IIA-CIA-Part3 exam

Management is designing its disaster recovery plan. In the event that there is significant damage to the organization's IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration. Which of the following is the ideal solution for management in...

Which of the following disaster recovery plans includes recovery resources available at the site, but they may need to be configured to support the production system?A . Warm site recovery plan. B. Hot site recovery plan. C. Cool site recovery plan. D. Cold site recovery plan.View AnswerAnswer: A

With increased cybersecurity threats, which of the following should management consider to ensure that there is strong security governance in place?A . Inventory of information assets B. Limited sharing of data files with external parties. C. Vulnerability assessment D. Clearly defined policiesView AnswerAnswer: C

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?A . Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters. B. Orders, commands, and...

A financial institution receives frequent and varied email requests from customers for funds to be wired out of their accounts. Which verification activity would best help the institution avoid falling victim to phishing?A . Reviewing the customer's wire activity to determine whether the request is typical. B. Calling the customer...

In an organization that produces chocolate, the leadership team decides that the organization will open a milk production facility for its milk chocolate. Which of the following strategies have the organization chosen?A . Vertical integration. B. Unrelated diversification. C. Differentiation D. FocusView AnswerAnswer: C

Which of the following risks is best addressed by encryption?A . Information integrity risk B. Privacy risk C. Access risk D. Software riskView AnswerAnswer: B

If an organization has a high amount of working capital compared to the industry average, which of the following is most likely true?A . Settlement of short-term obligations may become difficult. B. Cash may be bed up in items not generating financial value. C. Collection policies of the organization are...

An internal auditor reviews a data population and calculates the mean, median, and range. What is the most likely purpose of performing this analytic technique?A . To inform the classification of the data population. B. To determine the completeness and accuracy of the data. C. To identify whether the population...

Which of the following should internal auditors be attentive of when reviewing personal data consent and opt-in/opt-out management process?A . Whether customers are asked to renew their consent for their data processing at least quarterly. B. Whether private data is processed in accordance with the purpose for which the consent...