ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 11

Report
Export
Collapse

An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application. Which of the following should be the NEXT course of action?

A.
Invoke the disaster recovery plan during an incident.
A.
Invoke the disaster recovery plan during an incident.
Answers
B.
Prepare a cost-benefit analysis of alternatives available
B.
Prepare a cost-benefit analysis of alternatives available
Answers
C.
Implement redundant infrastructure for the application.
C.
Implement redundant infrastructure for the application.
Answers
D.
Reduce the recovery time by strengthening the response team.
D.
Reduce the recovery time by strengthening the response team.
Answers
Suggested answer: B

Question 12

Report
Export
Collapse

Which of the following is the MAIN reason to continuously monitor IT-related risk?

A.
To redefine the risk appetite and risk tolerance levels based on changes in risk factors
A.
To redefine the risk appetite and risk tolerance levels based on changes in risk factors
Answers
B.
To update the risk register to reflect changes in levels of identified and new IT-related risk
B.
To update the risk register to reflect changes in levels of identified and new IT-related risk
Answers
C.
To ensure risk levels are within acceptable limits of the organization's risk appetite and risk tolerance
C.
To ensure risk levels are within acceptable limits of the organization's risk appetite and risk tolerance
Answers
D.
To help identify root causes of incidents and recommend suitable long-term solutions
D.
To help identify root causes of incidents and recommend suitable long-term solutions
Answers
Suggested answer: C

Question 13

Report
Export
Collapse

An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:

A.
reduce the risk to an acceptable level.
A.
reduce the risk to an acceptable level.
Answers
B.
communicate the consequences for violations.
B.
communicate the consequences for violations.
Answers
C.
implement industry best practices.
C.
implement industry best practices.
Answers
D.
reduce the organization's risk appetite
D.
reduce the organization's risk appetite
Answers
Suggested answer: B

Question 14

Report
Export
Collapse

Which of the following is the MOST important factor affecting risk management in an organization?

A.
The risk manager's expertise
A.
The risk manager's expertise
Answers
B.
Regulatory requirements
B.
Regulatory requirements
Answers
C.
Board of directors' expertise
C.
Board of directors' expertise
Answers
D.
The organization's culture
D.
The organization's culture
Answers
Suggested answer: D

Question 15

Report
Export
Collapse

Which of the following is the MOST important consideration when sharing risk management updates with executive management?

A.
Using an aggregated view of organizational risk
A.
Using an aggregated view of organizational risk
Answers
B.
Ensuring relevance to organizational goals
B.
Ensuring relevance to organizational goals
Answers
C.
Relying on key risk indicator (KRI) data Including
C.
Relying on key risk indicator (KRI) data Including
Answers
D.
Trend analysis of risk metrics
D.
Trend analysis of risk metrics
Answers
Suggested answer: B

Question 16

Report
Export
Collapse

A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

A.
Implement a tool to create and distribute violation reports
A.
Implement a tool to create and distribute violation reports
Answers
B.
Raise awareness of encryption requirements for sensitive data.
B.
Raise awareness of encryption requirements for sensitive data.
Answers
C.
Block unencrypted outgoing emails which contain sensitive data.
C.
Block unencrypted outgoing emails which contain sensitive data.
Answers
D.
Implement a progressive disciplinary process for email violations.
D.
Implement a progressive disciplinary process for email violations.
Answers
Suggested answer: C

Question 17

Report
Export
Collapse

Risk management strategies are PRIMARILY adopted to:

A.
take necessary precautions for claims and losses.
A.
take necessary precautions for claims and losses.
Answers
B.
achieve acceptable residual risk levels.
B.
achieve acceptable residual risk levels.
Answers
C.
avoid risk for business and IT assets.
C.
avoid risk for business and IT assets.
Answers
D.
achieve compliance with legal requirements.
D.
achieve compliance with legal requirements.
Answers
Suggested answer: B

Question 18

Report
Export
Collapse

Which of the following would be MOST helpful when estimating the likelihood of negative events?

A.
Business impact analysis
A.
Business impact analysis
Answers
B.
Threat analysis
B.
Threat analysis
Answers
C.
Risk response analysis
C.
Risk response analysis
Answers
D.
Cost-benefit analysis
D.
Cost-benefit analysis
Answers
Suggested answer: B

Question 19

Report
Export
Collapse

Which of the following would be considered a vulnerability?

A.
Delayed removal of employee access
A.
Delayed removal of employee access
Answers
B.
Authorized administrative access to HR files
B.
Authorized administrative access to HR files
Answers
C.
Corruption of files due to malware
C.
Corruption of files due to malware
Answers
D.
Server downtime due to a denial of service (DoS) attack
D.
Server downtime due to a denial of service (DoS) attack
Answers
Suggested answer: A

Question 20

Report
Export
Collapse

Establishing and organizational code of conduct is an example of which type of control?

A.
Preventive
A.
Preventive
Answers
B.
Directive
B.
Directive
Answers
C.
Detective
C.
Detective
Answers
D.
Compensating
D.
Compensating
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms