ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 2

Add to Whishlist

List of questions

Question 11

Report Export Collapse

An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application. Which of the following should be the NEXT course of action?

Invoke the disaster recovery plan during an incident.
Invoke the disaster recovery plan during an incident.
Prepare a cost-benefit analysis of alternatives available
Prepare a cost-benefit analysis of alternatives available
Implement redundant infrastructure for the application.
Implement redundant infrastructure for the application.
Reduce the recovery time by strengthening the response team.
Reduce the recovery time by strengthening the response team.
Suggested answer: B
asked 18/09/2024
Chan Man Wong
48 questions

Question 12

Report Export Collapse

Which of the following is the MAIN reason to continuously monitor IT-related risk?

To redefine the risk appetite and risk tolerance levels based on changes in risk factors
To redefine the risk appetite and risk tolerance levels based on changes in risk factors
To update the risk register to reflect changes in levels of identified and new IT-related risk
To update the risk register to reflect changes in levels of identified and new IT-related risk
To ensure risk levels are within acceptable limits of the organization's risk appetite and risk tolerance
To ensure risk levels are within acceptable limits of the organization's risk appetite and risk tolerance
To help identify root causes of incidents and recommend suitable long-term solutions
To help identify root causes of incidents and recommend suitable long-term solutions
Suggested answer: C
asked 18/09/2024
Ayanda Zwane
38 questions

Question 13

Report Export Collapse

An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:

reduce the risk to an acceptable level.
reduce the risk to an acceptable level.
Most voted
(1)
Most voted
communicate the consequences for violations.
communicate the consequences for violations.
implement industry best practices.
implement industry best practices.
reduce the organization's risk appetite
reduce the organization's risk appetite
Suggested answer: B
asked 18/09/2024
Phanel Xavier
49 questions

Question 14

Report Export Collapse

Which of the following is the MOST important factor affecting risk management in an organization?

The risk manager's expertise
The risk manager's expertise
Regulatory requirements
Regulatory requirements
Board of directors' expertise
Board of directors' expertise
The organization's culture
The organization's culture
Suggested answer: D
asked 18/09/2024
Paul Walker
45 questions

Question 15

Report Export Collapse

Which of the following is the MOST important consideration when sharing risk management updates with executive management?

Using an aggregated view of organizational risk
Using an aggregated view of organizational risk
Ensuring relevance to organizational goals
Ensuring relevance to organizational goals
Relying on key risk indicator (KRI) data Including
Relying on key risk indicator (KRI) data Including
Trend analysis of risk metrics
Trend analysis of risk metrics
Suggested answer: B
asked 18/09/2024
Radoslaw Gajewski
40 questions

Question 16

Report Export Collapse

A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

Implement a tool to create and distribute violation reports
Implement a tool to create and distribute violation reports
Raise awareness of encryption requirements for sensitive data.
Raise awareness of encryption requirements for sensitive data.
Block unencrypted outgoing emails which contain sensitive data.
Block unencrypted outgoing emails which contain sensitive data.
Implement a progressive disciplinary process for email violations.
Implement a progressive disciplinary process for email violations.
Suggested answer: C
asked 18/09/2024
Ramon Pasay
44 questions

Question 17

Report Export Collapse

Risk management strategies are PRIMARILY adopted to:

take necessary precautions for claims and losses.
take necessary precautions for claims and losses.
achieve acceptable residual risk levels.
achieve acceptable residual risk levels.
avoid risk for business and IT assets.
avoid risk for business and IT assets.
achieve compliance with legal requirements.
achieve compliance with legal requirements.
Suggested answer: B
asked 18/09/2024
Kwame Kankam-Boadu
36 questions

Question 18

Report Export Collapse

Which of the following would be MOST helpful when estimating the likelihood of negative events?

Business impact analysis
Business impact analysis
Threat analysis
Threat analysis
Risk response analysis
Risk response analysis
Cost-benefit analysis
Cost-benefit analysis
Suggested answer: B
asked 18/09/2024
Grégory CALIX
41 questions

Question 19

Report Export Collapse

Which of the following would be considered a vulnerability?

Delayed removal of employee access
Delayed removal of employee access
Authorized administrative access to HR files
Authorized administrative access to HR files
Corruption of files due to malware
Corruption of files due to malware
Server downtime due to a denial of service (DoS) attack
Server downtime due to a denial of service (DoS) attack
Suggested answer: A
asked 18/09/2024
Muneer Deers
49 questions

Question 20

Report Export Collapse

Establishing and organizational code of conduct is an example of which type of control?

Preventive
Preventive
Directive
Directive
Detective
Detective
Compensating
Compensating
Suggested answer: B
asked 18/09/2024
Gianmarco Salvaticchio
32 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?