IIA IIA-CIA-Part3-3P 問題集

質問 1：
According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization's network and data?
A. Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations
B. Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause.
C. Creating a standing cybersecurity committee to identify and manage risks related to data security
D. Applying administrative privileges to ensure right-to-access controls are appropriate
正解：B

質問 2：
Which of the following is a type of network in which an organization permits specific users (such as existing customers) to have access to its internal network through the Internet by building a virtual private network?
A. Broadband.
B. Extranet.
C. Intranet.
D. Digital subscriber line.
正解：B

質問 3：
Which of the following is not a common feature of cumulative preferred stock?
A. Priority over common stock with regard to assets.
B. Priority over common stock with regard to dilution of shares.
C. Priority over common stock with regard to earnings.
D. Priority over common stock with regard to dividend payment.
正解：B

質問 4：
Which of me following is true of matrix organizations?
A. Authority responsibility and accountability of the units involved may vary based on the project's life, or the organization's culture
B. A combination of product and functional departments allows management lo utilize personnel from various functions
C. A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager
D. It is best suited for firms with scattered locations or for multi-lira. large-scale firms
正解：B

質問 5：
Which of the following risks is best addressed by encryption?
A. Information integrity risk.
B. Access risk
C. Software risk
D. Privacy risk
正解：D

質問 6：
A clothing company sells shirts for $8 per shirt. In order to break even, the company must sell 25,000 shirts. Actual sales total $300,000.
What is margin of safety sales for the company?
A. $200,000
B. $500,000
C. $100,000
D. $275,000
正解：A

質問 7：
An organization has an agreement with a third-party vendor to have a fully operational facility, duplicate of the original site and configured to the organization's needs, in order to quickly recover operational capability in the event of a disaster.
Which of the following best describes this approach to disaster recovery planning?
A. Outsourced recovery plan.
B. Hot recovery plan.
C. Cold recovery plan.
D. Storage area network recovery plan.
正解：B

質問 8：
What are the objectives of governance as defined by the Standards?
A. Add value, improve, assure, and conform.
B. Organize, assign, authorize, and implement.
C. Inform, direct, manage, and monitor.
D. Identify, assess, manage, and control.
正解：C

質問 9：
Which of the following actions would senior management need to consider as pan of new IT guidelines regarding the organization's cybersecurity policies?
A. Hiring new personnel within the IT department tor security purposes
B. Expansion of operations into new markets with united IT access
C. Assigning new roles and responsibilities for senior IT management.
D. Growing use of bring your own devices tor organizational matters
正解：A