ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 103

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
Which of the following will BEST support management repotting on risk?

Question 1021

Report
Export
Collapse

Which of the following is the MAIN purpose of monitoring risk?

A.
Communication
A.
Communication
Answers
B.
Risk analysis
B.
Risk analysis
Answers
C.
Decision support
C.
Decision support
Answers
D.
Benchmarking
D.
Benchmarking
Answers
Suggested answer: A

Question 1022

Report
Export
Collapse

During an acquisition, which of the following would provide the MOST useful input to the parent company's risk practitioner when developing risk scenarios for the post-acquisition phase?

A.
Risk management framework adopted by each company
A.
Risk management framework adopted by each company
Answers
B.
Risk registers of both companies
B.
Risk registers of both companies
Answers
C.
IT balanced scorecard of each company
C.
IT balanced scorecard of each company
Answers
D.
Most recent internal audit findings from both companies
D.
Most recent internal audit findings from both companies
Answers
Suggested answer: C

Question 1023

Report
Export
Collapse

Which of the following is the MOST important consideration when communicating the risk associated with technology end-of-life to business owners?

A.
Cost and benefit
A.
Cost and benefit
Answers
B.
Security and availability
B.
Security and availability
Answers
C.
Maintainability and reliability
C.
Maintainability and reliability
Answers
D.
Performance and productivity
D.
Performance and productivity
Answers
Suggested answer: A

Question 1024

Report
Export
Collapse

Which of the following is MOST important when conducting a post-implementation review as part of the system development life cycle (SDLC)?

A.
Verifying that project objectives are met
A.
Verifying that project objectives are met
Answers
B.
Identifying project cost overruns
B.
Identifying project cost overruns
Answers
C.
Leveraging an independent review team
C.
Leveraging an independent review team
Answers
D.
Reviewing the project initiation risk matrix
D.
Reviewing the project initiation risk matrix
Answers
Suggested answer: A

Question 1025

Report
Export
Collapse

Using key risk indicators (KRIs) to illustrate changes in the risk profile PRIMARILY helps to:

A.
communicate risk trends to stakeholders.
A.
communicate risk trends to stakeholders.
Answers
B.
assign ownership of emerging risk scenarios.
B.
assign ownership of emerging risk scenarios.
Answers
C.
highlight noncompliance with the risk policy
C.
highlight noncompliance with the risk policy
Answers
D.
identify threats to emerging technologies.
D.
identify threats to emerging technologies.
Answers
Suggested answer: A

Question 1026

Report
Export
Collapse

Which of the following will BEST help to ensure key risk indicators (KRIs) provide value to risk owners?

A.
Ongoing training
A.
Ongoing training
Answers
B.
Timely notification
B.
Timely notification
Answers
C.
Return on investment (ROI)
C.
Return on investment (ROI)
Answers
D.
Cost minimization
D.
Cost minimization
Answers
Suggested answer: B

Question 1027

Report
Export
Collapse

When defining thresholds for control key performance indicators (KPIs). it is MOST helpful to align:

A.
information risk assessments with enterprise risk assessments.
A.
information risk assessments with enterprise risk assessments.
Answers
B.
key risk indicators (KRIs) with risk appetite of the business.
B.
key risk indicators (KRIs) with risk appetite of the business.
Answers
C.
the control key performance indicators (KPIs) with audit findings.
C.
the control key performance indicators (KPIs) with audit findings.
Answers
D.
control performance with risk tolerance of business owners.
D.
control performance with risk tolerance of business owners.
Answers
Suggested answer: B

Question 1028

Report
Export
Collapse

Which of the following is the MOST important step to ensure regulatory requirements are adequately addressed within an organization?

A.
Obtain necessary resources to address regulatory requirements
A.
Obtain necessary resources to address regulatory requirements
Answers
B.
Develop a policy framework that addresses regulatory requirements
B.
Develop a policy framework that addresses regulatory requirements
Answers
C.
Perform a gap analysis against regulatory requirements.
C.
Perform a gap analysis against regulatory requirements.
Answers
D.
Employ IT solutions that meet regulatory requirements.
D.
Employ IT solutions that meet regulatory requirements.
Answers
Suggested answer: B

Question 1029

Report
Export
Collapse

Which of the following is the GREATEST benefit of identifying appropriate risk owners?

A.
Accountability is established for risk treatment decisions
A.
Accountability is established for risk treatment decisions
Answers
B.
Stakeholders are consulted about risk treatment options
B.
Stakeholders are consulted about risk treatment options
Answers
C.
Risk owners are informed of risk treatment options
C.
Risk owners are informed of risk treatment options
Answers
D.
Responsibility is established for risk treatment decisions.
D.
Responsibility is established for risk treatment decisions.
Answers
Suggested answer: A

Question 1030

Report
Export
Collapse

An organization's chief information officer (CIO) has proposed investing in a new. untested technology to take advantage of being first to market Senior management has concerns about the success of the project and has set a limit for expenditures before final approval. This conditional approval indicates the organization's risk:

A.
capacity.
A.
capacity.
Answers
B.
appetite.
B.
appetite.
Answers
C.
management capability.
C.
management capability.
Answers
D.
treatment strategy.
D.
treatment strategy.
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms