ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 100

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 991

Report
Export
Collapse

Which of the following is the MOST important key performance indicator (KPI) to monitor the effectiveness of disaster recovery processes?

A.
Percentage of IT systems recovered within the mean time to restore (MTTR) during the disaster recovery test
A.
Percentage of IT systems recovered within the mean time to restore (MTTR) during the disaster recovery test
Answers
B.
Percentage of issues arising from the disaster recovery test resolved on time
B.
Percentage of issues arising from the disaster recovery test resolved on time
Answers
C.
Percentage of IT systems included in the disaster recovery test scope
C.
Percentage of IT systems included in the disaster recovery test scope
Answers
D.
Percentage of IT systems meeting the recovery time objective (RTO) during the disaster recovery test
D.
Percentage of IT systems meeting the recovery time objective (RTO) during the disaster recovery test
Answers
Suggested answer: D

Question 992

Report
Export
Collapse

An organization wants to launch a campaign to advertise a new product Using data analytics, the campaign can be targeted to reach potential customers. Which of the following should be of GREATEST concern to the risk practitioner?

A.
Data minimization
A.
Data minimization
Answers
B.
Accountability
B.
Accountability
Answers
C.
Accuracy
C.
Accuracy
Answers
D.
Purpose limitation
D.
Purpose limitation
Answers
Suggested answer: D

Question 993

Report
Export
Collapse

A risk practitioner is utilizing a risk heat map during a risk assessment. Risk events that are coded with the same color will have a similar:

A.
risk score
A.
risk score
Answers
B.
risk impact
B.
risk impact
Answers
C.
risk response
C.
risk response
Answers
D.
risk likelihood.
D.
risk likelihood.
Answers
Suggested answer: B

Question 994

Report
Export
Collapse

A recent risk workshop has identified risk owners and responses for newly identified risk scenarios. Which of the following should be the risk practitioner's NEXT step?

A.
Develop a mechanism for monitoring residual risk.
A.
Develop a mechanism for monitoring residual risk.
Answers
B.
Update the risk register with the results.
B.
Update the risk register with the results.
Answers
C.
Prepare a business case for the response options.
C.
Prepare a business case for the response options.
Answers
D.
Identify resources for implementing responses.
D.
Identify resources for implementing responses.
Answers
Suggested answer: C

Question 995

Report
Export
Collapse

The objective of aligning mitigating controls to risk appetite is to ensure that:

A.
exposures are reduced to the fullest extent
A.
exposures are reduced to the fullest extent
Answers
B.
exposures are reduced only for critical business systems
B.
exposures are reduced only for critical business systems
Answers
C.
insurance costs are minimized
C.
insurance costs are minimized
Answers
D.
the cost of controls does not exceed the expected loss.
D.
the cost of controls does not exceed the expected loss.
Answers
Suggested answer: D

Question 996

Report
Export
Collapse

An organization has decided to postpone the assessment and treatment of several risk scenarios because stakeholders are unavailable. As a result of this decision, the risk associated with these new entries has been;

A.
mitigated
A.
mitigated
Answers
B.
deferred
B.
deferred
Answers
C.
accepted.
C.
accepted.
Answers
D.
transferred
D.
transferred
Answers
Suggested answer: C

Question 997

Report
Export
Collapse

When a risk practitioner is determining a system's criticality. it is MOST helpful to review the associated:

A.
process flow.
A.
process flow.
Answers
B.
business impact analysis (BIA).
B.
business impact analysis (BIA).
Answers
C.
service level agreement (SLA).
C.
service level agreement (SLA).
Answers
D.
system architecture.
D.
system architecture.
Answers
Suggested answer: B

Question 998

Report
Export
Collapse

When evaluating a number of potential controls for treating risk, it is MOST important to consider:

A.
risk appetite and control efficiency.
A.
risk appetite and control efficiency.
Answers
B.
inherent risk and control effectiveness.
B.
inherent risk and control effectiveness.
Answers
C.
residual risk and cost of control.
C.
residual risk and cost of control.
Answers
D.
risk tolerance and control complexity.
D.
risk tolerance and control complexity.
Answers
Suggested answer: C

Question 999

Report
Export
Collapse

Which of the following is the MOST effective way to reduce potential losses due to ongoing expense fraud?

A.
Implement user access controls
A.
Implement user access controls
Answers
B.
Perform regular internal audits
B.
Perform regular internal audits
Answers
C.
Develop and communicate fraud prevention policies
C.
Develop and communicate fraud prevention policies
Answers
D.
Conduct fraud prevention awareness training.
D.
Conduct fraud prevention awareness training.
Answers
Suggested answer: A

Question 1000

Report
Export
Collapse

An organization is participating in an industry benchmarking study that involves providing customer transaction records for analysis Which of the following is the MOST important control to ensure the privacy of customer information?

A.
Nondisclosure agreements (NDAs)
A.
Nondisclosure agreements (NDAs)
Answers
B.
Data anonymization
B.
Data anonymization
Answers
C.
Data cleansing
C.
Data cleansing
Answers
D.
Data encryption
D.
Data encryption
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms