ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 20

Add to Whishlist

List of questions

Question 191

Report Export Collapse

Which of the following should be a risk practitioner's MOST important consideration when developing IT risk scenarios?

The impact of controls on the efficiency of the business in delivering services
The impact of controls on the efficiency of the business in delivering services
Linkage of identified risk scenarios with enterprise risk management
Linkage of identified risk scenarios with enterprise risk management
Potential threats and vulnerabilities that may have an impact on the business
Potential threats and vulnerabilities that may have an impact on the business
Results of network vulnerability scanning and penetration testing
Results of network vulnerability scanning and penetration testing
Suggested answer: C
asked 18/09/2024
Carlo Hearne
48 questions

Question 192

Report Export Collapse

A bank has outsourced its statement printing function to an external service provider. Which of the following is the MOST critical requirement to include in the contract?

Monitoring of service costs
Monitoring of service costs
Provision of internal audit reports
Provision of internal audit reports
Notification of sub-contracting arrangements
Notification of sub-contracting arrangements
Confidentiality of customer data
Confidentiality of customer data
Suggested answer: D
asked 18/09/2024
Krishna Mody
39 questions

Question 193

Report Export Collapse

The PRIMARY objective of The board of directors periodically reviewing the risk profile is to help ensure:

the risk strategy is appropriate
the risk strategy is appropriate
KRIs and KPIs are aligned
KRIs and KPIs are aligned
performance of controls is adequate
performance of controls is adequate
the risk monitoring process has been established
the risk monitoring process has been established
Suggested answer: A
asked 18/09/2024
Tony Minjarez
47 questions

Question 194

Report Export Collapse

A risk practitioner notices that a particular key risk indicator (KRI) has remained below its established trigger point for an extended period of time. Which of the following should be done FIRST?

Recommend a re-evaluation of the current threshold of the KRI.
Recommend a re-evaluation of the current threshold of the KRI.
Notify management that KRIs are being effectively managed.
Notify management that KRIs are being effectively managed.
Update the risk rating associated with the KRI In the risk register.
Update the risk rating associated with the KRI In the risk register.
Update the risk tolerance and risk appetite to better align to the KRI.
Update the risk tolerance and risk appetite to better align to the KRI.
Suggested answer: A
asked 18/09/2024
Chris OMalley
31 questions

Question 195

Report Export Collapse

Which of the following is the MOST important consideration when performing a risk assessment of a fire suppression system within a data center?

Insurance coverage
Insurance coverage
Onsite replacement availability
Onsite replacement availability
Maintenance procedures
Maintenance procedures
Installation manuals
Installation manuals
Suggested answer: C
asked 18/09/2024
Nazarii Bybyk
38 questions

Question 196

Report Export Collapse

Deviation from a mitigation action plan's completion date should be determined by which of the following?

Change management as determined by a change control board
Change management as determined by a change control board
Benchmarking analysis with similar completed projects
Benchmarking analysis with similar completed projects
Project governance criteria as determined by the project office
Project governance criteria as determined by the project office
The risk owner as determined by risk management processes
The risk owner as determined by risk management processes
Suggested answer: D
asked 18/09/2024
Sam Patel
42 questions

Question 197

Report Export Collapse

Which of the following is the PRIMARY reason for an organization to ensure the risk register is updated regularly?

Risk assessment results are accessible to senior management and stakeholders.
Risk assessment results are accessible to senior management and stakeholders.
Risk mitigation activities are managed and coordinated.
Risk mitigation activities are managed and coordinated.
Key risk indicators (KRIs) are evaluated to validate they are still within the risk threshold.
Key risk indicators (KRIs) are evaluated to validate they are still within the risk threshold.
Risk information is available to enable risk-based decisions.
Risk information is available to enable risk-based decisions.
Suggested answer: D
asked 18/09/2024
Timothy Smith
43 questions

Question 198

Report Export Collapse

Which of The following would offer the MOST insight with regard to an organization's risk culture?

Risk management procedures
Risk management procedures
Senior management interviews
Senior management interviews
Benchmark analyses
Benchmark analyses
Risk management framework
Risk management framework
Suggested answer: B
asked 18/09/2024
Rodrigo Valencia
48 questions

Question 199

Report Export Collapse

Which of the following could BEST detect an in-house developer inserting malicious functions into a web-based application?

Segregation of duties
Segregation of duties
Code review
Code review
Change management
Change management
Audit modules
Audit modules
Suggested answer: B
asked 18/09/2024
Johnny Tien
57 questions

Question 200

Report Export Collapse

Which of the following is the MOST effective way to help ensure an organization's current risk scenarios are relevant?

Adoption of industry best practices
Adoption of industry best practices
Involvement of stakeholders in risk assessment
Involvement of stakeholders in risk assessment
Review of risk scenarios by independent parties
Review of risk scenarios by independent parties
Documentation of potential risk in business cases
Documentation of potential risk in business cases
Suggested answer: B
asked 18/09/2024
Rick Tellez
45 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?