IIA-CIA-Part3 Practice Test Questions

333 Questions


Which of the following is a distinguishing feature of managerial accounting, which is not applicable to financial accounting?


A. Managerial accounting uses double-entry accounting and cost data.


B. Managerial accounting uses general accepted accounting principles.


C. Managerial accounting involves decision making based on quantifiable economic events.


D. Managerial accounting involves decision making based on predetermined standards.





D.   Managerial accounting involves decision making based on predetermined standards.

Which of the following best describes a man-in-the-middle cyber-attack?


A. The perpetrator is able to delete data on the network without physical access to the device.


B. The perpetrator is able to exploit network activities for unapproved purposes.


C. The perpetrator is able to take over control of data communication in transit and replace traffic.


D. The perpetrator is able to disable default security controls and introduce additional vulnerabilities





C.   The perpetrator is able to take over control of data communication in transit and replace traffic.

When evaluating the help desk services provided by a third-party service provider which of the following is likely to be the internal auditor's greatest concern?


A. Whether every call that the service provider received was logged by the help desk.


B. Whether a unique identification number was assigned to each issue identified by the service provider


C. Whether the service provider used its own facilities to provide help desk services


D. Whether the provider's responses and resolutions were well defined according to the service-level agreement.





D.   Whether the provider's responses and resolutions were well defined according to the service-level agreement.

An internal auditor reviews a data population and calculates the mean, median, and range. What is the most likely purpose of performing this analytic technique?


A. To inform the classification of the data population.


B. To determine the completeness and accuracy of the data.


C. To identify whether the population contains outliers.


D. To determine whether duplicates in the data inflate the range.





C.   To identify whether the population contains outliers.

Which of the following attributes of data is most likely to be compromised in an organization with a weak data governance culture?


A. Variety.


B. Velocity.


C. Volume.


D. Veracity.





D.   Veracity.

Which of the following is a characteristic of big data?


A. Big data is being generated slowly due to volume.


B. Big data must be relevant for the purposes of organizations.


C. Big data comes from a single type of formal.


D. Big data is always changing





C.   Big data comes from a single type of formal.

An internal audit activity is piloting a data analytics model, which aims to identify anomalies in payments to vendors and potential fraud indicators. Which of the following would be the most appropriate criteria for assessing the success of the piloted model?


A. The percentage of cases flagged by the model and confirmed as positives.


B. The development and maintenance costs associated with the model


C. The feedback of auditors involved with developing the model.


D. The number of criminal investigations initiated based on the outcomes of the model





A.   The percentage of cases flagged by the model and confirmed as positives.

Which of the following is an example of a physical control designed to prevent security breaches?


A. Preventing database administrators from initiating program changes


B. Blocking technicians from getting into the network room.


C. Restricting system programmers' access to database facilities


D. Using encryption for data transmitted over the public internet





C.   Restricting system programmers' access to database facilities

According to 11A guidance on IT, which of the following are indicators of poor change management?
1. Inadequate control design.
2. Unplanned downtime.
3. Excessive troubleshooting .
4. Unavailability of critical services.


A. 2 and 3 only.


B. 1, 2, and 3 only


C. 1, 3, and 4 only


D. 2, 3, and 4 only





D.   2, 3, and 4 only

A rapidly expanding retail organisation continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?


A. Lack of coordination among different business units


B. Operational decisions are inconsistent with organizational goals


C. Suboptimal decision making


D. Duplication of business activities





C.   Suboptimal decision making

Which of the following scenarios best illustrates a spear phishing attack?


A. Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.


B. A person posing as a representative of the company’s IT help desk called several employees and played a generic prerecorded message requesting password data.


C. A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website


D. Many users of a social network service received fake notifications of e unique opportunity to invest in a new product.





C.   A person received a personalized email regarding a golf membership renewal, and he click a hyperlink to enter his credit card data into a fake website

An organization requires an average of 5S days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables. If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?


A. 26 days.


B. 90 days,


C. 100 days.


D. 110 days





B.   90 days,


Page 11 out of 28 Pages
Previous