Latest CIA-III Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : CIA-III
Exam Name : The Certified Internal Auditor Part 3
Vendor Name : "Financial"







CIA-III Dumps

CIA-III Braindumps CIA-III Real Questions CIA-III Practice Test

CIA-III Actual Questions


killexams.com


Financial


CIA-III


The Certified Internal Auditor Part 3


https://killexams.com/pass4sure/exam-detail/CIA-III


Question: 307

Which of the following is an important senior management responsibility with regard to information systems security?


  1. Assessing exposures.

  2. Assigning access privileges.

  3. Identifying ownership of data.

  4. Training employees in security matters.




Answer: A

Senior management is responsible for risk assessment, including identification of risks and

consideration of their significance, the likelihood of their occurrence, and how they should be managed. Senior management is also responsible for establishing organizational policies regarding computer security and implementing a compliance structure. Thus, senior management should assess the risks to the integrity, confidentiality, and availability of information systems data and resources.



Question: 308

Management's enthusiasm for computer security seems to vary with changes in the environment, particularly the occurrence of other computer disasters. Which of the following concepts should be addressed when making a comprehensive recommendation regarding the costs and benefits of computer security?

Potential loss if security is not implemented Probability of occurrences

Cost and effectiveness of the implementation and operation of computer security


  1. I only.

  2. I and II only.

  3. III only.

B. I, Il, and Ill.




Answer: D

Potential loss is the amount of dollar damages associated with a security problem or loss of assets. Potential loss times the probability of occurrence is an estimate expected value) of the exposure associated with lack of security. It represents a potential benefit associated with the implementation of security measures. To perform a cost-benefit analysis, the costs should be considered. Thus, all three items need to be addressed.



Question: 309

Of the following, the greatest advantage of a database server) architecture is


  1. Data redundancy can be reduced.

  2. Conversion to a database system is inexpensive and can be accomplished quickly.

  3. Multiple occurrences of data items are useful for consistency checking.

  4. Backup and recovery procedures are minimized.




Answer: A

Data organized in files and used by the organization's various applications programs are

collectively known as a database. In a database system, storage structures are created that render the applications programs independent of the physical or logical arrangement of the data. Each data item has a standard definition, name, and format, and related items are linked by a system of pointers. The programs therefore need only to

specify data items by name, not by location. A database management system handles retrieval and storage. Because separate files for different applications programs are unnecessary, data redundancy can be substantially reduced.



Question: 310

In an inventory system on a database management system DBMS), one stored record

contains part number, part name, part color, and part weight. These individual items are called


  1. Fields.

  2. Stored files.

  3. Bytes.

  4. Occurrences.




Answer: A

A record is a collection of related data items fields). A field data item) is a group of

characters representing one unit of information.



Question: 311

An inventory clerk, using a computer terminal, views the following on screen part number, part description, quantity on hand, quantity on order, order quantity, and reorder point for a particular inventory item. Collectively, these data make up a


  1. Field.

  2. File.

  3. Database.

  4. Record.




Answer: D

A record is a collection of related data items fields). A field data item) is a group of

characters representing one unit of information. The part number, part description, etc., are represented by fields.



Question: 312

Which of the following is the elementary unit of data storage used to represent individual

attributes of an entity?


  1. Database.

  2. Data field.

  3. File.

  4. Record.




Answer: B

A data item or field) is a group of characters. It is used to represent individual attributes of

an entity, such as an employee's address. A field is an item in a record.



Question: 313

A file-oriented approach to data storage requires a primary record key for each file. Which of the following is a primary record key?

  1. The vendor number in an accounts payable master file.

  2. The vendor number in a closed purchase order transaction file.

  3. The vendor number in an open purchase order master file_

  4. All of the answers are correct.




Answer: A

The primary record key uniquely identifies each record in a file. Because there is only one

record for each vendor in an accounts payable master file. the vendor number would be the appropriate key.



Question: 314

A business is designing its storage for accounts receivable information. What data file

concepts should be used to provide the ability to answer customer inquiries as they are received?


  1. Sequential storage and chains.

  2. Sequential storage and indexes.

  3. Record keys, indexes, and pointers.

  4. Inverted file structure indexes, and internal labels.




Answer: C

A record key is an attribute that uniquely identifies or distinguishes each record from the

others. An index is a table listing storage locations for attributes, often including those other than the unique record key attribute. A pointer is a data item that indicates the physical address of the next logically related record.



Question: 315

Auditors making database queries often need to combine several tables to get the information they want. One approach to combining tables is known as


  1. Extraction.

  2. Joining.

  3. Sorting.

  4. Summarization.




Answer: B

In data management terminology, joining is the combining of data files based on a

common data element. For example, if rows in a table containing information about specified parts have been selected, the result can be joined with a table that contains information about suppliers. The join operation may combine the two tables using the supplier number assuming both tables contained this element) to provide information about the suppliers of particular parts.



Question: 316

Users making database queries often need to combine several tables to get the information

they want. One approach to combining tables is


  1. Joining.

  2. Merging.

  3. Projecting.

  4. Pointing.




Answer: A

Joining is the combining of two or more relational tables based on a common data

element. For example, if a supplier table contains information about suppliers and a parts table contains information about parts, the two tables can be joined using the supplier number assuming both tables contain this attribute) to give information about the supplier of particular parts.



Question: 317

All of the following are methods for distributing a relational database across multiple

servers except


  1. Snapshot making a copy of the database for distribution).

  2. Replication creating and maintaining replica copies at multiple locations)_

  3. Normalization separating the database into logical tables for easier user processing).

  4. Fragmentation separating the database into parts and distributing where they are needed).




Answer: C

A distributed database is stored in two or more physical sites. The two basic methods of

distributing a database are partitioning and replication_ However. normalization is a process of database design, not distribution. Normalization is the term for determining how groups of data items in a relational structure are arranged in records in a database. This process relies on "normal forms," that is. conceptual definitions of data records and specified design rules_ Normalization is intended to prevent inconsistent updating of data items. It is a process of breaking down a complex data structure by creating smaller, more efficient relations, thereby minimizing or eliminating the repeating groups in each relation.



Question: 318

In a database system, locking of data helps preserve data integrity by permitting

transactions to have control of all the data needed to complete the transactions. However, implementing a locking procedure could lead to


  1. Inconsistent processing.

  2. Rollback failures.

  3. Unrecoverable transactions.

  4. Deadly embraces retrieval contention).




Answer: D

In a distributed processing system, the data and resources a transaction may update or use

should be held in their current status until the transaction is complete. A deadly embrace occurs when two transactions need the same resource at the same time. If the system does not have a method to cope with the problem efficiently, response time worsens or the system eventually fails. The system should have an algorithm for undoing the effects of one transaction and releasing the resources it controls so that the other transaction can run to completion.



Question: 319

One advantage of a database management system DBMS) is

  1. That each organizational unit takes responsibility and control for its own data.

  2. The cost of the data processing department decreases as users are now responsible for

establishing their own data handling techniques.

  1. A decreased vulnerability as the database management system has numerous security

    controls to prevent disasters.

  2. The independence of the data from the application programs. which allows the

programs to be developed for the user's specific needs without concern for data capture problems.




Answer: D

A fundamental characteristic of databases is that applications are independent of the

database structure; when writing programs or designing applications to use the database. only the name of the desired item is necessary. Programs can be developed for the user's specific needs without concern for data capture problems. Reference can be made to the items using the data manipulation language, after which the DBMS takes care of locating and retrieving the desired items. The physical or logical structure of the database can be completely altered without having to change any of the programs using the data items, only the schema requires alteration.



Question: 320

Which of the following is a false statement about a database management system application environment?


  1. Data are used concurrently by multiple users.

  2. Data are shared by passing files between programs or systems.

  3. The physical structure of the data is independent of user needs.

  4. Data definition is independent of any one program.




Answer: B

In this kind of system, applications use the same database There is no need to pass files

between applications.



Question: 321

Which of the following should not be the responsibility of a database administrator?


  1. Design the content and organization of the database.

  2. Develop applications to access the database.

  3. Protect the database and its software.

  4. Monitor and improve the efficiency of the database.




Answer: B

The database administrator DBA) is the person who has overall responsibility for developing and maintaining the database. One primary responsibility is for designing the content of the database. Another responsibility of the DBA is to protect and control the database. A third responsibility is to monitor and improve the efficiency of the database. The responsibility of developing applications to access the database belongs to systems analysts and programmers.



Question: 322

The responsibilities of a data administrator DA) include monitoring

  1. The database industry.

  2. The performance of the database.

  3. Database security.

  4. Backup of the system.




Answer: A

The DA handles administrative issues that arise regarding the database. The DA acts as an

advocate by suggesting new applications and standards. One of the DA's responsibilities is to monitor the database industry for new developments. In contrast, the database administrator DBA) deals with the technical aspects of the database



Question: 323

To trace data through several applies qti on programs, an auditor needs to know what programs use the data, which files contain the data, and which print-td reports display the data. If data exist only in a database system, the auditor could probably find all of this information in a


  1. Data dictionary.

  2. Database schema.

  3. Data encryptor.

  4. Decision table.




Answer: A

The data dictionary is a file possibly manual but usually computerized) in which the

records relate to specified data items. It contains definitions of data items, the list of programs used to process them, and the reports in which data are found. Only certain persons or entities are permitted to retrieve data or to modify data items. Accordingly. these access limitations are also found in the data dictionary.



Question: 324

Image processing systems have the potential to reduce the volume of paper

circulated throughout an organization. To reduce the likelihood of users relying on the wrong images, management should ensure that appropriate controls exist to maintain the


  1. Legibility of image data.

  2. Accessibility of image data.

  3. Integrity of index data.

  4. Initial sequence of index data.




Answer: C

Data integrity is a protectibility objective. If index data for image processing systems are

corrupted, users will likely be relying on the wrong images.



Question: 325

What language interface would a database administrator use to establish the structure of

database tables?


  1. Data definition language.

  2. Data control language.

  3. Data manipulation language.

  4. Data query language.




Answer: A

The schema is a description of the overall logical structure of the database using data- definition language DDL), which is the connection between the logical and physical structure of the database. DDL is used to define, or determine, the database.



Question: 326

Query facilities for a database system would most likely include all of the following except


  1. Graphical output capability.

  2. Data dictionary access.

  3. A data validity checker.

  4. A query-by-example interface.




Answer: C

The least likely feature of a query tool would be a data validity checker because the

database system has already enforced any validity constraints at the time the data were inserted in the database. Any further data validity checking would be a function of a user application program rather than a query.



Question: 327

Which of the following would be the most appropriate starting point for a compliance evaluation of software licensing requirements for an organization with more than 15,000 computer workstations?


  1. Determine if software installation is controlled centrally or distributed throughout the organization.

  2. Determine what software packages have been installed on the organization' s

    computers and the number of each package installed.

  3. Determine how many copies of each software package have been purchased by the

    organization.

  4. Determine what mechanisms have been installed for monitoring software usage.




Answer: A

The logical starting point is to determine the point(s) of control. Evidence of license

compliance can then be assessed. For example, to shorten the installation time for revised software in a network, an organization may implement electronic software distribution ESD), which is the computer-to-- computer installation of software on workstations. Instead of weeks, software distribution can be accomplished in hours or days and can be controlled centrally. Another advantage of ESD is that it permits tracking or metering of PC program licenses.



Question: 328

Use of unlicensed software in an organization

  1. Increases the risk of introducing viruses into the organization

  2. Is not a serious exposure if only low-cost software is involved

  3. Can be detected by software checking routines that run from a network server


  1. I only.

  2. I and II only.

  3. I, II, and Ill.

  4. I and Ill only.




Answer: D

Antivirus measures should include strict adherence to software acquisition policies. Unlicensed software is less likely to have come from reputable vendors and to have been carefully tested.Special software is available to test software in use to determine whether it has been authorized.



Question: 329

The Internet consists of a series of networks that include


  1. Gateways to allow personal computers to connect to mainframe computers.

  2. Bridges to direct messages through the optimum data path_

  3. Repeaters to physically connect separate local area networks LANs).

  4. Routers to strengthen data signals between distant computers.




Answer: A

The Internet facilitates information transfer between computers. Gateways are hardware or

software products that allow translation between two different protocol families. For example, a gateway can be used to exchange messages between different email systems.



Question: 330

Which of the following is true concerning HTML?


  1. The acronym stands for HyperText Material Listing.

  2. The language is among the most difficult to learn

  3. The language is independent of hardware and software.

  4. HTML is the only language that can be used for Internet documents.




Answer: C

HTML is the most popular language for authoring Web pages. It is hardware and software

independent, which means that it can be read by several different applications and on many different kinds of computer operating systems. HTML uses tags to mark information for proper display on Web pages.



Question: 331

Which of the following is a false statement about XBRL?


  1. XBRL is freely licensed.

  2. XBRL facilitates the automatic exchange of information

  3. XBRL is used primarily in the U.S.

  4. XBRL is designed to work with a variety of software applications.




Answer: C

XBRL stands for eXtensible Business Reporting Language. It is being developed for

business and accounting applications. It is an XML-based application used to create, exchange, and analyze financial reporting information and is being developed for worldwide use.