🔍
CIA Practice Questions
Certified Internal Auditor
Recently Added
View all →- Cybersecurity AuditMediumPart 2A control objective focuses on identifying and prioritizing the organization's information assets and the risks to them. Which NIST CSF function does this objective most directly support?
- Audit EvidenceMediumPart 2A cybersecurity auditor needs evidence that user access reviews are operating effectively. Which evidence is most reliable?
- Incident ResponseHardPart 2An organization has not experienced a major cybersecurity incident in three years. How should the internal auditor evaluate the effectiveness of the incident response capability?
- SOC ReportsMediumPart 2An organization relies heavily on a cloud provider with a SOC 2 Type II report. Which step is most important before relying on the SOC 2 as audit evidence?
- Cybersecurity AuditEasyPart 2Which NIST CSF function focuses on identifying anomalies and security events?
- Audit FindingsMediumPart 2A cybersecurity audit produces 35 findings, most of which are configuration items at low or moderate severity. What is the most appropriate next step in preparing the audit report?
Select a Level
Part 1 — Essentials of Internal Auditing
29 questions
Which finding wording is most defensible for an unsupported critical system?
Which finding statement is most appropriate for a marketing ad fraud audit?
Start Practice →
Part 2 — Practice of Internal Auditing
98 questions
A control objective focuses on identifying and prioritizing the organization's information assets and the risks to them. Which NIST CSF function does this objective most directly support?
A cybersecurity auditor needs evidence that user access reviews are operating effectively. Which evidence is most reliable?
Start Practice →
Part 3 — Business Knowledge for Internal Auditing
80 questions
A new CAE wants internal audit and risk management to coordinate more effectively. What is the best first step?
Risk management asks for every final audit report. What should the CAE do first?
Start Practice →
Topics Covered
AI Governance and Internal Audit RoleAccess ControlAdvisory Engagement DocumentationAdvisory ServicesAdvisory Services and Management ResponsibilityAdvisory Services and Policy GovernanceAnalytics GovernanceAssurance MappingAssurance RiskAudit AnalyticsAudit Automation and IndependenceAudit Charter and AuthorityAudit CommunicationAudit EvidenceAudit Evidence and TechnologyAudit FindingsAudit MethodologyAudit Methodology and TechnologyAudit Procedure DesignAudit ProceduresAudit Program DevelopmentAudit ReportingAudit TechnologyAutomated Testing and Release ControlsBackup, Recovery, and Change ManagementBoard CommunicationBusiness ContinuityCAE ResponsibilitiesCI/CD and Release ControlsChange ControlChange ManagementChange Management Audit ProceduresCommunicationCompensating ControlsCompetencyCompetency and Due Professional CareCompleteness and AccuracyConfidentiality and TechnologyControl DesignControl GovernanceControl Operation and CompetenceControl Ownership and GovernanceControl TestingCoordinationCybersecurity AuditData QualityData ReliabilityData SegregationData TransformationDefect Triage and RemediationDelegated Authority and Policy GovernanceDue Professional CareEmergency Change ManagementEngagement CommunicationEngagement DocumentationEngagement ManagementEngagement PlanningEngagement ResourcesEngagement SupervisionEscalation ExceptionsEvidenceEvidence ReliabilityEvidence SufficiencyException Follow-UpException TestingFieldworkFinal Engagement CommunicationFinding DevelopmentFindings and RecommendationsGovernanceGovernance ReportingGovernance, Independence, and ObjectivityHistorical Evidence Versus RemediationIT Application Controls and Control OwnershipIT Audit PlanningIT GovernanceITGC RelianceIncident ManagementIncident ResponseIndependence and ObjectivityIntegration ControlsInternal Audit Charter and GovernanceInventory ControlsLegacy SystemsManagement Review ControlsMetrics and Behavioral RiskModel InventoryModel MonitoringModel Risk ManagementMonitoring Action PlansMonitoring ControlsObjectivityObjectivity and Future AssuranceObjectivity and Management ResponsibilityPatch ManagementPolicy Exceptions and Risk AcceptancePolicy Governance and AccountabilityPopulation DefinitionPrivacy and CompliancePrivileged Access and Production SupportProcess Handoffs and MonitoringProfessional StandardsPublic Sector AuditingQAIPQuality AssuranceRecommendation QualityRecommendationsRelianceReport IntegrityReporting IntegrityRequirements and SDLC ControlsRisk AcceptanceRisk AppetiteRisk AssessmentRisk Assessment and MonitoringRisk ManagementRisk RegisterRisk and Control Self-AssessmentRisk-Based PlanningRisk-Control MatrixRoot Cause AnalysisSDLC Audit ProceduresSDLC Controls and Root-Cause AnalysisSOC ReportsSOX Control TestingSamplingScope LimitationSegregation of DutiesSpecialist SupportStakeholder CommunicationStandards and CriteriaStrategic PlanningSubstantive ProceduresTechnology Controls and Change ManagementTechnology Risk and Audit QualityTechnology and Audit MethodologyTests of ControlsThird-Party RiskThree LinesTopical RequirementsValidation IndependenceWalkthroughsWork Program DesignWorkpaper QualityWorkpaper Quality and Audit TrailWorkpapersfraudfraud-riskgovernanceicfrlines-of-defense
Pair with Our CIA Course
Combine practice questions with 90+ hours of video lessons for the most comprehensive CIA exam preparation.