Free IIA IIA-CIA-Part3 Practice Questions 2026 - Page 7

Which of the following is a cybersecurity monitoring activity intended to deter disruptive codes from being installed on an organizations systems?

A. Boundary defense

B. Malware defense.

C. Penetration tests

D. Wireless access controls

Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?

A. Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.

B. Review the password length, frequency of change, and list of users for the workstation's login process.

C. Review the list of people who attempted to access the workstation and failed, as well as error messages.

D. Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity

According to IIA guidance, which of the following statements is true regarding penetration testing?

A. Testing should not be announced to anyone within the organization to solicit a real-life response.

B. Testing should take place during heavy operational time periods to test system resilience.

C. Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.

D. Testing should address the preventive controls and management's response.

What is the primary risk associated with an organization adopting a decentralized structure?

A. Inability to adapt.

B. Greater costs of control function.

C. Inconsistency in decision making.

D. Lack of resilience.

According to IIA guidance, which of the following is an IT project success factor?

A. Streamlined decision-making, rather than building consensus among users.

B. Consideration of the facts, rather than consideration of the emotions displayed by project stakeholders.

C. Focus on flexibility and adaptability, rather than use of a formal methodology.

D. Inclusion of critical features, rather than inclusion of an array of supplementary features.

Which of the following scenarios indicates an effective use of financial leverage?

A. An organisation has a rate of return on equity of 20% and a rate of return on assets of 15%.

B. An organization has a current ratio of 2 and an inventory turnover of 12.

C. An organization has a debt to total assets ratio of 0.2 and an interest coverage ratio of 10.

D. An organization has a profit margin of 30% and an assets turnover of 7%.

An organization suffered significant damage to its local: file and application servers as a result of a hurricane. Fortunately, the organization was able to recover all information backed up by its overseas third-party contractor. Which of the following approaches has been used by the organization?

A. Application management

B. Data center management

C. Managed security services

D. Systems integration

Which of the following best describes the primary objective of cybersecurity?

A. To protect the effective performance of IT general and application controls.

B. To regulate users' behavior it the web and cloud environment.

C. To prevent unauthorized access to information assets.

D. To secure application of protocols and authorization routines.

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?

A. Determining the frequency with which backups will be performed.

B. Prioritizing the order in which business systems would be restored.

C. Assigning who in the IT department would be involved in the recovery procedures.

D. Assessing the resources needed to meet the data recovery objectives.

Which of the following is on example of a smart device security control intended to prevent unauthorized users from gaining access to a device's data or applications?

A. Anti-malware software

B. Authentication

C. Spyware

D. Rooting