ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 10

Add to Whishlist

List of questions

Question 91

Report Export Collapse

Which of the following should be the PRIMARY input when designing IT controls?

Benchmark of industry standards
Benchmark of industry standards
Internal and external risk reports
Internal and external risk reports
Recommendations from IT risk experts
Recommendations from IT risk experts
Outcome of control self-assessments
Outcome of control self-assessments
Suggested answer: B
asked 18/09/2024
Rosalba Scalera
57 questions

Question 92

Report Export Collapse

A risk practitioners PRIMARY focus when validating a risk response action plan should be that risk response:

reduces risk to an acceptable level
reduces risk to an acceptable level
quantifies risk impact
quantifies risk impact
aligns with business strategy
aligns with business strategy
advances business objectives.
advances business objectives.
Suggested answer: A
asked 18/09/2024
Filippo Panarella
25 questions

Question 93

Report Export Collapse

Which of the following roles would provide the MOST important input when identifying IT risk scenarios?

Information security managers
Information security managers
Internal auditors
Internal auditors
Business process owners
Business process owners
Operational risk managers
Operational risk managers
Suggested answer: C
asked 18/09/2024
Ahmed Emad
34 questions

Question 94

Report Export Collapse

Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails. Which of the following can BEST alleviate this issue while not sacrificing security?

Implementing record retention tools and techniques
Implementing record retention tools and techniques
Establishing e-discovery and data loss prevention (DLP)
Establishing e-discovery and data loss prevention (DLP)
Sending notifications when near storage quota
Sending notifications when near storage quota
Implementing a bring your own device 1BVOD) policy
Implementing a bring your own device 1BVOD) policy
Suggested answer: A
asked 18/09/2024
Pawel Szalek
41 questions

Question 95

Report Export Collapse

Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

Risk mitigation budget
Risk mitigation budget
Business Impact analysis
Business Impact analysis
Cost-benefit analysis
Cost-benefit analysis
Return on investment
Return on investment
Suggested answer: C
asked 18/09/2024
Jack de Cort
33 questions

Question 96

Report Export Collapse

Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?

Perform an m-depth code review with an expert
Perform an m-depth code review with an expert
Validate functionality by running in a test environment
Validate functionality by running in a test environment
Implement a service level agreement.
Implement a service level agreement.
Utilize the change management process.
Utilize the change management process.
Suggested answer: C
asked 18/09/2024
Lucia Montero Tejeda
47 questions

Question 97

Report Export Collapse

Which of the following would be the BEST recommendation if the level of risk in the IT risk profile has decreased and is now below management's risk appetite?

Optimize the control environment.
Optimize the control environment.
Realign risk appetite to the current risk level.
Realign risk appetite to the current risk level.
Decrease the number of related risk scenarios.
Decrease the number of related risk scenarios.
Reduce the risk management budget.
Reduce the risk management budget.
Suggested answer: A
asked 18/09/2024
saiming wong
42 questions

Question 98

Report Export Collapse

A risk assessment has identified that departments have installed their own WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

The network security policy
The network security policy
Potential business impact
Potential business impact
The WiFi access point configuration
The WiFi access point configuration
Planned remediation actions
Planned remediation actions
Suggested answer: B
asked 18/09/2024
Styliani Simoiridou
47 questions

Question 99

Report Export Collapse

Which of the following should be the HIGHEST priority when developing a risk response?

The risk response addresses the risk with a holistic view.
The risk response addresses the risk with a holistic view.
The risk response is based on a cost-benefit analysis.
The risk response is based on a cost-benefit analysis.
The risk response is accounted for in the budget.
The risk response is accounted for in the budget.
The risk response aligns with the organization's risk appetite.
The risk response aligns with the organization's risk appetite.
Suggested answer: D
asked 18/09/2024
Anirban Ganguly
58 questions

Question 100

Report Export Collapse

The MOST important characteristic of an organization s policies is to reflect the organization's:

risk assessment methodology.
risk assessment methodology.
risk appetite.
risk appetite.
capabilities
capabilities
asset value.
asset value.
Suggested answer: B
asked 18/09/2024
Ronald Stover
46 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?