ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 101

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 1001

Report
Export
Collapse

Which of the following is the BEST way for a risk practitioner to present an annual risk management update to the board''

A.
A summary of risk response plans with validation results
A.
A summary of risk response plans with validation results
Answers
B.
A report with control environment assessment results
B.
A report with control environment assessment results
Answers
C.
A dashboard summarizing key risk indicators (KRIs)
C.
A dashboard summarizing key risk indicators (KRIs)
Answers
D.
A summary of IT risk scenarios with business cases
D.
A summary of IT risk scenarios with business cases
Answers
Suggested answer: C

Question 1002

Report
Export
Collapse

Which of the following is MOST important to promoting a risk-aware culture?

A.
Regular testing of risk controls
A.
Regular testing of risk controls
Answers
B.
Communication of audit findings
B.
Communication of audit findings
Answers
C.
Procedures for security monitoring
C.
Procedures for security monitoring
Answers
D.
Open communication of risk reporting
D.
Open communication of risk reporting
Answers
Suggested answer: D

Question 1003

Report
Export
Collapse

The BEST metric to demonstrate that servers are configured securely is the total number of servers:

A.
exceeding availability thresholds
A.
exceeding availability thresholds
Answers
B.
experiencing hardware failures
B.
experiencing hardware failures
Answers
C.
exceeding current patching standards.
C.
exceeding current patching standards.
Answers
D.
meeting the baseline for hardening.
D.
meeting the baseline for hardening.
Answers
Suggested answer: D

Question 1004

Report
Export
Collapse

A risk practitioner has collaborated with subject matter experts from the IT department to develop a large list of potential key risk indicators (KRIs) for all IT operations within the organization of the following, who should review the completed list and select the appropriate KRIs for implementation?

A.
IT security managers
A.
IT security managers
Answers
B.
IT control owners
B.
IT control owners
Answers
C.
IT auditors
C.
IT auditors
Answers
D.
IT risk owners
D.
IT risk owners
Answers
Suggested answer: D

Question 1005

Report
Export
Collapse

If preventive controls cannot be Implemented due to technology limitations, which of the following should be done FIRST to reduce risk7

A.
Evaluate alternative controls.
A.
Evaluate alternative controls.
Answers
B.
Redefine the business process to reduce the risk.
B.
Redefine the business process to reduce the risk.
Answers
C.
Develop a plan to upgrade technology.
C.
Develop a plan to upgrade technology.
Answers
D.
Define a process for monitoring risk.
D.
Define a process for monitoring risk.
Answers
Suggested answer: A

Question 1006

Report
Export
Collapse

Which of the following resources is MOST helpful to a risk practitioner when updating the likelihood rating in the risk register?

A.
Risk control assessment
A.
Risk control assessment
Answers
B.
Audit reports with risk ratings
B.
Audit reports with risk ratings
Answers
C.
Penetration test results
C.
Penetration test results
Answers
D.
Business impact analysis (BIA)
D.
Business impact analysis (BIA)
Answers
Suggested answer: D

Question 1007

Report
Export
Collapse

A segregation of duties control was found to be ineffective because it did not account for all applicable functions when evaluating access. Who is responsible for ensuring the control is designed to effectively address risk?

A.
Risk manager
A.
Risk manager
Answers
B.
Control owner
B.
Control owner
Answers
C.
Control tester
C.
Control tester
Answers
D.
Risk owner
D.
Risk owner
Answers
Suggested answer: B

Question 1008

Report
Export
Collapse

Which of the following would be the BEST way for a risk practitioner to validate the effectiveness of a patching program?

A.
Conduct penetration testing.
A.
Conduct penetration testing.
Answers
B.
Interview IT operations personnel.
B.
Interview IT operations personnel.
Answers
C.
Conduct vulnerability scans.
C.
Conduct vulnerability scans.
Answers
D.
Review change control board documentation.
D.
Review change control board documentation.
Answers
Suggested answer: C

Question 1009

Report
Export
Collapse

The BEST indicator of the risk appetite of an organization is the

A.
regulatory environment of the organization
A.
regulatory environment of the organization
Answers
B.
risk management capability of the organization
B.
risk management capability of the organization
Answers
C.
board of directors' response to identified risk factors
C.
board of directors' response to identified risk factors
Answers
D.
importance assigned to IT in meeting strategic goals
D.
importance assigned to IT in meeting strategic goals
Answers
Suggested answer: B

Question 1010

Report
Export
Collapse

Which of the following is the BEST method to mitigate the risk of an unauthorized employee viewing confidential data in a database''

A.
Implement role-based access control
A.
Implement role-based access control
Answers
B.
Implement a data masking process
B.
Implement a data masking process
Answers
C.
Include sanctions in nondisclosure agreements (NDAs)
C.
Include sanctions in nondisclosure agreements (NDAs)
Answers
D.
Install a data loss prevention (DLP) tool
D.
Install a data loss prevention (DLP) tool
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms