ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
Which of the following will BEST support management repotting on risk?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 111

Report
Export
Collapse

When determining which control deficiencies are most significant, which of the following would provide the MOST useful information?

A.
Risk analysis results
A.
Risk analysis results
Answers
B.
Exception handling policy
B.
Exception handling policy
Answers
C.
Vulnerability assessment results
C.
Vulnerability assessment results
Answers
D.
Benchmarking assessments
D.
Benchmarking assessments
Answers
Suggested answer: C

Question 112

Report
Export
Collapse

Which of the following is the MOST important consideration when multiple risk practitioners capture risk scenarios in a single risk register?

A.
Aligning risk ownership and control ownership
A.
Aligning risk ownership and control ownership
Answers
B.
Developing risk escalation and reporting procedures
B.
Developing risk escalation and reporting procedures
Answers
C.
Maintaining up-to-date risk treatment plans
C.
Maintaining up-to-date risk treatment plans
Answers
D.
Using a consistent method for risk assessment
D.
Using a consistent method for risk assessment
Answers
Suggested answer: D

Question 113

Report
Export
Collapse

Which of the following tools is MOST effective in identifying trends in the IT risk profile?

A.
Risk self-assessment
A.
Risk self-assessment
Answers
B.
Risk register
B.
Risk register
Answers
C.
Risk dashboard
C.
Risk dashboard
Answers
D.
Risk map
D.
Risk map
Answers
Suggested answer: C

Question 114

Report
Export
Collapse

Reviewing results from which of the following is the BEST way to identify information systems control deficiencies?

A.
Vulnerability and threat analysis
A.
Vulnerability and threat analysis
Answers
B.
Control remediation planning
B.
Control remediation planning
Answers
C.
User acceptance testing (UAT)
C.
User acceptance testing (UAT)
Answers
D.
Control self-assessment (CSA)
D.
Control self-assessment (CSA)
Answers
Suggested answer: D

Question 115

Report
Export
Collapse

Which of the following would be MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?

A.
Closed management action plans from the previous audit
A.
Closed management action plans from the previous audit
Answers
B.
Annual risk assessment results
B.
Annual risk assessment results
Answers
C.
An updated vulnerability management report
C.
An updated vulnerability management report
Answers
D.
A list of identified generic risk scenarios
D.
A list of identified generic risk scenarios
Answers
Suggested answer: A

Question 116

Report
Export
Collapse

The number of tickets to rework application code has significantly exceeded the established threshold. Which of the following would be the risk practitioner s BEST recommendation?

A.
Perform a root cause analysis
A.
Perform a root cause analysis
Answers
B.
Perform a code review
B.
Perform a code review
Answers
C.
Implement version control software.
C.
Implement version control software.
Answers
D.
Implement training on coding best practices
D.
Implement training on coding best practices
Answers
Suggested answer: A

Question 117

Report
Export
Collapse

It is MOST appropriate for changes to be promoted to production after they are:

A.
communicated to business management
A.
communicated to business management
Answers
B.
tested by business owners.
B.
tested by business owners.
Answers
C.
approved by the business owner.
C.
approved by the business owner.
Answers
D.
initiated by business users.
D.
initiated by business users.
Answers
Suggested answer: C

Question 118

Report
Export
Collapse

Numerous media reports indicate a recently discovered technical vulnerability is being actively exploited. Which of the following would be the BEST response to this scenario?

A.
Assess the vulnerability management process.
A.
Assess the vulnerability management process.
Answers
B.
Conduct a control serf-assessment.
B.
Conduct a control serf-assessment.
Answers
C.
Conduct a vulnerability assessment.
C.
Conduct a vulnerability assessment.
Answers
D.
Reassess the inherent risk of the target.
D.
Reassess the inherent risk of the target.
Answers
Suggested answer: A

Question 119

Report
Export
Collapse

Which of the following helps ensure compliance with a nonrepudiation policy requirement for electronic transactions?

A.
Digital signatures
A.
Digital signatures
Answers
B.
Encrypted passwords
B.
Encrypted passwords
Answers
C.
One-time passwords
C.
One-time passwords
Answers
D.
Digital certificates
D.
Digital certificates
Answers
Suggested answer: A

Question 120

Report
Export
Collapse

Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

A.
Derive scenarios from IT risk policies and standards.
A.
Derive scenarios from IT risk policies and standards.
Answers
B.
Map scenarios to a recognized risk management framework.
B.
Map scenarios to a recognized risk management framework.
Answers
C.
Gather scenarios from senior management.
C.
Gather scenarios from senior management.
Answers
D.
Benchmark scenarios against industry peers.
D.
Benchmark scenarios against industry peers.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms