ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 17

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
Which of the following will BEST support management repotting on risk?

Question 161

Report
Export
Collapse

The PRIMARY reason a risk practitioner would be interested in an internal audit report is to:

A.
plan awareness programs for business managers.
A.
plan awareness programs for business managers.
Answers
B.
evaluate maturity of the risk management process.
B.
evaluate maturity of the risk management process.
Answers
C.
assist in the development of a risk profile.
C.
assist in the development of a risk profile.
Answers
D.
maintain a risk register based on noncompliances.
D.
maintain a risk register based on noncompliances.
Answers
Suggested answer: C

Question 162

Report
Export
Collapse

A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?

A.
invoke the established incident response plan.
A.
invoke the established incident response plan.
Answers
B.
Inform internal audit.
B.
Inform internal audit.
Answers
C.
Perform a root cause analysis
C.
Perform a root cause analysis
Answers
D.
Conduct an immediate risk assessment
D.
Conduct an immediate risk assessment
Answers
Suggested answer: A

Question 163

Report
Export
Collapse

Which of the following is the MOST effective key performance indicator (KPI) for change management?

A.
Percentage of changes with a fallback plan
A.
Percentage of changes with a fallback plan
Answers
B.
Number of changes implemented
B.
Number of changes implemented
Answers
C.
Percentage of successful changes
C.
Percentage of successful changes
Answers
D.
Average time required to implement a change
D.
Average time required to implement a change
Answers
Suggested answer: C

Question 164

Report
Export
Collapse

An effective control environment is BEST indicated by controls that:

A.
minimize senior management's risk tolerance.
A.
minimize senior management's risk tolerance.
Answers
B.
manage risk within the organization's risk appetite.
B.
manage risk within the organization's risk appetite.
Answers
C.
reduce the thresholds of key risk indicators (KRIs).
C.
reduce the thresholds of key risk indicators (KRIs).
Answers
D.
are cost-effective to implement
D.
are cost-effective to implement
Answers
Suggested answer: B

Question 165

Report
Export
Collapse

Which of the following is the BEST way to validate the results of a vulnerability assessment?

A.
Perform a penetration test.
A.
Perform a penetration test.
Answers
B.
Review security logs.
B.
Review security logs.
Answers
C.
Conduct a threat analysis.
C.
Conduct a threat analysis.
Answers
D.
Perform a root cause analysis.
D.
Perform a root cause analysis.
Answers
Suggested answer: A

Question 166

Report
Export
Collapse

Which of the following BEST provides an early warning that network access of terminated employees is not being revoked in accordance with the service level agreement (SLA)?

A.
Updating multi-factor authentication
A.
Updating multi-factor authentication
Answers
B.
Monitoring key access control performance indicators
B.
Monitoring key access control performance indicators
Answers
C.
Analyzing access control logs for suspicious activity
C.
Analyzing access control logs for suspicious activity
Answers
D.
Revising the service level agreement (SLA)
D.
Revising the service level agreement (SLA)
Answers
Suggested answer: B

Question 167

Report
Export
Collapse

A risk assessment has identified that an organization may not be in compliance with industry regulations. The BEST course of action would be to:

A.
conduct a gap analysis against compliance criteria.
A.
conduct a gap analysis against compliance criteria.
Answers
B.
identify necessary controls to ensure compliance.
B.
identify necessary controls to ensure compliance.
Answers
C.
modify internal assurance activities to include control validation.
C.
modify internal assurance activities to include control validation.
Answers
D.
collaborate with management to meet compliance requirements.
D.
collaborate with management to meet compliance requirements.
Answers
Suggested answer: A

Explanation:

Topic 2, Exam Pool B

Question 168

Report
Export
Collapse

Which of the following criteria is MOST important when developing a response to an attack that would compromise data?

A.
The recovery time objective (RTO)
A.
The recovery time objective (RTO)
Answers
B.
The likelihood of a recurring attack
B.
The likelihood of a recurring attack
Answers
C.
The organization's risk tolerance
C.
The organization's risk tolerance
Answers
D.
The business significance of the information
D.
The business significance of the information
Answers
Suggested answer: D

Question 169

Report
Export
Collapse

Which of the following will BEST help an organization select a recovery strategy for critical systems?

A.
Review the business impact analysis.
A.
Review the business impact analysis.
Answers
B.
Create a business continuity plan.
B.
Create a business continuity plan.
Answers
C.
Analyze previous disaster recovery reports.
C.
Analyze previous disaster recovery reports.
Answers
D.
Conduct a root cause analysis.
D.
Conduct a root cause analysis.
Answers
Suggested answer: A

Question 170

Report
Export
Collapse

A monthly payment report is generated from the enterprise resource planning (ERP) software to validate data against the old and new payroll systems. What is the BEST way to mitigate the risk associated with data integrity loss in the new payroll system after data migration?

A.
Compare new system reports with functional requirements.
A.
Compare new system reports with functional requirements.
Answers
B.
Compare encrypted data with checksums.
B.
Compare encrypted data with checksums.
Answers
C.
Compare results of user acceptance testing (UAT) with the testing criteria.
C.
Compare results of user acceptance testing (UAT) with the testing criteria.
Answers
D.
Compare processing output from both systems using the previous month's data.
D.
Compare processing output from both systems using the previous month's data.
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms