IIA IIA-CIA-PART3 Online Practice Questions and Exam Preparation

IIA IIA-CIA-PART3 Online Questions & Answers

• Question 631:

  An organization has an established bring-your-own-device policy. Due to this policy, which of the following privacy risks would be most relevant to the organization?

  A. Employees who consider updates of software or operating systems degrading to the performance of their devices might choose not to install the updates.
  B. Confidential intellectual property of the organization may be compromised if the smart device is physically lost.
  C. Concern by employees that the organization could intrusively monitor them through their smart devices.
  D. Malware may infect smart devices that contain the organization's confidential data if the device does not have adequate security restrictions.
  B. Confidential intellectual property of the organization may be compromised if the smart device is physically lost.

  ---

  Explanation

• Question 632:

  While conducting audit procedures at the organization's data center, an internal auditor noticed the following:

  -

  Backup media was located on data center shelves.

  -

  Backup media was organized by date.

  -

  Backup schedule was one week in duration.

  -The system administrator was able to present restore logs.

  Which of the following is reasonable for the internal auditor to conclude?

  A. Backup media is not properly stored, as the storage facility should be off-site.
  B. Backup procedures are adequate and appropriate according to best practices.
  C. Backup media is not properly indexed, as backup media should be indexed by system, not date.
  D. Backup schedule is not sufficient, as full backup should be conducted daily.
  D. Backup schedule is not sufficient, as full backup should be conducted daily.

  ---

  Explanation

• Question 633:

  Which of the following is an element of effective negotiating?

  A. Ensuring that the other party has a personal stake in the agreement.
  B. Focusing on interests rather than on obtaining a winning position.
  C. Considering a few select choices during the settlement phase.
  D. Basing the agreement on negotiating power and positioning leverage.
  B. Focusing on interests rather than on obtaining a winning position.

  ---

  Explanation

• Question 634:

  A supervisor receives a complaint from an employee who is frustrated about having to learn a new software program. The supervisor responds that the new software will enable the employee to work more efficiently and with greater accuracy. This response is an example of:

  A. Empatheticlistening.
  B. Reframing.
  C. Reflectivelistening.
  D. Dialogue.
  B. Reframing.

  ---

  Explanation

• Question 635:

  Which of the following describes a benefit of using data analytics during an audit engagement?

  A. An increased number of data extracts obtained from IT personnel.
  B. A reduced audit risk by focusing risk assessment and stratifying the population.
  C. A broadened scope of assurance services through the increase of audit staff.
  D. An increased performance level of data analysis that enables reduced time for audit planning.
  B. A reduced audit risk by focusing risk assessment and stratifying the population.

  ---

  Explanation

• Question 636:

  The key ingredient to group effectiveness is:

  A. Challenge.
  B. Trust.
  C. Norms.
  D. Roles.
  B. Trust.

  ---

  Explanation

  Groups in the acceptance stage of group development tend to be effective and efficient. This stage is characterized by personal and mutual understanding, tolerance of individual differences, constructive conflict about substantive matters, realistic expectations about group performance, and acceptance of the authority structure. The resulting trust engenders cohesiveness and a free exchange of information between group members.

• Question 637:

  Which of the following statements is accurate regarding the use of Secure Sockets Layer (SSL) as a control?

  A. It supports the authentication of information sent to a server
  B. It prevents phishing attacks that redirect users to malicious sites
  C. It prevents malware infections
  D. It identifies each client-server session using temporary tokens
  A. It supports the authentication of information sent to a server

  ---

  Explanation

• Question 638:

  Which of the following would provide the most relevant assurance that the application under development will provide maximum value to the organization?

  A. Use of a formal systems development lifecycle.
  B. End-userinvolvement.
  C. Adequate software documentation.
  D. Formalized non-regression testing phase.
  B. End-userinvolvement.

  ---

  Explanation

• Question 639:

  What is the primary purpose of data and systems backup?

  A. To restore all data and systems immediately after the occurrence of an incident.
  B. To set the maximum allowable downtime to restore systems and data after the occurrence of an incident.
  C. To set the point in time to which systems and data must be recovered after the occurrence of an incident.
  D. To restore data and systems to a previous point in time after the occurrence of an incident.
  D. To restore data and systems to a previous point in time after the occurrence of an incident.

  ---

  Explanation

• Question 640:

  According to the growth-share matrix approach developed by the Boston Consulting Group, a harvest strategy is most likely to be used for SBUs that are

  A. Question marks that may become stars.
  B. Strong cash cows.
  C. Weak cash cows.
  D. Dogs that reduce the firm's profits.
  C. Weak cash cows.

  ---

  Explanation

  Each SBU should have objectives, a strategy should be formulated to achieve those objectives, and a budget should be allocated. A harvest strategy maximizes short- term net cash inflow. Harvesting means zero-budgeting RandD, reducing marketing costs, not replacing facilities, etc. This strategy is used for weak cash cows and possibly question marks and dogs.