ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers

List of questions

Question 1

Report Export Collapse

The acceptance of control costs that exceed risk exposure is MOST likely an example of:

low risk tolerance.
low risk tolerance.
corporate culture misalignment.
corporate culture misalignment.
corporate culture alignment.
corporate culture alignment.
high risk tolerance
high risk tolerance
Suggested answer: A
asked 18/09/2024
Chini Nicola
37 questions

Question 2

Report Export Collapse

Who is the MOST appropriate owner for newly identified IT risk?

The manager responsible for IT operations that will support the risk mitigation efforts
The manager responsible for IT operations that will support the risk mitigation efforts
The individual with authority to commit organizational resources to mitigate the risk
The individual with authority to commit organizational resources to mitigate the risk
A project manager capable of prioritizing the risk remediation efforts
A project manager capable of prioritizing the risk remediation efforts
The individual with the most IT risk-related subject matter knowledge
The individual with the most IT risk-related subject matter knowledge
Suggested answer: B
asked 18/09/2024
Denis Mourghen
44 questions

Question 3

Report Export Collapse

Which of the following would be the BEST way to help ensure the effectiveness of a data loss prevention (DLP) control that has been implemented to prevent the loss of credit card data?

Testing the transmission of credit card numbers
Testing the transmission of credit card numbers
Reviewing logs for unauthorized data transfers
Reviewing logs for unauthorized data transfers
Configuring the DLP control to block credit card numbers
Configuring the DLP control to block credit card numbers
Testing the DLP rule change control process
Testing the DLP rule change control process
Suggested answer: A
asked 18/09/2024
CHARLES ADAMA
34 questions

Question 4

Report Export Collapse

Calculation of the recovery time objective (RTO) is necessary to determine the:

time required to restore files.
time required to restore files.
point of synchronization
point of synchronization
priority of restoration.
priority of restoration.
annual loss expectancy (ALE).
annual loss expectancy (ALE).
Suggested answer: A
asked 18/09/2024
Lee Greenshields
37 questions

Question 5

Report Export Collapse

The PRIMARY objective for selecting risk response options is to:

reduce risk 10 an acceptable level.
reduce risk 10 an acceptable level.
identify compensating controls.
identify compensating controls.
minimize residual risk.
minimize residual risk.
reduce risk factors.
reduce risk factors.
Suggested answer: A
asked 18/09/2024
Anthony Agbale
46 questions

Question 6

Report Export Collapse

Which of the following is the MOST important consideration for a risk practitioner when making a system implementation go-live recommendation?

Completeness of system documentation
Completeness of system documentation
Results of end user acceptance testing
Results of end user acceptance testing
Variances between planned and actual cost
Variances between planned and actual cost
availability of in-house resources
availability of in-house resources
Suggested answer: B
asked 18/09/2024
Kaan K
37 questions

Question 7

Report Export Collapse

Which of the following would BEST help an enterprise prioritize risk scenarios?

Industry best practices
Industry best practices
Placement on the risk map
Placement on the risk map
Degree of variances in the risk
Degree of variances in the risk
Cost of risk mitigation
Cost of risk mitigation
Suggested answer: B
asked 18/09/2024
metodija durtanoski
41 questions

Question 8

Report Export Collapse

Which of the following would be a risk practitioners BEST recommendation for preventing cyber intrusion?

Establish a cyber response plan
Establish a cyber response plan
Implement data loss prevention (DLP) tools.
Implement data loss prevention (DLP) tools.
Implement network segregation.
Implement network segregation.
Strengthen vulnerability remediation efforts.
Strengthen vulnerability remediation efforts.
Suggested answer: D
asked 18/09/2024
Paul Schwarz
38 questions

Question 9

Report Export Collapse

Who should be accountable for ensuring effective cybersecurity controls are established?

Risk owner
Risk owner
Security management function
Security management function
IT management
IT management
Enterprise risk function
Enterprise risk function
Suggested answer: B
asked 18/09/2024
Aviv Beck
41 questions

Question 10

Report Export Collapse

A contract associated with a cloud service provider MUST include:

ownership of responsibilities.
ownership of responsibilities.
a business recovery plan.
a business recovery plan.
provision for source code escrow.
provision for source code escrow.
the providers financial statements.
the providers financial statements.
Suggested answer: A
asked 18/09/2024
Lance Herbst
41 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?