CIA IIA-CIA-Part3-3P Reddit Questions

Page: 9 / 18

Question 36

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet. When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book.

Which of the following controls would be most effective to prevent such an attack?

Options:

Monitoring network traffic.

Using whitelists and blacklists to manage network traffic.

Restricting access and blocking unauthorized access to the network.

Educating employees throughout the company to recognize phishing attacks.

Question 37

Which of the following network types should an organization choose if it wants to allow access only to its own personnel?

Options:

An extranet

A local area network.

An intranet

The internet

Question 38

According to the International Professional Practices Framework, internal auditors who are assessing the adequacy of organizational risk management processes should not:

Options:

Recognize that organizations use different techniques for managing risk.

Seek assurance that the key objectives of the risk management processes are being met.

Determine and accept the level of risk for the organization.

Treat the evaluation of risk management processes differently from the risk analysis used to plan audit engagements.

Question 39

Senior management has decided to implement the Three Lines of Defense model for risk management. Which of the following best describes senior management's duties with regard to this model?