ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 15

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following will BEST support management repotting on risk?

Question 141

Report
Export
Collapse

An unauthorized individual has socially engineered entry into an organization's secured physical premises. Which of the following is the BEST way to prevent future occurrences?

A.
Employ security guards.
A.
Employ security guards.
Answers
B.
Conduct security awareness training.
B.
Conduct security awareness training.
Answers
C.
Install security cameras.
C.
Install security cameras.
Answers
D.
Require security access badges.
D.
Require security access badges.
Answers
Suggested answer: B

Question 142

Report
Export
Collapse

The MOST effective way to increase the likelihood that risk responses will be implemented is to:

A.
create an action plan
A.
create an action plan
Answers
B.
assign ownership
B.
assign ownership
Answers
C.
review progress reports
C.
review progress reports
Answers
D.
perform regular audits.
D.
perform regular audits.
Answers
Suggested answer: B

Question 143

Report
Export
Collapse

Which of the following would be MOST useful when measuring the progress of a risk response action plan?

A.
Percentage of mitigated risk scenarios
A.
Percentage of mitigated risk scenarios
Answers
B.
Annual loss expectancy (ALE) changes
B.
Annual loss expectancy (ALE) changes
Answers
C.
Resource expenditure against budget
C.
Resource expenditure against budget
Answers
D.
An up-to-date risk register
D.
An up-to-date risk register
Answers
Suggested answer: D

Question 144

Report
Export
Collapse

Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?

A.
Continuous monitoring
A.
Continuous monitoring
Answers
B.
A control self-assessment
B.
A control self-assessment
Answers
C.
Transaction logging
C.
Transaction logging
Answers
D.
Benchmarking against peers
D.
Benchmarking against peers
Answers
Suggested answer: A

Question 145

Report
Export
Collapse

Which of the following is the MOST cost-effective way to test a business continuity plan?

A.
Conduct interviews with key stakeholders.
A.
Conduct interviews with key stakeholders.
Answers
B.
Conduct a tabletop exercise.
B.
Conduct a tabletop exercise.
Answers
C.
Conduct a disaster recovery exercise.
C.
Conduct a disaster recovery exercise.
Answers
D.
Conduct a full functional exercise.
D.
Conduct a full functional exercise.
Answers
Suggested answer: B

Question 146

Report
Export
Collapse

Which of the following is the PRIMARY reason for a risk practitioner to use global standards related to risk management?

A.
To build an organizational risk-aware culture
A.
To build an organizational risk-aware culture
Answers
B.
To continuously improve risk management processes
B.
To continuously improve risk management processes
Answers
C.
To comply with legal and regulatory requirements
C.
To comply with legal and regulatory requirements
Answers
D.
To identify gaps in risk management practices
D.
To identify gaps in risk management practices
Answers
Suggested answer: B

Question 147

Report
Export
Collapse

Which of the following is the FIRST step in managing the security risk associated with wearable technology in the workplace?

A.
Identify the potential risk.
A.
Identify the potential risk.
Answers
B.
Monitor employee usage.
B.
Monitor employee usage.
Answers
C.
Assess the potential risk.
C.
Assess the potential risk.
Answers
D.
Develop risk awareness training.
D.
Develop risk awareness training.
Answers
Suggested answer: A

Question 148

Report
Export
Collapse

A risk practitioner observes that hardware failure incidents have been increasing over the last few months. However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:

A.
a root cause analysis is required
A.
a root cause analysis is required
Answers
B.
controls are effective for ensuring continuity
B.
controls are effective for ensuring continuity
Answers
C.
hardware needs to be upgraded
C.
hardware needs to be upgraded
Answers
D.
no action is required as there was no impact
D.
no action is required as there was no impact
Answers
Suggested answer: A

Question 149

Report
Export
Collapse

Which of the following is MOST helpful in identifying new risk exposures due to changes in the business environment?

A.
Standard operating procedures
A.
Standard operating procedures
Answers
B.
SWOT analysis
B.
SWOT analysis
Answers
C.
Industry benchmarking
C.
Industry benchmarking
Answers
D.
Control gap analysis
D.
Control gap analysis
Answers
Suggested answer: B

Question 150

Report
Export
Collapse

Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

A.
Reviewing database access rights
A.
Reviewing database access rights
Answers
B.
Reviewing database activity logs
B.
Reviewing database activity logs
Answers
C.
Comparing data to input records
C.
Comparing data to input records
Answers
D.
Reviewing changes to edit checks
D.
Reviewing changes to edit checks
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms