Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. IIA
  5. CIA

Free IIA CIA Exam Braindumps (page: 58)

Page 58 of 427
PDF with 1702 Questions

To identify those components of a telecommunications system that present the greatest risk, an internal auditor should first

  1. Review the open systems interconnect network model.
  2. Identify the network operating costs.
  3. Determine the business purpose of the network.
  4. Map the network software and hardware products into their respective layers.

Answer(s): C



An auditor plans to analyze customer satisfaction, including (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct?

  1. Although useful, such an analysis does not address any risk factors.
  2. The survey would not consider customers who did not make purchases in the last three months.
  3. Steps 1 and 2 of the analysis are not necessary or cost-effective if the customer survey is comprehensive.
  4. Analysis of three months' activity would not evaluate customer satisfaction.

Answer(s): B



When internal auditors provide consulting services, the scope of the engagement is primarily determined by

  1. Internal auditing standards.
  2. The audit engagement team.
  3. The engagement client.
  4. The internal audit activity's charter.

Answer(s): C



An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including
the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

  1. Investigation of the physical security over access to the components of the LAN.
  2. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.
  3. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.
  4. The level of security of other LANs in the company which also utilize sensitive data.

Answer(s): D






Post your Comments and Discuss IIA CIA exam prep with other Community members:

CIA Exam Discussions & Posts