Free Certified Internal Auditor-Internal Audit Knowledge Elements Exam IIA-CIA-Part3 Exam Practice Test

Which of following best demonstrates the application of the cost principle?

• A company reports trading and investment securities at their market cost
• A building purchased last year for $1 million is currently worth ©1.2 million, but the company still reports the building at $1 million.
• A building purchased last year for ©1 million is currently worth £1,2 million , and the company adjusts the records to reflect the current value
• A company reports assets at either historical or fair value, depending which is closer to market value.

Which of the following items best describes the strategy of outsourcing?

• Contracting the work to Foreign Service providers to obtain lower costs
• Contracting functions or knowledge-related work with an external service provider.
• Contract -ng operation of some business functions with an internal service provider
• Contracting a specific external service provider to work with an internal service provider

Which of the following scenarios best illustrates a spear phishing attack?

• Numerous and consistent attacks on the company's website caused the server to crash and service was disrupted.
• A person posing as a representative of the company's IT help desk called several employees and played a generic prerecorded message requesting password data.
• A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.
• Many users of a social network service received fake notifications of a unique opportunity to invest in a new product

Which of the following statements is true regarding the term "flexible budgets" as it is used in accounting?

• The term describes budgets that exclude fixed costs.
• Flexible budgets exclude outcome projections, which are hard to determine, and instead rely on the most recent actual outcomes.
• The term is a red flag for weak budgetary control activities.
• Flexible budgets project data for different levels of activity.

Which of the following should internal auditors be attentive of when reviewing personal data consent and opt-in/opt-out management process?

• Whether customers are asked to renew their consent for their data processing at least quarterly.
• Whether private data is processed in accordance with the purpose for which the consent was obtained?
• Whether the organization has established explicit and entitywide policies on data transfer to third parties.
• Whether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

An internal auditor identified a database administrator with an incompatible dual role. Which of the following duties should not be performed by the identified administrator?

• Designing and maintaining the database.
• Preparing input data and maintaining the database.
• Maintaining the database and providing its security,
• Designing the database and providing its security

An internal auditor reviewed Finance Department records to obtain a list of current vendor addresses. The auditor then compared the vendor addresses to a record of employee addresses maintained by the Payroll Department Which of the following types of data analysis did the auditor perform?

• Duplicate testing.
• Joining data sources.
• Gap analysis.
• Classification

An internal auditor is assessing the risks related to an organization's mobile device policy. She notes that the organization allows third parties (vendors and visitors) to use outside smart devices to access its proprietary networks and systems. Which of the following types of smart device risks should the internalAuditor be most concerned about?

• Compliance.
• Privacy
• Strategic
• Physical security

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?

• Monitoring network traffic.
• Using whitelists and blacklists to manage network traffic.
• Restricting access and blocking unauthorized access to the network
• Educating employees throughout the company to recognize phishing attacks.

A financial institution receives frequent and varied email requests from customers for funds to be wired out of their accounts. Which verification activity would best help the institution avoid falling victim to phishing?

• Reviewing the customer's wire activity to determine whether the request is typical.
• Calling the customer at the phone number on record to validate the request.
• Replying to the customer via email to validate the sender and request.
• Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.