ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 13

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
Which of the following will BEST support management repotting on risk?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 121

Report
Export
Collapse

The PRIMARY benefit of maintaining an up-to-date risk register is that it helps to:

A.
implement uniform controls for common risk scenarios.
A.
implement uniform controls for common risk scenarios.
Answers
B.
ensure business unit risk is uniformly distributed.
B.
ensure business unit risk is uniformly distributed.
Answers
C.
build a risk profile for management review.
C.
build a risk profile for management review.
Answers
D.
quantify the organization's risk appetite.
D.
quantify the organization's risk appetite.
Answers
Suggested answer: C

Question 122

Report
Export
Collapse

To implement the MOST effective monitoring of key risk indicators (KRIs), which of the following needs to be in place?

A.
Threshold definition
A.
Threshold definition
Answers
B.
Escalation procedures
B.
Escalation procedures
Answers
C.
Automated data feed
C.
Automated data feed
Answers
D.
Controls monitoring
D.
Controls monitoring
Answers
Suggested answer: A

Question 123

Report
Export
Collapse

An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?

A.
Perform a risk assessment
A.
Perform a risk assessment
Answers
B.
Disable user access.
B.
Disable user access.
Answers
C.
Develop an access control policy.
C.
Develop an access control policy.
Answers
D.
Perform root cause analysis.
D.
Perform root cause analysis.
Answers
Suggested answer: B

Question 124

Report
Export
Collapse

Which of the following would be- MOST helpful to understand the impact of a new technology system on an organization's current risk profile?

A.
Hire consultants specializing m the new technology.
A.
Hire consultants specializing m the new technology.
Answers
B.
Review existing risk mitigation controls.
B.
Review existing risk mitigation controls.
Answers
C.
Conduct a gap analysis.
C.
Conduct a gap analysis.
Answers
D.
Perform a risk assessment.
D.
Perform a risk assessment.
Answers
Suggested answer: D

Question 125

Report
Export
Collapse

Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?

A.
impact due to failure of control
A.
impact due to failure of control
Answers
B.
Frequency of failure of control
B.
Frequency of failure of control
Answers
C.
Contingency plan for residual risk
C.
Contingency plan for residual risk
Answers
D.
Cost-benefit analysis of automation
D.
Cost-benefit analysis of automation
Answers
Suggested answer: D

Question 126

Report
Export
Collapse

Which of the following is the BEST course of action to reduce risk impact?

A.
Create an IT security policy.
A.
Create an IT security policy.
Answers
B.
Implement corrective measures.
B.
Implement corrective measures.
Answers
C.
Implement detective controls.
C.
Implement detective controls.
Answers
D.
Leverage existing technology
D.
Leverage existing technology
Answers
Suggested answer: B

Question 127

Report
Export
Collapse

The PRIMARY advantage of implementing an IT risk management framework is the:

A.
establishment of a reliable basis for risk-aware decision making.
A.
establishment of a reliable basis for risk-aware decision making.
Answers
B.
compliance with relevant legal and regulatory requirements.
B.
compliance with relevant legal and regulatory requirements.
Answers
C.
improvement of controls within the organization and minimized losses.
C.
improvement of controls within the organization and minimized losses.
Answers
D.
alignment of business goals with IT objectives.
D.
alignment of business goals with IT objectives.
Answers
Suggested answer: A

Question 128

Report
Export
Collapse

Which of the following is the BEST indication of an effective risk management program?

A.
Risk action plans are approved by senior management.
A.
Risk action plans are approved by senior management.
Answers
B.
Residual risk is within the organizational risk appetite
B.
Residual risk is within the organizational risk appetite
Answers
C.
Mitigating controls are designed and implemented.
C.
Mitigating controls are designed and implemented.
Answers
D.
Risk is recorded and tracked in the risk register
D.
Risk is recorded and tracked in the risk register
Answers
Suggested answer: B

Question 129

Report
Export
Collapse

An organization has outsourced its IT security operations to a third party. Who is ULTIMATELY accountable for the risk associated with the outsourced operations?

A.
The third party s management
A.
The third party s management
Answers
B.
The organization's management
B.
The organization's management
Answers
C.
The control operators at the third party
C.
The control operators at the third party
Answers
D.
The organization's vendor management office
D.
The organization's vendor management office
Answers
Suggested answer: B

Question 130

Report
Export
Collapse

The BEST way to justify the risk mitigation actions recommended in a risk assessment would be to:

A.
align with audit results.
A.
align with audit results.
Answers
B.
benchmark with competitor s actions.
B.
benchmark with competitor s actions.
Answers
C.
reference best practice.
C.
reference best practice.
Answers
D.
focus on the business drivers
D.
focus on the business drivers
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms