IIA-CIA-Part3 Exam Dumps - Business Knowledge for Internal Auditing

Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.

A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.

A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.

Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Boundary attack.

Spear phishing attack.

Brute force attack.

Spoofing attack.

Liquidity

Profitability

Solvency

Efficiency

Cold recovery plan,

Outsourced recovery plan.

Storage area network recovery plan.

Hot recovery plan

It can restore default settings and lock encrypted data when necessary.

It enables the erasure and reformatting of secure digital (SD) cards.

It can delete data backed up to a desktop for complete protection if required.

It can wipe data that is backed up via cloud computing

Just-in-time delivery plans.

Backup plans.

Contingency plans.

Standing plans.

Divesting product lines expected to have negative profitability.

Increasing the diversity of strategic business units.

Increasing investment in research and development for a new product.

Relocating the organization's manufacturing to another country.

Verify whether the organization uses the most recent database software version.

Verify whether the database software version is supported by the vendor.

Verify whether the database software version has been recently upgraded.

Verify whether .access to database version information is appropriately restricted.

Face or finger recognition equipment,

Radiofrequency identification chips to authenticate employees with cards.

A requirement to clock in and clock out with a unique personal identification number.

A combination of a smart card and a password to clock in and clock out.

Decentralized

Centralized

Departmentalized

Tall structure

Big data is being generated slowly due to volume.

Big data must be relevant for the purposes of organizations.

Big data comes from a single type of formal.

Big data is always changing

A warm recovery plan.

A cold recovery plan.

A hot recovery plan.

A manual work processes plan

Train all employees on bring-your-own-device (BYOD) policies.

Understand what procedures are in place for locking lost devices

Obtain a list of all smart devices in use

Test encryption of all smart devices

IT database administrator.

IT data center manager.

IT help desk function.

IT network administrator.

Managerial accounting uses double-entry accounting and cost data.

Managerial accounting uses general accepted accounting principles.

Managerial accounting involves decision making based on quantifiable economic events.

Managerial accounting involves decision making based on predetermined standards.

The organization will be unable to develop preventative actions based on analytics.

The organization will not be able to trace and monitor the activities of database administers.

The organization will be unable to determine why intrusions and cyber incidents took place.

The organization will be unable to upgrade the system to newer versions.

Liquidity ratios.

Profitability ratios.

Solvency ratios.

Current ratios.

UDAs arid traditional JT applications typically follow a similar development life cycle

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

Unlike traditional IT applications. UDAs typically are developed with little consideration of controls.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

Hot recovery plan

Warm recovery plan

Cold recovery plan

Absence of recovery plan

Project portfolio.

Project development

Project governance.

Project management methodologies

The board should be fully satisfied that there is an effective system of governance in place through accurate, quality information provided.

Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.

Key compliance and risk metrics can be tracked and compared throughout the enterprise, aiding in identifying problem departments.

Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization.

Preventing database administrators from initiating program changes

Blocking technicians from getting into the network room.

Restricting system programmers' access to database facilities

Using encryption for data transmitted over the public internet

At fair value with changes reported in the shareholders' equity section.

At fair value with changes reported in net income.

At amortized cost in the income statement.

As current assets in the balance sheet

UDAs are less flexible and more difficult to configure than traditional IT applications.

Updating UDAs may lead to various errors resulting from changes or corrections.

UDAs typically are subjected to application development and change management controls.

Using UDAs typically enhances the organization's ability to comply with regulatory factors.

Review the call center script used by customer service agents to interact with callers, and update the script if necessary.

Be-emphasize the importance of call center employees completing a certain number of calls per hour.

Retrain call center staff on area processes and common technical issues that they will likely be asked to resolve.

Increase the incentive for call center employees to complete calls quickly and raise the number of calls completed daily

Regular review of logs.

Two-level authentication.

Photos on smart cards.

Restriction of access hours.

Application program code

Database system

Operating system

Networks

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

Ensure that relevant access to key applications is strictly controlled through an approval and review process.

Institute detection and authentication controls for all devices used for network connectivity and data storage.

Use management software scan and then prompt parch reminders when devices connect to the network

A star

A cash cow

A question mark

A dog

This will support execution of the right-to-audit clause.

This will enforce robust risk assessment practices

This will address cybersecurity considerations and concerns.

This will enhance the third party's ability to apply data analytics

A value-added network.

A local area network.

A metropolitan area network.

A wide area network.

Commissions.

Stock options

Gain-sharing bonuses.

Allowances

Understand strategic context and evaluate whether supporting information is reliable and complete.

Ascertain whether governance and approval processes are transparent, documented, and completed.

Perform a due diligence review or asses management's review of provider operations.

Identify key performance measures and data sources.

Salary and status

Responsibility and advancement

Work conditions and security

Peer relationships and personal life

Deploys data visualization tool.

Adopt standardized data analysis software.

Define analytics objectives and establish outcomes.

Eliminate duplicate records.

Draft separate audit reports for business and IT management.

Conned IT audit findings to business issues.

Include technical details to support IT issues.

Include an opinion on financial reporting accuracy and completeness.

Prompt response and remediation policy

Inventory of information assets

Information access management

Standard security configurations

Activity

Subprocess

Major process

Mega process

Underground oil deposits

Copyright

Trademark

Land

Requiring users to change their passwords every two years.

Requiring two-step verification for all users

Requiring the use of a virtual private network (VPN) when employees are out of the office.

Requiring the use of up-to-date antivirus, security, and event management tools.

Whether it would be more secure to replace numeric values with characters.

What happens in the situations where users continue using the initial password.

What happens in the period between the creation of the account and the password change.

Whether users should be trained on password management features and requirements.

1 and 2

1 and 3

2 and 4

3 and 4

Designing and maintaining the database.

Preparing input data and maintaining the database.

Maintaining the database and providing its security,

Designing the database and providing its security

There is a greater need for organizations to rely on users to comply with policies and procedures.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

Incident response times are less critical in the BYOD environment, compared to a traditional environment

There is greater sharing of operational risk in a BYOD environment

To ensure data processing is complete, accurate, and authorized.

To ensure data being processed remains consistent and intact.

To monitor the effectiveness of other controls

To ensure the output aligns with the intended result.

Cybercriminals hacking into the organization's time and expense system to collect employee personal data.

Hackers breaching the organization's network to access research and development reports

A denial-of-service attack that prevents access to the organization's website.

A hacker accessing she financial information of the company

A revenue calculation spreadsheet supported with price and volume reports from the production department.

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions.

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantities.

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances

Collections from customers

Sale of securities.

Purchase of trucks.

Payment of debt, including interest