ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 19

Add to Whishlist

List of questions

Question 181

Report Export Collapse

Which of the following is MOST helpful in identifying gaps between the current and desired state of the IT risk environment?

Analyzing risk appetite and tolerance levels
Analyzing risk appetite and tolerance levels
Assessing identified risk and recording results in the risk register
Assessing identified risk and recording results in the risk register
Evaluating risk scenarios and assessing current controls
Evaluating risk scenarios and assessing current controls
Reviewing guidance from industry best practices and standards
Reviewing guidance from industry best practices and standards
Suggested answer: C
asked 18/09/2024
Hector Moreno
48 questions

Question 182

Report Export Collapse

A control owner responsible for the access management process has developed a machine learning model to automatically identify excessive access privileges. What is the risk practitioner's BEST course of action?

Review the design of the machine learning model against control objectives.
Review the design of the machine learning model against control objectives.
Adopt the machine learning model as a replacement for current manual access reviews.
Adopt the machine learning model as a replacement for current manual access reviews.
Ensure the model assists in meeting regulatory requirements for access controls.
Ensure the model assists in meeting regulatory requirements for access controls.
Discourage the use of emerging technologies in key processes.
Discourage the use of emerging technologies in key processes.
Suggested answer: A
asked 18/09/2024
Zachary Janssen
41 questions

Question 183

Report Export Collapse

The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

ensure policy and regulatory compliance.
ensure policy and regulatory compliance.
assess the proliferation of new threats.
assess the proliferation of new threats.
verify Internet firewall control settings.
verify Internet firewall control settings.
identify vulnerabilities in the system.
identify vulnerabilities in the system.
Suggested answer: C
asked 18/09/2024
Mitesh Solanki
50 questions

Question 184

Report Export Collapse

A control owner has completed a year-long project To strengthen existing controls. It is MOST important for the risk practitioner to:

update the risk register to reflect the correct level of residual risk.
update the risk register to reflect the correct level of residual risk.
ensure risk monitoring for the project is initiated.
ensure risk monitoring for the project is initiated.
conduct and document a business impact analysis (BIA).
conduct and document a business impact analysis (BIA).
verify cost-benefit of the new controls being implemented.
verify cost-benefit of the new controls being implemented.
Suggested answer: A
asked 18/09/2024
Karoy Bandi
41 questions

Question 185

Report Export Collapse

A large organization is replacing its enterprise resource planning (ERP) system and has decided not to deploy the payroll module of the new system. Instead, the current payroll system will continue to be used. Of the following, who should own the risk if the ERP and payroll system fail to operate as expected?

The business owner
The business owner
The ERP administrator
The ERP administrator
The project steering committee
The project steering committee
The IT project manager
The IT project manager
Suggested answer: A
asked 18/09/2024
Curl Pushover
28 questions

Question 186

Report Export Collapse

Which of the following is MOST important to review when determining whether a potential IT service provider's control environment is effective?

Independent audit report
Independent audit report
Control self-assessment
Control self-assessment
MOST important to update when an
MOST important to update when an
Service level agreements (SLAs)
Service level agreements (SLAs)
Suggested answer: A
asked 18/09/2024
Storage Junk
53 questions

Question 187

Report Export Collapse

Which of the following provides the MOST helpful information in identifying risk in an organization?

Risk registers
Risk registers
Risk analysis
Risk analysis
Risk scenarios
Risk scenarios
Risk responses
Risk responses
Suggested answer: C
asked 18/09/2024
Monique Canham
41 questions

Question 188

Report Export Collapse

Which stakeholders are PRIMARILY responsible for determining enterprise IT risk appetite?

Audit and compliance management
Audit and compliance management
The chief information officer (CIO) and the chief financial officer (CFO)
The chief information officer (CIO) and the chief financial officer (CFO)
Enterprise risk management and business process owners
Enterprise risk management and business process owners
Executive management and the board of directors
Executive management and the board of directors
Suggested answer: D
asked 18/09/2024
Kathie Herod
42 questions

Question 189

Report Export Collapse

Which of The following will BEST communicate the importance of risk mitigation initiatives to senior management?

Business case
Business case
Balanced scorecard
Balanced scorecard
Industry standards
Industry standards
Heat map
Heat map
Suggested answer: A
asked 18/09/2024
Tural Pashayev
34 questions

Question 190

Report Export Collapse

An organization has outsourced its backup and recovery procedures to a third-party cloud provider. Which of the following is the risk practitioner s BEST course of action?

Accept the risk and document contingency plans for data disruption.
Accept the risk and document contingency plans for data disruption.
Remove the associated risk scenario from the risk register due to avoidance.
Remove the associated risk scenario from the risk register due to avoidance.
Mitigate the risk with compensating controls enforced by the third-party cloud provider.
Mitigate the risk with compensating controls enforced by the third-party cloud provider.
Validate the transfer of risk and update the register to reflect the change.
Validate the transfer of risk and update the register to reflect the change.
Suggested answer: C
asked 18/09/2024
Randhir Singh
43 questions
Total 1.573 questions
Go to page: of 158
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?