IIA-CIA-Part3 Exam Practice Test Instant Access

Question 1

An internal auditor has requested the organizational chart in order to evaluate the control environment of an organization. Which of the following is a disadvantage of using the organizational chart?

AThe organizational chart shows only formal relationships.

BThe organizational chart shows only the line of authority.

CThe organizational chart shows only the senior management positions.

DThe organizational chart is irrelevant when testing the control environment.

Answer : A

Question 2

Which of the following business practices promotes a culture of high performance?

AReiterating the importance of compliance with established policies and procedures.

BCelebrating employees' individual excellence.

CPeriodically rotating operational managers.

DAvoiding status differences among employees.

Answer : D

Question 3

Which of the following is considered a physical security control?

ATransaction logs are maintained to capture a history of system processing.

BSystem security settings require the use of strong passwords and access controls.

CFailed system login attempts are recorded and analyzed to identify potential security incidents.

DSystem servers are secured by locking mechanisms with access granted to specific individuals.

Answer : D

Question 4

The internal audit activity has identified accounting errors that resulted in the organization overstating its net income for the fiscal year. Which of the following is the most likely cause of this overstatement?

ABeginning inventory was overstated for the year.

BCost of goods sold was understated for the year.

CEnding inventory was understated for the year.

DCost of goods sold was overstated for the year.

Answer : B

Question 5

Which of the following is an example of two-factor authentication?

AThe user's facial geometry and voice recognition.

BThe user's password and a separate passphrase.

CThe user's key fob and a smart card.

DThe user's fingerprint and a personal Identification number.

Answer : D

Question 6

An organization contracted a third-party service provider to plan, design, and build a new facility. Senior management would like to transfer all of the risk to the builder. Which type of procurement contract would the organization use?

ACost-plus contract.

BTurnkey contract.

CService contract.

DSolutions contract.

Answer : A

Question 7

An IT auditor is evaluating IT controls of a newly purchased information system. The auditor discovers that logging is not configured al database and application levels. Operational management explains that they do not have enough personnel to manage the logs and they see no benefit in keeping logs. Which of the fallowing responses best explains risks associated with insufficient or absent logging practices?

AThe organization will be unable to develop preventative actions based on analytics.

BThe organization will not be able to trace and monitor the activities of database administers.

CThe organization will be unable to determine why intrusions and cyber incidents took place.

DThe organization will be unable to upgrade the system to newer versions.

Answer : C

IIA-CIA-Part3 Certified Internal Auditor-Internal Audit Knowledge Elements Exam Practice Test