ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 101

Add to Whishlist

List of questions

Question 1001

Report Export Collapse

Which of the following is the BEST way for a risk practitioner to present an annual risk management update to the board''

Become a Premium Member for full access
  Unlock Premium Member

Question 1002

Report Export Collapse

Which of the following is MOST important to promoting a risk-aware culture?

Become a Premium Member for full access
  Unlock Premium Member

Question 1003

Report Export Collapse

The BEST metric to demonstrate that servers are configured securely is the total number of servers:

Become a Premium Member for full access
  Unlock Premium Member

Question 1004

Report Export Collapse

A risk practitioner has collaborated with subject matter experts from the IT department to develop a large list of potential key risk indicators (KRIs) for all IT operations within the organization of the following, who should review the completed list and select the appropriate KRIs for implementation?

Become a Premium Member for full access
  Unlock Premium Member

Question 1005

Report Export Collapse

If preventive controls cannot be Implemented due to technology limitations, which of the following should be done FIRST to reduce risk7

Become a Premium Member for full access
  Unlock Premium Member

Question 1006

Report Export Collapse

Which of the following resources is MOST helpful to a risk practitioner when updating the likelihood rating in the risk register?

Become a Premium Member for full access
  Unlock Premium Member

Question 1007

Report Export Collapse

A segregation of duties control was found to be ineffective because it did not account for all applicable functions when evaluating access. Who is responsible for ensuring the control is designed to effectively address risk?

Become a Premium Member for full access
  Unlock Premium Member

Question 1008

Report Export Collapse

Which of the following would be the BEST way for a risk practitioner to validate the effectiveness of a patching program?

Become a Premium Member for full access
  Unlock Premium Member

Question 1009

Report Export Collapse

The BEST indicator of the risk appetite of an organization is the

Become a Premium Member for full access
  Unlock Premium Member

Question 1010

Report Export Collapse

Which of the following is the BEST method to mitigate the risk of an unauthorized employee viewing confidential data in a database''

Become a Premium Member for full access
  Unlock Premium Member
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?