ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 11

Add to Whishlist

List of questions

Question 101

Report Export Collapse

Which of the following is the BEST method for assessing control effectiveness?

Ad hoc control reporting
Ad hoc control reporting
Control self-assessment
Control self-assessment
Continuous monitoring
Continuous monitoring
Predictive analytics
Predictive analytics
Suggested answer: C
asked 18/09/2024
Peter Sundstrom
38 questions

Question 102

Report Export Collapse

Which of the following risk register updates is MOST important for senior management to review?

Extending the date of a future action plan by two months
Extending the date of a future action plan by two months
Retiring a risk scenario no longer used
Retiring a risk scenario no longer used
Avoiding a risk that was previously accepted
Avoiding a risk that was previously accepted
Changing a risk owner
Changing a risk owner
Suggested answer: A
asked 18/09/2024
Sarath Ganaparthi
48 questions

Question 103

Report Export Collapse

A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

An increase in attempted distributed denial of service (DDoS) attacks
An increase in attempted distributed denial of service (DDoS) attacks
An increase in attempted website phishing attacks
An increase in attempted website phishing attacks
A decrease in achievement of service level agreements (SLAs)
A decrease in achievement of service level agreements (SLAs)
A decrease in remediated web security vulnerabilities
A decrease in remediated web security vulnerabilities
Suggested answer: A
asked 18/09/2024
Eric Hebert
41 questions

Question 104

Report Export Collapse

Which of the following is the PRIMARY factor in determining a recovery time objective (RTO)?

Cost of offsite backup premises
Cost of offsite backup premises
Cost of downtime due to a disaster
Cost of downtime due to a disaster
Cost of testing the business continuity plan
Cost of testing the business continuity plan
Response time of the emergency action plan
Response time of the emergency action plan
Suggested answer: B
asked 18/09/2024
Richard lavery
44 questions

Question 105

Report Export Collapse

Which of the following is the BEST way to identify changes to the risk landscape?

Internal audit reports
Internal audit reports
Access reviews
Access reviews
Threat modeling
Threat modeling
Root cause analysis
Root cause analysis
Suggested answer: C
asked 18/09/2024
Mary Andreou
51 questions

Question 106

Report Export Collapse

A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

identification.
identification.
treatment.
treatment.
communication.
communication.
assessment
assessment
Suggested answer: C
asked 18/09/2024
ANIKET PATEL
51 questions

Question 107

Report Export Collapse

Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:

minimize the number of risk scenarios for risk assessment.
minimize the number of risk scenarios for risk assessment.
aggregate risk scenarios identified across different business units.
aggregate risk scenarios identified across different business units.
build a threat profile of the organization for management review.
build a threat profile of the organization for management review.
provide a current reference to stakeholders for risk-based decisions.
provide a current reference to stakeholders for risk-based decisions.
Suggested answer: C
asked 18/09/2024
Martin White
42 questions

Question 108

Report Export Collapse

Which of the following provides the BEST evidence of the effectiveness of an organization's account provisioning process?

User provisioning
User provisioning
Role-based access controls
Role-based access controls
Security log monitoring
Security log monitoring
Entitlement reviews
Entitlement reviews
Suggested answer: D
asked 18/09/2024
Carol Phelps
44 questions

Question 109

Report Export Collapse

Which of the following is of GREATEST concern when uncontrolled changes are made to the control environment?

A decrease in control layering effectiveness
A decrease in control layering effectiveness
An increase in inherent risk
An increase in inherent risk
An increase in control vulnerabilities
An increase in control vulnerabilities
An increase in the level of residual risk
An increase in the level of residual risk
Suggested answer: D
asked 18/09/2024
Ronakkumar Shyani
52 questions

Question 110

Report Export Collapse

Which of the following is the MOST important consideration when developing an organization's risk taxonomy?

Leading industry frameworks
Leading industry frameworks
Business context
Business context
Regulatory requirements
Regulatory requirements
IT strategy
IT strategy
Suggested answer: B
asked 18/09/2024
frederic Morteau
40 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?