ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 181

Report
Export
Collapse

Which of the following is MOST helpful in identifying gaps between the current and desired state of the IT risk environment?

A.
Analyzing risk appetite and tolerance levels
A.
Analyzing risk appetite and tolerance levels
Answers
B.
Assessing identified risk and recording results in the risk register
B.
Assessing identified risk and recording results in the risk register
Answers
C.
Evaluating risk scenarios and assessing current controls
C.
Evaluating risk scenarios and assessing current controls
Answers
D.
Reviewing guidance from industry best practices and standards
D.
Reviewing guidance from industry best practices and standards
Answers
Suggested answer: C

Question 182

Report
Export
Collapse

A control owner responsible for the access management process has developed a machine learning model to automatically identify excessive access privileges. What is the risk practitioner's BEST course of action?

A.
Review the design of the machine learning model against control objectives.
A.
Review the design of the machine learning model against control objectives.
Answers
B.
Adopt the machine learning model as a replacement for current manual access reviews.
B.
Adopt the machine learning model as a replacement for current manual access reviews.
Answers
C.
Ensure the model assists in meeting regulatory requirements for access controls.
C.
Ensure the model assists in meeting regulatory requirements for access controls.
Answers
D.
Discourage the use of emerging technologies in key processes.
D.
Discourage the use of emerging technologies in key processes.
Answers
Suggested answer: A

Question 183

Report
Export
Collapse

The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

A.
ensure policy and regulatory compliance.
A.
ensure policy and regulatory compliance.
Answers
B.
assess the proliferation of new threats.
B.
assess the proliferation of new threats.
Answers
C.
verify Internet firewall control settings.
C.
verify Internet firewall control settings.
Answers
D.
identify vulnerabilities in the system.
D.
identify vulnerabilities in the system.
Answers
Suggested answer: C

Question 184

Report
Export
Collapse

A control owner has completed a year-long project To strengthen existing controls. It is MOST important for the risk practitioner to:

A.
update the risk register to reflect the correct level of residual risk.
A.
update the risk register to reflect the correct level of residual risk.
Answers
B.
ensure risk monitoring for the project is initiated.
B.
ensure risk monitoring for the project is initiated.
Answers
C.
conduct and document a business impact analysis (BIA).
C.
conduct and document a business impact analysis (BIA).
Answers
D.
verify cost-benefit of the new controls being implemented.
D.
verify cost-benefit of the new controls being implemented.
Answers
Suggested answer: A

Question 185

Report
Export
Collapse

A large organization is replacing its enterprise resource planning (ERP) system and has decided not to deploy the payroll module of the new system. Instead, the current payroll system will continue to be used. Of the following, who should own the risk if the ERP and payroll system fail to operate as expected?

A.
The business owner
A.
The business owner
Answers
B.
The ERP administrator
B.
The ERP administrator
Answers
C.
The project steering committee
C.
The project steering committee
Answers
D.
The IT project manager
D.
The IT project manager
Answers
Suggested answer: A

Question 186

Report
Export
Collapse

Which of the following is MOST important to review when determining whether a potential IT service provider's control environment is effective?

A.
Independent audit report
A.
Independent audit report
Answers
B.
Control self-assessment
B.
Control self-assessment
Answers
C.
MOST important to update when an
C.
MOST important to update when an
Answers
D.
Service level agreements (SLAs)
D.
Service level agreements (SLAs)
Answers
Suggested answer: A

Question 187

Report
Export
Collapse

Which of the following provides the MOST helpful information in identifying risk in an organization?

A.
Risk registers
A.
Risk registers
Answers
B.
Risk analysis
B.
Risk analysis
Answers
C.
Risk scenarios
C.
Risk scenarios
Answers
D.
Risk responses
D.
Risk responses
Answers
Suggested answer: C

Question 188

Report
Export
Collapse

Which stakeholders are PRIMARILY responsible for determining enterprise IT risk appetite?

A.
Audit and compliance management
A.
Audit and compliance management
Answers
B.
The chief information officer (CIO) and the chief financial officer (CFO)
B.
The chief information officer (CIO) and the chief financial officer (CFO)
Answers
C.
Enterprise risk management and business process owners
C.
Enterprise risk management and business process owners
Answers
D.
Executive management and the board of directors
D.
Executive management and the board of directors
Answers
Suggested answer: D

Question 189

Report
Export
Collapse

Which of The following will BEST communicate the importance of risk mitigation initiatives to senior management?

A.
Business case
A.
Business case
Answers
B.
Balanced scorecard
B.
Balanced scorecard
Answers
C.
Industry standards
C.
Industry standards
Answers
D.
Heat map
D.
Heat map
Answers
Suggested answer: A

Question 190

Report
Export
Collapse

An organization has outsourced its backup and recovery procedures to a third-party cloud provider. Which of the following is the risk practitioner s BEST course of action?

A.
Accept the risk and document contingency plans for data disruption.
A.
Accept the risk and document contingency plans for data disruption.
Answers
B.
Remove the associated risk scenario from the risk register due to avoidance.
B.
Remove the associated risk scenario from the risk register due to avoidance.
Answers
C.
Mitigate the risk with compensating controls enforced by the third-party cloud provider.
C.
Mitigate the risk with compensating controls enforced by the third-party cloud provider.
Answers
D.
Validate the transfer of risk and update the register to reflect the change.
D.
Validate the transfer of risk and update the register to reflect the change.
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms