A department purchased one copy of a software program for internal use. The manager of the department
installed the program on an office computer and then made two complete copies of the original software.
Copy 1 was solely for backup purposes.
Copy 2 was for use by another member of the department.
In terms of software licenses and copyright law, which of the following is correct?
A. Both copies are legal.
B. Only copy 1 is legal.
C. Only copy 2 is legal.
D. Neither copy is legal.
A holding company set up a centralized group technology department, using a local area network with a
mainframe computer to process accounting information for all companies within the group.
An internal auditor would expect to find all of the following controls within the technology department
except:
A. Adequate segregation of duties between data processing controls and file security controls.
B. Documented procedures for remote job entry and for local data file retention.
C. Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
D. Established procedures to prevent and detect unauthorized changes to data files.
Which of the following statements is in accordance with COBIT?
1.
Pervasive controls are general while detailed controls are specific.
2.
Application controls are a subset of pervasive controls.
3.
Implementation of software is a type of pervasive control.
4.
Disaster recovery planning is a type of detailed control.
A. 1 and 4 only
B. 2 and 3 only
C. 2, 3, and 4 only
D. 1, 2, and 4 only
Which of the following statements regarding database management systems is not correct?
A. Database management systems handle data manipulation inside the tables, rather than it being done by the operating system itself in files.
B. The database management system acts as a layer between the application software and the operating system.
C. Applications pass on the instructions for data manipulation which are then executed by the database management system.
D. The data within the database management system can only be manipulated directly by the database management system administrator.
Which of the following does not provide operational assurance that a computer system is operating properly?
A. Performing a system audit.
B. Making system changes.
C. Testing policy compliance.
D. Conducting system monitoring.
Which of the following would provide the most relevant assurance that the application under development will provide maximum value to the organization?
A. Use of a formal systems development lifecycle.
B. End-userinvolvement.
C. Adequate software documentation.
D. Formalized non-regression testing phase.
An internal auditor discovered that several unauthorized modifications were made to the production
version of an organization's accounting application.
Which of the following best describes this deficiency?
A. Production controls weakness.
B. Application controls weakness.
C. Authorization controls weakness.
D. Change controls weakness.
When auditing an application change control process, which of the following procedures should be included in the scope of the audit?
1.
Ensure system change requests are formally initiated, documented, and approved.
2.
Ensure processes are in place to prevent emergency changes from taking place.
3.
Ensure changes are adequately tested before being placed into the production environment.
4.
Evaluate whether the procedures for program change management are adequate.
A. 1 only
B. 1 and 3 only
C. 2 and 4 only
D. 1, 3, and 4 only
Which of the following statements regarding program change management is not correct?
A. The goal of the change management process is to sustain and improve organizational operations.
B. The degree of risk associated with a proposed change determines if the change request requires authorization.
C. In order to protect the production environment, changes must be managed in a repeatable, defined, and predictable manner.
D. All changes should be tested in a non-production environment before migrating to the production environment.
An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be:
A. Lack of awareness of the state of processing.
B. Increased cost and complexity of network traffic.
C. Interference of the mirrored data with the original source data.
D. Confusion about where customer data are stored.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CIA-PART3 exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.