ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 21

Add to Whishlist

List of questions

Question 201

Report Export Collapse

When updating a risk register with the results of an IT risk assessment, the risk practitioner should log:

high impact scenarios.
high impact scenarios.
high likelihood scenarios.
high likelihood scenarios.
treated risk scenarios.
treated risk scenarios.
known risk scenarios.
known risk scenarios.
Suggested answer: D
asked 18/09/2024
Maryna Zarytska
38 questions

Question 202

Report Export Collapse

Which of the following observations would be GREATEST concern to a risk practitioner reviewing the implementation status of management action plans?

Management has not determined a final implementation date.
Management has not determined a final implementation date.
Management has not completed an early mitigation milestone.
Management has not completed an early mitigation milestone.
Management has not secured resources for mitigation activities.
Management has not secured resources for mitigation activities.
Management has not begun the implementation.
Management has not begun the implementation.
Suggested answer: C
asked 18/09/2024
Damir M
42 questions

Question 203

Report Export Collapse

Which of the following would BEST enable mitigation of newly identified risk factors related to internet of Things (loT)?

Introducing control procedures early in the life cycle
Introducing control procedures early in the life cycle
Implementing loT device software monitoring
Implementing loT device software monitoring
Performing periodic risk assessments of loT
Performing periodic risk assessments of loT
Performing secure code reviews
Performing secure code reviews
Suggested answer: A
asked 18/09/2024
Ramakrishnan Subramanian
39 questions

Question 204

Report Export Collapse

Which of the following would be a weakness in procedures for controlling the migration of changes to production libraries?

The programming project leader solely reviews test results before approving the transfer to production.
The programming project leader solely reviews test results before approving the transfer to production.
Test and production programs are in distinct libraries.
Test and production programs are in distinct libraries.
Only operations personnel are authorized to access production libraries.
Only operations personnel are authorized to access production libraries.
A synchronized migration of executable and source code from the test environment to the production environment is allowed.
A synchronized migration of executable and source code from the test environment to the production environment is allowed.
Suggested answer: A
asked 18/09/2024
Ragul Ponniah
46 questions

Question 205

Report Export Collapse

During the initial risk identification process for a business application, it is MOST important to include which of the following stakeholders?

Business process owners
Business process owners
Business process consumers
Business process consumers
Application architecture team
Application architecture team
Internal audit
Internal audit
Suggested answer: A
asked 18/09/2024
istvan Balla
45 questions

Question 206

Report Export Collapse

The PRIMARY purpose of using control metrics is to evaluate the:

amount of risk reduced by compensating controls.
amount of risk reduced by compensating controls.
amount of risk present in the organization.
amount of risk present in the organization.
variance against objectives.
variance against objectives.
number of incidents.
number of incidents.
Suggested answer: C
asked 18/09/2024
Sushil Karki
48 questions

Question 207

Report Export Collapse

Risk aggregation in a complex organization will be MOST successful when:

using the same scales in assessing risk
using the same scales in assessing risk
utilizing industry benchmarks
utilizing industry benchmarks
using reliable qualitative data for risk Hems
using reliable qualitative data for risk Hems
including primarily low level risk factors
including primarily low level risk factors
Suggested answer: A
asked 18/09/2024
Musoke Kamuzze
34 questions

Question 208

Report Export Collapse

An organization is considering modifying its system to enable acceptance of credit card payments. To reduce the risk of data exposure, which of the following should the organization do FIRST?

Conduct a risk assessment.
Conduct a risk assessment.
Update the security strategy.
Update the security strategy.
Implement additional controls.
Implement additional controls.
Update the risk register.
Update the risk register.
Suggested answer: A
asked 18/09/2024
Janko Schutte
36 questions

Question 209

Report Export Collapse

Which of the following provides The BEST information when determining whether to accept residual risk of a critical system to be implemented?

Single loss expectancy (SLE)
Single loss expectancy (SLE)
Cost of the information system
Cost of the information system
Availability of additional compensating controls
Availability of additional compensating controls
Potential business impacts are within acceptable levels
Potential business impacts are within acceptable levels
Suggested answer: D
asked 18/09/2024
Anthony Zaborski
54 questions

Question 210

Report Export Collapse

The risk associated with inadvertent disclosure of database records from a public cloud service provider (CSP) would MOST effectively be reduced by:

encrypting the data
encrypting the data
including a nondisclosure clause in the CSP contract
including a nondisclosure clause in the CSP contract
assessing the data classification scheme
assessing the data classification scheme
reviewing CSP access privileges
reviewing CSP access privileges
Suggested answer: A
asked 18/09/2024
Oliver Buss
31 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?