ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 119

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 1181

Report
Export
Collapse

A recent regulatory requirement has the potential to affect an organization's use of a third party to supply outsourced business services. Which of the following is the BEST course of action?

A.
Conduct a gap analysis.
A.
Conduct a gap analysis.
Answers
B.
Terminate the outsourcing agreement.
B.
Terminate the outsourcing agreement.
Answers
C.
Identify compensating controls.
C.
Identify compensating controls.
Answers
D.
Transfer risk to the third party.
D.
Transfer risk to the third party.
Answers
Suggested answer: A

Question 1182

Report
Export
Collapse

Which of the following is MOST important to include when reporting the effectiveness of risk management to senior management?

A.
Changes in the organization's risk appetite and risk tolerance levels
A.
Changes in the organization's risk appetite and risk tolerance levels
Answers
B.
Impact due to changes in external and internal risk factors
B.
Impact due to changes in external and internal risk factors
Answers
C.
Changes in residual risk levels against acceptable levels
C.
Changes in residual risk levels against acceptable levels
Answers
D.
Gaps in best practices and implemented controls across the industry
D.
Gaps in best practices and implemented controls across the industry
Answers
Suggested answer: C

Question 1183

Report
Export
Collapse

A risk practitioner has established that a particular control is working as desired, but the annual cost of maintenance has increased and now exceeds the expected annual loss exposure. The result is that the control is:

A.
mature
A.
mature
Answers
B.
ineffective.
B.
ineffective.
Answers
C.
optimized.
C.
optimized.
Answers
D.
inefficient.
D.
inefficient.
Answers
Suggested answer: B

Question 1184

Report
Export
Collapse

What is senior management's role in the RACI model when tasked with reviewing monthly status reports provided by risk owners?

A.
Accountable
A.
Accountable
Answers
B.
Informed
B.
Informed
Answers
C.
Responsible
C.
Responsible
Answers
D.
Consulted
D.
Consulted
Answers
Suggested answer: B

Question 1185

Report
Export
Collapse

Which of the following proposed benefits is MOST likely to influence senior management approval to reallocate budget for a new security initiative?

A.
Reduction in the number of incidents
A.
Reduction in the number of incidents
Answers
B.
Reduction in inherent risk
B.
Reduction in inherent risk
Answers
C.
Reduction in residual risk
C.
Reduction in residual risk
Answers
D.
Reduction in the number of known vulnerabilities
D.
Reduction in the number of known vulnerabilities
Answers
Suggested answer: B

Question 1186

Report
Export
Collapse

Which of the following is the MOST important course of action for a risk practitioner when reviewing the results of control performance monitoring?

A.
Evaluate changes to the organization's risk profile.
A.
Evaluate changes to the organization's risk profile.
Answers
B.
Validate whether the controls effectively mitigate risk.
B.
Validate whether the controls effectively mitigate risk.
Answers
C.
Confirm controls achieve regulatory compliance.
C.
Confirm controls achieve regulatory compliance.
Answers
D.
Analyze appropriateness of key performance indicators (KPIs).
D.
Analyze appropriateness of key performance indicators (KPIs).
Answers
Suggested answer: D

Question 1187

Report
Export
Collapse

Which of the following is MOST important to ensure when reviewing an organization's risk register?

A.
Risk ownership is recorded.
A.
Risk ownership is recorded.
Answers
B.
Vulnerabilities have separate entries.
B.
Vulnerabilities have separate entries.
Answers
C.
Control ownership is recorded.
C.
Control ownership is recorded.
Answers
D.
Residual risk is less than inherent risk.
D.
Residual risk is less than inherent risk.
Answers
Suggested answer: A

Question 1188

Report
Export
Collapse

Which of the following is the BEST recommendation to address recent IT risk trends that indicate social engineering attempts are increasing in the organization?

A.
Conduct a simulated phishing attack.
A.
Conduct a simulated phishing attack.
Answers
B.
Update spam filters
B.
Update spam filters
Answers
C.
Revise the acceptable use policy
C.
Revise the acceptable use policy
Answers
D.
Strengthen disciplinary procedures
D.
Strengthen disciplinary procedures
Answers
Suggested answer: A

Question 1189

Report
Export
Collapse

Which of the following is MOST useful for measuring the existing risk management process against a desired state?

A.
Balanced scorecard
A.
Balanced scorecard
Answers
B.
Risk management framework
B.
Risk management framework
Answers
C.
Capability maturity model
C.
Capability maturity model
Answers
D.
Risk scenario analysis
D.
Risk scenario analysis
Answers
Suggested answer: C

Question 1190

Report
Export
Collapse

Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

A.
Survey device owners.
A.
Survey device owners.
Answers
B.
Rescan the user environment.
B.
Rescan the user environment.
Answers
C.
Require annual end user policy acceptance.
C.
Require annual end user policy acceptance.
Answers
D.
Review awareness training assessment results
D.
Review awareness training assessment results
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms