Download CIA Exam Part 3 IIA-CIA-Part3 Exam Dumps Questions

test2022-08-02T06:37:22+00:00

To pass the IIA-CIA-Part3 exam on the first try, you must have accurate syllabus information and an excellent study guide. FreeTestShare 100 percent genuine CIA Exam Part 3 IIA-CIA-Part3 Exam Dumps Questions give you in-depth knowledge of the IIA-CIA-Part3 exam syllabus. This information should be obtained at the outset of your preparation because it will assist you in developing an effective study plan. After receiving input from successful candidates, our experts created CIA Exam Part 3 IIA-CIA-Part3 Exam Dumps Questions for your practice, and it will help you pass the IIA-CIA-Part3 exam quickly.

To put your skills to the test, try free IIA-CIA-Part3 practice exam!

Page 1 of 7

1. A manufacturer ss deciding whether to sell or process materials further.

Which of the following costs would be relevant to this decision?

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

Joint costs, incremental processing costs, and variable manufacturing expenses.

Incremental revenue, joint costs, and incremental processing costs.

Variable manufacturing expenses, incremental revenue, and joint costs

2. Which of the following is required in effective IT change management?

The sole responsibility for change management is assigned to an experienced and competent IT team

Change management follows a consistent process and is done in a controlled environment.

Internal audit participates in the implementation of change management throughout the organisation.

All changes to systems must be approved by the highest level of authority within an organization.

3. After purchasing shoes from an online retailer, a customer continued to receive additional unsolicited offers from the retailer and other retailers who offer similar products.

Which of the following is the most likely control weakness demonstrated by the seller?

Excessive collecting of information

Application of social engineering

Retention of incomplete information.

Undue disclosure of information

4. Which of the following is the best example of a compliance risk that Is likely to arise when adopting a bring-your-own-device (BYOD) policy?

The risk that users try to bypass controls and do not install required software updates.

The risk that smart devices can be lost or stolen due to their mobile nature.

The risk that an organization intrusively monitors personal Information stored on smart devices.

The risk that proprietary information is not deleted from the device when an employee leaves.

5. A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25.000 shirts. Actual sales total S300.000.

What is margin of safety sales for the company?

$100.000

$200,000

$275,000

$500,000

6. When reviewing application controls using the four-level model, which of the following processes are associated with level 4 of the business process method?

Activity

Subprocess

Major process

Mega process

7. Which of the following statements. Is most accurate concerning the management and audit of a web server?

The file transfer protocol (FTP) should always be enabled.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.

The number of ports and protocols allowed to access the web server should be maximized.

Secure protocols for confidential pages should be used instead of dear-text protocols such as HTTP or FT

8. An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks.

The auditor grouped the related risks into three categories;

- Risks specific to the organization itself.

- Risks specific to the service provider.

- Risks shared by both the organization and the service provider

Which of the following risks should the auditor classify as specific to the service provider?

Unexpected increases in outsourcing costs.

Loss of data privacy.

Inadequate staffing.

Violation of contractual terms.

9. A restaurant decided to expand its business to include delivery services, rather than relying on third-party food delivery services.

Which of the following best describes the restaurants strategy?

Diversification

Vertical integration

Risk avoidance

Differentiation

10. While performing an audit of a car tire manufacturing plant, an internal auditor noticed a significant decrease in the number of tires produced from the previous operating period.

To determine whether worker inefficiency caused the decrease, what additional information should the auditor request?

Total tire production labor hours for the operating period.

Total tire production costs for the operating period.

Plant production employee headcount average for the operating period.

The production machinery utilization rates.

Page 2 of 7

11. An attacker, posing as a bank representative, convinced an employee to release certain, financial information that ultimately resulted in fraud.

Which of the following best describes this cybersecurity risk?

Shoulder suiting

Pharming,

Phishing.

Social engineering.

12. For employees, the primary value of implementing job enrichment is which of the following?

Validation of the achievement of their goals anti objectives

Increased knowledge through the performance of additional tasks

Support for personal growth and a meaningful work experience

An increased opportunity to manage better the work done by their subordinates

13. The manager of the sales department wants to Increase the organization's net profit margin by 7% (from 43% in the prior year to 50% in the current year).

Given the information provided in the table below, what would be the targeted sales amount for the current year?

$20,000,000

$24.500.000

$30.000.000

$35.200.000

14. During her annual performance review, a sales manager admits that she experiences significant stress due to her job but stays with the organization because of the high bonuses she earns.

Which of the following best describes her primary motivation to remain in the job?

Intrinsic reward.

Job enrichment

Extrinsic reward.

The hierarchy of needs.

15. Which of the following statements is true regarding cost-volume-profit analysis?

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

Breakeven point is the amount of units sold to cover variable costs.

Breakeven occurs when the contribution margin covers fixed costs.

Following breakover1, the operating income will increase by the excess of fixed costs less the variable costs per units sold.

16. According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

Formulas and static data are locked or protected.

The spreadsheet is stored on a network server that is backed up daily.

The purpose and use of the spreadsheet are documented.

Check-in and check-out software is used to control versions.

17. Which of the following is a limitation of the remote wipe for a smart device?

Encrypted data cannot be locked to prevent further access

Default settings cannot be restored on the device.

All data, cannot be completely removed from the device

Mobile device management software is required for successful remote wipe

18. Which of the following inventory costing methods requires the organization to account for the actual cost paid for the unit being sold?

Last-in-first-Out (LIFO}.

Average cost.

First-in-first-out (FIFO).

Specific identification

19. An organization has a declining inventory turnover but an increasing gross margin rate.

Which of the following statements can best explain this situation?

he organization's operating expenses are increasing.

The organization has adopted just-in-time inventory.

The organization is experiencing inventory theft.

The organization's inventory is overstated.

20. Which of the following security controls would be me most effective in preventing security breaches?

Approval of identity request

Access logging.

Monitoring privileged accounts

Audit of access rights

Page 3 of 7

21. An analytical model determined that on Friday and Saturday nights the luxury brands stores should be open for extended hours and with a doubled number of employees present; while on Mondays and Tuesdays costs can be minimized by reducing the number of employees to a minimum and opening only for evening hours

Which of the following best categorizes the analytical model applied?

Descriptive.

Diagnostic.

Prescriptive.

Prolific.

22. Which of the following is an example of a physical control designed to prevent security breaches?

Preventing database administrators from initiating program changes

Blocking technicians from getting into the network room.

Restricting system programmers' access to database facilities

Using encryption for data transmitted over the public internet

23. As it relates to the data analytics process, which of the following best describes the purpose of an internal auditor who cleaned and normalized cate?

The auditor eliminated duplicate information.

The auditor organized data to minimize useless information.

The auditor made data usable for a specific purpose by ensuring that anomalies were Identified and corrected.

The auditor ensured data fields were consistent and that data could be used for a specific purpose.

24. According to IIA guidance on IT, which of the following strategies would provide the most effective access control over an automated point-of-sale system?

Install and update anti-virus software.

Implement data encryption techniques.

Set data availability by user need.

Upgrade firewall configuration

25. Employees at all levels should be empowered to make decisions.

1 and 3 only

1 and 4 only

2 and 3 only

3 and 4 only

26. Which of the following security controls focuses most on prevention of unauthorized access to the power plant?

An offboarding procedure is initiated monthly to determine redundant physical access rights.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

Requests for additional access rights are sent for approval and validation by direct supervisors.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

27. According to IIA guidance, which of the following statements is true regarding analytical procedures?

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

Data relationships cannot include comparisons between operational and statistical data

Analytical procedures can be used to identify unexpected differences, but cannot be used to identify the absence of differences

28. Which of the following situations best applies to an organisation that uses a project, rather than a process, to accomplish its business activities?

Clothing company designs, makes, and sells a new item.

A commercial construction company is hired to build a warehouse.

A city department sets up a new firefighter training program.

A manufacturing organization acquires component parts from a contracted vendor

29. An internal auditor is assessing the risks related to an organization's mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems.

Which of the following types of smart device risks should the internal Auditor be most concerned about?

Compliance.

Privacy

Strategic

Physical security

30. An internal auditor for a pharmaceutical company as planning a cybersecurity audit and conducting a risk assessment.

Which of the following would be considered the most significant cyber threat to the organization?

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing she financial information of the company

Page 4 of 7

31. Which of the following actions would senior management need to consider as part of new IT guidelines regarding the organization's cybersecurity policies?

Assigning new roles and responsibilities for senior IT management.

Growing use of bring your own devices for organizational matters.

Expansion of operations into new markets with limited IT access.

Hiring new personnel within the IT department for security purposes.

32. An organization discovered fraudulent activity involving the employee time-tracking system. One employee regularly docked in and clocked out her co-worker friends on their days off, inflating their reported work hours and increasing their wages.

Which of the following physical authentication devices would be most effective at disabling this fraudulent scheme?

Face or finger recognition equipment,

Radio-frequency identification chips to authenticate employees with cards.

A requirement to clock in and clock out with a unique personal identification number.

A combination of a smart card and a password to clock in and clock out.

33. Which of the following attributes of data are cybersecurity controls primarily designed to protect?

Veracity, velocity, and variety.

Integrity, availability, and confidentiality.

Accessibility, accuracy, and effectiveness.

Authorization, logical access, and physical access.

34. Which of the following should software auditors do when reporting internal audit findings related to enterprise wide resource planning?

Draft separate audit reports for business and IT management.

Conned IT audit findings to business issues.

Include technical details to support IT issues.

Include an opinion on financial reporting accuracy and completeness.

35. An internal auditor identified a database administrator with an incompatible dual role.

Which of the following duties should not be performed by the identified administrator?

Designing and maintaining the database.

Preparing input data and maintaining the database.

Maintaining the database and providing its security,

Designing the database and providing its security

36. Which of the following statements, is true regarding the capital budgeting procedure known as discounted payback period?

It calculates the overall value of a project.

It ignores the time value of money.

It calculates the time a project takes to break even.

It begins at time zero for the project.

37. Based on lest results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center.

Which of the following test results would likely lead the auditor to this conclusion?

Requested backup tapes were not returned from the offsite vendor In a timely manner.

Returned backup tapes from the offsite vendor contained empty spaces.

Critical systems have boon backed up more frequently than required.

Critical system backup tapes are taken off site less frequently than required

38. 1.Which of the following best describes the purpose of fixed manufacturing costs?

To ensure availability of production facilities.

To decrease direct expenses related to production.

To incur stable costs despite operating capacity.

To increase the total unit cost under absorption costing

39. Which of the following is most appropriately placed in the financing section of an organization's cash budget?

Collections from customers

Sale of securities.

Purchase of trucks.

Payment of debt, including interest

40. A large retail customer made an offer to buy 10.000 units at a special price of $7 per unit. The manufacturer usually sells each unit for §10, Variable Manufacturing costs are 55 per unit and fixed manufacturing costs are $3 per unit.

For the manufacturer to accept the offer, which of the following assumptions needs to be true?

Fixed and Variable manufacturing costs are less than the special offer selling price.

The manufacturer can fulfill the order without expanding the capacities of the production facilities.

Costs related to accepting this offer can be absorbed through the sale of other products.

The manufacturer’s production facilities are currently operating at full capacity.

Page 5 of 7

41. While auditing an organization's customer call center, an internal auditor notices that Key performance indicators show a positive trend, despite the fact that there have been increasing customer complaints over the same period.

Which of the following audit recommendations would most likely correct the cause of this inconsistency?

Review the call center script used by customer service agents to interact with callers, and update the script if necessary.

Be-emphasize the importance of call center employees completing a certain number of calls per hour.

Retrain call center staff on area processes and common technical issues that they will likely be asked to resolve.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

42. Which of the following IT disaster recovery plans includes a remote site dessgnated for recovery with available space for basic services, such as internet and

telecommunications, but does not have servers or infrastructure equipment?

Frozen site

Cold site

Warm site

Hot site

43. An organization that relies heavily on IT wants to contain the impact of potential business disruption to a period of approximately four to seven days.

Which of the following

business recovery strategies would most efficiently meet this organization's needs?

A recovery strategy whereby a separate site has not yet been determined, but hardware has been reserved for purchase and data backups.

A recovery strategy whereby a separate site has been secured and is ready for use, with fully configured hardware and real-time synchronized data

A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved.

A recovery strategy whereby a separate site has been secured with configurable hardware and data backups.

44. An organization uses the management-by-objectives method whereby employee performance is based on defined goals.

Which of the following statements is true regarding this approach?

It is particularly helpful to management when the organization is facing rapid change.

It is a more successful approach when adopted by mechanistic organizations.

It is mere successful when goal setting is performed not only by management, but by all team members, including lower-level staff.

It is particularly successful in environments that are prone to having poor employer-employee relations.

45. Which of the following best describes owner's equity?

Assets minus liabilities.

Total assets.

Total liabilities.

Owners contribution plus drawings.

46. Which of the following scenarios best illustrates a spear phishing attack?

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.

47. Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of Infringement on local regulations, such as copyright or privacy laws?

Not installing anti-malware software

Updating operating software in a haphazard manner,

Applying a weak password for access to a mobile device.

JoIIbreaking a locked smart device

48. Which of following best demonstrates the application of the cost principle?

A company reports trading and investment securities at their market cost

A building purchased last year for $1 million is currently worth ©1.2 million, but the company still reports the building at $1 million.

A building purchased last year for ©1 million is currently worth £1,2 million, and the company adjusts the records to reflect the current value

A company reports assets at either historical or fair value, depending which is closer to market value.

49. Which of the following is on example of a smart device security control intended to prevent unauthorized users from gaining access to a device's data or applications?

Anti-malware software

Authentication

Spyware

Rooting

50. Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

There is a higher reliance on organizational culture.

There are clear expectations set for employees.

There are electronic monitoring techniques employed

There is a defined code far employee behavior.

Page 6 of 7

51. When examining; an organization's strategic plan, an internal auditor should expect to find which of the following components?

Identification of achievable goals and timelines

Analysis of the competitive environment.

Plan for the procurement of resources

Plan for progress reporting and oversight.

52. Which of the following capital budgeting techniques considers the tune value of money?

Annual rate of return.

Incremental analysis.

Discounted cash flow.

Cash payback

53. Which of the following statements is true regarding user-developed applications (UDAs)?

UDAs are less flexible and more difficult to configure than traditional IT applications.

Updating UDAs may lead to various errors resulting from changes or corrections.

UDAs typically are subjected to application development and change management controls.

Using UDAs typically enhances the organization's ability to comply with regulatory factors.

54. Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized.

As such: which of the following would be a characteristic of the now highly centralized organization?

Top management does little monitoring of the decisions made at lower levels.

The decisions made at the lower levels of management are considered very important.

Decisions made at lower levels in the organizational structure are few.

Reliance is placed on top management decision making by few of the organization's departments.

55. Unavailability of critical services.

2 and 3 only.

1, 2, and 3 only

1, 3, and 4 only

2, 3, and 4 only

56. With regard to project management, which of the following statements about project crashing Is true?

It leads to an increase in risk and often results in rework.

It is an optimization technique where activities are performed in parallel rather than sequentially.

It involves a revaluation of project requirements and/or scope.

It is a compression technique in which resources are added so the project.

57. Favorable labor rate variance.

1 and 2

1 and 4

3 and A

2 and 3

58. Which of the following performance measures includes both profits and investment base?

Residual income

A flexible budget

Variance analysis.

A contribution margin income statement by segment.

59. Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?

Nondisclosure agreements between the firm and its employees.

Logs of user activity within the information system.

Two-factor authentication for access into the information system.

limited access so information, based on employee duties

60. According to IIA guidance, which of the following links computers and enables them to -communicate with each other?

Application program code

Database system

Operating system

Networks

Page 7 of 7

61. Which of the following IT-related activities is most commonly performed by the second line of defense?

Block unauthorized traffic.

Encrypt data.

Review disaster recovery test results.

Provide independent assessment of IT security.

62. In accounting, which of the following statements is true regarding the terms debit and credit?

Debit indicates the right side of an account and credit the left side

Debit means an increase in an account and credit means a decrease.

Credit indicates the right side of an account and debit the left side.

Credit means an increase in an account and debit means a decrease

63. Which of the following is an example of an application control?

Automated password change requirements.

System data backup process.

User testing of system changes.

Formatted data fields

64. An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two.

Which of the following could be the reason for the decline in the net profit margin for year two?

Cost of sales increased relative to sales.

Total sales increased relative to expenses.

The organization had a higher dividend payout rate in year two.

The government increased the corporate tax rate

65. During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

Initiation phase

Bidding phase

Development phase

Negotiation phase

66. Which of the following techniques would best detect on inventory fraud scheme?

Analyze invoice payments just under individual authorization limits.

Analyze stratification of inventory adjustments by warehouse location.

Analyze Inventory Invoice amounts and compare with approved contract amounts.

Analyze differences discovered curing duplicate payment testing.

67. An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data.

What would be the most appropriate directive control in this area?

Require a Service Organization Controls (SOC) report from the service provider

Include a data protection clause in the contract with the service provider.

Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.

Encrypt the employees ' data before transmitting it to the service provider

Download CIA Exam Part 3 IIA-CIA-Part3 Exam Dumps Questions

Download CIA Exam Part 3 IIA-CIA-Part3 Exam Dumps Questions

Share this post

Author

Leave a Reply Cancel reply

Related Posts

Update CIA Exam Part 1 IIA-CIA-Part1 Exam Dumps Questions

Actual IIA-CIA-Part3-3P Dumps Updated [2022] For Quick Success

CIA Challenge IIA-CIA-Part3-3P Practice Exam Questions For Preparation