ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 112

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 1111

Report
Export
Collapse

When performing a risk assessment of a new service to support a core business process, which of the following should be done FIRST to ensure continuity of operations?

A.
Define metrics for restoring availability.
A.
Define metrics for restoring availability.
Answers
B.
Identify conditions that may cause disruptions.
B.
Identify conditions that may cause disruptions.
Answers
C.
Review incident response procedures.
C.
Review incident response procedures.
Answers
D.
Evaluate the probability of risk events.
D.
Evaluate the probability of risk events.
Answers
Suggested answer: B

Question 1112

Report
Export
Collapse

What should be the PRIMARY consideration related to data privacy protection when there are plans for a business initiative to make use of personal information?

A.
Do not collect or retain data that is not needed.
A.
Do not collect or retain data that is not needed.
Answers
B.
Redact data where possible.
B.
Redact data where possible.
Answers
C.
Limit access to the personal data.
C.
Limit access to the personal data.
Answers
D.
Ensure all data is encrypted at rest and during transit.
D.
Ensure all data is encrypted at rest and during transit.
Answers
Suggested answer: D

Question 1113

Report
Export
Collapse

Which of the following has the GREATEST influence on an organization's risk appetite?

A.
Threats and vulnerabilities
A.
Threats and vulnerabilities
Answers
B.
Internal and external risk factors
B.
Internal and external risk factors
Answers
C.
Business objectives and strategies
C.
Business objectives and strategies
Answers
D.
Management culture and behavior
D.
Management culture and behavior
Answers
Suggested answer: D

Question 1114

Report
Export
Collapse

Which organization is implementing a project to automate the purchasing process, including the modification of approval controls. Which of the following tasks is lie responsibility of the risk practitioner*?

A.
Verify that existing controls continue to properly mitigate defined risk
A.
Verify that existing controls continue to properly mitigate defined risk
Answers
B.
Test approval process controls once the project is completed
B.
Test approval process controls once the project is completed
Answers
C.
Update the existing controls for changes in approval processes from this project
C.
Update the existing controls for changes in approval processes from this project
Answers
D.
Perform a gap analysis of the impacted control processes
D.
Perform a gap analysis of the impacted control processes
Answers
Suggested answer: B

Question 1115

Report
Export
Collapse

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

A.
The cost associated with incident response activities The composition and number of records in the information asset
A.
The cost associated with incident response activities The composition and number of records in the information asset
Answers
B.
The maximum levels of applicable regulatory fines
B.
The maximum levels of applicable regulatory fines
Answers
C.
The length of time between identification and containment of the incident
C.
The length of time between identification and containment of the incident
Answers
Suggested answer: C

Question 1116

Report
Export
Collapse

Which of the following s MOST likely to deter an employee from engaging in inappropriate use of company owned IT systems?

A.
A centralized computer security response team
A.
A centralized computer security response team
Answers
B.
Regular performance reviews and management check-ins
B.
Regular performance reviews and management check-ins
Answers
C.
Code of ethics training for all employees
C.
Code of ethics training for all employees
Answers
D.
Communication of employee activity monitoring
D.
Communication of employee activity monitoring
Answers
Suggested answer: D

Question 1117

Report
Export
Collapse

Reviewing which of the following BEST helps an organization gam insight into its overall risk profile''

A.
Risk register
A.
Risk register
Answers
B.
Risk appetite
B.
Risk appetite
Answers
C.
Threat landscape
C.
Threat landscape
Answers
D.
Risk metrics
D.
Risk metrics
Answers
Suggested answer: B

Question 1118

Report
Export
Collapse

Which of the following is the GREATEST benefit of a three lines of defense structure?

A.
An effective risk culture that empowers employees to report risk
A.
An effective risk culture that empowers employees to report risk
Answers
B.
Effective segregation of duties to prevent internal fraud
B.
Effective segregation of duties to prevent internal fraud
Answers
C.
Clear accountability for risk management processes
C.
Clear accountability for risk management processes
Answers
D.
Improved effectiveness and efficiency of business operations
D.
Improved effectiveness and efficiency of business operations
Answers
Suggested answer: C

Question 1119

Report
Export
Collapse

Which of the following is the MOST effective way 10 identify an application backdoor prior to implementation'?

A.
User acceptance testing (UAT)
A.
User acceptance testing (UAT)
Answers
B.
Database activity monitoring
B.
Database activity monitoring
Answers
C.
Source code review
C.
Source code review
Answers
D.
Vulnerability analysis
D.
Vulnerability analysis
Answers
Suggested answer: B

Question 1120

Report
Export
Collapse

Which of the following is the PRIMARY objective of establishing an organization's risk tolerance and appetite?

A.
To align with board reporting requirements
A.
To align with board reporting requirements
Answers
B.
To assist management in decision making
B.
To assist management in decision making
Answers
C.
To create organization-wide risk awareness
C.
To create organization-wide risk awareness
Answers
D.
To minimize risk mitigation efforts
D.
To minimize risk mitigation efforts
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms