ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 111

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 1101

Report
Export
Collapse

Who is the BEST person to the employee personal data?

A.
Human resources (HR) manager
A.
Human resources (HR) manager
Answers
B.
System administrator
B.
System administrator
Answers
C.
Data privacy manager
C.
Data privacy manager
Answers
D.
Compliance manager
D.
Compliance manager
Answers
Suggested answer: A

Question 1102

Report
Export
Collapse

Which of the following is MOST important to consider before determining a response to a vulnerability?

A.
The likelihood and impact of threat events
A.
The likelihood and impact of threat events
Answers
B.
The cost to implement the risk response
B.
The cost to implement the risk response
Answers
C.
Lack of data to measure threat events
C.
Lack of data to measure threat events
Answers
D.
Monetary value of the asset
D.
Monetary value of the asset
Answers
Suggested answer: C

Question 1103

Report
Export
Collapse

Which of the following is the GREATEST benefit of centralizing IT systems?

A.
Risk reporting
A.
Risk reporting
Answers
B.
Risk classification
B.
Risk classification
Answers
C.
Risk monitoring
C.
Risk monitoring
Answers
D.
Risk identification
D.
Risk identification
Answers
Suggested answer: C

Question 1104

Report
Export
Collapse

Which of the following is the PRIMARY objective of maintaining an information asset inventory?

A.
To provide input to business impact analyses (BIAs)
A.
To provide input to business impact analyses (BIAs)
Answers
B.
To protect information assets
B.
To protect information assets
Answers
C.
To facilitate risk assessments
C.
To facilitate risk assessments
Answers
D.
To manage information asset licensing
D.
To manage information asset licensing
Answers
Suggested answer: B

Question 1105

Report
Export
Collapse

Which of the following provides the MOST useful information for developing key risk indicators (KRIs)?

A.
Business impact analysis (BIA) results
A.
Business impact analysis (BIA) results
Answers
B.
Risk scenario ownership
B.
Risk scenario ownership
Answers
C.
Risk thresholds
C.
Risk thresholds
Answers
D.
Possible causes of materialized risk
D.
Possible causes of materialized risk
Answers
Suggested answer: C

Question 1106

Report
Export
Collapse

Which of the following should be used as the PRIMARY basis for evaluating the state of an organization's cloud computing environment against leading practices?

A.
The cloud environment's capability maturity model
A.
The cloud environment's capability maturity model
Answers
B.
The cloud environment's risk register
B.
The cloud environment's risk register
Answers
C.
The cloud computing architecture
C.
The cloud computing architecture
Answers
D.
The organization's strategic plans for cloud computing
D.
The organization's strategic plans for cloud computing
Answers
Suggested answer: A

Question 1107

Report
Export
Collapse

An organization is implementing robotic process automation (RPA) to streamline business processes. Given that implementation of this technology is expected to impact existing controls, which of the following is the risk practitioner's BEST course of action?

A.
Reassess whether mitigating controls address the known risk in the processes.
A.
Reassess whether mitigating controls address the known risk in the processes.
Answers
B.
Update processes to address the new technology.
B.
Update processes to address the new technology.
Answers
C.
Update the data governance policy to address the new technology.
C.
Update the data governance policy to address the new technology.
Answers
D.
Perform a gap analysis of the impacted processes.
D.
Perform a gap analysis of the impacted processes.
Answers
Suggested answer: A

Question 1108

Report
Export
Collapse

Which of the following is the MOST important consideration for effectively maintaining a risk register?

A.
An IT owner is assigned for each risk scenario.
A.
An IT owner is assigned for each risk scenario.
Answers
B.
The register is updated frequently.
B.
The register is updated frequently.
Answers
C.
The register is shared with executive management.
C.
The register is shared with executive management.
Answers
D.
Compensating controls are identified.
D.
Compensating controls are identified.
Answers
Suggested answer: B

Question 1109

Report
Export
Collapse

Which of the following activities BEST facilitates effective risk management throughout the organization?

A.
Reviewing risk-related process documentation
A.
Reviewing risk-related process documentation
Answers
B.
Conducting periodic risk assessments
B.
Conducting periodic risk assessments
Answers
C.
Performing a business impact analysis (BIA)
C.
Performing a business impact analysis (BIA)
Answers
D.
Performing frequent audits
D.
Performing frequent audits
Answers
Suggested answer: B

Question 1110

Report
Export
Collapse

Which of the following is the MOST important benefit of reporting risk assessment results to senior management?

A.
Promotion of a risk-aware culture
A.
Promotion of a risk-aware culture
Answers
B.
Compilation of a comprehensive risk register
B.
Compilation of a comprehensive risk register
Answers
C.
Alignment of business activities
C.
Alignment of business activities
Answers
D.
Facilitation of risk-aware decision making
D.
Facilitation of risk-aware decision making
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms