ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 18

Add to Whishlist

List of questions

Question 171

Report Export Collapse

Which of the following is the BEST approach for determining whether a risk action plan is effective?

Comparing the remediation cost against budget
Comparing the remediation cost against budget
Assessing changes in residual risk
Assessing changes in residual risk
Assessing the inherent risk
Assessing the inherent risk
Monitoring changes of key performance indicators (KPIs)
Monitoring changes of key performance indicators (KPIs)
Suggested answer: B
asked 18/09/2024
Krishan Randitha
49 questions

Question 172

Report Export Collapse

Which of the following is the MOST effective way to integrate business risk management with IT operations?

Perform periodic IT control self-assessments.
Perform periodic IT control self-assessments.
Require a risk assessment with change requests.
Require a risk assessment with change requests.
Provide security awareness training.
Provide security awareness training.
Perform periodic risk assessments.
Perform periodic risk assessments.
Suggested answer: D
asked 18/09/2024
Gage Adams
40 questions

Question 173

Report Export Collapse

Which of the following should be the PRIMARY objective of a risk awareness training program?

To enable risk-based decision making
To enable risk-based decision making
To promote awareness of the risk governance function
To promote awareness of the risk governance function
To clarify fundamental risk management principles
To clarify fundamental risk management principles
To ensure sufficient resources are available
To ensure sufficient resources are available
Suggested answer: A
asked 18/09/2024
Victor Avila
38 questions

Question 174

Report Export Collapse

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?

Self-assessment questionnaires completed by management
Self-assessment questionnaires completed by management
Review of internal audit and third-party reports
Review of internal audit and third-party reports
Management review and sign-off on system documentation
Management review and sign-off on system documentation
First-hand direct observation of the controls in operation
First-hand direct observation of the controls in operation
Suggested answer: B
asked 18/09/2024
Jose Ortuondo Arambalza
51 questions

Question 175

Report Export Collapse

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?

Self-assessment questionnaires completed by management
Self-assessment questionnaires completed by management
Review of internal audit and third-party reports
Review of internal audit and third-party reports
Management review and sign-off on system documentation
Management review and sign-off on system documentation
First-hand direct observation of the controls in operation
First-hand direct observation of the controls in operation
Suggested answer: D
asked 18/09/2024
Francesco MARRELLA
40 questions

Question 176

Report Export Collapse

Who should be responsible for implementing and maintaining security controls?

End user
End user
Internal auditor
Internal auditor
Data owner
Data owner
Data custodian
Data custodian
Suggested answer: C
asked 18/09/2024
Sullivan Dabireau
45 questions

Question 177

Report Export Collapse

Which of the following is MOST important for a risk practitioner to update when a software upgrade renders an existing key control ineffective?

Audit engagement letter
Audit engagement letter
Risk profile
Risk profile
IT risk register
IT risk register
Change control documentation
Change control documentation
Suggested answer: C
asked 18/09/2024
Rio Ordonez
59 questions

Question 178

Report Export Collapse

When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

that result in a full root cause analysis.
that result in a full root cause analysis.
used for verification within the SLA.
used for verification within the SLA.
that are verified as actual incidents.
that are verified as actual incidents.
resolved within the SLA.
resolved within the SLA.
Suggested answer: C
asked 18/09/2024
Mitchell Mansfield
34 questions

Question 179

Report Export Collapse

An organization is measuring the effectiveness of its change management program to reduce the number of unplanned production changes. Which of the following would be the BEST metric to determine if the program is performing as expected?

Decrease in the time to move changes to production
Decrease in the time to move changes to production
Ratio of emergency fixes to total changes
Ratio of emergency fixes to total changes
Ratio of system changes to total changes
Ratio of system changes to total changes
Decrease in number of changes without a fallback plan
Decrease in number of changes without a fallback plan
Suggested answer: B
asked 18/09/2024
Samy Mameri
32 questions

Question 180

Report Export Collapse

Which of The following is the MOST relevant information to include in a risk management strategy?

Quantified risk triggers
Quantified risk triggers
Cost of controls
Cost of controls
Regulatory requirements
Regulatory requirements
Organizational goals
Organizational goals
Suggested answer: D
asked 18/09/2024
Andrew ROUSE
50 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?