IIA IIA-CIA-PART3 Online Practice Questions and Exam Preparation

IIA IIA-CIA-PART3 Online Questions & Answers

• Question 1081:

  Which of the following statements distinguishes a router from a typical switch?

  A. A router operates at layer two, while a switch operates at layer three of the open systems interconnection model.
  B. A router transmits data through frames, while a switch sends data through packets.
  C. A router connects networks, while a switch connects devices within a network.
  D. A router uses a media access control address during the transmission of data, while a switch uses an internet protocol address.
  C. A router connects networks, while a switch connects devices within a network.

  ---

  Explanation

• Question 1082:

  Which of the following would be most effective in preventing phishing attacks from impacting business systems?

  A. Training users on security awareness.
  B. Monitoring the usage of IT systems.
  C. Using software to detect malware.
  D. Blocking access to a user's accounts.
  A. Training users on security awareness.

  ---

  Explanation

• Question 1083:

  An engagement to review an organization's budget process has revealed that department heads frequently circumvent budget controls by actions such as padding their budgets and concealing opportunities to cut costs. One of the engagement recommendations involves forming a group composed of department heads to find a solution for this problem. Which one of the following methods is likely to generate a high level of commitment to the solution among members of the group?

  A. The brainstorming technique in which group members orally identify as many alternatives as possible without criticism from other members.
  B. A mandate from top management.
  C. The Delphi technique in which a series of questionnaires is used to arrive at a consensus.
  D. An open discussion of the problem and potential solutions until a consensus is reached.
  D. An open discussion of the problem and potential solutions until a consensus is reached.

  ---

  Explanation

  Interacting groups, that is, traditional groups in which individuals meet face-to-face and interact in customary ways, potentially foster the greatest commitment to the solution reached. When individuals who must implement the solution participate in the decision through open discussion and arrive at a consensus, they are usually inclined to accept the decision.

• Question 1084:

  Which of the following activities would come last in the development and implementation of a privacy and data protection program?

  A. Selecting the privacy and data protection framework
  B. Establishing an assessment and communication format
  C. Defining the scope of implementation procedures
  D. Defining the privacy and data protection risks
  B. Establishing an assessment and communication format

  ---

  Explanation

• Question 1085:

  Under which of the following circumstances can the internal audit function rely most confidently on the work performed by external auditors?

  A. The chief audit executive (CAE) has access to the external auditors' audit programs and workpapers
  B. The CAE requires that external auditors use the same techniques, methods, and terminology as the internal auditors
  C. The board of directors reviews the materiality and risk assessment performed by external auditors to direct the CAE
  D. The board of directors requires that all final communications by external auditors be reviewed by the CAE
  A. The chief audit executive (CAE) has access to the external auditors' audit programs and workpapers

  ---

  Explanation

  Reliance on external auditors' work is possible if the CAE has sufficient access to review their programs and workpapers to evaluate the scope, quality, and results. This ensures internal audit can confirm the appropriateness of relying on their

  work.

  Option B is not required--external and internal audit can use different methodologies. Options C and D represent governance involvement but do not substitute for CAE's independent evaluation of audit work.

  IIA Standards - Standard 2050: Coordination and Reliance.

• Question 1086:

  Which of the following is most appropriate for the chief audit executive to keep in mind when establishing policies and procedures to guide the internal audit function?

  A. The nature of the internal audit function
  B. The size of the organization
  C. The size and maturity of the internal audit function
  D. The structure of the organization
  C. The size and maturity of the internal audit function

  ---

  Explanation

  Policies and procedures should be tailored to the size and maturity of the internal audit function. A small or less mature function may require simpler procedures, while a large and well-established function may require more detailed and

  formalized guidance.

  Option A (nature of audit) and D (organizational structure) are relevant but secondary. Option B (organization size) does not necessarily dictate internal audit's needs as directly as its own size and maturity.

  IIA Standards - Standard 2040: Policies and Procedures.

• Question 1087:

  The management of working capital is most crucial for which of the following aspects of business?

  A. Liquidity.
  B. Profitability.
  C. Solvency.
  D. Efficiency.
  D. Efficiency.

  ---

  Explanation

• Question 1088:

  Which of the following data privacy concerns can be attributed specifically to blockchain technologies?

  A. Cybercriminals mainly resort to blockchain technologies to phish for private data
  B. Since blockchain transactions can be easily tampered with, the risk of private data leakage is high
  C. Data privacy regulations overregulate the usage of private data in blockchain transactions
  D. Immutability of blockchain technologies makes private data erasure a challenge
  D. Immutability of blockchain technologies makes private data erasure a challenge

  ---

  Explanation

  A core feature of blockchain technology is immutability--once data is recorded, it cannot be altered or deleted. While this supports integrity and transparency, it also creates a conflict with data privacy regulations such as the General Data

  Protection Regulation (GDPR), which grants individuals the "right to be forgotten." The inability to erase personal data stored on blockchain creates a compliance challenge.

  Options A and B are incorrect: phishing is not inherent to blockchain, and transactions are not easily tampered with (immutability actually prevents that). Option C is misleading because regulations address data use but do not "overregulate"

  blockchain specifically.

  IIA Global Technology Audit Guide (GTAG): Understanding Blockchain and Related Risks.

• Question 1089:

  Which of the following is an example of a physical control designed to prevent security breaches?

  A. Preventing database administrators from initiating program changes.
  B. Blocking technicians from getting into the network room.
  C. Restricting system programmers' access to database facilities.
  D. Using encryption for data transmitted over the public internet.
  C. Restricting system programmers' access to database facilities.

  ---

  Explanation

• Question 1090:

  A retail organization mistakenly did not include $10,000 of inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?

  A. Cost of sales and net income are understated.
  B. Cost of sales and net income are overstated.
  C. Cost of sales is understated and net income is overstated.
  D. Cost of sales is overstated and net income is understated.
  C. Cost of sales is understated and net income is overstated.

  ---

  Explanation