ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 13

Add to Whishlist

List of questions

Question 121

Report Export Collapse

The PRIMARY benefit of maintaining an up-to-date risk register is that it helps to:

implement uniform controls for common risk scenarios.
implement uniform controls for common risk scenarios.
ensure business unit risk is uniformly distributed.
ensure business unit risk is uniformly distributed.
build a risk profile for management review.
build a risk profile for management review.
quantify the organization's risk appetite.
quantify the organization's risk appetite.
Suggested answer: C
asked 18/09/2024
michiel van de belt
46 questions

Question 122

Report Export Collapse

To implement the MOST effective monitoring of key risk indicators (KRIs), which of the following needs to be in place?

Threshold definition
Threshold definition
Escalation procedures
Escalation procedures
Automated data feed
Automated data feed
Controls monitoring
Controls monitoring
Suggested answer: A
asked 18/09/2024
CHING SHENG WU
41 questions

Question 123

Report Export Collapse

An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?

Perform a risk assessment
Perform a risk assessment
Disable user access.
Disable user access.
Develop an access control policy.
Develop an access control policy.
Perform root cause analysis.
Perform root cause analysis.
Suggested answer: B
asked 18/09/2024
Jonas Weimar
56 questions

Question 124

Report Export Collapse

Which of the following would be- MOST helpful to understand the impact of a new technology system on an organization's current risk profile?

Hire consultants specializing m the new technology.
Hire consultants specializing m the new technology.
Review existing risk mitigation controls.
Review existing risk mitigation controls.
Conduct a gap analysis.
Conduct a gap analysis.
Perform a risk assessment.
Perform a risk assessment.
Suggested answer: D
asked 18/09/2024
Vangelis Gouloutis
44 questions

Question 125

Report Export Collapse

Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?

impact due to failure of control
impact due to failure of control
Frequency of failure of control
Frequency of failure of control
Contingency plan for residual risk
Contingency plan for residual risk
Cost-benefit analysis of automation
Cost-benefit analysis of automation
Suggested answer: D
asked 18/09/2024
CARL COUCH
49 questions

Question 126

Report Export Collapse

Which of the following is the BEST course of action to reduce risk impact?

Create an IT security policy.
Create an IT security policy.
Implement corrective measures.
Implement corrective measures.
Implement detective controls.
Implement detective controls.
Leverage existing technology
Leverage existing technology
Suggested answer: B
asked 18/09/2024
James Joiner
36 questions

Question 127

Report Export Collapse

The PRIMARY advantage of implementing an IT risk management framework is the:

establishment of a reliable basis for risk-aware decision making.
establishment of a reliable basis for risk-aware decision making.
compliance with relevant legal and regulatory requirements.
compliance with relevant legal and regulatory requirements.
improvement of controls within the organization and minimized losses.
improvement of controls within the organization and minimized losses.
alignment of business goals with IT objectives.
alignment of business goals with IT objectives.
Suggested answer: A
asked 18/09/2024
Velli Mutham
39 questions

Question 128

Report Export Collapse

Which of the following is the BEST indication of an effective risk management program?

Risk action plans are approved by senior management.
Risk action plans are approved by senior management.
Residual risk is within the organizational risk appetite
Residual risk is within the organizational risk appetite
Mitigating controls are designed and implemented.
Mitigating controls are designed and implemented.
Risk is recorded and tracked in the risk register
Risk is recorded and tracked in the risk register
Suggested answer: B
asked 18/09/2024
Oktorio Rizki Prasetya
48 questions

Question 129

Report Export Collapse

An organization has outsourced its IT security operations to a third party. Who is ULTIMATELY accountable for the risk associated with the outsourced operations?

The third party s management
The third party s management
The organization's management
The organization's management
The control operators at the third party
The control operators at the third party
The organization's vendor management office
The organization's vendor management office
Suggested answer: B
asked 18/09/2024
Mike Werts
37 questions

Question 130

Report Export Collapse

The BEST way to justify the risk mitigation actions recommended in a risk assessment would be to:

align with audit results.
align with audit results.
benchmark with competitor s actions.
benchmark with competitor s actions.
reference best practice.
reference best practice.
focus on the business drivers
focus on the business drivers
Suggested answer: D
asked 18/09/2024
Nenad Celikovic
49 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?