ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 118

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 1171

Report
Export
Collapse

Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

A.
Updating the risk register to include the risk mitigation plan
A.
Updating the risk register to include the risk mitigation plan
Answers
B.
Determining processes for monitoring the effectiveness of the controls
B.
Determining processes for monitoring the effectiveness of the controls
Answers
C.
Ensuring that control design reduces risk to an acceptable level
C.
Ensuring that control design reduces risk to an acceptable level
Answers
D.
Confirming to management the controls reduce the likelihood of the risk
D.
Confirming to management the controls reduce the likelihood of the risk
Answers
Suggested answer: C

Question 1172

Report
Export
Collapse

An organization plans to implement a new Software as a Service (SaaS) speech-to-text solution Which of the following is MOST important to mitigate risk associated with data privacy?

A.
Secure encryption protocols are utilized.
A.
Secure encryption protocols are utilized.
Answers
B.
Multi-factor authentication is set up for users.
B.
Multi-factor authentication is set up for users.
Answers
C.
The solution architecture is approved by IT.
C.
The solution architecture is approved by IT.
Answers
D.
A risk transfer clause is included in the contact
D.
A risk transfer clause is included in the contact
Answers
Suggested answer: A

Question 1173

Report
Export
Collapse

An incentive program is MOST likely implemented to manage the risk associated with loss of which organizational asset?

A.
Employees
A.
Employees
Answers
B.
Data
B.
Data
Answers
C.
Reputation
C.
Reputation
Answers
D.
Customer lists
D.
Customer lists
Answers
Suggested answer: A

Question 1174

Report
Export
Collapse

When creating a separate IT risk register for a large organization, which of the following is MOST important to consider with regard to the existing corporate risk 'register?

A.
Leveraging business risk professionals
A.
Leveraging business risk professionals
Answers
B.
Relying on generic IT risk scenarios
B.
Relying on generic IT risk scenarios
Answers
C.
Describing IT risk in business terms
C.
Describing IT risk in business terms
Answers
D.
Using a common risk taxonomy
D.
Using a common risk taxonomy
Answers
Suggested answer: D

Question 1175

Report
Export
Collapse

Which of the following is the PRIMARY accountability for a control owner?

A.
Communicate risk to senior management.
A.
Communicate risk to senior management.
Answers
B.
Own the associated risk the control is mitigating.
B.
Own the associated risk the control is mitigating.
Answers
C.
Ensure the control operates effectively.
C.
Ensure the control operates effectively.
Answers
D.
Identify and assess control weaknesses.
D.
Identify and assess control weaknesses.
Answers
Suggested answer: C

Question 1176

Report
Export
Collapse

A recent risk workshop has identified risk owners and responses for newly identified risk scenarios. Which of the following should be the risk practitioner s NEXT step? r

A.
Prepare a business case for the response options.
A.
Prepare a business case for the response options.
Answers
B.
Identify resources for implementing responses.
B.
Identify resources for implementing responses.
Answers
C.
Develop a mechanism for monitoring residual risk.
C.
Develop a mechanism for monitoring residual risk.
Answers
D.
Update the risk register with the results.
D.
Update the risk register with the results.
Answers
Suggested answer: D

Question 1177

Report
Export
Collapse

Which of the following should be a risk practitioner's NEXT step after learning of an incident that has affected a competitor?

A.
Activate the incident response plan.
A.
Activate the incident response plan.
Answers
B.
Implement compensating controls.
B.
Implement compensating controls.
Answers
C.
Update the risk register.
C.
Update the risk register.
Answers
D.
Develop risk scenarios.
D.
Develop risk scenarios.
Answers
Suggested answer: A

Question 1178

Report
Export
Collapse

WhichT5f the following is the MOST effective way to promote organization-wide awareness of data security in response to an increase in regulatory penalties for data leakage?

A.
Enforce sanctions for noncompliance with security procedures.
A.
Enforce sanctions for noncompliance with security procedures.
Answers
B.
Conduct organization-w>de phishing simulations.
B.
Conduct organization-w>de phishing simulations.
Answers
C.
Require training on the data handling policy.
C.
Require training on the data handling policy.
Answers
D.
Require regular testing of the data breach response plan.
D.
Require regular testing of the data breach response plan.
Answers
Suggested answer: B

Question 1179

Report
Export
Collapse

Which of the following BEST enables senior management lo compare the ratings of risk scenarios?

A.
Key risk indicators (KRIs)
A.
Key risk indicators (KRIs)
Answers
B.
Key performance indicators (KPIs)
B.
Key performance indicators (KPIs)
Answers
C.
Control self-assessment (CSA)
C.
Control self-assessment (CSA)
Answers
D.
Risk heat map
D.
Risk heat map
Answers
Suggested answer: D

Question 1180

Report
Export
Collapse

Which of the following is the PRIMARY reason for an organization to include an acceptable use banner when users log in?

A.
To reduce the likelihood of insider threat
A.
To reduce the likelihood of insider threat
Answers
B.
To eliminate the possibility of insider threat
B.
To eliminate the possibility of insider threat
Answers
C.
To enable rapid discovery of insider threat
C.
To enable rapid discovery of insider threat
Answers
D.
To reduce the impact of insider threat
D.
To reduce the impact of insider threat
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms