Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?
A. Non-disclosure agreements between the firm and its employees.
B. Logs of user activity within the information system.
C. Two-factor authentication for access into the information system.
D. Limited access to information, based on employee duties.
Management has established a performance measurement focused on the accuracy of disbursements. The disbursement statistics, provided daily to all accounts payable and audit staff, include details of payments stratified by amount and frequency.
Which of the following is likely to be the greatest concern regarding this performance measurement?
A. Articulation of the data.
B. Availability of the data.
C. Measurability of the data.
D. Relevance of the data.
According to IIA guidance on IT, which of the following best describes a logical access control?
A. Require complex passwords to be established and changed quarterly.
B. Require swipe cards to control entry into secure data centers.
C. Monitor access to the data center with closed circuit camera surveillance.
D. Maintain current role definitions to ensure appropriate segregation of duties.
Which of the following statements is true regarding change management?
A. The degree of risk associated with a proposed change determines whether the change request requires authorization.
B. Program changes generally are developed and tested in the production environment.
C. Changes are only required by software programs.
D. To protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.
During disaster recovery planning, the organization established a recovery point objective. Which of the following best describes this concept?
A. The maximum tolerable downtime after the occurrence of an incident.
B. The maximum tolerable data loss after the occurrence of an incident.
C. The maximum tolerable risk related to the occurrence of an incident.
D. The minimum recovery resources needed after the occurrence of an incident.
Which of the following statements is true regarding user-developed applications (UDAs) and traditional IT applications?
A. UDAs and traditional IT applications typically follow a similar development life cycle.
B. A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.
C. Unlike traditional IT applications, UDAs typically are developed with little consideration of controls.
D. IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.
Which of the following should software auditors do when reporting internal audit findings related to enterprisewide resource planning?
A. Draft separate audit reports for business and IT management.
B. Connect IT audit findings to business issues.
C. Include technical details to support IT issues.
D. Include an opinion on financial reporting accuracy and completeness.
In reviewing an organization's IT infrastructure risks, which of the following controls is to be tested as part of reviewing workstations?
A. Input controls.
B. Segregation of duties.
C. Physical controls.
D. Integrity controls.
Which of the following best describes a detective control designed to protect an organization from cyberthreats and attacks?
A. A list of trustworthy, good traffic and a list of unauthorized, blocked traffic.
B. Monitoring for vulnerabilities based on industry intelligence.
C. Comprehensive service level agreements with vendors.
D. Firewall and other network perimeter protection tools.
Which of the following is likely to occur when an organization decides to adopt a decentralized organizational structure?
A. A slower response to external change.
B. Less controlled decision making.
C. More burden on higher-level managers.
D. Less use of employees' true skills and abilities.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART3 exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.