ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 14

Add to Whishlist

List of questions

Question 131

Report Export Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

The number of security incidents escalated to senior management
The number of security incidents escalated to senior management
The number of resolved security incidents
The number of resolved security incidents
The number of newly identified security incidents
The number of newly identified security incidents
The number of recurring security incidents
The number of recurring security incidents
Suggested answer: C
asked 18/09/2024
Allen J Tyson
37 questions

Question 132

Report Export Collapse

Which of the following is MOST important when developing key performance indicators (KPIs)?

Alignment to risk responses
Alignment to risk responses
Alignment to management reports
Alignment to management reports
Alerts when risk thresholds are reached
Alerts when risk thresholds are reached
Identification of trends
Identification of trends
Suggested answer: C
asked 18/09/2024
Jonathan Correa
49 questions

Question 133

Report Export Collapse

Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

Login attempts are reconciled to a list of terminated employees.
Login attempts are reconciled to a list of terminated employees.
A list of terminated employees is generated for reconciliation against current IT access.
A list of terminated employees is generated for reconciliation against current IT access.
A process to remove employee access during the exit interview is implemented.
A process to remove employee access during the exit interview is implemented.
The human resources (HR) system automatically revokes system access.
The human resources (HR) system automatically revokes system access.
Suggested answer: D
asked 18/09/2024
rita whitfield
39 questions

Question 134

Report Export Collapse

Which of the following is the BEST way to determine the ongoing efficiency of control processes?

Perform annual risk assessments.
Perform annual risk assessments.
Interview process owners.
Interview process owners.
Review the risk register.
Review the risk register.
Analyze key performance indicators (KPIs).
Analyze key performance indicators (KPIs).
Suggested answer: D
asked 18/09/2024
TRONG KY
54 questions

Question 135

Report Export Collapse

IT management has asked for a consolidated view into the organization's risk profile to enable project prioritization and resource allocation. Which of the following materials would be MOST helpful?

IT risk register
IT risk register
List of key risk indicators
List of key risk indicators
Internal audit reports
Internal audit reports
List of approved projects
List of approved projects
Suggested answer: A
asked 18/09/2024
Fai Malali
41 questions

Question 136

Report Export Collapse

Which of the following is the BEST indication of an improved risk-aware culture following the implementation of a security awareness training program for all employees?

A reduction in the number of help desk calls
A reduction in the number of help desk calls
An increase in the number of identified system flaws
An increase in the number of identified system flaws
A reduction in the number of user access resets
A reduction in the number of user access resets
An increase in the number of incidents reported
An increase in the number of incidents reported
Suggested answer: B
asked 18/09/2024
José Gonçalves
36 questions

Question 137

Report Export Collapse

After undertaking a risk assessment of a production system, the MOST appropriate action is for the risk manager to:

recommend a program that minimizes the concerns of that production system.
recommend a program that minimizes the concerns of that production system.
inform the development team of the concerns, and together formulate risk reduction measures.
inform the development team of the concerns, and together formulate risk reduction measures.
inform the process owner of the concerns and propose measures to reduce them
inform the process owner of the concerns and propose measures to reduce them
inform the IT manager of the concerns and propose measures to reduce them.
inform the IT manager of the concerns and propose measures to reduce them.
Suggested answer: A
asked 18/09/2024
Alice Smith
49 questions

Question 138

Report Export Collapse

Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?

Changes in control design
Changes in control design
A decrease in the number of key controls
A decrease in the number of key controls
Changes in control ownership
Changes in control ownership
An increase in residual risk
An increase in residual risk
Suggested answer: D
asked 18/09/2024
Kwame Kankam-Boadu
36 questions

Question 139

Report Export Collapse

Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?

Corporate incident escalation protocols are established.
Corporate incident escalation protocols are established.
Exposure is integrated into the organization's risk profile.
Exposure is integrated into the organization's risk profile.
Risk appetite cascades to business unit management
Risk appetite cascades to business unit management
The organization-wide control budget is expanded.
The organization-wide control budget is expanded.
Suggested answer: B
asked 18/09/2024
Nichal Maharaj
49 questions

Question 140

Report Export Collapse

Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?

Maintain and review the classified data inventor.
Maintain and review the classified data inventor.
Implement mandatory encryption on data
Implement mandatory encryption on data
Conduct an awareness program for data owners and users.
Conduct an awareness program for data owners and users.
Define and implement a data classification policy
Define and implement a data classification policy
Suggested answer: D
asked 18/09/2024
YASSIR EL GHAZY
64 questions
Total 1.573 questions
Go to page: of 158
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?