ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 116

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 1151

Report
Export
Collapse

After an annual risk assessment is completed, which of the following would be MOST important to communicate to stakeholders?

A.
A decrease in threats
A.
A decrease in threats
Answers
B.
A change in the risk profile
B.
A change in the risk profile
Answers
C.
An increase in reported vulnerabilities
C.
An increase in reported vulnerabilities
Answers
D.
An increase in identified risk scenarios
D.
An increase in identified risk scenarios
Answers
Suggested answer: B

Question 1152

Report
Export
Collapse

Which of the following would MOST likely cause management to unknowingly accept excessive risk?

A.
Satisfactory audit results
A.
Satisfactory audit results
Answers
B.
Risk tolerance being set too low
B.
Risk tolerance being set too low
Answers
C.
Inaccurate risk ratings
C.
Inaccurate risk ratings
Answers
D.
Lack of preventive controls
D.
Lack of preventive controls
Answers
Suggested answer: C

Question 1153

Report
Export
Collapse

An organization recently implemented a machine learning-based solution to monitor IT usage and analyze user behavior in an effort to detect internal fraud. Which of the following is MOST likely to be reassessed as a result of this initiative?

A.
Risk likelihood
A.
Risk likelihood
Answers
B.
Risk culture
B.
Risk culture
Answers
C.
Risk appetite
C.
Risk appetite
Answers
D.
Risk capacity
D.
Risk capacity
Answers
Suggested answer: A

Question 1154

Report
Export
Collapse

The MOST important measure of the effectiveness of risk management in project implementation is the percentage of projects:

A.
introduced into production without high-risk issues.
A.
introduced into production without high-risk issues.
Answers
B.
having the risk register updated regularly.
B.
having the risk register updated regularly.
Answers
C.
having key risk indicators (KRIs) established to measure risk.
C.
having key risk indicators (KRIs) established to measure risk.
Answers
D.
having an action plan to remediate overdue issues.
D.
having an action plan to remediate overdue issues.
Answers
Suggested answer: A

Question 1155

Report
Export
Collapse

Which of the following is MOST helpful in identifying loss magnitude during risk analysis of a new system?

A.
Recovery time objective (RTO)
A.
Recovery time objective (RTO)
Answers
B.
Cost-benefit analysis
B.
Cost-benefit analysis
Answers
C.
Business impact analysis (BIA)
C.
Business impact analysis (BIA)
Answers
D.
Cyber insurance coverage
D.
Cyber insurance coverage
Answers
Suggested answer: C

Question 1156

Report
Export
Collapse

Which of the following is the result of a realized risk scenario?

A.
Threat event
A.
Threat event
Answers
B.
Vulnerability event
B.
Vulnerability event
Answers
C.
Technical event
C.
Technical event
Answers
D.
Loss event
D.
Loss event
Answers
Suggested answer: D

Question 1157

Report
Export
Collapse

Which of the following is the BEST way to protect sensitive data from administrators within a public cloud?

A.
Use an encrypted tunnel lo connect to the cloud.
A.
Use an encrypted tunnel lo connect to the cloud.
Answers
B.
Encrypt the data in the cloud database.
B.
Encrypt the data in the cloud database.
Answers
C.
Encrypt physical hard drives within the cloud.
C.
Encrypt physical hard drives within the cloud.
Answers
D.
Encrypt data before it leaves the organization.
D.
Encrypt data before it leaves the organization.
Answers
Suggested answer: D

Question 1158

Report
Export
Collapse

When confirming whether implemented controls are operating effectively, which of the following is MOST important to review?

A.
Results of benchmarking studies
A.
Results of benchmarking studies
Answers
B.
Results of risk assessments
B.
Results of risk assessments
Answers
C.
Number of emergency change requests
C.
Number of emergency change requests
Answers
D.
Maturity model
D.
Maturity model
Answers
Suggested answer: B

Question 1159

Report
Export
Collapse

Which of the following should be the PRIMARY input to determine risk tolerance?

A.
Regulatory requirements
A.
Regulatory requirements
Answers
B.
Organizational objectives
B.
Organizational objectives
Answers
C.
Annual loss expectancy (ALE)
C.
Annual loss expectancy (ALE)
Answers
D.
Risk management costs
D.
Risk management costs
Answers
Suggested answer: C

Question 1160

Report
Export
Collapse

Which of the following is the ULTIMATE goal of conducting a privacy impact analysis (PIA)?

A.
To identify gaps in data protection controls
A.
To identify gaps in data protection controls
Answers
B.
To develop a customer notification plan
B.
To develop a customer notification plan
Answers
C.
To identify personally identifiable information (Pll)
C.
To identify personally identifiable information (Pll)
Answers
D.
To determine gaps in data identification processes
D.
To determine gaps in data identification processes
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms