Question 11 - IIA IIA-CIA-Part3-3P Real Exam Questions [Jan 2026 Update]

Q: 11

Which of the following most accurately describes the purpose of application authentication controls?

Options

Correct Answer:

Explanation

Authentication controls are a fundamental component of logical access security. Their primary purpose is to verify the identity of a user, device, or system attempting to access an application. By confirming that users are who they claim to be (e.g., through passwords, biometrics, or tokens), these controls prevent unauthorized individuals from gaining access to the application and the sensitive data it contains. This directly addresses the objective of protecting business applications from unauthorized logical access.

Why Incorrect

A. This describes the purpose of input controls (or data validation controls), which are designed to ensure the integrity of data being entered into the system, not to verify user identity for access.

B. This describes the purpose of processing controls, which ensure that data is processed correctly and that calculations are accurate after the data has been input.

D. This describes the purpose of output controls, which ensure that the results generated by the application are accurate, complete, and distributed only to authorized recipients.

References

1. The Institute of Internal Auditors (IIA)

Global Technology Audit Guide (GTAG) 8: Auditing Application Controls

2nd Edition. Section "Access Controls (Security)

" page 10

states

"Access controls are designed to protect data from unauthorized use

disclosure

or modification... Authentication is the process of verifying a user’s identity." This directly links authentication to preventing unauthorized access.

2. The Institute of Internal Auditors (IIA)

Global Technology Audit Guide (GTAG) 1: Information Technology Controls

2nd Edition. Section "Logical Access Controls

" page 11

explains that the objective of logical access controls is to "restrict access to programs and data to authorized users." It lists authentication as a key control mechanism to achieve this objective.

3. Vaassen

E. H.

& Information Systems and Control Group. (2009). Accounting Information Systems and Internal Control. John Wiley & Sons. Chapter 10

"Application Controls

" distinguishes between different control types. It places authentication squarely within the category of logical access controls

whose function is to prevent or detect unauthorized access

separate from controls over input

processing

and output. (Specific reference to the concept of authentication as a gatekeeper for access).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE