ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 110

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
Which of the following will BEST support management repotting on risk?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 1091

Report
Export
Collapse

Which of the following should be the GREATEST concern to a risk practitioner when process documentation is incomplete?

A.
Inability to allocate resources efficiently
A.
Inability to allocate resources efficiently
Answers
B.
Inability to identify the risk owner
B.
Inability to identify the risk owner
Answers
C.
Inability to complete the risk register
C.
Inability to complete the risk register
Answers
D.
Inability to identify process experts
D.
Inability to identify process experts
Answers
Suggested answer: B

Question 1092

Report
Export
Collapse

Which of the following is the MOST effective way to help ensure accountability for managing risk?

A.
Assign process owners to key risk areas.
A.
Assign process owners to key risk areas.
Answers
B.
Obtain independent risk assessments.
B.
Obtain independent risk assessments.
Answers
C.
Assign incident response action plan responsibilities.
C.
Assign incident response action plan responsibilities.
Answers
D.
Create accurate process narratives.
D.
Create accurate process narratives.
Answers
Suggested answer: A

Question 1093

Report
Export
Collapse

Which of the following would provide the MOST reliable evidence of the effectiveness of security controls implemented for a web application?

A.
Penetration testing
A.
Penetration testing
Answers
B.
IT general controls audit
B.
IT general controls audit
Answers
C.
Vulnerability assessment
C.
Vulnerability assessment
Answers
D.
Fault tree analysis
D.
Fault tree analysis
Answers
Suggested answer: A

Question 1094

Report
Export
Collapse

Which of the following would be of MOST concern to a risk practitioner reviewing risk action plans for documented IT risk scenarios?

A.
Individuals outside IT are managing action plans for the risk scenarios.
A.
Individuals outside IT are managing action plans for the risk scenarios.
Answers
B.
Target dates for completion are missing from some action plans.
B.
Target dates for completion are missing from some action plans.
Answers
C.
Senior management approved multiple changes to several action plans.
C.
Senior management approved multiple changes to several action plans.
Answers
D.
Many action plans were discontinued after senior management accepted the risk.
D.
Many action plans were discontinued after senior management accepted the risk.
Answers
Suggested answer: B

Question 1095

Report
Export
Collapse

Which of the following is MOST important for an organization to consider when developing its IT strategy?

A.
IT goals and objectives
A.
IT goals and objectives
Answers
B.
Organizational goals and objectives
B.
Organizational goals and objectives
Answers
C.
The organization's risk appetite statement
C.
The organization's risk appetite statement
Answers
D.
Legal and regulatory requirements
D.
Legal and regulatory requirements
Answers
Suggested answer: C

Question 1096

Report
Export
Collapse

Which of the following is the BEST way to ensure adequate resources will be allocated to manage identified risk?

A.
Prioritizing risk within each business unit
A.
Prioritizing risk within each business unit
Answers
B.
Reviewing risk ranking methodology
B.
Reviewing risk ranking methodology
Answers
C.
Promoting an organizational culture of risk awareness
C.
Promoting an organizational culture of risk awareness
Answers
D.
Assigning risk ownership to appropriate roles
D.
Assigning risk ownership to appropriate roles
Answers
Suggested answer: D

Question 1097

Report
Export
Collapse

Which of the following provides the MOST comprehensive information when developing a risk profile for a system?

A.
Results of a business impact analysis (BIA)
A.
Results of a business impact analysis (BIA)
Answers
B.
Risk assessment results
B.
Risk assessment results
Answers
C.
A mapping of resources to business processes
C.
A mapping of resources to business processes
Answers
D.
Key performance indicators (KPIs)
D.
Key performance indicators (KPIs)
Answers
Suggested answer: B

Question 1098

Report
Export
Collapse

Which of the following, who should be PRIMARILY responsible for performing user entitlement reviews?

A.
IT security manager
A.
IT security manager
Answers
B.
IT personnel
B.
IT personnel
Answers
C.
Data custodian
C.
Data custodian
Answers
D.
Data owner
D.
Data owner
Answers
Suggested answer: D

Question 1099

Report
Export
Collapse

An organization has decided to implement a new Internet of Things (loT) solution. Which of the following should be done FIRST when addressing security concerns associated with this new technology?

A.
Develop new loT risk scenarios.
A.
Develop new loT risk scenarios.
Answers
B.
Implement loT device monitoring software.
B.
Implement loT device monitoring software.
Answers
C.
Introduce controls to the new threat environment.
C.
Introduce controls to the new threat environment.
Answers
D.
Engage external security reviews.
D.
Engage external security reviews.
Answers
Suggested answer: A

Question 1100

Report
Export
Collapse

Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?

A.
Monitor risk controls.
A.
Monitor risk controls.
Answers
B.
Implement preventive measures.
B.
Implement preventive measures.
Answers
C.
Implement detective controls.
C.
Implement detective controls.
Answers
D.
Transfer the risk.
D.
Transfer the risk.
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms