CIA Exam Part Three: Business Knowledge for Internal Auditing (IIA-CIA-Part3-3P) Free Practice Test

Question 1

Which of the following is the best example of a compliance risk that is likely to arise when adopting a bring-your-own-device (BYOD) policy?

A. The risk that an organization intrusively monitors personal information stored on smart devices.

B. The risk that proprietary information is not deleted from the device when an employee leaves.

C. The risk that smart devices can be lost or stolen due to their mobile nature.

D. The risk that users try to bypass controls and do not install required software updates.

Correct Answer: A

Question 2

According to MA guidance, which of the following would indicate poor change management control?
1) Low change success rate
2) Occasional planned outages
3) Low number of emergency changes.
4) Instances of unauthorized changes

A. 1 and 4

B. 2 and 3

C. 1 and 3

D. 2 and 4

Correct Answer: A

Question 3

A multinational organization involved in online business has planned to set up a help desk service. Which of the following best describes the role performed by the help desk?

A. Monitoring access to the online database.

B. Responding to customer inquiries.

C. Backing up and maintaining archived data.

D. Maintaining and assuring network security.

Correct Answer: B

Question 4

Import quotas that limit the quantities of goods that a domestic subsidiary can buy from its foreign parent company represent which type of barrier to the parent company?

A. Tariff.

B. Social.

C. Financial.

D. Political.

Correct Answer: D

Question 5

Which of the following best describes the purpose of disaster recovery planning?

A. To establish a protected area of network that is accessible to the public after a disaster

B. To define rules on how devices within the system should communicate after a disaster.

C. To describe how data should move from one system to another system in case of an emergency.

D. To reconstitute systems efficiently following a disruptive event.

Correct Answer: D

Question 6

Technological uncertainty, subsidy, and spin-offs are usually characteristics of:

A. Fragmented industries.

B. Emerging industries.

C. Mature industries.

D. Declining industries.

Correct Answer: B

Question 7

Which of the following statements is true concerning the basic accounting treatment of a partnership?

A. The initial investment of each partner should be recorded at book value.

B. A partner's capital only changes due to net income or net loss.

C. The ownership ratio identifies the basis for dividing net income and net loss.

D. The basis for sharing net incomes or net losses must be fixed.

Correct Answer: C

Question 8

According to Porter's model of competitive strategy, which of the following is a generic strategy?
1 Differentiation.
2) Competitive advantage.
3) Focused differentiation.
4) Cost focus.

A. 1, 3, and 4 only

B. 3 and 4 only

C. 2 only

D. 1, 2, 3, and 4

Correct Answer: A

Question 9

Which of the following should an organization consider when developing strategic objectives for its business processes?
1) Contribution to the success of the organization.
2) Reliability of operational information.
3) Behaviors and actions expected of employees.
4) How inputs combine with outputs to generate activities.

A. 2 and 4 only

B. 1 and 2 only

C. 1 and 3 only

D. 3 and 4 only

Correct Answer: C

Question 10

Which of the following is an example of a physical control designed to prevent security breaches?

A. Preventing database administrators from initiating program changes.

B. Blocking technicians from getting into the network room.

C. Restricting system programmers' access to database facilities.

D. Using encryption for data transmitted over the public internet.

Correct Answer: C

Question 11

Which of the following is an example of a risk avoidance response?

A. Selling a non-strategic business unit.

B. Outsourcing a high risk process to a third party.

C. Hedging against natural gas price fluctuations.

D. Buying an insurance policy to protect against loss events.

Correct Answer: A

Question 12

Which of the following are typical audit considerations for a review of authentication?
1) Authentication policies and evaluation of controls transactions.
2) Management of passwords, independent reconciliation, and audit trail.
3) Control self-assessment tools used by management.
4) Independent verification of data integrity and accuracy.

A. 1, 2, and 3

B. 1, 2, and 4

C. 1, 3, and 4

D. 2, 3, and 4

Correct Answer: A

Question 13

Which of the following practices circumvents administrative restrictions on smart devices, thereby increasing data security risks?

A. Rooting.

B. Man in the middle.

C. Session hijacking.

D. Eavesdropping.

Correct Answer: A

Question 14

Which of the following is a limiting factor for capacity expansion?

A. Government pressure on organizations to increase or maintain employment.

B. Production orientation of management.

C. Lack of credible market leader in the industry.

D. Company diversification.

Correct Answer: D

Question 15

According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization's social and environmental impact on the local community?
1) Determine whether previous incidents have been reported, managed, and resolved.
2) Determine whether a business contingency plan exists.
3) Determine the extent of transparency in reporting.
4) Determine whether a cost/benefit analysis was performed for all related projects.

A. 2 and 4.

B. 1 and 4.

C. 1 and 3.

D. 2 and 3.

Correct Answer: C

Welcome to TestSimulate

IIA CIA Exam Part Three: Business Knowledge for Internal Auditing (IIA-CIA-Part3-3P) Free Practice Test