ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 104

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
Which of the following will BEST support management repotting on risk?

Question 1031

Report
Export
Collapse

A risk practitioner recently discovered that personal information from the production environment is required for testing purposes in non-production environments. Which of the following is the BEST recommendation to address this situation?

A.
Enable data encryption in the test environment.
A.
Enable data encryption in the test environment.
Answers
B.
Prevent the use of production data in the test environment
B.
Prevent the use of production data in the test environment
Answers
C.
De-identify data before being transferred to the test environment.
C.
De-identify data before being transferred to the test environment.
Answers
D.
Enforce multi-factor authentication within the test environment.
D.
Enforce multi-factor authentication within the test environment.
Answers
Suggested answer: C

Question 1032

Report
Export
Collapse

Which of the following is the GREATEST concern when establishing key risk indicators (KRIs)?

A.
High percentage of lagging indicators
A.
High percentage of lagging indicators
Answers
B.
Nonexistent benchmark analysis
B.
Nonexistent benchmark analysis
Answers
C.
Incomplete documentation for KRI monitoring
C.
Incomplete documentation for KRI monitoring
Answers
D.
Ineffective methods to assess risk
D.
Ineffective methods to assess risk
Answers
Suggested answer: B

Question 1033

Report
Export
Collapse

Which of the following provides the MOST useful information to assess the magnitude of identified deficiencies in the IT control environment?

A.
Peer benchmarks
A.
Peer benchmarks
Answers
B.
Internal audit reports
B.
Internal audit reports
Answers
C.
Business impact analysis (BIA) results
C.
Business impact analysis (BIA) results
Answers
D.
Threat analysis results
D.
Threat analysis results
Answers
Suggested answer: D

Question 1034

Report
Export
Collapse

Which of the following provides the BEST assurance of the effectiveness of vendor security controls?

A.
Review vendor control self-assessments (CSA).
A.
Review vendor control self-assessments (CSA).
Answers
B.
Review vendor service level agreement (SLA) metrics.
B.
Review vendor service level agreement (SLA) metrics.
Answers
C.
Require independent control assessments.
C.
Require independent control assessments.
Answers
D.
Obtain vendor references from existing customers.
D.
Obtain vendor references from existing customers.
Answers
Suggested answer: C

Question 1035

Report
Export
Collapse

The MAIN purpose of selecting a risk response is to.

A.
ensure compliance with local regulatory requirements
A.
ensure compliance with local regulatory requirements
Answers
B.
demonstrate the effectiveness of risk management practices.
B.
demonstrate the effectiveness of risk management practices.
Answers
C.
ensure organizational awareness of the risk level
C.
ensure organizational awareness of the risk level
Answers
D.
mitigate the residual risk to be within tolerance
D.
mitigate the residual risk to be within tolerance
Answers
Suggested answer: C

Question 1036

Report
Export
Collapse

Which component of a software inventory BEST enables the identification and mitigation of known vulnerabilities?

A.
Software version
A.
Software version
Answers
B.
Assigned software manager
B.
Assigned software manager
Answers
C.
Software support contract expiration
C.
Software support contract expiration
Answers
D.
Software licensing information
D.
Software licensing information
Answers
Suggested answer: A

Question 1037

Report
Export
Collapse

Which of the following is the BEST way to ensure data is properly sanitized while in cloud storage?

A.
Deleting the data from the file system
A.
Deleting the data from the file system
Answers
B.
Cryptographically scrambling the data
B.
Cryptographically scrambling the data
Answers
C.
Formatting the cloud storage at the block level
C.
Formatting the cloud storage at the block level
Answers
D.
Degaussing the cloud storage media
D.
Degaussing the cloud storage media
Answers
Suggested answer: B

Question 1038

Report
Export
Collapse

Which risk response strategy could management apply to both positive and negative risk that has been identified?

A.
Transfer
A.
Transfer
Answers
B.
Accept
B.
Accept
Answers
C.
Exploit
C.
Exploit
Answers
D.
Mitigate
D.
Mitigate
Answers
Suggested answer: B

Question 1039

Report
Export
Collapse

An organization's recovery team is attempting to recover critical data backups following a major flood in its data center. However, key team members do not know exactly what steps should be taken to address this crisis. Which of the following is the MOST likely cause of this situation?

A.
Failure to test the disaster recovery plan (DRP)
A.
Failure to test the disaster recovery plan (DRP)
Answers
B.
Lack of well-documented business impact analysis (BIA)
B.
Lack of well-documented business impact analysis (BIA)
Answers
C.
Lack of annual updates to the disaster recovery plan (DRP)
C.
Lack of annual updates to the disaster recovery plan (DRP)
Answers
D.
Significant changes in management personnel
D.
Significant changes in management personnel
Answers
Suggested answer: A

Question 1040

Report
Export
Collapse

A control process has been implemented in response to a new regulatory requirement, but has significantly reduced productivity. Which of the following is the BEST way to resolve this concern?

A.
Absorb the loss in productivity.
A.
Absorb the loss in productivity.
Answers
B.
Request a waiver to the requirements.
B.
Request a waiver to the requirements.
Answers
C.
Escalate the issue to senior management
C.
Escalate the issue to senior management
Answers
D.
Remove the control to accommodate business objectives.
D.
Remove the control to accommodate business objectives.
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms