ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following will BEST support management repotting on risk?

Question 131

Report
Export
Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

A.
The number of security incidents escalated to senior management
A.
The number of security incidents escalated to senior management
Answers
B.
The number of resolved security incidents
B.
The number of resolved security incidents
Answers
C.
The number of newly identified security incidents
C.
The number of newly identified security incidents
Answers
D.
The number of recurring security incidents
D.
The number of recurring security incidents
Answers
Suggested answer: C

Question 132

Report
Export
Collapse

Which of the following is MOST important when developing key performance indicators (KPIs)?

A.
Alignment to risk responses
A.
Alignment to risk responses
Answers
B.
Alignment to management reports
B.
Alignment to management reports
Answers
C.
Alerts when risk thresholds are reached
C.
Alerts when risk thresholds are reached
Answers
D.
Identification of trends
D.
Identification of trends
Answers
Suggested answer: C

Question 133

Report
Export
Collapse

Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

A.
Login attempts are reconciled to a list of terminated employees.
A.
Login attempts are reconciled to a list of terminated employees.
Answers
B.
A list of terminated employees is generated for reconciliation against current IT access.
B.
A list of terminated employees is generated for reconciliation against current IT access.
Answers
C.
A process to remove employee access during the exit interview is implemented.
C.
A process to remove employee access during the exit interview is implemented.
Answers
D.
The human resources (HR) system automatically revokes system access.
D.
The human resources (HR) system automatically revokes system access.
Answers
Suggested answer: D

Question 134

Report
Export
Collapse

Which of the following is the BEST way to determine the ongoing efficiency of control processes?

A.
Perform annual risk assessments.
A.
Perform annual risk assessments.
Answers
B.
Interview process owners.
B.
Interview process owners.
Answers
C.
Review the risk register.
C.
Review the risk register.
Answers
D.
Analyze key performance indicators (KPIs).
D.
Analyze key performance indicators (KPIs).
Answers
Suggested answer: D

Question 135

Report
Export
Collapse

IT management has asked for a consolidated view into the organization's risk profile to enable project prioritization and resource allocation. Which of the following materials would be MOST helpful?

A.
IT risk register
A.
IT risk register
Answers
B.
List of key risk indicators
B.
List of key risk indicators
Answers
C.
Internal audit reports
C.
Internal audit reports
Answers
D.
List of approved projects
D.
List of approved projects
Answers
Suggested answer: A

Question 136

Report
Export
Collapse

Which of the following is the BEST indication of an improved risk-aware culture following the implementation of a security awareness training program for all employees?

A.
A reduction in the number of help desk calls
A.
A reduction in the number of help desk calls
Answers
B.
An increase in the number of identified system flaws
B.
An increase in the number of identified system flaws
Answers
C.
A reduction in the number of user access resets
C.
A reduction in the number of user access resets
Answers
D.
An increase in the number of incidents reported
D.
An increase in the number of incidents reported
Answers
Suggested answer: B

Question 137

Report
Export
Collapse

After undertaking a risk assessment of a production system, the MOST appropriate action is for the risk manager to:

A.
recommend a program that minimizes the concerns of that production system.
A.
recommend a program that minimizes the concerns of that production system.
Answers
B.
inform the development team of the concerns, and together formulate risk reduction measures.
B.
inform the development team of the concerns, and together formulate risk reduction measures.
Answers
C.
inform the process owner of the concerns and propose measures to reduce them
C.
inform the process owner of the concerns and propose measures to reduce them
Answers
D.
inform the IT manager of the concerns and propose measures to reduce them.
D.
inform the IT manager of the concerns and propose measures to reduce them.
Answers
Suggested answer: A

Question 138

Report
Export
Collapse

Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?

A.
Changes in control design
A.
Changes in control design
Answers
B.
A decrease in the number of key controls
B.
A decrease in the number of key controls
Answers
C.
Changes in control ownership
C.
Changes in control ownership
Answers
D.
An increase in residual risk
D.
An increase in residual risk
Answers
Suggested answer: D

Question 139

Report
Export
Collapse

Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?

A.
Corporate incident escalation protocols are established.
A.
Corporate incident escalation protocols are established.
Answers
B.
Exposure is integrated into the organization's risk profile.
B.
Exposure is integrated into the organization's risk profile.
Answers
C.
Risk appetite cascades to business unit management
C.
Risk appetite cascades to business unit management
Answers
D.
The organization-wide control budget is expanded.
D.
The organization-wide control budget is expanded.
Answers
Suggested answer: B

Question 140

Report
Export
Collapse

Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?

A.
Maintain and review the classified data inventor.
A.
Maintain and review the classified data inventor.
Answers
B.
Implement mandatory encryption on data
B.
Implement mandatory encryption on data
Answers
C.
Conduct an awareness program for data owners and users.
C.
Conduct an awareness program for data owners and users.
Answers
D.
Define and implement a data classification policy
D.
Define and implement a data classification policy
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms