ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 120

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 1191

Report
Export
Collapse

Which of the following should be considered FIRST when creating a comprehensive IT risk register?

A.
Risk management budget
A.
Risk management budget
Answers
B.
Risk mitigation policies
B.
Risk mitigation policies
Answers
C.
Risk appetite
C.
Risk appetite
Answers
D.
Risk analysis techniques
D.
Risk analysis techniques
Answers
Suggested answer: C

Question 1192

Report
Export
Collapse

Which of the following observations from a third-party service provider review would be of GREATEST concern to a risk practitioner?

A.
Service level agreements (SLAs) have not been met over the last quarter.
A.
Service level agreements (SLAs) have not been met over the last quarter.
Answers
B.
The service contract is up for renewal in less than thirty days.
B.
The service contract is up for renewal in less than thirty days.
Answers
C.
Key third-party personnel have recently been replaced.
C.
Key third-party personnel have recently been replaced.
Answers
D.
Monthly service charges are significantly higher than industry norms.
D.
Monthly service charges are significantly higher than industry norms.
Answers
Suggested answer: C

Question 1193

Report
Export
Collapse

Which of the following is the MOST important characteristic of a key risk indicator (KRI) to enable decision-making?

A.
Monitoring the risk until the exposure is reduced
A.
Monitoring the risk until the exposure is reduced
Answers
B.
Setting minimum sample sizes to ensure accuracy
B.
Setting minimum sample sizes to ensure accuracy
Answers
C.
Listing alternative causes for risk events
C.
Listing alternative causes for risk events
Answers
D.
Illustrating changes in risk trends
D.
Illustrating changes in risk trends
Answers
Suggested answer: D

Question 1194

Report
Export
Collapse

A poster has been displayed in a data center that reads. 'Anyone caught taking photographs in the data center may be subject to disciplinary action.' Which of the following control types has been implemented?

A.
Corrective
A.
Corrective
Answers
B.
Detective
B.
Detective
Answers
C.
Deterrent
C.
Deterrent
Answers
D.
Preventative
D.
Preventative
Answers
Suggested answer: A

Question 1195

Report
Export
Collapse

Which of the following is MOST important when determining risk appetite?

A.
Assessing regulatory requirements
A.
Assessing regulatory requirements
Answers
B.
Benchmarking against industry standards
B.
Benchmarking against industry standards
Answers
C.
Gaining management consensus
C.
Gaining management consensus
Answers
D.
Identifying risk tolerance
D.
Identifying risk tolerance
Answers
Suggested answer: C

Question 1196

Report
Export
Collapse

Which of the following should be management's PRIMARY consideration when approving risk response action plans?

A.
Ability of the action plans to address multiple risk scenarios
A.
Ability of the action plans to address multiple risk scenarios
Answers
B.
Ease of implementing the risk treatment solution
B.
Ease of implementing the risk treatment solution
Answers
C.
Changes in residual risk after implementing the plans
C.
Changes in residual risk after implementing the plans
Answers
D.
Prioritization for implementing the action plans
D.
Prioritization for implementing the action plans
Answers
Suggested answer: C

Question 1197

Report
Export
Collapse

When classifying and prioritizing risk responses, the areas to address FIRST are those with:

A.
low cost effectiveness ratios and high risk levels
A.
low cost effectiveness ratios and high risk levels
Answers
B.
high cost effectiveness ratios and low risk levels.
B.
high cost effectiveness ratios and low risk levels.
Answers
C.
high cost effectiveness ratios and high risk levels
C.
high cost effectiveness ratios and high risk levels
Answers
D.
low cost effectiveness ratios and low risk levels.
D.
low cost effectiveness ratios and low risk levels.
Answers
Suggested answer: C

Question 1198

Report
Export
Collapse

A legacy application used for a critical business function relies on software that has reached the end of extended support Which of the following is the MOST effective control to manage this application?

A.
Subscribe to threat intelligence to monitor external attacks.
A.
Subscribe to threat intelligence to monitor external attacks.
Answers
B.
Apply patches for a newer version of the application.
B.
Apply patches for a newer version of the application.
Answers
C.
Segment the application within the existing network.
C.
Segment the application within the existing network.
Answers
D.
Increase the frequency of regular system and data backups.
D.
Increase the frequency of regular system and data backups.
Answers
Suggested answer: D

Question 1199

Report
Export
Collapse

A risk practitioner notices a risk scenario associated with data loss at the organization's cloud provider is assigned to the provider Who should the risk scenario be reassigned to?

A.
Senior management
A.
Senior management
Answers
B.
Chief risk officer (CRO)
B.
Chief risk officer (CRO)
Answers
C.
Vendor manager
C.
Vendor manager
Answers
D.
Data owner
D.
Data owner
Answers
Suggested answer: D

Question 1200

Report
Export
Collapse

Who is MOST important lo include in the assessment of existing IT risk scenarios?

A.
Technology subject matter experts
A.
Technology subject matter experts
Answers
B.
Business process owners
B.
Business process owners
Answers
C.
Business users of IT systems
C.
Business users of IT systems
Answers
D.
Risk management consultants
D.
Risk management consultants
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms