ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 16

Add to Whishlist

List of questions

Question 151

Report Export Collapse

Which of the following is the MOST important data source for monitoring key risk indicators (KRIs)?

Directives from legal and regulatory authorities
Directives from legal and regulatory authorities
Audit reports from internal information systems audits
Audit reports from internal information systems audits
Automated logs collected from different systems
Automated logs collected from different systems
Trend analysis of external risk factors
Trend analysis of external risk factors
Suggested answer: C
asked 18/09/2024
Ronald Zegwaard
34 questions

Question 152

Report Export Collapse

When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?

Assess management's risk tolerance.
Assess management's risk tolerance.
Recommend management accept the low risk scenarios.
Recommend management accept the low risk scenarios.
Propose mitigating controls
Propose mitigating controls
Re-evaluate the risk scenarios associated with the control
Re-evaluate the risk scenarios associated with the control
Suggested answer: D
asked 18/09/2024
Ann Nacua
55 questions

Question 153

Report Export Collapse

An organization delegates its data processing to the internal IT team to manage information through its applications. Which of the following is the role of the internal IT team in this situation?

Data controllers
Data controllers
Data processors
Data processors
Data custodians
Data custodians
Data owners
Data owners
Suggested answer: B
asked 18/09/2024
Ian Schraier
42 questions

Question 154

Report Export Collapse

During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?

Describe IT risk scenarios in terms of business risk.
Describe IT risk scenarios in terms of business risk.
Recommend the formation of an executive risk council to oversee IT risk.
Recommend the formation of an executive risk council to oversee IT risk.
Provide an estimate of IT system downtime if IT risk materializes.
Provide an estimate of IT system downtime if IT risk materializes.
Educate business executives on IT risk concepts.
Educate business executives on IT risk concepts.
Suggested answer: A
asked 18/09/2024
saharat pinsaran
49 questions

Question 155

Report Export Collapse

A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Risk appetite statement
Risk appetite statement
Enterprise risk management framework
Enterprise risk management framework
Risk management policies
Risk management policies
Risk register
Risk register
Suggested answer: D
asked 18/09/2024
Russell James
45 questions

Question 156

Report Export Collapse

An organization is planning to engage a cloud-based service provider for some of its data-intensive business processes. Which of the following is MOST important to help define the IT risk associated with this outsourcing activity?

Service level agreement
Service level agreement
Customer service reviews
Customer service reviews
Scope of services provided
Scope of services provided
Right to audit the provider
Right to audit the provider
Suggested answer: D
asked 18/09/2024
Kiswendsida ZONGO
38 questions

Question 157

Report Export Collapse

An organization has determined a risk scenario is outside the defined risk tolerance level. What should be the NEXT course of action?

Develop a compensating control.
Develop a compensating control.
Allocate remediation resources.
Allocate remediation resources.
Perform a cost-benefit analysis.
Perform a cost-benefit analysis.
Identify risk responses
Identify risk responses
Suggested answer: D
asked 18/09/2024
Muhammad Hafizh
32 questions

Question 158

Report Export Collapse

During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?

Report the gap to senior management
Report the gap to senior management
Consult with the IT department to update the RTO
Consult with the IT department to update the RTO
Complete a risk exception form.
Complete a risk exception form.
Consult with the business owner to update the BCP
Consult with the business owner to update the BCP
Suggested answer: A
asked 18/09/2024
Piotr Jakubowski
39 questions

Question 159

Report Export Collapse

A risk practitioner is assisting with the preparation of a report on the organization s disaster recovery (DR) capabilities. Which information would have the MOST impact on the overall recovery profile?

The percentage of systems meeting recovery target times has increased.
The percentage of systems meeting recovery target times has increased.
The number of systems tested in the last year has increased.
The number of systems tested in the last year has increased.
The number of systems requiring a recovery plan has increased.
The number of systems requiring a recovery plan has increased.
The percentage of systems with long recovery target times has decreased.
The percentage of systems with long recovery target times has decreased.
Suggested answer: D
asked 18/09/2024
Ilias Akarkach
44 questions

Question 160

Report Export Collapse

Which of the following elements of a risk register is MOST likely to change as a result of change in management's risk appetite?

Key risk indicator (KRI) thresholds
Key risk indicator (KRI) thresholds
Inherent risk
Inherent risk
Risk likelihood and impact
Risk likelihood and impact
Risk velocity
Risk velocity
Suggested answer: A
asked 18/09/2024
Manuel Jong
45 questions
Total 1.573 questions
Go to page: of 158
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?