ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 21

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 201

Report
Export
Collapse

When updating a risk register with the results of an IT risk assessment, the risk practitioner should log:

A.
high impact scenarios.
A.
high impact scenarios.
Answers
B.
high likelihood scenarios.
B.
high likelihood scenarios.
Answers
C.
treated risk scenarios.
C.
treated risk scenarios.
Answers
D.
known risk scenarios.
D.
known risk scenarios.
Answers
Suggested answer: D

Question 202

Report
Export
Collapse

Which of the following observations would be GREATEST concern to a risk practitioner reviewing the implementation status of management action plans?

A.
Management has not determined a final implementation date.
A.
Management has not determined a final implementation date.
Answers
B.
Management has not completed an early mitigation milestone.
B.
Management has not completed an early mitigation milestone.
Answers
C.
Management has not secured resources for mitigation activities.
C.
Management has not secured resources for mitigation activities.
Answers
D.
Management has not begun the implementation.
D.
Management has not begun the implementation.
Answers
Suggested answer: C

Question 203

Report
Export
Collapse

Which of the following would BEST enable mitigation of newly identified risk factors related to internet of Things (loT)?

A.
Introducing control procedures early in the life cycle
A.
Introducing control procedures early in the life cycle
Answers
B.
Implementing loT device software monitoring
B.
Implementing loT device software monitoring
Answers
C.
Performing periodic risk assessments of loT
C.
Performing periodic risk assessments of loT
Answers
D.
Performing secure code reviews
D.
Performing secure code reviews
Answers
Suggested answer: A

Question 204

Report
Export
Collapse

Which of the following would be a weakness in procedures for controlling the migration of changes to production libraries?

A.
The programming project leader solely reviews test results before approving the transfer to production.
A.
The programming project leader solely reviews test results before approving the transfer to production.
Answers
B.
Test and production programs are in distinct libraries.
B.
Test and production programs are in distinct libraries.
Answers
C.
Only operations personnel are authorized to access production libraries.
C.
Only operations personnel are authorized to access production libraries.
Answers
D.
A synchronized migration of executable and source code from the test environment to the production environment is allowed.
D.
A synchronized migration of executable and source code from the test environment to the production environment is allowed.
Answers
Suggested answer: A

Question 205

Report
Export
Collapse

During the initial risk identification process for a business application, it is MOST important to include which of the following stakeholders?

A.
Business process owners
A.
Business process owners
Answers
B.
Business process consumers
B.
Business process consumers
Answers
C.
Application architecture team
C.
Application architecture team
Answers
D.
Internal audit
D.
Internal audit
Answers
Suggested answer: A

Question 206

Report
Export
Collapse

The PRIMARY purpose of using control metrics is to evaluate the:

A.
amount of risk reduced by compensating controls.
A.
amount of risk reduced by compensating controls.
Answers
B.
amount of risk present in the organization.
B.
amount of risk present in the organization.
Answers
C.
variance against objectives.
C.
variance against objectives.
Answers
D.
number of incidents.
D.
number of incidents.
Answers
Suggested answer: C

Question 207

Report
Export
Collapse

Risk aggregation in a complex organization will be MOST successful when:

A.
using the same scales in assessing risk
A.
using the same scales in assessing risk
Answers
B.
utilizing industry benchmarks
B.
utilizing industry benchmarks
Answers
C.
using reliable qualitative data for risk Hems
C.
using reliable qualitative data for risk Hems
Answers
D.
including primarily low level risk factors
D.
including primarily low level risk factors
Answers
Suggested answer: A

Question 208

Report
Export
Collapse

An organization is considering modifying its system to enable acceptance of credit card payments. To reduce the risk of data exposure, which of the following should the organization do FIRST?

A.
Conduct a risk assessment.
A.
Conduct a risk assessment.
Answers
B.
Update the security strategy.
B.
Update the security strategy.
Answers
C.
Implement additional controls.
C.
Implement additional controls.
Answers
D.
Update the risk register.
D.
Update the risk register.
Answers
Suggested answer: A

Question 209

Report
Export
Collapse

Which of the following provides The BEST information when determining whether to accept residual risk of a critical system to be implemented?

A.
Single loss expectancy (SLE)
A.
Single loss expectancy (SLE)
Answers
B.
Cost of the information system
B.
Cost of the information system
Answers
C.
Availability of additional compensating controls
C.
Availability of additional compensating controls
Answers
D.
Potential business impacts are within acceptable levels
D.
Potential business impacts are within acceptable levels
Answers
Suggested answer: D

Question 210

Report
Export
Collapse

The risk associated with inadvertent disclosure of database records from a public cloud service provider (CSP) would MOST effectively be reduced by:

A.
encrypting the data
A.
encrypting the data
Answers
B.
including a nondisclosure clause in the CSP contract
B.
including a nondisclosure clause in the CSP contract
Answers
C.
assessing the data classification scheme
C.
assessing the data classification scheme
Answers
D.
reviewing CSP access privileges
D.
reviewing CSP access privileges
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms