ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 20

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 191

Report
Export
Collapse

Which of the following should be a risk practitioner's MOST important consideration when developing IT risk scenarios?

A.
The impact of controls on the efficiency of the business in delivering services
A.
The impact of controls on the efficiency of the business in delivering services
Answers
B.
Linkage of identified risk scenarios with enterprise risk management
B.
Linkage of identified risk scenarios with enterprise risk management
Answers
C.
Potential threats and vulnerabilities that may have an impact on the business
C.
Potential threats and vulnerabilities that may have an impact on the business
Answers
D.
Results of network vulnerability scanning and penetration testing
D.
Results of network vulnerability scanning and penetration testing
Answers
Suggested answer: C

Question 192

Report
Export
Collapse

A bank has outsourced its statement printing function to an external service provider. Which of the following is the MOST critical requirement to include in the contract?

A.
Monitoring of service costs
A.
Monitoring of service costs
Answers
B.
Provision of internal audit reports
B.
Provision of internal audit reports
Answers
C.
Notification of sub-contracting arrangements
C.
Notification of sub-contracting arrangements
Answers
D.
Confidentiality of customer data
D.
Confidentiality of customer data
Answers
Suggested answer: D

Question 193

Report
Export
Collapse

The PRIMARY objective of The board of directors periodically reviewing the risk profile is to help ensure:

A.
the risk strategy is appropriate
A.
the risk strategy is appropriate
Answers
B.
KRIs and KPIs are aligned
B.
KRIs and KPIs are aligned
Answers
C.
performance of controls is adequate
C.
performance of controls is adequate
Answers
D.
the risk monitoring process has been established
D.
the risk monitoring process has been established
Answers
Suggested answer: A

Question 194

Report
Export
Collapse

A risk practitioner notices that a particular key risk indicator (KRI) has remained below its established trigger point for an extended period of time. Which of the following should be done FIRST?

A.
Recommend a re-evaluation of the current threshold of the KRI.
A.
Recommend a re-evaluation of the current threshold of the KRI.
Answers
B.
Notify management that KRIs are being effectively managed.
B.
Notify management that KRIs are being effectively managed.
Answers
C.
Update the risk rating associated with the KRI In the risk register.
C.
Update the risk rating associated with the KRI In the risk register.
Answers
D.
Update the risk tolerance and risk appetite to better align to the KRI.
D.
Update the risk tolerance and risk appetite to better align to the KRI.
Answers
Suggested answer: A

Question 195

Report
Export
Collapse

Which of the following is the MOST important consideration when performing a risk assessment of a fire suppression system within a data center?

A.
Insurance coverage
A.
Insurance coverage
Answers
B.
Onsite replacement availability
B.
Onsite replacement availability
Answers
C.
Maintenance procedures
C.
Maintenance procedures
Answers
D.
Installation manuals
D.
Installation manuals
Answers
Suggested answer: C

Question 196

Report
Export
Collapse

Deviation from a mitigation action plan's completion date should be determined by which of the following?

A.
Change management as determined by a change control board
A.
Change management as determined by a change control board
Answers
B.
Benchmarking analysis with similar completed projects
B.
Benchmarking analysis with similar completed projects
Answers
C.
Project governance criteria as determined by the project office
C.
Project governance criteria as determined by the project office
Answers
D.
The risk owner as determined by risk management processes
D.
The risk owner as determined by risk management processes
Answers
Suggested answer: D

Question 197

Report
Export
Collapse

Which of the following is the PRIMARY reason for an organization to ensure the risk register is updated regularly?

A.
Risk assessment results are accessible to senior management and stakeholders.
A.
Risk assessment results are accessible to senior management and stakeholders.
Answers
B.
Risk mitigation activities are managed and coordinated.
B.
Risk mitigation activities are managed and coordinated.
Answers
C.
Key risk indicators (KRIs) are evaluated to validate they are still within the risk threshold.
C.
Key risk indicators (KRIs) are evaluated to validate they are still within the risk threshold.
Answers
D.
Risk information is available to enable risk-based decisions.
D.
Risk information is available to enable risk-based decisions.
Answers
Suggested answer: D

Question 198

Report
Export
Collapse

Which of The following would offer the MOST insight with regard to an organization's risk culture?

A.
Risk management procedures
A.
Risk management procedures
Answers
B.
Senior management interviews
B.
Senior management interviews
Answers
C.
Benchmark analyses
C.
Benchmark analyses
Answers
D.
Risk management framework
D.
Risk management framework
Answers
Suggested answer: B

Question 199

Report
Export
Collapse

Which of the following could BEST detect an in-house developer inserting malicious functions into a web-based application?

A.
Segregation of duties
A.
Segregation of duties
Answers
B.
Code review
B.
Code review
Answers
C.
Change management
C.
Change management
Answers
D.
Audit modules
D.
Audit modules
Answers
Suggested answer: B

Question 200

Report
Export
Collapse

Which of the following is the MOST effective way to help ensure an organization's current risk scenarios are relevant?

A.
Adoption of industry best practices
A.
Adoption of industry best practices
Answers
B.
Involvement of stakeholders in risk assessment
B.
Involvement of stakeholders in risk assessment
Answers
C.
Review of risk scenarios by independent parties
C.
Review of risk scenarios by independent parties
Answers
D.
Documentation of potential risk in business cases
D.
Documentation of potential risk in business cases
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms