IIA-CIA-Part3 Exam Practice Test Instant Access

Question 1

Which of the following measures would best protect an organization from automated attacks whereby the attacker attempts to identify weak or leaked passwords in order to log into employees' accounts?

ARequiring users to change their passwords every two years.

BRequiring two-step verification for all users

CRequiring the use of a virtual private network (VPN) when employees are out of the office.

DRequiring the use of up-to-date antivirus, security, and event management tools.

Answer : B

Question 2

Which of the following attributes of data are cybersecurity controls primarily designed to protect?

AVeracity, velocity, and variety.

BIntegrity, availability, and confidentiality.

CAccessibility, accuracy, and effectiveness.

DAuthorization, logical access, and physical access.

Answer : C

Question 3

Which of the following characteristics applies to an organization that adopts a flat structure?

AThe structure is dispersed geographically

BThe hierarchy levels are more numerous.

CThe span of control is wide

DThe tower-level managers are encouraged to exercise creativity when solving problems

Answer : D

Question 4

Which of the following is most influenced by a retained earnings policy?

ACash.

BDividends.

CGross margin.

DNet income.

Answer : D

Question 5

Management is designing its disaster recovery plan. In the event that there is significant damage to the organization's IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration. Which of the following is the ideal solution for management in this scenario?

AA warm recovery plan.

BA cold recovery plan.

CA hot recovery plan.

DA manual work processes plan

Answer : A

Question 6

A newly appointed board member received an email that appeared to be from the company's CEO. The email stated:

''Good morning. As you remember, the closure of projects is our top priority. Kindly organize prompt payment of the attached invoice for our new solar energy partners.'' The board member quickly replied to the email and asked under which project the expense should be accounted. Only then did he realize that the sender 's mail domain was different from the company's. Which of the following cybersecurity risks nearly occurred in the situation described?

AA risk of spyware and malware.

BA risk of corporate espionage.

CA ransomware attack risk.

DA social engineering risk.

Answer : A

Question 7

Which of the following is an effective preventive control for data center security?

AMotion detectors.

BKey card access to the facility.

CSecurity cameras.

DMonitoring access to data center workstations

Answer : B

IIA-CIA-Part3 Certified Internal Auditor-Internal Audit Knowledge Elements Exam Practice Test