Special Summer Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

IIA-CIA-Part3 Questions and Answers

Question # 6

When would a contract be dosed out?

A.

When there's a dispute between the contracting parties

B.

When ail contractual obligations have been discharged.

C.

When there is a force majenre.

D.

When the termination clause is enacted.

Full Access
Question # 7

An internal auditor identified a database administrator with an incompatible dual role. Which of the following duties should not be performed by the identified administrator?

A.

Designing and maintaining the database.

B.

Preparing input data and maintaining the database.

C.

Maintaining the database and providing its security,

D.

Designing the database and providing its security

Full Access
Question # 8

A new manager received computations of the internal rate of return regarding his project proposal. What should the manager compare the computation results to in order to determine whether the project is potentially acceptable?

A.

Compare to the annual cost of capital.

B.

Compare to the annual interest rate.

C.

Compare to the required rate of return.

D.

Compare to the net present value.

Full Access
Question # 9

Which of the following types of data analytics would be used by a hospital to determine which patients are likely to require readmittance for additional treatment?

A.

Predictive analytics

B.

Prescriptive analytics

C.

Descriptive analytics

D.

Diagnostic analytics

Full Access
Question # 10

An organization has a declining inventory turnover but an increasing gross margin rate. Which of the following statements can best explain this situation?

A.

he organization's operating expenses are increasing.

B.

The organization has adopted just-in-time inventory.

C.

The organization is experiencing inventory theft.

D.

The organization's inventory is overstated.

Full Access
Question # 11

After purchasing shoes from an online retailer, a customer continued to receive additional unsolicited offers from the retailer and other retailers who offer similar products.

Which of the following is the most likely control weakness demonstrated by the seller?

A.

Excessive collecting of information

B.

Application of social engineering

C.

Retention of incomplete information.

D.

Undue disclosure of information

Full Access
Question # 12

Management is pondering the following question:

"How does our organization compete?"

This question pertains to which of the following levels of strategy?

A.

Functional-level strategy

B.

Corporate-level strategy.

C.

Business-level strategy,

D.

DepartmentsHevet strategy

Full Access
Question # 13

Which of the following controls is the most effective for ensuring confidentially of transmitted information?

A.

Firewall.

B.

Antivirus software.

C.

Passwords.

D.

Encryption.

Full Access
Question # 14

IT governance begins with which of the following activities?

A.

Identification of risk-mitigating options.

B.

Definition of IT objectives.

C.

Identification of IT risk events.

D.

Definition of risk response policies.

Full Access
Question # 15

According to Maslow’s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?

A.

Esteem by colleagues

B.

Self-fulfillment

C.

Sense of belonging in the organization

D.

Job security

Full Access
Question # 16

Which of the following is an example of a key systems development control typically found in the in-house development of an application system?

A.

Logical access controls monitor application usage and generate audit trails.

B.

The development process is designed to prevent, detect, and correct errors that may occur.

C.

A record is maintained to track the process of data from input, to output, to storage.

D.

Business users' requirements are documented, and their achievement is monitored.

Full Access
Question # 17

Which of the following physical access controls is most likely to be based on the "something you have" concept?

A.

A retina characteristics reader.

B.

A PIN code reader.

C.

A card-key scanner.

D.

A fingerprint scanner.

Full Access
Question # 18

Which of the following capital budgeting techniques considers the expected total net cash flows from investment?

A.

Cash payback

B.

Annual rate of return

C.

Incremental analysis

D.

Net present value

Full Access
Question # 19

A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25.000 shirts. Actual sales total S300.000. What is margin of safety sales for the company?

A.

$100.000

B.

$200,000

C.

$275,000

D.

$500,000

Full Access
Question # 20

When executive compensation is based on the organization's financial results, which of the following situations is most likely to arise?

A.

The organization reports inappropriate estimates and accruals due to poof accounting controls.

B.

The organization uses an unreliable process forgathering and reporting executive compensation data.

C.

The organization experiences increasing discontent of employees, if executives are eligible for compensation amounts that are deemed unreasonable.

D.

The organization encourages employee behavior that is inconsistent with the interests of relevant stakeholders.

Full Access
Question # 21

Which of the following intangible assets is considered to have an indefinite life?

A.

Underground oil deposits

B.

Copyright

C.

Trademark

D.

Land

Full Access
Question # 22

Which of the following statements is true regarding user developed applications (UDAs) and traditional IT applications?

A.

UDAs arid traditional JT applications typically follow a similar development life cycle

B.

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

C.

Unlike traditional IT applications. UDAs typically are developed with little consideration of controls.

D.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Full Access
Question # 23

Which of the following performance measures includes both profits and investment base?

A.

Residual income

B.

A flexible budget

C.

Variance analysis.

D.

A contribution margin income statement by segment.

Full Access
Question # 24

Based on test results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

A.

Requested backup tapes were not returned from the offsite vendor in a timely manner

B.

Returned backup tapes from the offsite vendor contained empty spaces

C.

Critical systems have been backed up more frequently than required

D.

Critical system backup tapes are taken off site less frequently than required

Full Access
Question # 25

Which of the following is true of matrix organizations?

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various functions.

C.

Authority, responsibility, and accountability of the units involved may vary based on the project's life or the organization's culture.

D.

It is best suited for firms with scattered locations or for multi-line, large-scale firms.

Full Access
Question # 26

Which of the following forms of compensation best indicates that an organization’s cost-saving objectives have been targeted?

A.

Gain sharing

B.

Commission

C.

Profit sharing

D.

Pension

Full Access
Question # 27

Which of the following statements is true regarding the capital budgeting procedure known as the discounted payback period?

A.

It calculates the overall value of a project.

B.

It ignores the time value of money.

C.

It calculates the time a project takes to break even.

D.

It begins at time zero for the project.

Full Access
Question # 28

Which of the following data security policies is most likely to be the result of a data privacy law?

A.

Access to personally identifiable information is limited to those who need it to perform their job.

B.

Confidential data must be backed up and recoverable within a 24-hour period.

C.

Updates to systems containing sensitive data must be approved before being moved to production.

D.

A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods.

Full Access
Question # 29

An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

A.

It is particularly helpful to management when the organization is facing rapid change

B.

It is a more successful approach when adopted by mechanistic organizations

C.

It is more successful when goal-setting is performed not only by management, but by all team members, including lower-level staff

D.

It is particularly successful in environments that are prone to having poor employer-employee relations

Full Access
Question # 30

Which of the following security controls would be appropriate to protect the exchange of information?

A.

Firewalls.

B.

Activity logs.

C.

Antivirus software.

D.

File encryption.

Full Access
Question # 31

Which of the following best explains why an organization would enter into a capital lease contract?

A.

To increase the ability to borrow additional funds from creditors

B.

To reduce the organization’s free cash flow from operations

C.

To improve the organization’s free cash flow from operations

D.

To acquire the asset at the end of the lease period at a price lower than the fair market value

Full Access
Question # 32

Which of the following differentiates a physical access control from a logical access control?

A.

Physical access controls secure tangible IT resources, whereas logical access controls secure software and data internal to the IT system.

B.

Physical access controls secure software and data internal to the IT system, whereas logical access controls secure tangible IT resources.

C.

Physical access controls include firewalls, user IDs, and passwords, whereas logical access controls include locks and security guards.

D.

Physical access controls include input processing and output controls, whereas logical access controls include locked doors and security guards.

Full Access
Question # 33

Which of the following purchasing scenarios would gain the greatest benefit from implementing electronic data interchange (EDI)?

A.

A just-in-time purchasing environment

B.

A large volume of custom purchases

C.

A variable volume sensitive to material cost

D.

A currently inefficient purchasing process

Full Access
Question # 34

A small chain of grocery stores made a reporting error and understated its ending inventory. What effect would this have on the income statement for the following year?

A.

Net income would be understated.

B.

Net income would not be affected.

C.

Net income would be overstated.

D.

Net income would be negative.

Full Access
Question # 35

According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?

A.

Hot recovery plan

B.

Warm recovery plan

C.

Cold plan

D.

Absence of recovery plan

Full Access
Question # 36

Which of the following physical access controls often functions as both a preventive and detective control?

A.

Locked doors.

B.

Firewalls.

C.

Surveillance cameras.

D.

Login IDs and passwords.

Full Access
Question # 37

An organization has decided to allow its managers to use their own smart phones at work. With this change, which of the following is most important to Include In the IT department's comprehensive policies and procedures?

A.

Required documentation of process for discontinuing use of the devices

B.

Required removal of personal pictures and contacts.

C.

Required documentation of expiration of contract with service provider.

D.

Required sign-off on conflict of interest statement.

Full Access
Question # 38

A company produces water buckets with the following costs per bucket:

Direct labor = 82

Direct material = $5

Fixed manufacturing = 83.50

Variable manufacturing = 82.50

The water buckets are usually sold for $15. However, the company received a special order for 50.000 water buckets at 311 each.

Assuming there is adequate manufacturing capacity and ail other variables are constant , what is the relevant cost per unit to consider when deciding whether to accept this special order at the reduced price?

A.

$9.50

B.

$10.50

C.

$11

D.

$13

Full Access
Question # 39

Which of the following should be established by management during implementation of big data systems to enable ongoing production monitoring?

A.

Key performance indicators.

B.

Reports of software customization.

C.

Change and patch management.

D.

Master data management

Full Access
Question # 40

Employees at an events organization use a particular technique to solve problems and improve processes. The technique consists of five steps: define, measure, analyze,

improve, and control. Which of the following best describes this approach?

A.

Six Sigma,

B.

Quality circle.

C.

Value chain analysis.

D.

Theory of constraints.

Full Access
Question # 41

Several organizations have developed a strategy to open co-owned shopping malls. What would be the primary purpose of this strategy?

A.

To exploit core competence.

B.

To increase market synergy.

C.

To deliver enhanced value.

D.

To reduce costs.

Full Access
Question # 42

An organization created a formalized plan for a large project. Which of the following should be the first step in the project management plan?

A.

Estimate time required to complete the whole project.

B.

Determine the responses to expected project risks.

C.

Break the project into manageable components.

D.

Identify resources needed to complete the project

Full Access
Question # 43

Which of the following accounting methods is an investor organization likely to use when buying 40 percent of the stock of another organization?

A.

Cost method.

B.

Equity method .

C.

Consolidation method.

D.

Fair value method.

Full Access
Question # 44

What relationship exists between decentralization and the degree, importance, and range of lower-level decision making?

A.

Mutually exclusive relationship.

B.

Direct relationship.

C.

Intrinsic relationship.

D.

Inverse relationship.

Full Access
Question # 45

Management has decided to change the organizational structure from one that was previously decentralized to one that is now highly centralized. As such: which of the

following would be a characteristic of the now highly centralized organization?

A.

Top management does little monitoring of the decisions made at lower levels.

B.

The decisions made at the lower levels of management are considered very important.

C.

Decisions made at lower levels in the organizational structure are few.

D.

Reliance is placed on top management decision making by few of the organization's departments.

Full Access
Question # 46

Which of the following scenarios indicates an effective use of financial leverage?

A.

An organisation has a rate of return on equity of 20% and a rate of return on assets of 15%.

B.

An organization has a current ratio of 2 and an inventory turnover of 12.

C.

An organization has a debt to total assets ratio of 0.2 and an interest coverage ratio of 10.

D.

An organization has a profit margin of 30% and an assets turnover of 7%.

Full Access
Question # 47

Which of the following parties is most likely to be responsible for maintaining the infrastructure required to prevent the failure of a real-time backup of a database?

A.

IT database administrator.

B.

IT data center manager.

C.

IT help desk function.

D.

IT network administrator.

Full Access
Question # 48

A manufacturer ss deciding whether to sell or process materials further. Which of the following costs would be relevant to this decision?

A.

Incremental processing costs, incremental revenue, and variable manufacturing expenses.

B.

Joint costs, incremental processing costs, and variable manufacturing expenses.

C.

Incremental revenue, joint costs, and incremental processing costs.

D.

Variable manufacturing expenses, incremental revenue, and joint costs

Full Access
Question # 49

Which of the following inventory costing methods requires the organization to account for the actual cost paid for the unit being sold?

A.

Last-in-first-Out (LIFO}.

B.

Average cost.

C.

First-in-first-out (FIFO).

D.

Specific identification

Full Access
Question # 50

According to IIA guidance, which of the following is a broad collection of integrated policies, standards, and procedures used to guide the planning and execution of a project?

A.

Project portfolio.

B.

Project development

C.

Project governance.

D.

Project management methodologies

Full Access
Question # 51

Which of the following IT-related activities is most commonly performed by the second line of defense?

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide independent assessment of IT security.

Full Access
Question # 52

Which of the following is a systems software control?

A.

Restricting server room access to specific individuals

B.

Housing servers with sensitive software away from environmental hazards

C.

Ensuring that all user requirements are documented

D.

Performing of intrusion testing on a regular basis

Full Access
Question # 53

When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

A.

Direct, product costs.

B.

Indirect product costs.

C.

Direct period costs,

D.

Indirect period costs

Full Access
Question # 54

Which of the following should be included in a data privacy poky?

1. Stipulations for deleting certain data after a specified period of time.

2. Guidance on acceptable methods for collecting personal data.

3. A requirement to retain personal data indefinitely to ensure a complete audit trail,

4. A description of what constitutes appropriate use of personal data.

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2 and 4 only

D.

2, 3, and 4 only

Full Access
Question # 55

An organization's account for office supplies on hand had a balance of $9,000 at the end of year one. During year two. The organization recorded an expense of $45,000 for purchasing office supplies. At the end of year two. a physical count determined that the organization has $11 ,500 in office supplies on hand. Based on this Information, what would he recorded in the adjusting entry an the end of year two?

A.

A debit to office supplies on hand for S2.500

B.

A debit to office supplies on hand for $11.500

C.

A debit to office supplies on hand for $20,500

D.

A debit to office supplies on hand for $42,500

Full Access
Question # 56

An organization discovered fraudulent activity involving the employee time-tracking system. One employee regularly docked in and clocked out her co-worker friends on their days off, inflating their reported work hours and increasing their wages. Which of the following physical authentication devices would be most effective at disabling this fraudulent scheme?

A.

Face or finger recognition equipment,

B.

Radio-frequency identification chips to authenticate employees with cards.

C.

A requirement to clock in and clock out with a unique personal identification number.

D.

A combination of a smart card and a password to clock in and clock out.

Full Access
Question # 57

At one organization, the specific terms of a contract require both the promisor end promise to sign the contract in the presence of an independent witness.

What is the primary role to the witness to these signatures?

A.

A witness verifies the quantities of the copies signed.

B.

A witness verifies that the contract was signed with the free consent of the promisor and promise.

C.

A witness ensures the completeness of the contract between the promisor and promise.

D.

A witness validates that the signatures on the contract were signed by tire promisor and promise.

Full Access
Question # 58

Which of the following risks would Involve individuals attacking an oil company's IT system as a sign of solidarity against drilling in a local area?

A.

Tampering

B.

Hacking

C.

Phishing

D.

Piracy

Full Access
Question # 59

An investor has acquired an organization that has a dominant position in a mature. slew-growth Industry and consistently creates positive financial income.

Which of the following terms would the investor most likely label this investment in her portfolio?

A.

A star

B.

A cash cow

C.

A question mark

D.

A dog

Full Access
Question # 60

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

D.

Use management software scan and then prompt parch reminders when devices connect to the network

Full Access
Question # 61

According to Maslow's hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?

A.

Esteem by colleagues.

B.

Self-fulfillment

C.

Series of belonging in the organization

D.

Job security

Full Access
Question # 62

Which of the following practices impacts copyright issues related to the manufacturer of a smart device?

A.

Session hijacking.

B.

Jailbreaking

C.

Eavesdropping,

D.

Authentication.

Full Access
Question # 63

During which phase of the contracting process ere contracts drafted for a proposed business activity?

A.

Initiation phase.

B.

Bidding phase

C.

Development phase

D.

Management phase

Full Access
Question # 64

Which of the following statements is true regarding the management-by-objectives method?

A.

Management by objectives is most helpful in organizations that have rapid changes.

B.

Management by objectives is most helpful in mechanistic organizations with rigidly defined tasks.

C.

Management by objectives helps organizations to keep employees motivated.

D.

Management by objectives helps organizations to distinguish clearly strategic goals from operational goals.

Full Access
Question # 65

Which of the following statements is true regarding cost-volume-profit analysis?

A.

Contribution margin is the amount remaining from sales revenue after fixed expenses have been deducted.

B.

Breakeven point is the amount of units sold to cover variable costs.

C.

Breakeven occurs when the contribution margin covers fixed costs.

D.

Following breakover1, he operating income will increase by the excess of fixed costs less the variable costs per units sold.

Full Access
Question # 66

An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?

A.

The auditor is normalizing data in preparation for analyzing it.

B.

The auditor is analyzing the data in preparation for communicating the results,

C.

The auditor is cleaning the data in preparation for determining which processes may be involves .

D.

The auditor is reviewing trio data prior to defining the question

Full Access
Question # 67

Based on lest results, an IT auditor concluded that the organization would suffer unacceptable loss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

A.

Requested backup tapes were not returned from the offsite vendor In a timely manner.

B.

Returned backup tapes from the offsite vendor contained empty spaces.

C.

Critical systems have boon backed up more frequently than required.

D.

Critical system backup tapes are taken off site less frequently than required

Full Access
Question # 68

Management is designing its disaster recovery plan. In the event that there is significant damage to the organization's IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration. Which of the following is the ideal solution for management in this scenario?

A.

A warm recovery plan.

B.

A cold recovery plan.

C.

A hot recovery plan.

D.

A manual work processes plan

Full Access
Question # 69

According to IIA guidance on IT, which of the following best describes a situation where data backup plans exist to ensure that critical data can be restored at some point in the future, but recovery and restore processes have not been defined?

A.

Hot recovery plan

B.

Warm recovery plan

C.

Cold recovery plan

D.

Absence of recovery plan

Full Access
Question # 70

Which of the following techniques would best detect on inventory fraud scheme?

A.

Analyze invoice payments just under individual authorization limits.

B.

Analyze stratification of inventory adjustments by warehouse location.

C.

Analyze Inventory Invoice amounts and compare with approved contract amounts.

D.

Analyze differences discovered curing duplicate payment testing.

Full Access
Question # 71

Which of the following statements, is true regarding the capital budgeting procedure known as discounted payback period?

A.

It calculates the overall value of a project.

B.

It ignores the time value of money.

C.

It calculates the time a project takes to break even.

D.

It begins at time zero for the project.

Full Access
Question # 72

A rapidly expanding retail organisation continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals

C.

Suboptimal decision making

D.

Duplication of business activities

Full Access
Question # 73

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

A.

There is a higher reliance on organizational culture.

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed

D.

There is a defined code far employee behavior.

Full Access
Question # 74

According to Herzberg's Two-Factor Theory of Motivation, which of the following factors arc mentioned most often by satisfied employees?

A.

Salary and status

B.

Responsibility and advancement

C.

Work conditions and security

D.

Peer relationships and personal life

Full Access
Question # 75

An organization has 10,000 units of a defect item in stock, per unit, market price is $10$; production cost is $4; and defect selling price is $5. What is the carrying amount (inventory value) of defects at your end?

A.

$0

B.

$4,000

C.

$5,000

D.

$10,000

Full Access
Question # 76

Which of the following is on advantage of a decentralized organizational structure, as opposed to a centralized structure?

A.

Greater cost-effectiveness

B.

Increased economies of scale

C.

Larger talent pool

D.

Strong internal controls

Full Access
Question # 77

What kind of strategy would be most effective for an organization to adopt in order to Implement a unique advertising campaign for selling identical product lines across all of its markets?

A.

Export strategy.

B.

Transnational strategy

C.

Multi-domestic strategy

D.

Globalization strategy

Full Access
Question # 78

According to IIA guidance, which of the following would be the best first stop to manage risk when a third party is overseeing the organization's network and data?

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C.

Applying administrative privileges to ensure right to access controls are appropriate.

D.

Creating a standing cyber-security committee to identify and manage risks related to data security

Full Access
Question # 79

Which of the following is a security feature that Involves the use of hardware and software to filter or prevent specific Information from moving between the inside network and the outs de network?

A.

Authorization

B.

Architecture model

C.

Firewall

D.

Virtual private network

Full Access
Question # 80

Which of the following situations best illustrates a "false positive" in the performance of a spam filter?

A.

The spam filter removed Incoming communication that included certain keywords and domains.

B.

The spam filter deleted commercial ads automatically, as they were recognized as unwanted.

C.

The spam filter routed to the "junk|r folder a newsletter that appeared to include links to fake websites.

D.

The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.

Full Access
Question # 81

Which of the following best describes the primary objective of cybersecurity?

A.

To protect the effective performance of IT general and application controls.

B.

To regulate users' behavior it the web and cloud environment.

C.

To prevent unauthorized access to information assets.

D.

To secure application of protocols and authorization routines.

Full Access
Question # 82

Which of the following attributes of data is most likely to be compromised in an organization with a weak data governance culture?

A.

Variety.

B.

Velocity.

C.

Volume.

D.

Veracity.

Full Access
Question # 83

Which of the following represents a basis for consolidation under the International Financial Reporting Standards?

A.

Variable entity approach.

B.

Control ownership.

C.

Risk and reward.

D.

Voting interest.

Full Access
Question # 84

Which of the following security controls would provide the most efficient and effective authentication for customers to access these online shopping account?

A.

12-digit password feature.

B.

Security question feature.

C.

Voice recognition feature.

D.

Two-level sign-on feature

Full Access
Question # 85

An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks. The auditor grouped the related risks into three categories;

- Risks specific to the organization itself.

- Risks specific to the service provider.

- Risks shared by both the organization and the service provider

Which of the following risks should the auditor classify as specific to the service provider?

A.

Unexpected increases in outsourcing costs.

B.

Loss of data privacy.

C.

Inadequate staffing.

D.

Violation of contractual terms.

Full Access
Question # 86

Which of the following represents an inventory costing technique that can be manipulated by management to boost net income by selling units purchased at a low cost?

A.

First-in. first-out method (FIFO).

B.

Last-in, first-out method (LIFO).

C.

Specific identification method.

D.

Average-cost method

Full Access
Question # 87

In light of increasing emission taxes in the European Union, a car manufacturer introduced a new middle-class hybrid vehicle specifically for the European market only. Which of the following competitive strategies has the manufacturer used?

A.

Reactive strategy.

B.

Cost leadership strategy.

C.

Differentiation strategy.

D.

Focus strategy

Full Access
Question # 88

Which of the following security controls focuses most on prevention of unauthorized access to the power plant?

A.

An offboarding procedure is initiated monthly to determine redundant physical access rights.

B.

Logs generated by smart locks are automatically scanned to identify anomalies in access patterns.

C.

Requests for additional access rights are sent for approval and validation by direct supervisors.

D.

Automatic notifications are sent to a central security unit when employees enter the premises during nonwork hours

Full Access
Question # 89

Which of the following actions would senior management need to consider as part of new IT guidelines regarding the organization's cybersecurity policies?

A.

Assigning new roles and responsibilities for senior IT management.

B.

Growing use of bring your own devices for organizational matters.

C.

Expansion of operations into new markets with limited IT access.

D.

Hiring new personnel within the IT department for security purposes.

Full Access
Question # 90

Which of the following should software auditors do when reporting internal audit findings related to enterprisewide resource planning?

A.

Draft separate audit reports for business and IT management.

B.

Conned IT audit findings to business issues.

C.

Include technical details to support IT issues.

D.

Include an opinion on financial reporting accuracy and completeness.

Full Access
Question # 91

What security feature would Identity a legitimate employee using her own smart device to gam access to an application run by the organization?

A.

Using a jailbroken or rooted smart device feature.

B.

Using only smart devices previously approved by the organization.

C.

Obtaining written assurance from the employee that security policies and procedures are followed.

D.

Introducing a security question known only by the employee.

Full Access
Question # 92

An employee was promoted within the organization and relocated to a new office in a different building. A few months later, security personnel discovered that the employee's smart card was being used to access the building where she previously worked. Which of the following security controls could prevent such an incident from occurring?

A.

Regular review of logs.

B.

Two-level authentication.

C.

Photos on smart cards.

D.

Restriction of access hours.

Full Access
Question # 93

Which of the following analytical techniques would an internal auditor use to verify that none of an organization's employees are receiving fraudulent invoice payments?

A.

Perform gap testing.

B.

Join different data sources.

C.

Perform duplicate testing.

D.

Calculate statistical parameters.

Full Access
Question # 94

Which of the following IT professionals is responsible for providing maintenance to switches and routers to keep IT systems running as intended?

A.

Data center operations manager

B.

Response and support team.

C.

Database administrator,

D.

Network administrator

Full Access
Question # 95

An IT auditor is evaluating IT controls of a newly purchased information system. The auditor discovers that logging is not configured al database and application levels. Operational management explains that they do not have enough personnel to manage the logs and they see no benefit in keeping logs. Which of the fallowing responses best explains risks associated with insufficient or absent logging practices?

A.

The organization will be unable to develop preventative actions based on analytics.

B.

The organization will not be able to trace and monitor the activities of database administers.

C.

The organization will be unable to determine why intrusions and cyber incidents took place.

D.

The organization will be unable to upgrade the system to newer versions.

Full Access
Question # 96

If an organization has a high amount of working capital compared to the industry average, which of the following is most likely true?

A.

Settlement of short-term obligations may become difficult.

B.

Cash may be bed up in items not generating financial value.

C.

Collection policies of the organization are ineffective.

D.

The organization is efficient in using assets to generate revenue.

Full Access
Question # 97

Senior management is trying to decide whether to use the direct write-off or allowance method for recording bad debt on accounts receivables. Which of the following would be the best argument for using the direct write-off method?

A.

It is useful when losses are considered insignificant.

B.

It provides a better alignment with revenue.

C.

It is the preferred method according to The IIA.

D.

It states receivables at net realizable value on the balance sheet.

Full Access
Question # 98

At an organization that uses a periodic inventory system, the accountant accidentally understated the organization s beginning inventory. How would the accountant's accident impact the income statement?

A.

Cost of goods sold will be understated and net income will be overstated.

B.

Cost of goods sold will be overstated and net income will be understated

C.

Cost of goods sold will be understated and there Wi-Fi be no impact on net income.

D.

There will be no impact on cost of goods sold and net income will be overstated

Full Access
Question # 99

Which of the following items best describes the strategy of outsourcing?

A.

Contracting the work to Foreign Service providers to obtain lower costs

B.

Contracting functions or knowledge-related work with an external service provider.

C.

Contract -ng operation of some business functions with an internal service provider

D.

Contracting a specific external service provider to work with an internal service provider

Full Access
Question # 100

Which of the following common quantitative techniques used in capital budgeting is best associated with the use of a table that describes the present value of an annuity?

A.

Cash payback technique.

B.

Discounted cash flow technique: net present value.

C.

Annual rate of return

D.

Discounted cash flow technique: internal rate of return.

Full Access
Question # 101

Which of the following is a distinguishing feature of managerial accounting, which is not applicable to financial accounting?

A.

Managerial accounting uses double-entry accounting and cost data.

B.

Managerial accounting uses general accepted accounting principles.

C.

Managerial accounting involves decision making based on quantifiable economic events.

D.

Managerial accounting involves decision making based on predetermined standards.

Full Access
Question # 102

During which of the following phases of contracting does the organization analyze whether the market is aligned with organizational objectives?

A.

Initiation phase

B.

Bidding phase

C.

Development phase

D.

Negotiation phase

Full Access
Question # 103

An organization prepares a statement of privacy to protect customers' personal information. Which of the following might violate the privacy principles?

A.

Customers can access and update personal information when needed.

B.

The organization retains customers' personal information indefinitely.

C.

Customers reserve the right to reject sharing personal information with third parties.

D.

The organization performs regular maintenance on customers' personal information.

Full Access
Question # 104

Which of the following types of budgets will best provide the basis for evaluating the organization's performance?

A.

Cash budget.

B.

Budgeted balance sheet.

C.

Selling and administrative expense budget.

D.

Budgeted income statement.

Full Access
Question # 105

Which of the following is a limitation of the remote wipe for a smart device?

A.

Encrypted data cannot be locked to prevent further access

B.

Default settings cannot be restored on the device.

C.

All data, cannot be completely removed from the device

D.

Mobile device management software is required for successful remote wipe

Full Access
Question # 106

An organization's board of directors is particularly focused on positioning, the organization as a leader in the industry and beating the competition. Which of the following strategies offers the greatest alignment with the board's focus?

A.

Divesting product lines expected to have negative profitability.

B.

Increasing the diversity of strategic business units.

C.

Increasing investment in research and development for a new product.

D.

Relocating the organization's manufacturing to another country.

Full Access
Question # 107

Which of the following is an example of internal auditors applying data mining techniques for exploratory purposes?

A.

Internal auditors perform reconciliation procedures to support an external audit of financial reporting.

B.

Internal auditors perform a systems-focused analysis to review relevant controls.

C.

Internal auditors perform a risk assessment to identify potential audit subjects as input for the annual internal audit plan

D.

Internal auditors test IT general controls with regard to operating effectiveness versus design

Full Access
Question # 108

How can the concept of relevant cost help management with behavioral analyses?

A.

It explains the assumption mat both costs and revenues are linear through the relevant range

B.

It enables management to calculate a minimum number of units to produce and sell without having to incur a loss.

C.

It enables management to predict how costs such as the depreciation of equipment will be affected by a change in business decisions

D.

It enables management to make business decisions, as it explains the cost that will be incurred for a given course of action

Full Access
Question # 109

An internal auditor considers the financial statement of an organization as part of a financial assurance engagement. The auditor expresses the organization's electricity and depreciation expenses as a percentage of revenue to be 10% and 7% respectively. Which of the following techniques was used by the internal auditor In this calculation?

A.

Horizontal analysis

B.

Vertical analysis

C.

Ratio analysis

D.

Trend analysis

Full Access
Question # 110

Which of the following describes the primary advantage of using data analytics in internal auditing?

A.

It helps support the internal audit conclusions with factual evidence.

B.

It reduces the time and effort needed to prepare the audit report.

C.

It helps prevent internal auditors from unknowingly disregarding key process risks.

D.

It enables internal auditors to meet their responsibility for monitoring controls.

Full Access
Question # 111

Which of the following is a systems software control?

A.

Restricting server room access to specific individuals.

B.

Housing servers with sensitive software away from environmental hazards.

C.

Ensuring that all user requirements are documented.

D.

Performing intrusion testing on a regular basis.

Full Access
Question # 112

An organization has 1,000 units of a defective item in stock. Per unit, market price is $10; production cost is $4; and the defect selling price is $5. What is the carrying amount (inventory value) of defects at year-end?

A.

$0

B.

$4,000

C.

$5,000

D.

$10,000

Full Access
Question # 113

During which phase of the contracting process are contracts drafted for a proposed business activity?

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Management phase.

Full Access
Question # 114

Which of the following is an example of a smart device security control intended to prevent unauthorized users from gaining access to a device’s data or applications?

A.

Anti-malware software

B.

Authentication

C.

Spyware

D.

Rooting

Full Access
Question # 115

Which of the following IT-related activities is most commonly performed by the second line of defense?

A.

Block unauthorized traffic.

B.

Encrypt data.

C.

Review disaster recovery test results.

D.

Provide an independent assessment of IT security.

Full Access
Question # 116

An organization requires an average of 58 days to convert raw materials into finished products to sell. An additional 42 days is required to collect receivables. If the organization takes an average of 10 days to pay for raw materials, how long is its total cash conversion cycle?

A.

26 days.

B.

90 days.

C.

100 days.

D.

110 days.

Full Access
Question # 117

According to IIA guidance, which of the following are typical physical and environmental IT controls?

A.

Locating servers in locked rooms with restricted admission.

B.

Applying encryption where confidentiality is a stated requirement.

C.

Allocating and controlling access rights according to the organization's stated policy.

D.

Ensuring a tightly controlled process for applying all changes and patches to software, systems, network components, and data.

Full Access
Question # 118

Which of the following represents an example of a physical security control?

A.

Access rights are allocated according to the organization’s policy

B.

There is confirmation that data output is accurate and complete

C.

Servers are located in locked rooms to which access is restricted

D.

A record is maintained to track the process from data input to storage

Full Access
Question # 119

Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?

A.

Risk tolerance.

B.

Performance.

C.

Threats and opportunities.

D.

Governance.

Full Access
Question # 120

Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

A.

High-yield bonds

B.

Commodity-backed bonds

C.

Zero-coupon bonds

D.

Junk bonds

Full Access
Question # 121

Which of the following application controls is the most dependent on the password owner?

A.

Password selection.

B.

Password aging.

C.

Password lockout.

D.

Password rotation.

Full Access
Question # 122

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?

A.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters

B.

Orders, commands, and advice are sent to the subsidiaries from headquarters

C.

People of local nationality are developed for the best positions within their own country

D.

There is a significant amount of collaboration between headquarters and subsidiaries

Full Access
Question # 123

Which of these instances accurately describes the responsibilities for big data governance?

A.

Management must ensure information storage systems are appropriately defined and processes to update critical data elements are clear.

B.

External auditors must ensure that analytical models are periodically monitored and maintained.

C.

The board must implement controls around data quality dimensions to ensure that they are effective.

D.

Internal auditors must ensure the quality and security of data, with a heightened focus on the riskiest data elements.

Full Access
Question # 124

An intruder posing as the organization's CEO sent an email and tricked payroll staff into providing employees' private tax information. What type of attack was perpetrated?

A.

Boundary attack.

B.

Spear phishing attack.

C.

Brute force attack.

D.

Spoofing attack.

Full Access