risk.

The impact of the risk on the organization's objectives.

The risk levels of current and future events.

The potential for eliminating risk factors.

79. Which of the following standards would be most useful in evaluating the performance of a customer-service group?

The average time per customer inquiry should be kept to a minimum.

Customer complaints should be processed promptly.

Employees should maintain a positive attitude when dealing with customers.

All customer inquiries should be answered within seven days of receipt.

80. The critical path for any project is the path that exhibits which of the following characteristics?

Has the longest duration in time.

Costs the most money.

Requires the largest amount of labor

Is deemed most important to the project.

Page 9 of 13

81. A department purchased one copy of a software program for internal use. The manager of the department installed the program on an office computer and then made two complete copies of the original software.

Copy 1 was solely for backup purposes.

Copy 2 was for use by another member of the department.

In terms of software licenses and copyright law, which of the following is correct?

Both copies are legal.

Only copy 1 is legal.

Only copy 2 is legal.

Neither copy is legal.

82. All of the following are true with regard to the first-in, first-out inventory valuation method except:

It values inventory close to current replacement cost.

It generates the highest profit when prices are rising.

It approximates the physical flow of goods.

It minimizes current-period income taxes.

83. Which of the following factors is considered a disadvantage of vertical integration?

It may reduce the flexibility to change partners.

It may not reduce the bargaining power of suppliers.

It may limit the organization's ability to differentiate the product.

It may lead to limited control of proprietary knowledge.

84. According to the Standards, which of the following is based on the assertion that the quality of an organization's risk management process should improve with time?

Process element.

Key principles.

Maturity model.

Assurance.

85. Which of the following budgets must be prepared first?

Cash budget.

Production budget.

Sales budget.

Selling and administrative expenses budget.

86. An organization is projecting sales of 100,000 units, at a unit price of $12. Unit variable costs are $7. If fixed costs are $350,000, what is the projected total contribution margin?

$350,000

$500,000

$850,000

$1,200,000

87. Which of the following is the best example of IT governance controls?

Controls that focus on segregation of duties, financial and change management

Personnel policies that define and enforce conditions for staff in sensitive IT areas

Standards that support IT policies by more specifically defining required actions

Controls that focus on data structures and the minimum level of documentation required

88. Which of the following authentication controls combines what a user knows with the unique characteristics of the user respectively?

Voice recognition and token.

Password and fingerprint.

Fingerprint and voice recognition

Password and token

89. Which of the following security controls would provide the most efficient and effective authentication for customers to access their online shopping account?

12-digit password feature.

Security question feature.

Voice recognition feature.

Two-level sign-on feature.

90. Which of the following types of analytics focuses less on analysis and more on condensing data into mote meaningful pieces of information?

Diagnostic analytics

Descriptive analytics

Prescriptive analytics

Predictive analytics

Page 10 of 13

91. Which of the following examples demonstrates that the internal audit activity uses descriptive analytics in its engagements?

An internal auditor analyzed electricity production and sales interim reports and compiled a risk assessment.

An internal auditor extracted sales data to a spreadsheet and applied judgmental analysis for sampling.

An internal auditor classified solar panel sales by region and discovered unsuccessful sales representatives.

An internal auditor broke down a complex process into smaller pieces to make it more understandable.

92. Which of the following statements about slack time and milestones are true?

1) Slack time represents the amount of time a task may be delayed without delaying the entire project.

2) A milestone is a moment in time that marks the completion of the project's major deliverables.

3) Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.

4) A milestone requires resource allocation and needs time to be completed.

1 and 4 only

2 and 3 only

1, 2, and 3 only

1, 2, 3, and 4

93. During a review of the accounts payable process, an internal auditor gathered all of the vendor payment transactions for the past 24 months. The auditor then used an analytics tool to identify the top five vendors that received the highest sum of payments.

Which of the following analytics techniques did the auditor apply?

Process analysis.

Process mining.

Data analysis.

Data mining.

94. According to MA guidance on IT. which of the following best describes a logical access control?

Require complex passwords to be established and changed quarterly

Require swipe cards to control entry into secure data centers

Monitor access to the data center with closed circuit camera surveillance.

Maintain current role definitions to ensure appropriate segregation of duties

95. The cost to enter a foreign market would be highest in which of the following methods of global expansion?

Joint ventures.

Licensing.

Exporting.

Overseas production.

96. An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income.

Which of the following terms would the investor most likely label this investment in her portfolio?

A star

A cash cow

A Question mark

A dog

97. Which of the following is based on the concept that there is not one best leadership style and that successful leadership depends on a match between the leader, the situation, and the subordinate?

Attribute theory.

Path goal model

Life cycle model

Contingency theory

98. According to IIA guidance on IT auditing, which of the following would not be an area examined by the internal audit activity?

Access system security.

Policy development.

Change management.

Operations processes.

99. Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

An extranet

A local area network.

An intranet

The internet

100. According to the COSO enterprise risk management (ERM) framework, which of the following is not a typical responsibility of the chief risk officer?

Establishing risk category definitions and a common risk language for likelihood and impact measures.

Defining ERM roles and responsibilities.

Providing the board with an independent, objective risk perspective on financial reporting.

Guiding integration of ERM with other management activities.

Page 11 of 13

101. Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device's data or applications?

Anti-malware software.

Authentication.

Spyware.

Rooting.

102. Unsecured loans are loans:

That do not have to be repaid for over one year.

That appear to be too risky for most lenders to consider.

Granted on the basis of a company's credit standing.

Backed by mortgaged assets.

103. Which of the following statements about COBIT is not true?

COBIT helps management understand and manage the risks associated with information technology (IT) processes.

Management needs to determine the cost-benefit ratio of adopting COBIT control objectives.

COBIT control objectives are specific to various IT platforms and help determine minimum controls.

COBIT provides management with the capability to conduct self-assessments against industry best practices.

104. Which of the following performance measures includes both profits and investment base?

Residual income.

A flexible budget.

Variance analysis.

A contribution margin income statement by segment.

105. An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud .

Which of the following controls would be least effective in detecting any potential fraudulent activity?

Exception report identifying payment anomalies.

Documented policy and procedures.

Periodic account reconciliation of contractor charges.

Monthly management review of all contractor activity.

106. During disaster recovery planning, the organization established a recovery point objective .

Which of the following best describes this concept?

The maximum tolerable downtime after the occurrence of an incident.

The maximum tolerable data loss after the occurrence of an incident.

The maximum tolerable risk related to the occurrence of an incident.

The minimum recovery resources needed after the occurrence of an incident.

107. Which of the following best describes the primary objective of cybersecurity?

To protect the effective performance of IT general and application controls.

To regulate users' behavior in the web and cloud environment.

To prevent unauthorized access to information assets.

To secure application of protocols and authorization routines.

108. Which of the following is most important for an internal auditor to check with regard to the database version?

Verify whether the organization uses the most recent database software version

Verify whether the database software version is supported by the vendor.

Verify whether the database software version has been recently upgraded

Verify whether access to database version information is appropriately restricted

109. An organization with global headquarters in the United States has subsidiaries in eight other nations.

If the organization operates with an ethnocentric attitude, which of the following statements is true?

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.

Orders, commands and advice are sent to the subsidiaries from headquarters.

People of local nationality are developed for the best positions within their own country

There is a significant amount of collaboration between headquarters and subsidiaries.

110. Which of the following statements is most accurate with respect to various forms, elements, and characteristics of business contracts?

A contract is a tool used by both suppliers and customers, the model and complexity of which generally remains constant

Collaboration during contract negotiation encourages stakeholders to develop consensus but typically increases cycle times and the likelihood that the contract will fail

Differing legal requirements affect the attitudes of contracting parties as well as the length content and language of contracts

A contract is a tool used by both suppliers and customers though it offers commercial assurance of the relationship, purely from a customer perspective

Page 12 of 13

111. Which of the following is not included in the process of user authentication?

Authorization.

Identification.

Verification.

Validation.

112. Which of the following statements is true concerning the basic accounting treatment of a partnership?

The initial investment of each partner should be recorded at book value.

The ownership ratio identifies the basis for dividing net income and net loss.

A partner's capital only changes due to net income or net loss.

The basis for sharing net incomes or net losses must be fixed.

113. The economic order quantity can be calculated using the following formula:

Which of the following describes how the optimal order size will change if the annual demand increases by 36 percent?

Decrease by about 17 percent.

Decrease by about 7 percent.

Increase by about 7 percent.

Increase by about 17 percent.

114. Which of the following is a logical access control designed to enhance the security of a computer-based application system?

User accounts will be locked alter three unsuccessful attempts to access the system

Users will not be allowed to use any of their last five passwords to access the system

Users will be assigned rights to access the system based on their job responsibilities

Users will automatically lose access to the system after 15 minutes of inactivity

115. Which of the following is a characteristic of just-in-time inventory management systems?

Users determine the optimal level of safety stocks.

They are applicable only to large organizations.

They do not really increase overall economic efficiency because they merely shift inventory levels further up the supply chain.

They rely heavily on high quality materials.

116. Which of the following is an example of a risk avoidance response?

Buying an insurance policy to protect against loss events.

Hedging against natural gas price fluctuations.

Selling a non-strategic business unit.

Outsourcing a high risk process to a third party.

117. For employees, the primary value of implementing job enrichment is which of the following?

Validation of the achievement of their goals and objectives.

Increased knowledge through the performance of additional tasks.

Support for personal growth and a meaningful work experience.

An increased opportunity to manage better the work done by their subordinates.

118. An organization's headquarters is centrally located and the organization runs numerous computer applications in multiple sites .

Which of the following would be the most appropriate approach for conducting an audit of the mainframe computer?

Conduct an individual audit of the mainframe general controls and separate application control audits of the individual applications in a phased manner

Conduct a single consolidated audit of both the mainframe general controls and the application controls for all of the applications that use the mainframe

Conduct individual audits of each application and include in each audit the general controls of the mainframe relevant to the individual application

Conduct a series of location-based audits that cover both the general and application IT controls an systems across the location

119. Which of the following is a systems software control?

Restricting server room access to specific individuals

Housing servers with sensitive software away from environmental hazards.

Ensuring that ail user requirements are documented.

Performing of intrusion testing on a regular basis

120. Which of the following is the best example of IT governance controls?

Controls that focus on segregation of duties, financial and change management

Personnel policies that define and enforce conditions for staff in sensitive IT areas

Standards that support IT policies by more specifically defining required actions

Controls that focus on data structures and the minimum level of documentation required

Page 13 of 13

121. Division A produces a product with a variable cost of $5 per unit and an allocated fixed cost of $3 per unit The market price of the product is $15 plus 20% selling cost. Division B currently purchases this product from an external supplier but is going to purchase it from division A for $18

Which of the following methods of transfer pricing is being used?

Market price.

Negotiation-based.

Full absorption cost

Variable cost

122. When examining an organization's strategic plan, an internal auditor should expect to find which of the following components?

Identification of achievable goals and timelines.

Analysis of the competitive environment.

Plan for the procurement of resources.

Plan for progress reporting and oversight.

123. Which of the following is not a common feature of cumulative preferred stock?

Priority over common stock with regard to dilution of shares.

Priority over common stock with regard to earnings.

Priority over common stock with regard to dividend payment.

Priority over common stock with regard to assets.

Actual IIA-CIA-Part3-3P Dumps Updated [2022] For Quick Success

Actual IIA-CIA-Part3-3P Dumps Updated [2022] For Quick Success

Share this post

Author

Leave a Reply Cancel reply

Related Posts

Update CIA Exam Part 1 IIA-CIA-Part1 Exam Dumps Questions

Download CIA Exam Part 3 IIA-CIA-Part3 Exam Dumps Questions

CIA Challenge IIA-CIA-Part3-3P Practice Exam Questions For Preparation