ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 11

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 101

Report
Export
Collapse

Which of the following is the BEST method for assessing control effectiveness?

A.
Ad hoc control reporting
A.
Ad hoc control reporting
Answers
B.
Control self-assessment
B.
Control self-assessment
Answers
C.
Continuous monitoring
C.
Continuous monitoring
Answers
D.
Predictive analytics
D.
Predictive analytics
Answers
Suggested answer: C

Question 102

Report
Export
Collapse

Which of the following risk register updates is MOST important for senior management to review?

A.
Extending the date of a future action plan by two months
A.
Extending the date of a future action plan by two months
Answers
B.
Retiring a risk scenario no longer used
B.
Retiring a risk scenario no longer used
Answers
C.
Avoiding a risk that was previously accepted
C.
Avoiding a risk that was previously accepted
Answers
D.
Changing a risk owner
D.
Changing a risk owner
Answers
Suggested answer: A

Question 103

Report
Export
Collapse

A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

A.
An increase in attempted distributed denial of service (DDoS) attacks
A.
An increase in attempted distributed denial of service (DDoS) attacks
Answers
B.
An increase in attempted website phishing attacks
B.
An increase in attempted website phishing attacks
Answers
C.
A decrease in achievement of service level agreements (SLAs)
C.
A decrease in achievement of service level agreements (SLAs)
Answers
D.
A decrease in remediated web security vulnerabilities
D.
A decrease in remediated web security vulnerabilities
Answers
Suggested answer: A

Question 104

Report
Export
Collapse

Which of the following is the PRIMARY factor in determining a recovery time objective (RTO)?

A.
Cost of offsite backup premises
A.
Cost of offsite backup premises
Answers
B.
Cost of downtime due to a disaster
B.
Cost of downtime due to a disaster
Answers
C.
Cost of testing the business continuity plan
C.
Cost of testing the business continuity plan
Answers
D.
Response time of the emergency action plan
D.
Response time of the emergency action plan
Answers
Suggested answer: B

Question 105

Report
Export
Collapse

Which of the following is the BEST way to identify changes to the risk landscape?

A.
Internal audit reports
A.
Internal audit reports
Answers
B.
Access reviews
B.
Access reviews
Answers
C.
Threat modeling
C.
Threat modeling
Answers
D.
Root cause analysis
D.
Root cause analysis
Answers
Suggested answer: C

Question 106

Report
Export
Collapse

A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

A.
identification.
A.
identification.
Answers
B.
treatment.
B.
treatment.
Answers
C.
communication.
C.
communication.
Answers
D.
assessment
D.
assessment
Answers
Suggested answer: C

Question 107

Report
Export
Collapse

Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:

A.
minimize the number of risk scenarios for risk assessment.
A.
minimize the number of risk scenarios for risk assessment.
Answers
B.
aggregate risk scenarios identified across different business units.
B.
aggregate risk scenarios identified across different business units.
Answers
C.
build a threat profile of the organization for management review.
C.
build a threat profile of the organization for management review.
Answers
D.
provide a current reference to stakeholders for risk-based decisions.
D.
provide a current reference to stakeholders for risk-based decisions.
Answers
Suggested answer: C

Question 108

Report
Export
Collapse

Which of the following provides the BEST evidence of the effectiveness of an organization's account provisioning process?

A.
User provisioning
A.
User provisioning
Answers
B.
Role-based access controls
B.
Role-based access controls
Answers
C.
Security log monitoring
C.
Security log monitoring
Answers
D.
Entitlement reviews
D.
Entitlement reviews
Answers
Suggested answer: D

Question 109

Report
Export
Collapse

Which of the following is of GREATEST concern when uncontrolled changes are made to the control environment?

A.
A decrease in control layering effectiveness
A.
A decrease in control layering effectiveness
Answers
B.
An increase in inherent risk
B.
An increase in inherent risk
Answers
C.
An increase in control vulnerabilities
C.
An increase in control vulnerabilities
Answers
D.
An increase in the level of residual risk
D.
An increase in the level of residual risk
Answers
Suggested answer: D

Question 110

Report
Export
Collapse

Which of the following is the MOST important consideration when developing an organization's risk taxonomy?

A.
Leading industry frameworks
A.
Leading industry frameworks
Answers
B.
Business context
B.
Business context
Answers
C.
Regulatory requirements
C.
Regulatory requirements
Answers
D.
IT strategy
D.
IT strategy
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms