Free Access IIA.IIA-CRMA.v2024-04-20.q105 Practice Test (Page 16)

Question 71

What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?

A.Avoiding the risk of having a direct network connection to un-trusted networks.

B.Accepting the risk that there may be attempts at unauthorized access to the network.

C.Sharing the risk that either firewall could be compromised by hackers.

D.Diversifying the risk that network access will not be available to legitimate, authorized users.

Question 72

According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor?
1. Advocating the establishment of a risk management function.
2. Identifying and evaluating significant risk exposures during audit engagements.
3. Developing a risk response for the organization if there is no chief risk officer.
4. Benchmarking risk management activities with other organizations.
5. Documenting risk mitigation strategies and techniques.

A.4 and 5 only.

B.2. 3. 4. and 5 only.

C.1.2, and 3 only.

D.1.2. 4. and 5 only.

Question 73

Which of the following are generally recognized as essential elements of a corporate social responsibility program?

A.Fair operating practices and government regulation.

B.Human rights and the environment.

C.Organizational governance and financial reporting.

D.Consumer issues and return on investment.

Question 74

A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up.
Which of the following statements is true about the auditor's actions?

A.They are in violation of the IIA Code of Ethics because the auditor withheld meaningful information.

B.They are in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.

C.They are in violation of neither the IIA Code of Ethics nor the Standards.

D.They are not in violation of the Standards but are in violation of the IIA Code of Ethics.

Question 75

A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?

A.She may participate, but she must be supervised by the auditor in charge.

B.She may participate, but only after she has completed one year with the IAA.

C.She may participate, because she did not previously work in the Human Resources Department.

D.She may participate for training purposes, to build her knowledge of the IAA.

Other Version: 2269IIA.IIA-CRMA.v2023-07-05.q92; 3580IIA.IIA-CRMA.v2022-06-30.q96; 72IIA.Prepawaypdf.IIA-CRMA.v2021-11-24.by.todd.105q.pdf

Latest Upload: 202PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 299Nokia.4A0-113.v2026-05-01.q69; 256EC-COUNCIL.312-49v11.v2026-04-30.q214; 228Microsoft.MB-820.v2026-04-30.q101; 211Salesforce.MC-202.v2026-04-30.q57; 206BICSI.INSTC_V8.v2026-04-29.q53; 335NMLS.MLO.v2026-04-28.q82; 243NCARB.Project-Management.v2026-04-28.q27; 465EMC.D-AV-DY-23.v2026-04-27.q184; 1120ServiceNow.CSA.v2026-04-27.q483

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File