ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 10

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 91

Report
Export
Collapse

Which of the following should be the PRIMARY input when designing IT controls?

A.
Benchmark of industry standards
A.
Benchmark of industry standards
Answers
B.
Internal and external risk reports
B.
Internal and external risk reports
Answers
C.
Recommendations from IT risk experts
C.
Recommendations from IT risk experts
Answers
D.
Outcome of control self-assessments
D.
Outcome of control self-assessments
Answers
Suggested answer: B

Question 92

Report
Export
Collapse

A risk practitioners PRIMARY focus when validating a risk response action plan should be that risk response:

A.
reduces risk to an acceptable level
A.
reduces risk to an acceptable level
Answers
B.
quantifies risk impact
B.
quantifies risk impact
Answers
C.
aligns with business strategy
C.
aligns with business strategy
Answers
D.
advances business objectives.
D.
advances business objectives.
Answers
Suggested answer: A

Question 93

Report
Export
Collapse

Which of the following roles would provide the MOST important input when identifying IT risk scenarios?

A.
Information security managers
A.
Information security managers
Answers
B.
Internal auditors
B.
Internal auditors
Answers
C.
Business process owners
C.
Business process owners
Answers
D.
Operational risk managers
D.
Operational risk managers
Answers
Suggested answer: C

Question 94

Report
Export
Collapse

Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails. Which of the following can BEST alleviate this issue while not sacrificing security?

A.
Implementing record retention tools and techniques
A.
Implementing record retention tools and techniques
Answers
B.
Establishing e-discovery and data loss prevention (DLP)
B.
Establishing e-discovery and data loss prevention (DLP)
Answers
C.
Sending notifications when near storage quota
C.
Sending notifications when near storage quota
Answers
D.
Implementing a bring your own device 1BVOD) policy
D.
Implementing a bring your own device 1BVOD) policy
Answers
Suggested answer: A

Question 95

Report
Export
Collapse

Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

A.
Risk mitigation budget
A.
Risk mitigation budget
Answers
B.
Business Impact analysis
B.
Business Impact analysis
Answers
C.
Cost-benefit analysis
C.
Cost-benefit analysis
Answers
D.
Return on investment
D.
Return on investment
Answers
Suggested answer: C

Question 96

Report
Export
Collapse

Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?

A.
Perform an m-depth code review with an expert
A.
Perform an m-depth code review with an expert
Answers
B.
Validate functionality by running in a test environment
B.
Validate functionality by running in a test environment
Answers
C.
Implement a service level agreement.
C.
Implement a service level agreement.
Answers
D.
Utilize the change management process.
D.
Utilize the change management process.
Answers
Suggested answer: C

Question 97

Report
Export
Collapse

Which of the following would be the BEST recommendation if the level of risk in the IT risk profile has decreased and is now below management's risk appetite?

A.
Optimize the control environment.
A.
Optimize the control environment.
Answers
B.
Realign risk appetite to the current risk level.
B.
Realign risk appetite to the current risk level.
Answers
C.
Decrease the number of related risk scenarios.
C.
Decrease the number of related risk scenarios.
Answers
D.
Reduce the risk management budget.
D.
Reduce the risk management budget.
Answers
Suggested answer: A

Question 98

Report
Export
Collapse

A risk assessment has identified that departments have installed their own WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

A.
The network security policy
A.
The network security policy
Answers
B.
Potential business impact
B.
Potential business impact
Answers
C.
The WiFi access point configuration
C.
The WiFi access point configuration
Answers
D.
Planned remediation actions
D.
Planned remediation actions
Answers
Suggested answer: B

Question 99

Report
Export
Collapse

Which of the following should be the HIGHEST priority when developing a risk response?

A.
The risk response addresses the risk with a holistic view.
A.
The risk response addresses the risk with a holistic view.
Answers
B.
The risk response is based on a cost-benefit analysis.
B.
The risk response is based on a cost-benefit analysis.
Answers
C.
The risk response is accounted for in the budget.
C.
The risk response is accounted for in the budget.
Answers
D.
The risk response aligns with the organization's risk appetite.
D.
The risk response aligns with the organization's risk appetite.
Answers
Suggested answer: D

Question 100

Report
Export
Collapse

The MOST important characteristic of an organization s policies is to reflect the organization's:

A.
risk assessment methodology.
A.
risk assessment methodology.
Answers
B.
risk appetite.
B.
risk appetite.
Answers
C.
capabilities
C.
capabilities
Answers
D.
asset value.
D.
asset value.
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms