ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 139

Add to Whishlist

List of questions

Question 1381

Report Export Collapse

Which of the following provides the BEST evidence that risk responses are effective?

Become a Premium Member for full access
  Unlock Premium Member

Question 1382

Report Export Collapse

An organization has an internal control that requires all access for employees be removed within 15 days of their termination date. Which of the following should the risk practitioner use to monitor adherence to the 15-day threshold?

Become a Premium Member for full access
  Unlock Premium Member

Question 1383

Report Export Collapse

Which of the following is the BEST indication that key risk indicators (KRIs) should be revised?

Become a Premium Member for full access
  Unlock Premium Member

Question 1384

Report Export Collapse

Which of the following is the MOST useful information an organization can obtain from external sources about emerging threats?

Become a Premium Member for full access
  Unlock Premium Member

Question 1385

Report Export Collapse

After conducting a risk assessment for regulatory compliance, an organization has identified only one possible mitigating control. The cost of the control has been determined to be higher than the penalty of noncompliance. Which of the following would be the risk practitioner's BEST recommendation?

Become a Premium Member for full access
  Unlock Premium Member

Question 1386

Report Export Collapse

Which of the following is the BEST approach when a risk treatment plan cannot be completed on time?

Become a Premium Member for full access
  Unlock Premium Member

Question 1387

Report Export Collapse

Which of the following should be done FIRST when a new risk scenario has been identified

Become a Premium Member for full access
  Unlock Premium Member

Question 1388

Report Export Collapse

Which of the following activities is a responsibility of the second line of defense?

Become a Premium Member for full access
  Unlock Premium Member

Question 1389

Report Export Collapse

Which of the following is MOST important requirement to include in a Software as a Service (SaaS) vendor contract to ensure data is protected?

Become a Premium Member for full access
  Unlock Premium Member

Question 1390

Report Export Collapse

Which of the following offers the SIMPLEST overview of changes in an organization's risk profile?

Become a Premium Member for full access
  Unlock Premium Member
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?