ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 17

Add to Whishlist

List of questions

Question 161

Report Export Collapse

The PRIMARY reason a risk practitioner would be interested in an internal audit report is to:

plan awareness programs for business managers.
plan awareness programs for business managers.
evaluate maturity of the risk management process.
evaluate maturity of the risk management process.
assist in the development of a risk profile.
assist in the development of a risk profile.
maintain a risk register based on noncompliances.
maintain a risk register based on noncompliances.
Suggested answer: C
asked 18/09/2024
Sairam Emmidishetti
43 questions

Question 162

Report Export Collapse

A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?

invoke the established incident response plan.
invoke the established incident response plan.
Inform internal audit.
Inform internal audit.
Perform a root cause analysis
Perform a root cause analysis
Conduct an immediate risk assessment
Conduct an immediate risk assessment
Suggested answer: A
asked 18/09/2024
Calvin Bolico
35 questions

Question 163

Report Export Collapse

Which of the following is the MOST effective key performance indicator (KPI) for change management?

Percentage of changes with a fallback plan
Percentage of changes with a fallback plan
Number of changes implemented
Number of changes implemented
Percentage of successful changes
Percentage of successful changes
Average time required to implement a change
Average time required to implement a change
Suggested answer: C
asked 18/09/2024
Colin Ng
51 questions

Question 164

Report Export Collapse

An effective control environment is BEST indicated by controls that:

minimize senior management's risk tolerance.
minimize senior management's risk tolerance.
manage risk within the organization's risk appetite.
manage risk within the organization's risk appetite.
reduce the thresholds of key risk indicators (KRIs).
reduce the thresholds of key risk indicators (KRIs).
are cost-effective to implement
are cost-effective to implement
Suggested answer: B
asked 18/09/2024
Marcel Janssen
40 questions

Question 165

Report Export Collapse

Which of the following is the BEST way to validate the results of a vulnerability assessment?

Perform a penetration test.
Perform a penetration test.
Review security logs.
Review security logs.
Conduct a threat analysis.
Conduct a threat analysis.
Perform a root cause analysis.
Perform a root cause analysis.
Suggested answer: A
asked 18/09/2024
Sathiyaraj Arulprakasam
53 questions

Question 166

Report Export Collapse

Which of the following BEST provides an early warning that network access of terminated employees is not being revoked in accordance with the service level agreement (SLA)?

Updating multi-factor authentication
Updating multi-factor authentication
Monitoring key access control performance indicators
Monitoring key access control performance indicators
Analyzing access control logs for suspicious activity
Analyzing access control logs for suspicious activity
Revising the service level agreement (SLA)
Revising the service level agreement (SLA)
Suggested answer: B
asked 18/09/2024
Zuzana Combs
30 questions

Question 167

Report Export Collapse

A risk assessment has identified that an organization may not be in compliance with industry regulations. The BEST course of action would be to:

conduct a gap analysis against compliance criteria.
conduct a gap analysis against compliance criteria.
identify necessary controls to ensure compliance.
identify necessary controls to ensure compliance.
modify internal assurance activities to include control validation.
modify internal assurance activities to include control validation.
collaborate with management to meet compliance requirements.
collaborate with management to meet compliance requirements.
Suggested answer: A
Explanation:

Topic 2, Exam Pool B

asked 18/09/2024
Reginald Curtis Jr
40 questions

Question 168

Report Export Collapse

Which of the following criteria is MOST important when developing a response to an attack that would compromise data?

The recovery time objective (RTO)
The recovery time objective (RTO)
The likelihood of a recurring attack
The likelihood of a recurring attack
The organization's risk tolerance
The organization's risk tolerance
The business significance of the information
The business significance of the information
Suggested answer: D
asked 18/09/2024
Michael Amann
43 questions

Question 169

Report Export Collapse

Which of the following will BEST help an organization select a recovery strategy for critical systems?

Review the business impact analysis.
Review the business impact analysis.
Create a business continuity plan.
Create a business continuity plan.
Analyze previous disaster recovery reports.
Analyze previous disaster recovery reports.
Conduct a root cause analysis.
Conduct a root cause analysis.
Suggested answer: A
asked 18/09/2024
Maurice Nicholson
34 questions

Question 170

Report Export Collapse

A monthly payment report is generated from the enterprise resource planning (ERP) software to validate data against the old and new payroll systems. What is the BEST way to mitigate the risk associated with data integrity loss in the new payroll system after data migration?

Compare new system reports with functional requirements.
Compare new system reports with functional requirements.
Compare encrypted data with checksums.
Compare encrypted data with checksums.
Compare results of user acceptance testing (UAT) with the testing criteria.
Compare results of user acceptance testing (UAT) with the testing criteria.
Compare processing output from both systems using the previous month's data.
Compare processing output from both systems using the previous month's data.
Suggested answer: D
asked 18/09/2024
FOTIS FOURLIAS
48 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?