Free IIA IIA-CIA-Part3 Practice Questions 2026 - Page 8

An Internal auditor is using data analytics to focus on high-risk areas during an engagement. The auditor has obtained data and is working to eliminate redundancies in the data. Which of the following statements is true regarding this scenario?

A. The auditor is normalizing data in preparation for analyzing it.

B. The auditor is analyzing the data in preparation for communicating the results,

C. The auditor is cleaning the data in preparation for determining which processes may be involves .

D. The auditor is reviewing trio data prior to defining the question

An organization with a stable rating, as assessed by International rating agencies, has issued a bond not backed by assets or collateral. Payments of the interests and the principal to bondholders are guaranteed by the organization. Which type of bond did the organization issue?

A. A sinking fund bond.

B. A secured bond.

C. A junk bond.

D. A junk bond.

When reviewing application controls using the four-level model, which of the following processes are associated with level 4 of the business process method?

A. Activity

B. Subprocess

C. Major process

D. Mega process

Which of the following IT professionals is responsible for providing maintenance to switches and routers to keep IT systems running as intended?

A. Data center operations manager

B. Response and support team.

C. Database administrator,

D. Network administrator

An organization that relies heavily on IT wants to contain the impact of potential business disruption to a period of approximately four to seven days. Which of the following business recovery strategies would most efficiently meet this organization's needs?

A. A recovery strategy whereby a separate site has not yet been determined, but hardware has been reserved for purchase and data backups.

B. A recovery strategy whereby a separate site has been secured and is ready for use, with fully configured hardware and real-time synchronized data

C. A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved.

D. A recovery strategy whereby a separate site has been secured with configurable hardware and data backups.

An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data.
What would be the most appropriate directive control in this area?

A. Require a Service Organization Controls (SOC) report from the service provider

B. Include a data protection clause in the contract with the service provider.

C. Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.

D. Encrypt the employees ' data before transmitting it to the service provider

Which of the following best describes depreciation?

A. It is a process of allocating cost of assets between periods.

B. It is a process of assets valuation.

C. It is a process of accumulating adequate funds to replace assets.

D. It is a process of measuring decline in the value of assets because of obsolescence

According to IIA guidance, which of the following would be the best first stop to manage risk when a third party is overseeing the organization's network and data?

A. Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B. Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C. Applying administrative privileges to ensure right to access controls are appropriate.

D. Creating a standing cyber-security committee to identify and manage risks related to data security

Which of the following would be classified as IT general controls?

A. Error listings.

B. Distribution controls

C. Transaction logging.

D. Systems development controls.

Which of the following is an established systems development methodology?

A. Waterfall.

B. Projects in Controlled Environments (PRINCE2).

C. Information Technology Infrastructure Library (ITIL).

D. COBIT