ExamGecko
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 105

Question list
Search
Search

List of questions

Search

Related questions











A risk practitioner has identified that the agreed recovery time objective (RTO) with a Software as a Service (SaaS) provider is longer than the business expectation. Which ot the following is the risk practitioner's BEST course of action?

A.
Collaborate with the risk owner to determine the risk response plan.
A.
Collaborate with the risk owner to determine the risk response plan.
Answers
B.
Document the gap in the risk register and report to senior management.
B.
Document the gap in the risk register and report to senior management.
Answers
C.
Include a right to audit clause in the service provider contract.
C.
Include a right to audit clause in the service provider contract.
Answers
D.
Advise the risk owner to accept the risk.
D.
Advise the risk owner to accept the risk.
Answers
Suggested answer: A

A risk practitioner has identified that the agreed recovery time objective (RTO) with a Software as a Service (SaaS) provider is longer than the business expectation. Which of the following is the risk practitioner's BEST course of action?

A.
Collaborate with the risk owner to determine the risk response plan.
A.
Collaborate with the risk owner to determine the risk response plan.
Answers
B.
Document the gap in the risk register and report to senior management.
B.
Document the gap in the risk register and report to senior management.
Answers
C.
Include a right to audit clause in the service provider contract.
C.
Include a right to audit clause in the service provider contract.
Answers
D.
Advise the risk owner to accept the risk.
D.
Advise the risk owner to accept the risk.
Answers
Suggested answer: C

Which of the following is the MOST useful information for a risk practitioner when planning response activities after risk identification?

A.
Risk register
A.
Risk register
Answers
B.
Risk appetite
B.
Risk appetite
Answers
C.
Risk priorities
C.
Risk priorities
Answers
D.
Risk heat maps
D.
Risk heat maps
Answers
Suggested answer: B

Which of the following situations presents the GREATEST challenge to creating a comprehensive IT risk profile of an organization?

A.
Manual vulnerability scanning processes
A.
Manual vulnerability scanning processes
Answers
B.
Organizational reliance on third-party service providers
B.
Organizational reliance on third-party service providers
Answers
C.
Inaccurate documentation of enterprise architecture (EA)
C.
Inaccurate documentation of enterprise architecture (EA)
Answers
D.
Risk-averse organizational risk appetite
D.
Risk-averse organizational risk appetite
Answers
Suggested answer: D

Which of the following BEST enables a risk practitioner to understand management's approach to organizational risk?

A.
Organizational structure and job descriptions
A.
Organizational structure and job descriptions
Answers
B.
Risk appetite and risk tolerance
B.
Risk appetite and risk tolerance
Answers
C.
Industry best practices for risk management
C.
Industry best practices for risk management
Answers
D.
Prior year's risk assessment results
D.
Prior year's risk assessment results
Answers
Suggested answer: B

Which of the following is the MOST important reason to validate that risk responses have been executed as outlined in the risk response plan''

A.
To ensure completion of the risk assessment cycle
A.
To ensure completion of the risk assessment cycle
Answers
B.
To ensure controls arc operating effectively
B.
To ensure controls arc operating effectively
Answers
C.
To ensure residual risk Is at an acceptable level
C.
To ensure residual risk Is at an acceptable level
Answers
D.
To ensure control costs do not exceed benefits
D.
To ensure control costs do not exceed benefits
Answers
Suggested answer: A

Which of the following BEST helps to identify significant events that could impact an organization?

A.
Control analysis
A.
Control analysis
Answers
B.
Vulnerability analysis
B.
Vulnerability analysis
Answers
C.
Scenario analysis
C.
Scenario analysis
Answers
D.
Heat map analysis
D.
Heat map analysis
Answers
Suggested answer: C

Which of the following is the MAIN benefit to an organization using key risk indicators (KRIs)?

A.
KRIs assist in the preparation of the organization's risk profile.
A.
KRIs assist in the preparation of the organization's risk profile.
Answers
B.
KRIs signal that a change in the control environment has occurred.
B.
KRIs signal that a change in the control environment has occurred.
Answers
C.
KRIs provide a basis to set the risk appetite for an organization
C.
KRIs provide a basis to set the risk appetite for an organization
Answers
D.
KRIs provide an early warning that a risk threshold is about to be reached.
D.
KRIs provide an early warning that a risk threshold is about to be reached.
Answers
Suggested answer: D

Which of the following is the PRIMARY reason for sharing risk assessment reports with senior stakeholders?

A.
To support decision-making for risk response
A.
To support decision-making for risk response
Answers
B.
To hold risk owners accountable for risk action plans
B.
To hold risk owners accountable for risk action plans
Answers
C.
To secure resourcing for risk treatment efforts
C.
To secure resourcing for risk treatment efforts
Answers
D.
To enable senior management to compile a risk profile
D.
To enable senior management to compile a risk profile
Answers
Suggested answer: A

Which of the following BEST enables effective IT control implementation?

A.
Key risk indicators (KRIs)
A.
Key risk indicators (KRIs)
Answers
B.
Documented procedures
B.
Documented procedures
Answers
C.
Information security policies
C.
Information security policies
Answers
D.
Information security standards
D.
Information security standards
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120