ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 106

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following will BEST support management repotting on risk?

Question 1051

Report
Export
Collapse

Which of the following should be the FIRST consideration when establishing a new risk governance program?

A.
Developing an ongoing awareness and training program
A.
Developing an ongoing awareness and training program
Answers
B.
Creating policies and standards that are easy to comprehend
B.
Creating policies and standards that are easy to comprehend
Answers
C.
Embedding risk management into the organization
C.
Embedding risk management into the organization
Answers
D.
Completing annual risk assessments on critical resources
D.
Completing annual risk assessments on critical resources
Answers
Suggested answer: B

Question 1052

Report
Export
Collapse

When establishing an enterprise IT risk management program, it is MOST important to:

A.
review alignment with the organizations strategy.
A.
review alignment with the organizations strategy.
Answers
B.
understand the organization's information security policy.
B.
understand the organization's information security policy.
Answers
C.
validate the organization's data classification scheme.
C.
validate the organization's data classification scheme.
Answers
D.
report identified IT risk scenarios to senior management.
D.
report identified IT risk scenarios to senior management.
Answers
Suggested answer: D

Question 1053

Report
Export
Collapse

An organization has operations in a location that regularly experiences severe weather events. Which of the following would BEST help to mitigate the risk to operations?

A.
Prepare a cost-benefit analysis to evaluate relocation.
A.
Prepare a cost-benefit analysis to evaluate relocation.
Answers
B.
Prepare a disaster recovery plan (DRP).
B.
Prepare a disaster recovery plan (DRP).
Answers
C.
Conduct a business impact analysis (BIA) for an alternate location.
C.
Conduct a business impact analysis (BIA) for an alternate location.
Answers
D.
Develop a business continuity plan (BCP).
D.
Develop a business continuity plan (BCP).
Answers
Suggested answer: D

Question 1054

Report
Export
Collapse

Which of the following is the MAIN benefit to an organization using key risk indicators (KRIs)?

A.
KRIs provide an early warning that a risk threshold is about to be reached.
A.
KRIs provide an early warning that a risk threshold is about to be reached.
Answers
B.
KRIs signal that a change in the control environment has occurred.
B.
KRIs signal that a change in the control environment has occurred.
Answers
C.
KRIs provide a basis to set the risk appetite for an organization.
C.
KRIs provide a basis to set the risk appetite for an organization.
Answers
D.
KRIs assist in the preparation of the organization's risk profile.
D.
KRIs assist in the preparation of the organization's risk profile.
Answers
Suggested answer: A

Question 1055

Report
Export
Collapse

What is the BEST recommendation to reduce the risk associated with potential system compromise when a vendor stops releasing security patches and updates for a business-critical legacy system?

A.
Segment the system on its own network.
A.
Segment the system on its own network.
Answers
B.
Ensure regular backups take place.
B.
Ensure regular backups take place.
Answers
C.
Virtualize the system in the cloud.
C.
Virtualize the system in the cloud.
Answers
D.
Install antivirus software on the system.
D.
Install antivirus software on the system.
Answers
Suggested answer: A

Question 1056

Report
Export
Collapse

Which of the following would provide the MOST helpful input to develop risk scenarios associated with hosting an organization's key IT applications in a cloud environment?

A.
Reviewing the results of independent audits
A.
Reviewing the results of independent audits
Answers
B.
Performing a site visit to the cloud provider's data center
B.
Performing a site visit to the cloud provider's data center
Answers
C.
Performing a due diligence review
C.
Performing a due diligence review
Answers
D.
Conducting a risk workshop with key stakeholders
D.
Conducting a risk workshop with key stakeholders
Answers
Suggested answer: D

Question 1057

Report
Export
Collapse

A newly incorporated enterprise needs to secure its information assets From a governance perspective which of the following should be done FIRST?

A.
Define information retention requirements and policies
A.
Define information retention requirements and policies
Answers
B.
Provide information security awareness training
B.
Provide information security awareness training
Answers
C.
Establish security management processes and procedures
C.
Establish security management processes and procedures
Answers
D.
Establish an inventory of information assets
D.
Establish an inventory of information assets
Answers
Suggested answer: D

Question 1058

Report
Export
Collapse

A highly regulated enterprise is developing a new risk management plan to specifically address legal and regulatory risk scenarios What should be done FIRST by IT governance to support this effort?

A.
Request a regulatory risk reporting methodology
A.
Request a regulatory risk reporting methodology
Answers
B.
Require critical success factors (CSFs) for IT risks.
B.
Require critical success factors (CSFs) for IT risks.
Answers
C.
Establish IT-specific compliance objectives
C.
Establish IT-specific compliance objectives
Answers
D.
Communicate IT key risk indicators (KRIs) and triggers
D.
Communicate IT key risk indicators (KRIs) and triggers
Answers
Suggested answer: A

Question 1059

Report
Export
Collapse

Business management is seeking assurance from the CIO that IT has a plan in place for early identification of potential issues that could impact the delivery of a new application Which of the following is the BEST way to increase the chances of a successful delivery'?

A.
Implement a release and deployment plan
A.
Implement a release and deployment plan
Answers
B.
Conduct comprehensive regression testing.
B.
Conduct comprehensive regression testing.
Answers
C.
Develop enterprise-wide key risk indicators (KRls)
C.
Develop enterprise-wide key risk indicators (KRls)
Answers
D.
Include business management on a weekly risk and issues report
D.
Include business management on a weekly risk and issues report
Answers
Suggested answer: D

Question 1060

Report
Export
Collapse

A root because analysis indicates a major service disruption due to a lack of competency of newly hired IT system administrators Who should be accountable for resolving the situation?

A.
HR training director
A.
HR training director
Answers
B.
Business process owner
B.
Business process owner
Answers
C.
HR recruitment manager
C.
HR recruitment manager
Answers
D.
Chief information officer (CIO)
D.
Chief information officer (CIO)
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms