IIA-CIA-Part3-CN Exam Question 131
在組織的資料中心執行稽核程序時,內部稽核員注意到以下情況:
- 備份媒體位於資料中心架上。
- 備份媒體按日期組織。
- 備份計畫持續時間為一週。
系統管理員能夠顯示復原日誌。
內部稽核師得出下列哪一項結論是合理的?
- 備份媒體位於資料中心架上。
- 備份媒體按日期組織。
- 備份計畫持續時間為一週。
系統管理員能夠顯示復原日誌。
內部稽核師得出下列哪一項結論是合理的?
Correct Answer: A
The auditor's observation indicates that backup media is stored on-site in the data center, which is a major risk in disaster recovery and business continuity planning (BCP). Best practices recommend storing backup media off-site to prevent data loss due to fires, floods, cyberattacks, or other disasters affecting the primary site.
Off-Site Storage Reduces Disaster Risks:
Keeping backups only at the primary data center means that any physical disaster (fire, flood, theft, or power surge) can destroy both primary and backup data.
Best practices require off-site or cloud-based backup storage to ensure data recovery in case of emergencies.
Regulatory and Compliance Considerations:
IIA Standard 2110 (Governance): Emphasizes disaster recovery policies to protect critical IT assets.
ISO/IEC 27001 (Information Security Management System): Recommends storing backups in a geographically separate location.
NIST SP 800-34 (Contingency Planning Guide for Federal Information Systems): Requires off-site storage to ensure effective disaster recovery.
Why the Other Options Are Incorrect:
B). Backup procedures are adequate and appropriate according to best practices: # Incorrect, as on-site-only storage violates best practices for disaster recovery.
C). Backup media is not properly indexed, as backup media should be indexed by system, not date: # While indexing is important, the main issue here is improper storage, not indexing methods.
D). Backup schedule is not sufficient, as full backup should be conducted daily: # Backup frequency depends on business needs; a weekly backup is common for many organizations.
However, the biggest concern here is lack of off-site storage, not frequency.
IIA GTAG (Global Technology Audit Guide) on Business Continuity and Disaster Recovery: Recommends off-site storage for backups.
ISO/IEC 27001 - Information Security Controls (A.12.3.1): Requires backup data to be securely stored off- site.
COBIT 5 Framework - DSS04 (Manage Continuity): Supports off-site backups for IT continuity.
Step-by-Step Justification:IIA References:Thus, the correct answer is A. Backup media is not properly stored, as the storage facility should be off-site. #
Off-Site Storage Reduces Disaster Risks:
Keeping backups only at the primary data center means that any physical disaster (fire, flood, theft, or power surge) can destroy both primary and backup data.
Best practices require off-site or cloud-based backup storage to ensure data recovery in case of emergencies.
Regulatory and Compliance Considerations:
IIA Standard 2110 (Governance): Emphasizes disaster recovery policies to protect critical IT assets.
ISO/IEC 27001 (Information Security Management System): Recommends storing backups in a geographically separate location.
NIST SP 800-34 (Contingency Planning Guide for Federal Information Systems): Requires off-site storage to ensure effective disaster recovery.
Why the Other Options Are Incorrect:
B). Backup procedures are adequate and appropriate according to best practices: # Incorrect, as on-site-only storage violates best practices for disaster recovery.
C). Backup media is not properly indexed, as backup media should be indexed by system, not date: # While indexing is important, the main issue here is improper storage, not indexing methods.
D). Backup schedule is not sufficient, as full backup should be conducted daily: # Backup frequency depends on business needs; a weekly backup is common for many organizations.
However, the biggest concern here is lack of off-site storage, not frequency.
IIA GTAG (Global Technology Audit Guide) on Business Continuity and Disaster Recovery: Recommends off-site storage for backups.
ISO/IEC 27001 - Information Security Controls (A.12.3.1): Requires backup data to be securely stored off- site.
COBIT 5 Framework - DSS04 (Manage Continuity): Supports off-site backups for IT continuity.
Step-by-Step Justification:IIA References:Thus, the correct answer is A. Backup media is not properly stored, as the storage facility should be off-site. #
IIA-CIA-Part3-CN Exam Question 132
關於專案生命週期,下列哪一項敘述是正確的?
Correct Answer: C
* Understanding the Project Life Cycle:
* The project life cycle consists of initiation, planning, execution, and closure.
* Early stages involve planning and defining scope, while later stages focus on execution and completion.
* Why Change Costs Increase Over Time:
* In early stages, changes are relatively inexpensive as they mainly involve planning adjustments.
* As the project progresses, modifications require rework, additional resources, and schedule delays, increasing costs.
* Near project completion, changes can be very costly, requiring significant time and effort to correct.
* Why Other Options Are Incorrect:
* A. Risk and uncertainty increase over time - Incorrect; risk and uncertainty decrease as the project moves forward and becomes more defined.
* B. Costs and staffing levels are high at project close - Incorrect; they are usually highest during execution, not closure.
* D. Project life cycle = product life cycle - Incorrect; they are separate concepts. A product may exist long after the project ends.
* IIA GTAG 12 - Auditing IT Projects: Discusses project life cycle and cost implications.
* IIA Practice Guide on Project Risk Management: Highlights cost escalation risks in later project phases.
* PMBOK (Project Management Body of Knowledge) Framework: Defines cost increase trends in project management.
Relevant IIA References:# Final Answer: Costs related to making changes increase as the project approaches completion (Option C).
* The project life cycle consists of initiation, planning, execution, and closure.
* Early stages involve planning and defining scope, while later stages focus on execution and completion.
* Why Change Costs Increase Over Time:
* In early stages, changes are relatively inexpensive as they mainly involve planning adjustments.
* As the project progresses, modifications require rework, additional resources, and schedule delays, increasing costs.
* Near project completion, changes can be very costly, requiring significant time and effort to correct.
* Why Other Options Are Incorrect:
* A. Risk and uncertainty increase over time - Incorrect; risk and uncertainty decrease as the project moves forward and becomes more defined.
* B. Costs and staffing levels are high at project close - Incorrect; they are usually highest during execution, not closure.
* D. Project life cycle = product life cycle - Incorrect; they are separate concepts. A product may exist long after the project ends.
* IIA GTAG 12 - Auditing IT Projects: Discusses project life cycle and cost implications.
* IIA Practice Guide on Project Risk Management: Highlights cost escalation risks in later project phases.
* PMBOK (Project Management Body of Knowledge) Framework: Defines cost increase trends in project management.
Relevant IIA References:# Final Answer: Costs related to making changes increase as the project approaches completion (Option C).
IIA-CIA-Part3-CN Exam Question 133
完整性控制的主要目的是什麼?
Correct Answer: B
Reference: IIA Business Knowledge for Internal Auditing, Data Integrity Controls section.
IIA-CIA-Part3-CN Exam Question 134
下列何者最能描述所有者權益?
Correct Answer: A
Owner's equity represents the residual interest in a company's assets after deducting liabilities. It is a fundamental concept in financial accounting, reflecting the net worth of a business.
Formula:Owner's Equity=Assets#Liabilities\text{Owner's Equity} = \text{Assets} - \text{Liabilities}Owner' s Equity=Assets#Liabilities Represents the True Value of Ownership - It measures the owner's claim on the business after settling all obligations.
Directly Tied to the Accounting Equation - Assets=Liabilities+Owner's Equity\text{Assets} = \text
{Liabilities} + \text{Owner's Equity}Assets=Liabilities+Owner's Equity Rearranging the equation: Owner' s Equity=Assets#Liabilities\text{Owner's Equity} = \text{Assets} - \text{Liabilities}Owner' s Equity=Assets#Liabilities Commonly Used in Financial Statements - Found in the Balance Sheet under the "Equity" section.
B). Total assets - Incorrect because assets include both owner-financed and liability-financed resources.
C). Total liabilities - Incorrect because liabilities represent debts owed, not ownership value.
D). Owner's contribution plus drawings - Incorrect because it only considers investments and withdrawals, not retained earnings or net assets.
IIA's GTAG on Business Financial Management - Discusses financial statement analysis, including owner's equity.
COSO's Internal Control - Integrated Framework - Highlights financial reporting accuracy, including equity calculations.
IFRS & GAAP Accounting Standards - Define owner's equity as assets minus liabilities in financial reporting.
Why Option A is Correct?Why Not the Other Options?IIA References:
Formula:Owner's Equity=Assets#Liabilities\text{Owner's Equity} = \text{Assets} - \text{Liabilities}Owner' s Equity=Assets#Liabilities Represents the True Value of Ownership - It measures the owner's claim on the business after settling all obligations.
Directly Tied to the Accounting Equation - Assets=Liabilities+Owner's Equity\text{Assets} = \text
{Liabilities} + \text{Owner's Equity}Assets=Liabilities+Owner's Equity Rearranging the equation: Owner' s Equity=Assets#Liabilities\text{Owner's Equity} = \text{Assets} - \text{Liabilities}Owner' s Equity=Assets#Liabilities Commonly Used in Financial Statements - Found in the Balance Sheet under the "Equity" section.
B). Total assets - Incorrect because assets include both owner-financed and liability-financed resources.
C). Total liabilities - Incorrect because liabilities represent debts owed, not ownership value.
D). Owner's contribution plus drawings - Incorrect because it only considers investments and withdrawals, not retained earnings or net assets.
IIA's GTAG on Business Financial Management - Discusses financial statement analysis, including owner's equity.
COSO's Internal Control - Integrated Framework - Highlights financial reporting accuracy, including equity calculations.
IFRS & GAAP Accounting Standards - Define owner's equity as assets minus liabilities in financial reporting.
Why Option A is Correct?Why Not the Other Options?IIA References:
IIA-CIA-Part3-CN Exam Question 135
鑑於歐盟排放稅的增加,一家汽車製造商專門針對歐洲市場推出了一款新型中產混合動力車。
製造商採用了下列哪些競爭策略?
製造商採用了下列哪些競爭策略?
Correct Answer: D
A focus strategy targets a specific market segment, geographical area, or niche customer base rather than competing in the entire market.
Why Option D (Focus strategy) is Correct:
The car manufacturer introduced a hybrid vehicle specifically for the European market to address increasing emission taxes, meaning they are focusing on a specific region and customer need.
Focus strategy aims at tailoring products to meet the needs of a particular group of consumers (e.g., environmentally conscious European customers).
Why Other Options Are Incorrect:
Option A (Reactive strategy):
Incorrect because while the company is responding to regulatory changes, "reactive strategy" is not a recognized competitive strategy under Porter's model.
Option B (Cost leadership strategy):
Incorrect because cost leadership focuses on minimizing costs and offering the lowest price in the broad market. This scenario does not emphasize cost reduction.
Option C (Differentiation strategy):
Incorrect because differentiation involves offering unique products across a broad market, whereas the hybrid vehicle is targeted specifically for the European market.
IIA Practice Guide - "Auditing Strategic Risk Management": Discusses competitive strategies, including focus strategy.
Porter's Competitive Strategy Model: Defines focus strategy as targeting a niche market.
COSO ERM Framework - "Strategic Decision-Making": Recommends market-specific focus strategies to mitigate regulatory risks.
IIA References:
Why Option D (Focus strategy) is Correct:
The car manufacturer introduced a hybrid vehicle specifically for the European market to address increasing emission taxes, meaning they are focusing on a specific region and customer need.
Focus strategy aims at tailoring products to meet the needs of a particular group of consumers (e.g., environmentally conscious European customers).
Why Other Options Are Incorrect:
Option A (Reactive strategy):
Incorrect because while the company is responding to regulatory changes, "reactive strategy" is not a recognized competitive strategy under Porter's model.
Option B (Cost leadership strategy):
Incorrect because cost leadership focuses on minimizing costs and offering the lowest price in the broad market. This scenario does not emphasize cost reduction.
Option C (Differentiation strategy):
Incorrect because differentiation involves offering unique products across a broad market, whereas the hybrid vehicle is targeted specifically for the European market.
IIA Practice Guide - "Auditing Strategic Risk Management": Discusses competitive strategies, including focus strategy.
Porter's Competitive Strategy Model: Defines focus strategy as targeting a niche market.
COSO ERM Framework - "Strategic Decision-Making": Recommends market-specific focus strategies to mitigate regulatory risks.
IIA References:
- Other Version
- 1200IIA.IIA-CIA-Part3-CN.v2025-06-26.q187
- Latest Upload
- 140Microsoft.AB-731.v2026-07-03.q32
- 146Microsoft.AI-900-CN.v2026-07-03.q148
- 160GIAC.GICSP.v2026-07-03.q43
- 200EC-COUNCIL.212-89.v2026-07-03.q125
- 162Salesforce.Plat-Admn-201.v2026-07-02.q74
- 317AAPC.CPC.v2026-07-02.q224
- 182Cisco.820-605.v2026-07-02.q83
- 184Cisco.300-435.v2026-07-02.q95
- 138PaloAltoNetworks.XSIAM-Analyst.v2026-07-02.q35
- 249IIA.IIA-CIA-Part3-CN.v2026-07-02.q222
[×]
Download PDF File
Enter your email address to download IIA.IIA-CIA-Part3-CN.v2026-07-02.q222 Practice Test
