ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 115

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 1141

Report
Export
Collapse

Which of the following will BEST ensure that controls adequately support business goals and objectives?

A.
Using the risk management process
A.
Using the risk management process
Answers
B.
Enforcing strict disciplinary procedures in case of noncompliance
B.
Enforcing strict disciplinary procedures in case of noncompliance
Answers
C.
Reviewing results of the annual company external audit
C.
Reviewing results of the annual company external audit
Answers
D.
Adopting internationally accepted controls
D.
Adopting internationally accepted controls
Answers
Suggested answer: A

Question 1142

Report
Export
Collapse

The cost of maintaining a control has grown to exceed the potential loss. Which of the following BEST describes this situation?

A.
Insufficient risk tolerance
A.
Insufficient risk tolerance
Answers
B.
Optimized control management
B.
Optimized control management
Answers
C.
Effective risk management
C.
Effective risk management
Answers
D.
Over-controlled environment
D.
Over-controlled environment
Answers
Suggested answer: B

Question 1143

Report
Export
Collapse

Which of the following is the BEST key performance indicator (KPI) to measure how effectively risk management practices are embedded in the project management office (PMO)?

A.
Percentage of projects with key risk accepted by the project steering committee
A.
Percentage of projects with key risk accepted by the project steering committee
Answers
B.
Reduction in risk policy noncompliance findings
B.
Reduction in risk policy noncompliance findings
Answers
C.
Percentage of projects with developed controls on scope creep
C.
Percentage of projects with developed controls on scope creep
Answers
D.
Reduction in audits involving external risk consultants
D.
Reduction in audits involving external risk consultants
Answers
Suggested answer: C

Question 1144

Report
Export
Collapse

A global organization has implemented an application that does not address all privacy requirements across multiple jurisdictions. Which of the following risk responses has the organization adopted with regard to privacy requirements?

A.
Risk avoidance
A.
Risk avoidance
Answers
B.
Risk transfer
B.
Risk transfer
Answers
C.
Risk mitigation
C.
Risk mitigation
Answers
D.
Risk acceptance
D.
Risk acceptance
Answers
Suggested answer: A

Question 1145

Report
Export
Collapse

Which of the following is MOST likely to introduce risk for financial institutions that use blockchain?

A.
Cost of implementation
A.
Cost of implementation
Answers
B.
Implementation of unproven applications
B.
Implementation of unproven applications
Answers
C.
Disruption to business processes
C.
Disruption to business processes
Answers
D.
Increase in attack surface area
D.
Increase in attack surface area
Answers
Suggested answer: B

Question 1146

Report
Export
Collapse

A failed IT system upgrade project has resulted in the corruption of an organization's asset inventory database. Which of the following controls BEST mitigates the impact of this incident?

A.
Encryption
A.
Encryption
Answers
B.
Authentication
B.
Authentication
Answers
C.
Configuration
C.
Configuration
Answers
D.
Backups
D.
Backups
Answers
Suggested answer: D

Question 1147

Report
Export
Collapse

Which of the following should be accountable for ensuring that media containing financial information are adequately destroyed per an organization's data disposal policy?

A.
Compliance manager
A.
Compliance manager
Answers
B.
Data architect
B.
Data architect
Answers
C.
Data owner
C.
Data owner
Answers
D.
Chief information officer (CIO)
D.
Chief information officer (CIO)
Answers
Suggested answer: C

Question 1148

Report
Export
Collapse

A risk practitioner is reviewing accountability assignments for data risk in the risk register. Which of the following would pose the GREATEST concern?

A.
The risk owner is not the control owner for associated data controls.
A.
The risk owner is not the control owner for associated data controls.
Answers
B.
The risk owner is in a business unit and does not report through the IT department.
B.
The risk owner is in a business unit and does not report through the IT department.
Answers
C.
The risk owner is listed as the department responsible for decision making.
C.
The risk owner is listed as the department responsible for decision making.
Answers
D.
The risk owner is a staff member rather than a department manager.
D.
The risk owner is a staff member rather than a department manager.
Answers
Suggested answer: C

Question 1149

Report
Export
Collapse

Which of the following roles should be assigned accountability for monitoring risk levels?

A.
Risk practitioner
A.
Risk practitioner
Answers
B.
Business manager
B.
Business manager
Answers
C.
Risk owner
C.
Risk owner
Answers
D.
Control owner
D.
Control owner
Answers
Suggested answer: C

Question 1150

Report
Export
Collapse

A penetration test reveals several vulnerabilities in a web-facing application. Which of the following should be the FIRST step in selecting a risk response?

A.
Correct the vulnerabilities to mitigate potential risk exposure.
A.
Correct the vulnerabilities to mitigate potential risk exposure.
Answers
B.
Develop a risk response action plan with key stakeholders.
B.
Develop a risk response action plan with key stakeholders.
Answers
C.
Assess the level of risk associated with the vulnerabilities.
C.
Assess the level of risk associated with the vulnerabilities.
Answers
D.
Communicate the vulnerabilities to the risk owner.
D.
Communicate the vulnerabilities to the risk owner.
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms