ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 18

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 171

Report
Export
Collapse

Which of the following is the BEST approach for determining whether a risk action plan is effective?

A.
Comparing the remediation cost against budget
A.
Comparing the remediation cost against budget
Answers
B.
Assessing changes in residual risk
B.
Assessing changes in residual risk
Answers
C.
Assessing the inherent risk
C.
Assessing the inherent risk
Answers
D.
Monitoring changes of key performance indicators (KPIs)
D.
Monitoring changes of key performance indicators (KPIs)
Answers
Suggested answer: B

Question 172

Report
Export
Collapse

Which of the following is the MOST effective way to integrate business risk management with IT operations?

A.
Perform periodic IT control self-assessments.
A.
Perform periodic IT control self-assessments.
Answers
B.
Require a risk assessment with change requests.
B.
Require a risk assessment with change requests.
Answers
C.
Provide security awareness training.
C.
Provide security awareness training.
Answers
D.
Perform periodic risk assessments.
D.
Perform periodic risk assessments.
Answers
Suggested answer: D

Question 173

Report
Export
Collapse

Which of the following should be the PRIMARY objective of a risk awareness training program?

A.
To enable risk-based decision making
A.
To enable risk-based decision making
Answers
B.
To promote awareness of the risk governance function
B.
To promote awareness of the risk governance function
Answers
C.
To clarify fundamental risk management principles
C.
To clarify fundamental risk management principles
Answers
D.
To ensure sufficient resources are available
D.
To ensure sufficient resources are available
Answers
Suggested answer: A

Question 174

Report
Export
Collapse

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?

A.
Self-assessment questionnaires completed by management
A.
Self-assessment questionnaires completed by management
Answers
B.
Review of internal audit and third-party reports
B.
Review of internal audit and third-party reports
Answers
C.
Management review and sign-off on system documentation
C.
Management review and sign-off on system documentation
Answers
D.
First-hand direct observation of the controls in operation
D.
First-hand direct observation of the controls in operation
Answers
Suggested answer: B

Question 175

Report
Export
Collapse

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?

A.
Self-assessment questionnaires completed by management
A.
Self-assessment questionnaires completed by management
Answers
B.
Review of internal audit and third-party reports
B.
Review of internal audit and third-party reports
Answers
C.
Management review and sign-off on system documentation
C.
Management review and sign-off on system documentation
Answers
D.
First-hand direct observation of the controls in operation
D.
First-hand direct observation of the controls in operation
Answers
Suggested answer: D

Question 176

Report
Export
Collapse

Who should be responsible for implementing and maintaining security controls?

A.
End user
A.
End user
Answers
B.
Internal auditor
B.
Internal auditor
Answers
C.
Data owner
C.
Data owner
Answers
D.
Data custodian
D.
Data custodian
Answers
Suggested answer: C

Question 177

Report
Export
Collapse

Which of the following is MOST important for a risk practitioner to update when a software upgrade renders an existing key control ineffective?

A.
Audit engagement letter
A.
Audit engagement letter
Answers
B.
Risk profile
B.
Risk profile
Answers
C.
IT risk register
C.
IT risk register
Answers
D.
Change control documentation
D.
Change control documentation
Answers
Suggested answer: C

Question 178

Report
Export
Collapse

When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

A.
that result in a full root cause analysis.
A.
that result in a full root cause analysis.
Answers
B.
used for verification within the SLA.
B.
used for verification within the SLA.
Answers
C.
that are verified as actual incidents.
C.
that are verified as actual incidents.
Answers
D.
resolved within the SLA.
D.
resolved within the SLA.
Answers
Suggested answer: C

Question 179

Report
Export
Collapse

An organization is measuring the effectiveness of its change management program to reduce the number of unplanned production changes. Which of the following would be the BEST metric to determine if the program is performing as expected?

A.
Decrease in the time to move changes to production
A.
Decrease in the time to move changes to production
Answers
B.
Ratio of emergency fixes to total changes
B.
Ratio of emergency fixes to total changes
Answers
C.
Ratio of system changes to total changes
C.
Ratio of system changes to total changes
Answers
D.
Decrease in number of changes without a fallback plan
D.
Decrease in number of changes without a fallback plan
Answers
Suggested answer: B

Question 180

Report
Export
Collapse

Which of The following is the MOST relevant information to include in a risk management strategy?

A.
Quantified risk triggers
A.
Quantified risk triggers
Answers
B.
Cost of controls
B.
Cost of controls
Answers
C.
Regulatory requirements
C.
Regulatory requirements
Answers
D.
Organizational goals
D.
Organizational goals
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms