Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Question # 4

According to 11A guidance on it; which of the following statements is true regarding websites used in e-commerce transactions?

A.

HTTP sites provide sufficient security to protect customers' credit card information.

B.

Web servers store credit cardholders' information submitted for payment.

C.

Database servers send cardholders’ information for authorization in clear text.

D.

Payment gatewaysauthorizecredit cardonlinepayments.

Full Access
Question # 5

Which of the following activities best illustrates a user's authentication control?

A.

Identity requests are approved in two steps.

B.

Logs are checked for misaligned identities and access rights.

C.

Users have to validate their identity with a smart card.

D.

Functions can toe performed based on access rights

Full Access
Question # 6

Which of the following best describes a cyberattacK in which an organization faces a denial-of-service threat created through malicious data encryption?

A.

Phishing.

B.

Ransomware.

C.

Hacking.

D.

Makvare

Full Access
Question # 7

Which of the following types of budgets will best provide the basis for evaluating the organization's performance?

A.

Cash budget.

B.

Budgeted balance sheet.

C.

Selling and administrative expense budget.

D.

Budgeted income statement.

Full Access
Question # 8

Which of the following sites would an Internet service provider most likely use to restore operations after its servers were damaged by a natural disaster?

A.

On site.

B.

Cold site.

C.

Hot site.

D.

Warm site

Full Access
Question # 9

Which of the following risks would Involve individuals attacking an oil company's IT system as a sign of solidarity against drilling in a local area?

A.

Tampering

B.

Hacking

C.

Phishing

D.

Piracy

Full Access
Question # 10

According to IIA guidance, which of the following would be the best first stop to manage risk when a third party is overseeing the organization's network and data?

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports end a right-to-audit clause.

C.

Applying administrative privileges to ensure right to access controls are appropriate.

D.

Creating a standing cyber-security committee to identify and manage risks related to data security

Full Access
Question # 11

Following an evaluation of an organization's IT controls, an internal auditor suggested improving the process where results are compared against the input. Which of the following IT controls would the Internal auditor recommend?

A.

Output controls.

B.

Input controls

C.

Processing controls.

D.

Integrity controls.

Full Access
Question # 12

An internal auditor was assigned to test for ghost employees using data analytics. The auditor extracted employee data from human resources and payroll. Using spreadsheet functions, the auditor matched data sets by name and assumed that employees who were not present in each data set should be investigated further. However, the results seemed erroneous, as very few employees matched across all data sets. Which of the following data analytics steps has the auditor most likely omitted?

A.

Data analysis.

B.

Data diagnostics.

C.

Data velocity.

D.

Data normalization.

Full Access
Question # 13

Which of the following physical access controls often functions as both a preventive and detective control?

A.

Locked doors.

B.

Firewalls.

C.

Surveillance cameras.

D.

Login IDs and passwords.

Full Access
Question # 14

A third party who provides payroll services to the organization was asked to create audit or “read-only 1 functionalities in their systems. Which of the following statements is true regarding this request?

A.

This will support execution of the right-to-audit clause.

B.

This will enforce robust risk assessment practices

C.

This will address cybersecurity considerations and concerns.

D.

This will enhance the third party's ability to apply data analytics

Full Access
Question # 15

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

A.

Relationship with supervisor

B.

Salary

C.

Security.

D.

Achievement

Full Access
Question # 16

Management is designing its disaster recovery plan. In the event that there is significant damage to the organization's IT systems this plan should enable the organization to resume operations at a recovery site after some configuration and data restoration. Which of the following is the ideal solution for management in this scenario?

A.

A warm recovery plan.

B.

A cold recovery plan.

C.

A hot recovery plan.

D.

A manual work processes plan

Full Access
Question # 17

According to I1A guidance on IT. which of the following activities regarding information security Is most likely to be the responsibility of line management as opposed to executive management, internal auditors, or the board?

A.

Review and monitor security controls.

B.

Dedicate sufficient security resources.

C.

Provide oversight to the security function.

D.

Assess information control environments.

Full Access
Question # 18

An organization uses the management-by-objectives method whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

A.

It is particularly helpful to management when the organization is facing rapid change.

B.

It is a more successful approach when adopted by mechanistic organizations.

C.

It is mere successful when goal setting is performed not only by management, but by all team members, including lower-level staff.

D.

It is particularly successful in environments that are prone to having poor employer-employee relations.

Full Access
Question # 19

Which of the following financial statements provides the best disclosure of how a company's money was used during a particular period?

A.

Income statement.

B.

Owner's equity statement.

C.

Balance sheet.

D.

Statement of cash flows.

Full Access
Question # 20

According to 11A guidance on IT, which of the following are indicators of poor change management?

1. Inadequate control design.

2. Unplanned downtime.

3. Excessive troubleshooting .

4. Unavailability of critical services.

A.

2 and 3 only.

B.

1, 2, and 3 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Full Access
Question # 21

Which of the following responsibilities would ordinary fall under the help desk function of an organization?

A.

Maintenance service items such as production support.

B.

Management of infrastructure services, including network management.

C.

Physical hosting of mainframes and distributed servers

D.

End-to -end security architecture design.

Full Access
Question # 22

Which of the following represents an inventory costing technique that can be manipulated by management to boost net income by selling units purchased at a low cost?

A.

First-in. first-out method (FIFO).

B.

Last-in, first-out method (LIFO).

C.

Specific identification method.

D.

Average-cost method

Full Access
Question # 23

While conducting' audit procedures at the organization's data center an internal auditor noticed the following:

- Backup media was located on data center shelves.

- Backup media was organized by date.

- Backup schedule was one week in duration.

The system administrator was able to present restore logs.

Which of the following is reasonable for the internal auditor to conclude?

A.

Backup media is not properly stored, as the storage facility should be off-site.

B.

Backup procedures are adequate and appropriate according to best practices.

C.

Backup media is not properly indexed, as backup media should be indexed by system, not date.

D.

Backup schedule is not sufficient, as full backup should be conducted daily.

Full Access
Question # 24

Which of the following is a characteristic of big data?

A.

Big data is often structured.

B.

Big data analytic results often need to be visualized.

C.

Big data is often generated slowly and is highly variable.

D.

Big data comes from internal sources kept in data warehouses.

Full Access
Question # 25

Which of the following application controls is the most dependent on the password owner?

A.

Password selection

B.

Password aging

C.

Password lockout

D.

Password rotation

Full Access
Question # 26

An organization has an immediate need for servers, but no time to complete capital acquisitions. Which of the following cloud services would assist with this situation?

A.

Infrastructure as a Service (laaS).

B.

Platform as a Service (PaaS).

C.

Enterprise as a Service (EaaS).

D.

Software as a Service (SaaS).

Full Access
Question # 27

On the last day of the year, a total cost of S 150.000 was incurred in indirect labor related to one of the key products an organization makes. How should the expense be reported on that year's financial statements?

A.

It should be reported as an administrative expense on the income statement.

B.

It should be reported as period cost other than a product cost on the management accounts

C.

It should be reported as cost of goods sold on the income statement.

D.

It should be reported on the balance sheet as part of inventory.

Full Access
Question # 28

When using data analytics during a review of the procurement process, what is the first step in the analysis process?

A.

Identify data anomalies and outliers.

B.

Define questions to be answered.

C.

Identify data sources available.

D.

Determine the scope of the data extract

Full Access
Question # 29

A new clerk in the managerial accounting department applied the high-low method and computed the difference between the high and low levels of maintenance costs. Which type of maintenance costs did the clerk determine?

A.

Fixed maintenance costs.

B.

Variable maintenance costs.

C.

Mixed maintenance costs.

D.

Indirect maintenance costs.

Full Access
Question # 30

According to Herzberg's Two-Factor Theory of Motivation, which of the following is a factor mentioned most often by satisfied employees?

A.

Security.

B.

Status.

C.

Recognition.

D.

Relationship with coworkers

Full Access
Question # 31

Which of the following capital budgeting techniques considers the expected total net cash flows from investment?

A.

Cash payback

B.

Annual rate of return

C.

Incremental analysis

D.

Net present value

Full Access
Question # 32

Which of the following statements is true regarding the term "flexible budgets" as it is used in accounting?

A.

The term describes budgets that exclude fixed costs.

B.

Flexible budgets exclude outcome projections, which are hard to determine, and instead rely on the most recent actual outcomes.

C.

The term is a red flag for weak budgetary control activities.

D.

Flexible budgets project data for different levels of activity.

Full Access
Question # 33

An organization's technician was granted a role that enables him to prioritize projects throughout the organization. Which type of authority will the technician most likely be exercising?

A.

Legitimate authority

B.

Coercive authority.

C.

Referent authority.

D.

Expert authority.

Full Access
Question # 34

An internal auditor discusses user-defined default passwords with the database administrator. Such passwords will be reset as soon as the user logs in for the first time, but the initial value of the password is set as "123456." Which of the following are the auditor and the database administrator most likely discussing in this situation?

A.

Whether it would be more secure to replace numeric values with characters.

B.

What happens in the situations where users continue using the initial password.

C.

What happens in the period between the creation of the account and the password change.

D.

Whether users should be trained on password management features and requirements.

Full Access
Question # 35

Which of the following describes a mechanistic organizational structure?

A.

Primary direction of communication tends to be lateral.

B.

Definition of assigned tasks tends to be broad and general.

C.

Type of knowledge required tends to be broad and professional.

D.

Reliance on self-control tends to be low.

Full Access
Question # 36

With regard to disaster recovery planning, which of the following would most likely involve stakeholders from several departments?

A.

Determining the frequency with which backups will be performed.

B.

Prioritizing the order in which business systems would be restored.

C.

Assigning who in the IT department would be involved in the recovery procedures.

D.

Assessing the resources needed to meet the data recovery objectives.

Full Access
Question # 37

Which of the following is true of matrix organizations?

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various Junctions.

C.

Authority, responsibility and accountability of the units Involved may vary based on the project's life, or the organization's culture

D.

It is best suited for firms with scattered locations or for multi-line, Large-scale firms.

Full Access
Question # 38

According to IIA guidance on IT, which of the following would be considered a primary control for a spreadsheet to help ensure accurate financial reporting?

A.

Formulas and static data are locked or protected.

B.

The spreadsheet is stored on a network server that is backed up daily.

C.

The purpose and use of the spreadsheet are documented.

D.

Check-in and check-out software is used to control versions.

Full Access
Question # 39

According to The IIA's Three Lines Model, which of the following IT security activities is commonly shared by all three lines?

A.

Assessments of third parties and suppliers.

B.

Recruitment and retention of certified IT talent.

C.

Classification of data and design of access privileges.

D.

Creation and maintenance of secure network and device configuration.

Full Access
Question # 40

The board of directors wants to implement an incentive program for senior management that is specifically tied to the long-term health of the organization. Which of the following methods of compensation would be best to achieve this goal?

A.

Commissions.

B.

Stock options

C.

Gain-sharing bonuses.

D.

Allowances

Full Access
Question # 41

An internal auditor found the following information while reviewing the monthly financial siatements for a wholesaler of safety

The cost of goods sold was reported at $8,500. Which of the following inventory methods was used to derive this value?

A.

Average cost method

B.

First-in, first-out (FIFO) method

C.

Specific identification method

D.

Activity-based costing method

Full Access
Question # 42

Which of the following best describes the use of predictive analytics?

A.

A supplier of electrical parts analyzed an instances where different types of spare parts were out of stock prior to scheduled deliveries of those parts.

B.

A supplier of electrical parts analyzed sales, applied assumptions related to weather conditions, and identified locations where stock levels would decrease more quickly.

C.

A supplier of electrical parts analyzed all instances of a part being, out of stock poor to its scheduled delivery date and discovered that increases in sales of that part consistently correlated with stormy weather.

D.

A supplier of electrical parts analyzed sales and stock information and modelled different scenarios for making decisions on stock reordering and delivery

Full Access
Question # 43

According to Maslow's hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement?

A.

Esteem by colleagues.

B.

Self-fulfillment

C.

Series of belonging in the organization

D.

Job security

Full Access
Question # 44

Which of the following items best describes the strategy of outsourcing?

A.

Contracting the work to Foreign Service providers to obtain lower costs

B.

Contracting functions or knowledge-related work with an external service provider.

C.

Contract -ng operation of some business functions with an internal service provider

D.

Contracting a specific external service provider to work with an internal service provider

Full Access
Question # 45

Which of the following storage options would give the organization the best chance of recovering data?

A.

Encrypted physical copies of the data, and their encryption keys are stored together at the organization and are readily available upon request.

B.

Encrypted physical copies of the data are stored separately from their encryption keys, and both are held in secure locations a few hours away from the organization.

C.

Encrypted reports on usage and database structure changes are stored on a cloud-based, secured database that is readily accessible.

D.

Encrypted copies of the data are stored in a separate secure location a few hours away, while the encryption keys are stored at the organization and are readily

available.

Full Access
Question # 46

According to IIA guidance, which of the following statements is true regarding penetration testing?

A.

Testing should not be announced to anyone within the organization to solicit a real-life response.

B.

Testing should take place during heavy operational time periods to test system resilience.

C.

Testing should be wide in scope and primarily address detective management controls for identifying potential attacks.

D.

Testing should address the preventive controls and management's response.

Full Access
Question # 47

A organization finalized a contract in which a vendor is expected to design, procure, and construct a power substation for $3,000,000. In this scenario, the organization agreed to which of the following types of contracts?

A.

A cost-reimbursable contract.

B.

A lump-sum contract.

C.

A time and material contract.

D.

A bilateral contract.

Full Access
Question # 48

Which of the following is classified as a product cost using the variable costing method?

1. Direct labor costs.

2. Insurance on a factory.

3. Manufacturing supplies.

4. Packaging and shipping costa.

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Full Access
Question # 49

Which of the following biometric access controls uses the most unique human recognition characteristic?

A.

Facial comparison using photo identification.

B.

Signature comparison.

C.

Voice comparison.

D.

Retinal print comparison.

Full Access
Question # 50

Which of the following statements. Is most accurate concerning the management and audit of a web server?

A.

The file transfer protocol (FTP) should always be enabled.

B.

The simple mail transfer protocol (SMTP) should be operating under the most privileged accounts.

C.

The number of ports and protocols allowed to access the web server should be maximized.

D.

Secure protocols for confidential pages should be used instead of dear-text protocols such as HTTP or FTP.

Full Access
Question # 51

An organization had a gross profit margin of 40 percent in year one and in year two. The net profit margin was 18 percent in year one and 13 percent in year two. Which of the following could be the reason for the decline in the net profit margin for year two?

A.

Cost of sales increased relative to sales.

B.

Total sales increased relative to expenses.

C.

The organization had a higher dividend payout rate in year two.

D.

The government increased the corporate tax rate

Full Access