ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 147

Add to Whishlist

List of questions

Question 1461

Report Export Collapse

When a risk practitioner is building a key risk indicator (KRI) from aggregated data, it is CRITICAL that the data is derived from:

Become a Premium Member for full access
  Unlock Premium Member

Question 1462

Report Export Collapse

Which of the following techniques is MOST helpful when quantifying the potential loss impact of cyber risk?

Become a Premium Member for full access
  Unlock Premium Member

Question 1463

Report Export Collapse

Which of the following is the MOST important key performance indicator (KPI) for monitoring the user access management process?

Become a Premium Member for full access
  Unlock Premium Member

Question 1464

Report Export Collapse

Which of the following is the MOST useful information for prioritizing risk mitigation?

Become a Premium Member for full access
  Unlock Premium Member

Question 1465

Report Export Collapse

A key performance indicator (KPI) shows that a process is operating inefficiently, even though no control issues were noted during the most recent risk assessment. Which of the following should be done FIRST?

Become a Premium Member for full access
  Unlock Premium Member

Question 1466

Report Export Collapse

Senior management has requested more information regarding the risk associated with introducing a new application into the environment. Which of the following should be done FIRST?

Become a Premium Member for full access
  Unlock Premium Member

Question 1467

Report Export Collapse

An organization's board of directors is concerned about recent data breaches in the news and wants to assess its exposure to similar scenarios. Which of the following is the BEST course of action?

Become a Premium Member for full access
  Unlock Premium Member

Question 1468

Report Export Collapse

Which of the following is the MOST reliable validation of a new control?

Become a Premium Member for full access
  Unlock Premium Member

Question 1469

Report Export Collapse

Which of the following would BEST indicate to senior management that IT processes are improving?

Become a Premium Member for full access
  Unlock Premium Member

Question 1470

Report Export Collapse

A penetration testing team discovered an ineffectively designed access control. Who is responsible for ensuring the control design gap is remediated?

Become a Premium Member for full access
  Unlock Premium Member
Total 1.573 questions
Go to page: of 158
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?