ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 1

Report
Export
Collapse

The acceptance of control costs that exceed risk exposure is MOST likely an example of:

A.
low risk tolerance.
A.
low risk tolerance.
Answers
B.
corporate culture misalignment.
B.
corporate culture misalignment.
Answers
C.
corporate culture alignment.
C.
corporate culture alignment.
Answers
D.
high risk tolerance
D.
high risk tolerance
Answers
Suggested answer: A

Question 2

Report
Export
Collapse

Who is the MOST appropriate owner for newly identified IT risk?

A.
The manager responsible for IT operations that will support the risk mitigation efforts
A.
The manager responsible for IT operations that will support the risk mitigation efforts
Answers
B.
The individual with authority to commit organizational resources to mitigate the risk
B.
The individual with authority to commit organizational resources to mitigate the risk
Answers
C.
A project manager capable of prioritizing the risk remediation efforts
C.
A project manager capable of prioritizing the risk remediation efforts
Answers
D.
The individual with the most IT risk-related subject matter knowledge
D.
The individual with the most IT risk-related subject matter knowledge
Answers
Suggested answer: B

Question 3

Report
Export
Collapse

Which of the following would be the BEST way to help ensure the effectiveness of a data loss prevention (DLP) control that has been implemented to prevent the loss of credit card data?

A.
Testing the transmission of credit card numbers
A.
Testing the transmission of credit card numbers
Answers
B.
Reviewing logs for unauthorized data transfers
B.
Reviewing logs for unauthorized data transfers
Answers
C.
Configuring the DLP control to block credit card numbers
C.
Configuring the DLP control to block credit card numbers
Answers
D.
Testing the DLP rule change control process
D.
Testing the DLP rule change control process
Answers
Suggested answer: A

Question 4

Report
Export
Collapse

Calculation of the recovery time objective (RTO) is necessary to determine the:

A.
time required to restore files.
A.
time required to restore files.
Answers
B.
point of synchronization
B.
point of synchronization
Answers
C.
priority of restoration.
C.
priority of restoration.
Answers
D.
annual loss expectancy (ALE).
D.
annual loss expectancy (ALE).
Answers
Suggested answer: A

Question 5

Report
Export
Collapse

The PRIMARY objective for selecting risk response options is to:

A.
reduce risk 10 an acceptable level.
A.
reduce risk 10 an acceptable level.
Answers
B.
identify compensating controls.
B.
identify compensating controls.
Answers
C.
minimize residual risk.
C.
minimize residual risk.
Answers
D.
reduce risk factors.
D.
reduce risk factors.
Answers
Suggested answer: A

Question 6

Report
Export
Collapse

Which of the following is the MOST important consideration for a risk practitioner when making a system implementation go-live recommendation?

A.
Completeness of system documentation
A.
Completeness of system documentation
Answers
B.
Results of end user acceptance testing
B.
Results of end user acceptance testing
Answers
C.
Variances between planned and actual cost
C.
Variances between planned and actual cost
Answers
D.
availability of in-house resources
D.
availability of in-house resources
Answers
Suggested answer: B

Question 7

Report
Export
Collapse

Which of the following would BEST help an enterprise prioritize risk scenarios?

A.
Industry best practices
A.
Industry best practices
Answers
B.
Placement on the risk map
B.
Placement on the risk map
Answers
C.
Degree of variances in the risk
C.
Degree of variances in the risk
Answers
D.
Cost of risk mitigation
D.
Cost of risk mitigation
Answers
Suggested answer: B

Question 8

Report
Export
Collapse

Which of the following would be a risk practitioners BEST recommendation for preventing cyber intrusion?

A.
Establish a cyber response plan
A.
Establish a cyber response plan
Answers
B.
Implement data loss prevention (DLP) tools.
B.
Implement data loss prevention (DLP) tools.
Answers
C.
Implement network segregation.
C.
Implement network segregation.
Answers
D.
Strengthen vulnerability remediation efforts.
D.
Strengthen vulnerability remediation efforts.
Answers
Suggested answer: D

Question 9

Report
Export
Collapse

Who should be accountable for ensuring effective cybersecurity controls are established?

A.
Risk owner
A.
Risk owner
Answers
B.
Security management function
B.
Security management function
Answers
C.
IT management
C.
IT management
Answers
D.
Enterprise risk function
D.
Enterprise risk function
Answers
Suggested answer: B

Question 10

Report
Export
Collapse

A contract associated with a cloud service provider MUST include:

A.
ownership of responsibilities.
A.
ownership of responsibilities.
Answers
B.
a business recovery plan.
B.
a business recovery plan.
Answers
C.
provision for source code escrow.
C.
provision for source code escrow.
Answers
D.
the providers financial statements.
D.
the providers financial statements.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms