ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 107

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following will BEST support management repotting on risk?

Question 1061

Report
Export
Collapse

Which of the following is the BEST way to determine whether system settings are in alignment with control baselines?

A.
Configuration validation
A.
Configuration validation
Answers
B.
Control attestation
B.
Control attestation
Answers
C.
Penetration testing
C.
Penetration testing
Answers
D.
Internal audit review
D.
Internal audit review
Answers
Suggested answer: A

Question 1062

Report
Export
Collapse

A recent big data project has resulted in the creation of an application used to support important investment decisions. Which of the following should be of GREATEST concern to the risk practitioner?

A.
Data quality
A.
Data quality
Answers
B.
Maintenance costs
B.
Maintenance costs
Answers
C.
Data redundancy
C.
Data redundancy
Answers
D.
System integration
D.
System integration
Answers
Suggested answer: A

Question 1063

Report
Export
Collapse

Which of the following presents the GREATEST challenge to managing an organization's end-user devices?

A.
Incomplete end-user device inventory
A.
Incomplete end-user device inventory
Answers
B.
Unsupported end-user applications
B.
Unsupported end-user applications
Answers
C.
Incompatible end-user devices
C.
Incompatible end-user devices
Answers
D.
Multiple end-user device models
D.
Multiple end-user device models
Answers
Suggested answer: A

Question 1064

Report
Export
Collapse

Which of the following is the result of a realized risk scenario?

A.
Technical event
A.
Technical event
Answers
B.
Threat event
B.
Threat event
Answers
C.
Vulnerability event
C.
Vulnerability event
Answers
D.
Loss event
D.
Loss event
Answers
Suggested answer: D

Question 1065

Report
Export
Collapse

Which of the following is the MOST important outcome of a business impact analysis (BIA)?

A.
Understanding and prioritization of critical processes
A.
Understanding and prioritization of critical processes
Answers
B.
Completion of the business continuity plan (BCP)
B.
Completion of the business continuity plan (BCP)
Answers
C.
Identification of regulatory consequences
C.
Identification of regulatory consequences
Answers
D.
Reduction of security and business continuity threats
D.
Reduction of security and business continuity threats
Answers
Suggested answer: A

Question 1066

Report
Export
Collapse

Senior management is deciding whether to share confidential data with the organization's business partners. The BEST course of action for a risk practitioner would be to submit a report to senior management containing the:

A.
possible risk and suggested mitigation plans.
A.
possible risk and suggested mitigation plans.
Answers
B.
design of controls to encrypt the data to be shared.
B.
design of controls to encrypt the data to be shared.
Answers
C.
project plan for classification of the data.
C.
project plan for classification of the data.
Answers
D.
summary of data protection and privacy legislation.
D.
summary of data protection and privacy legislation.
Answers
Suggested answer: A

Question 1067

Report
Export
Collapse

Which of the following is MOST important for successful incident response?

A.
The quantity of data logged by the attack control tools
A.
The quantity of data logged by the attack control tools
Answers
B.
Blocking the attack route immediately
B.
Blocking the attack route immediately
Answers
C.
The ability to trace the source of the attack
C.
The ability to trace the source of the attack
Answers
D.
The timeliness of attack recognition
D.
The timeliness of attack recognition
Answers
Suggested answer: D

Question 1068

Report
Export
Collapse

Which of The following BEST represents the desired risk posture for an organization?

A.
Inherent risk is lower than risk tolerance.
A.
Inherent risk is lower than risk tolerance.
Answers
B.
Operational risk is higher than risk tolerance.
B.
Operational risk is higher than risk tolerance.
Answers
C.
Accepted risk is higher than risk tolerance.
C.
Accepted risk is higher than risk tolerance.
Answers
D.
Residual risk is lower than risk tolerance.
D.
Residual risk is lower than risk tolerance.
Answers
Suggested answer: D

Question 1069

Report
Export
Collapse

An organization is adopting blockchain for a new financial system. Which of the following should be the GREATEST concern for a risk practitioner evaluating the system's production readiness?

A.
Limited organizational knowledge of the underlying technology
A.
Limited organizational knowledge of the underlying technology
Answers
B.
Lack of commercial software support
B.
Lack of commercial software support
Answers
C.
Varying costs related to implementation and maintenance
C.
Varying costs related to implementation and maintenance
Answers
D.
Slow adoption of the technology across the financial industry
D.
Slow adoption of the technology across the financial industry
Answers
Suggested answer: A

Question 1070

Report
Export
Collapse

Which of the following should be the PRIMARY basis for prioritizing risk responses?

A.
The impact of the risk
A.
The impact of the risk
Answers
B.
The replacement cost of the business asset
B.
The replacement cost of the business asset
Answers
C.
The cost of risk mitigation controls
C.
The cost of risk mitigation controls
Answers
D.
The classification of the business asset
D.
The classification of the business asset
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms