IIA IT GENERAL CONTROLS CERT QUESTIONS AND ACCURATE
ANSWERS FULLY SOLVED GRADED A+
Metrics, frameworks, and policies implemented to direct,
monitor, and measure it performance are examples of which
key component category of effective it governance?
Mechanisms
Marlo, a new member on the it auditing team, he has been
asked to review the access controls for the database
management system. What questions should marlo ask first,
as he reviews the list of users against the change
management system?
Is the access necessary?
Fariha is reviewing the due diligence documentation
established for her organization's contract with a third-party
cloud service provider. It appears that when management
performed the most recent risk assessment, they decided to
continue to use a third-party service provider that is posing a
high risk to the organization, even though lower-risk third
parties were available. What documentation should farhia
verify as provided to the board?
The approval and justification to remain with the third party
documented in the third-party file.
,The department that performs the function of running the
computer systems and various devices that support the
business objectives and activities is best known as:
It operations.
Which category of change utilizes a master ticket created to
record a group of changes, including but not limited to router
configuration changes, firewall rule updates, and other
software patches?
Blanket changes
An internal auditor who is performing an infrastructure and
networking internal audit, which focuses on testing controls
used for securing data confidentiality and availability, should
possess it skills and competencies in:
Security administration, access controls at network, operating
systems, databases, and application levels.
Select the summary that best illustrates the benefits of
utilizing a layered defense in depth strategy for network
security.
Utilization of layered defense in depth strategy consolidates all
access points of security into a robust security wall and gate
so that there are multiple controls to cross before a potential
intruder can access sensitive information.
, Identify a a key element of third-party risk management.
A risk appetite statement focused on third-party relationships.
Internal policies, including organizational procedures; external
policies, including laws and regulations imposed by statutory
bodies; and leading practices provided by industry and
professional guidance are examples of ___?
Evaluation criteria for engagements of third parties.
Amrita is conducting an internal audit of the system
development life cycle of her organization's newest mobile
application project. The mobile application is intended to aid
the user in identifying walkability of various neighborhoods. As
part of the risk assessment portion of her assessment, amrita
discovered that another organization has also recently
launched a similar product, and is gaining traction in the
market. She is concerned that her organization's project may
now fail. What type of risk has amrita identified?
Loss of competitive advantage.
Which area of a typical it governance framework would
consider if:
- it has an intentional plan.
ANSWERS FULLY SOLVED GRADED A+
Metrics, frameworks, and policies implemented to direct,
monitor, and measure it performance are examples of which
key component category of effective it governance?
Mechanisms
Marlo, a new member on the it auditing team, he has been
asked to review the access controls for the database
management system. What questions should marlo ask first,
as he reviews the list of users against the change
management system?
Is the access necessary?
Fariha is reviewing the due diligence documentation
established for her organization's contract with a third-party
cloud service provider. It appears that when management
performed the most recent risk assessment, they decided to
continue to use a third-party service provider that is posing a
high risk to the organization, even though lower-risk third
parties were available. What documentation should farhia
verify as provided to the board?
The approval and justification to remain with the third party
documented in the third-party file.
,The department that performs the function of running the
computer systems and various devices that support the
business objectives and activities is best known as:
It operations.
Which category of change utilizes a master ticket created to
record a group of changes, including but not limited to router
configuration changes, firewall rule updates, and other
software patches?
Blanket changes
An internal auditor who is performing an infrastructure and
networking internal audit, which focuses on testing controls
used for securing data confidentiality and availability, should
possess it skills and competencies in:
Security administration, access controls at network, operating
systems, databases, and application levels.
Select the summary that best illustrates the benefits of
utilizing a layered defense in depth strategy for network
security.
Utilization of layered defense in depth strategy consolidates all
access points of security into a robust security wall and gate
so that there are multiple controls to cross before a potential
intruder can access sensitive information.
, Identify a a key element of third-party risk management.
A risk appetite statement focused on third-party relationships.
Internal policies, including organizational procedures; external
policies, including laws and regulations imposed by statutory
bodies; and leading practices provided by industry and
professional guidance are examples of ___?
Evaluation criteria for engagements of third parties.
Amrita is conducting an internal audit of the system
development life cycle of her organization's newest mobile
application project. The mobile application is intended to aid
the user in identifying walkability of various neighborhoods. As
part of the risk assessment portion of her assessment, amrita
discovered that another organization has also recently
launched a similar product, and is gaining traction in the
market. She is concerned that her organization's project may
now fail. What type of risk has amrita identified?
Loss of competitive advantage.
Which area of a typical it governance framework would
consider if:
- it has an intentional plan.
