ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 108

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following will BEST support management repotting on risk?

Question 1071

Report
Export
Collapse

Risk appetite should be PRIMARILY driven by which of the following?

A.
Enterprise security architecture roadmap
A.
Enterprise security architecture roadmap
Answers
B.
Stakeholder requirements
B.
Stakeholder requirements
Answers
C.
Legal and regulatory requirements
C.
Legal and regulatory requirements
Answers
D.
Business impact analysis (BIA)
D.
Business impact analysis (BIA)
Answers
Suggested answer: B

Question 1072

Report
Export
Collapse

What is the MAIN benefit of using a top-down approach to develop risk scenarios?

A.
It describes risk events specific to technology used by the enterprise.
A.
It describes risk events specific to technology used by the enterprise.
Answers
B.
It establishes the relationship between risk events and organizational objectives.
B.
It establishes the relationship between risk events and organizational objectives.
Answers
C.
It uses hypothetical and generic risk events specific to the enterprise.
C.
It uses hypothetical and generic risk events specific to the enterprise.
Answers
D.
It helps management and the risk practitioner to refine risk scenarios.
D.
It helps management and the risk practitioner to refine risk scenarios.
Answers
Suggested answer: C

Question 1073

Report
Export
Collapse

A zero-day vulnerability has been discovered in a globally used brand of hardware server that allows hackers to gain access to affected IT systems. Which of the following is MOST likely to change as a result of this situation?

A.
Control effectiveness
A.
Control effectiveness
Answers
B.
Risk appetite
B.
Risk appetite
Answers
C.
Risk likelihood
C.
Risk likelihood
Answers
D.
Key risk indicator (KRI)
D.
Key risk indicator (KRI)
Answers
Suggested answer: C

Question 1074

Report
Export
Collapse

When developing a response plan to address security incidents regarding sensitive data loss, it is MOST important

A.
revalidate current key risk indicators (KRIs).
A.
revalidate current key risk indicators (KRIs).
Answers
B.
revise risk management procedures.
B.
revise risk management procedures.
Answers
C.
review the data classification policy.
C.
review the data classification policy.
Answers
D.
revalidate existing risk scenarios.
D.
revalidate existing risk scenarios.
Answers
Suggested answer: C

Question 1075

Report
Export
Collapse

Which of the following potential scenarios associated with the implementation of a new database technology presents the GREATEST risk to an organization?

A.
The organization may not have a sufficient number of skilled resources.
A.
The organization may not have a sufficient number of skilled resources.
Answers
B.
Application and data migration cost for backups may exceed budget.
B.
Application and data migration cost for backups may exceed budget.
Answers
C.
Data may not be recoverable due to system failures.
C.
Data may not be recoverable due to system failures.
Answers
D.
The database system may not be scalable in the future.
D.
The database system may not be scalable in the future.
Answers
Suggested answer: B

Question 1076

Report
Export
Collapse

After entering a large number of low-risk scenarios into the risk register, it is MOST important for the risk practitioner to:

A.
prepare a follow-up risk assessment.
A.
prepare a follow-up risk assessment.
Answers
B.
recommend acceptance of the risk scenarios.
B.
recommend acceptance of the risk scenarios.
Answers
C.
reconfirm risk tolerance levels.
C.
reconfirm risk tolerance levels.
Answers
D.
analyze changes to aggregate risk.
D.
analyze changes to aggregate risk.
Answers
Suggested answer: D

Question 1077

Report
Export
Collapse

Which of the following provides the MOST reliable evidence of a control's effectiveness?

A.
A risk and control self-assessment
A.
A risk and control self-assessment
Answers
B.
Senior management's attestation
B.
Senior management's attestation
Answers
C.
A system-generated testing report
C.
A system-generated testing report
Answers
D.
detailed process walk-through
D.
detailed process walk-through
Answers
Suggested answer: D

Question 1078

Report
Export
Collapse

Which of the following BEST reduces the risk associated with the theft of a laptop containing sensitive information?

A.
Cable lock
A.
Cable lock
Answers
B.
Data encryption
B.
Data encryption
Answers
C.
Periodic backup
C.
Periodic backup
Answers
D.
Biometrics access control
D.
Biometrics access control
Answers
Suggested answer: B

Question 1079

Report
Export
Collapse

An organization has asked an IT risk practitioner to conduct an operational risk assessment on an initiative to outsource the organization's customer service operations overseas. Which of the following would MOST significantly impact management's decision?

A.
Time zone difference of the outsourcing location
A.
Time zone difference of the outsourcing location
Answers
B.
Ongoing financial viability of the outsourcing company
B.
Ongoing financial viability of the outsourcing company
Answers
C.
Cross-border information transfer restrictions in the outsourcing country
C.
Cross-border information transfer restrictions in the outsourcing country
Answers
D.
Historical network latency between the organization and outsourcing location
D.
Historical network latency between the organization and outsourcing location
Answers
Suggested answer: C

Question 1080

Report
Export
Collapse

Which of the following is the MOST effective way for a large and diversified organization to minimize risk associated with unauthorized software on company devices?

A.
Scan end points for applications not included in the asset inventory.
A.
Scan end points for applications not included in the asset inventory.
Answers
B.
Prohibit the use of cloud-based virtual desktop software.
B.
Prohibit the use of cloud-based virtual desktop software.
Answers
C.
Conduct frequent reviews of software licenses.
C.
Conduct frequent reviews of software licenses.
Answers
D.
Perform frequent internal audits of enterprise IT infrastructure.
D.
Perform frequent internal audits of enterprise IT infrastructure.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms