ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 109

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
Which of the following will BEST support management repotting on risk?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 1081

Report
Export
Collapse

Which of the following BEST facilitates the identification of appropriate key performance indicators (KPIs) for a risk management program?

A.
Reviewing control objectives
A.
Reviewing control objectives
Answers
B.
Aligning with industry best practices
B.
Aligning with industry best practices
Answers
C.
Consulting risk owners
C.
Consulting risk owners
Answers
D.
Evaluating KPIs in accordance with risk appetite
D.
Evaluating KPIs in accordance with risk appetite
Answers
Suggested answer: C

Question 1082

Report
Export
Collapse

Which of the following is a risk practitioner's BEST recommendation upon learning that an employee inadvertently disclosed sensitive data to a vendor?

A.
Enroll the employee in additional security training.
A.
Enroll the employee in additional security training.
Answers
B.
Invoke the incident response plan.
B.
Invoke the incident response plan.
Answers
C.
Conduct an internal audit.
C.
Conduct an internal audit.
Answers
D.
Instruct the vendor to delete the data.
D.
Instruct the vendor to delete the data.
Answers
Suggested answer: B

Question 1083

Report
Export
Collapse

Which of the following is the BEST method to maintain a common view of IT risk within an organization?

A.
Collecting data for IT risk assessment
A.
Collecting data for IT risk assessment
Answers
B.
Establishing and communicating the IT risk profile
B.
Establishing and communicating the IT risk profile
Answers
C.
Utilizing a balanced scorecard
C.
Utilizing a balanced scorecard
Answers
D.
Performing and publishing an IT risk analysis
D.
Performing and publishing an IT risk analysis
Answers
Suggested answer: C

Question 1084

Report
Export
Collapse

Which of the following is the MOST important information to cover a business continuity awareness Ira nine, program for all employees of the organization?

A.
Recovery time objectives (RTOs)
A.
Recovery time objectives (RTOs)
Answers
B.
Segregation of duties
B.
Segregation of duties
Answers
C.
Communication plan
C.
Communication plan
Answers
D.
Critical asset inventory
D.
Critical asset inventory
Answers
Suggested answer: C

Question 1085

Report
Export
Collapse

Which of the following is the BEST approach for selecting controls to minimize risk?

A.
Industry best practice review
A.
Industry best practice review
Answers
B.
Risk assessment
B.
Risk assessment
Answers
C.
Cost-benefit analysis
C.
Cost-benefit analysis
Answers
D.
Control-effectiveness evaluation
D.
Control-effectiveness evaluation
Answers
Suggested answer: C

Question 1086

Report
Export
Collapse

The MAIN reason for prioritizing IT risk responses is to enable an organization to:

A.
determine the risk appetite.
A.
determine the risk appetite.
Answers
B.
determine the budget.
B.
determine the budget.
Answers
C.
define key performance indicators (KPIs).
C.
define key performance indicators (KPIs).
Answers
D.
optimize resource utilization.
D.
optimize resource utilization.
Answers
Suggested answer: C

Question 1087

Report
Export
Collapse

An organization has experienced a cyber attack that exposed customer personally identifiable information (Pll) and caused extended outages of network services. Which of the following stakeholders are MOST important to include in the cyber response team to determine response actions?

A.
Security control owners based on control failures
A.
Security control owners based on control failures
Answers
B.
Cyber risk remediation plan owners
B.
Cyber risk remediation plan owners
Answers
C.
Risk owners based on risk impact
C.
Risk owners based on risk impact
Answers
D.
Enterprise risk management (ERM) team
D.
Enterprise risk management (ERM) team
Answers
Suggested answer: C

Question 1088

Report
Export
Collapse

Which of the following is the PRIMARY reason for a risk practitioner to review an organization's IT asset inventory?

A.
To plan for the replacement of assets at the end of their life cycles
A.
To plan for the replacement of assets at the end of their life cycles
Answers
B.
To assess requirements for reducing duplicate assets
B.
To assess requirements for reducing duplicate assets
Answers
C.
To understand vulnerabilities associated with the use of the assets
C.
To understand vulnerabilities associated with the use of the assets
Answers
D.
To calculate mean time between failures (MTBF) for the assets
D.
To calculate mean time between failures (MTBF) for the assets
Answers
Suggested answer: C

Question 1089

Report
Export
Collapse

An organization's business gap analysis reveals the need for a robust IT risk strategy. Which of the following should be the risk practitioner's PRIMARY consideration when participating in development of the new strategy?

A.
Scale of technology
A.
Scale of technology
Answers
B.
Risk indicators
B.
Risk indicators
Answers
C.
Risk culture
C.
Risk culture
Answers
D.
Proposed risk budget
D.
Proposed risk budget
Answers
Suggested answer: C

Question 1090

Report
Export
Collapse

A risk practitioner implemented a process to notify management of emergency changes that may not be approved. Which of the following is the BEST way to provide this information to management?

A.
Change logs
A.
Change logs
Answers
B.
Change management meeting minutes
B.
Change management meeting minutes
Answers
C.
Key control indicators (KCIs)
C.
Key control indicators (KCIs)
Answers
D.
Key risk indicators (KRIs)
D.
Key risk indicators (KRIs)
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms