ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 12

Add to Whishlist

List of questions

Question 111

Report Export Collapse

When determining which control deficiencies are most significant, which of the following would provide the MOST useful information?

Risk analysis results
Risk analysis results
Exception handling policy
Exception handling policy
Vulnerability assessment results
Vulnerability assessment results
Benchmarking assessments
Benchmarking assessments
Suggested answer: C
asked 18/09/2024
kinshuk choubisa
34 questions

Question 112

Report Export Collapse

Which of the following is the MOST important consideration when multiple risk practitioners capture risk scenarios in a single risk register?

Aligning risk ownership and control ownership
Aligning risk ownership and control ownership
Developing risk escalation and reporting procedures
Developing risk escalation and reporting procedures
Maintaining up-to-date risk treatment plans
Maintaining up-to-date risk treatment plans
Using a consistent method for risk assessment
Using a consistent method for risk assessment
Suggested answer: D
asked 18/09/2024
55 Cantera Ct. Johnson
44 questions

Question 113

Report Export Collapse

Which of the following tools is MOST effective in identifying trends in the IT risk profile?

Risk self-assessment
Risk self-assessment
Risk register
Risk register
Risk dashboard
Risk dashboard
Risk map
Risk map
Suggested answer: C
asked 18/09/2024
Aung Zin
49 questions

Question 114

Report Export Collapse

Reviewing results from which of the following is the BEST way to identify information systems control deficiencies?

Vulnerability and threat analysis
Vulnerability and threat analysis
Control remediation planning
Control remediation planning
User acceptance testing (UAT)
User acceptance testing (UAT)
Control self-assessment (CSA)
Control self-assessment (CSA)
Suggested answer: D
asked 18/09/2024
Ronald de Groot
49 questions

Question 115

Report Export Collapse

Which of the following would be MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?

Closed management action plans from the previous audit
Closed management action plans from the previous audit
Annual risk assessment results
Annual risk assessment results
An updated vulnerability management report
An updated vulnerability management report
A list of identified generic risk scenarios
A list of identified generic risk scenarios
Suggested answer: A
asked 18/09/2024
Sasha Grib
52 questions

Question 116

Report Export Collapse

The number of tickets to rework application code has significantly exceeded the established threshold. Which of the following would be the risk practitioner s BEST recommendation?

Perform a root cause analysis
Perform a root cause analysis
Perform a code review
Perform a code review
Implement version control software.
Implement version control software.
Implement training on coding best practices
Implement training on coding best practices
Suggested answer: A
asked 18/09/2024
Paul Sanchez
41 questions

Question 117

Report Export Collapse

It is MOST appropriate for changes to be promoted to production after they are:

communicated to business management
communicated to business management
tested by business owners.
tested by business owners.
approved by the business owner.
approved by the business owner.
initiated by business users.
initiated by business users.
Suggested answer: C
asked 18/09/2024
Lietuvis Kau
39 questions

Question 118

Report Export Collapse

Numerous media reports indicate a recently discovered technical vulnerability is being actively exploited. Which of the following would be the BEST response to this scenario?

Assess the vulnerability management process.
Assess the vulnerability management process.
Conduct a control serf-assessment.
Conduct a control serf-assessment.
Conduct a vulnerability assessment.
Conduct a vulnerability assessment.
Reassess the inherent risk of the target.
Reassess the inherent risk of the target.
Suggested answer: A
asked 18/09/2024
Nito Nobel
50 questions

Question 119

Report Export Collapse

Which of the following helps ensure compliance with a nonrepudiation policy requirement for electronic transactions?

Digital signatures
Digital signatures
Encrypted passwords
Encrypted passwords
One-time passwords
One-time passwords
Digital certificates
Digital certificates
Suggested answer: A
asked 18/09/2024
David Tirado
37 questions

Question 120

Report Export Collapse

Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

Derive scenarios from IT risk policies and standards.
Derive scenarios from IT risk policies and standards.
Map scenarios to a recognized risk management framework.
Map scenarios to a recognized risk management framework.
Gather scenarios from senior management.
Gather scenarios from senior management.
Benchmark scenarios against industry peers.
Benchmark scenarios against industry peers.
Suggested answer: A
asked 18/09/2024
adil benmekki
39 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?