ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 22

Add to Whishlist

List of questions

Question 211

Report Export Collapse

The BEST way to demonstrate alignment of the risk profile with business objectives is through:

risk scenarios.
risk scenarios.
risk tolerance.
risk tolerance.
risk policy.
risk policy.
risk appetite.
risk appetite.
Suggested answer: B
asked 18/09/2024
Rannie Dayapan
46 questions

Question 212

Report Export Collapse

The PRIMARY basis for selecting a security control is:

to achieve the desired level of maturity.
to achieve the desired level of maturity.
the materiality of the risk.
the materiality of the risk.
the ability to mitigate risk.
the ability to mitigate risk.
the cost of the control.
the cost of the control.
Suggested answer: C
asked 18/09/2024
Aurelio Chavez
53 questions

Question 213

Report Export Collapse

Which of the following BEST helps to balance the costs and benefits of managing IT risk?

Prioritizing risk responses
Prioritizing risk responses
Evaluating risk based on frequency and probability
Evaluating risk based on frequency and probability
Considering risk factors that can be quantified
Considering risk factors that can be quantified
Managing the risk by using controls
Managing the risk by using controls
Suggested answer: A
asked 18/09/2024
Federico Miliacca
41 questions

Question 214

Report Export Collapse

Which of the following should management consider when selecting a risk mitigation option?

Maturity of the enterprise architecture
Maturity of the enterprise architecture
Cost of control implementation
Cost of control implementation
Reliability of key performance indicators (KPIs)
Reliability of key performance indicators (KPIs)
Reliability of key risk indicators (KPIs)
Reliability of key risk indicators (KPIs)
Suggested answer: B
asked 18/09/2024
Khang Nguyen An
35 questions

Question 215

Report Export Collapse

Which of the following methods would BEST contribute to identifying obscure risk scenarios?

Brainstorming sessions
Brainstorming sessions
Control self-assessments
Control self-assessments
Vulnerability analysis
Vulnerability analysis
Monte Carlo analysis
Monte Carlo analysis
Suggested answer: A
asked 18/09/2024
cesar ganguie
48 questions

Question 216

Report Export Collapse

Which of the following is the BEST measure of the effectiveness of an employee deprovisioning process?

Number of days taken to remove access after staff separation dates
Number of days taken to remove access after staff separation dates
Number of days taken for IT to remove access after receipt of HR instructions
Number of days taken for IT to remove access after receipt of HR instructions
Number of termination requests processed per reporting period
Number of termination requests processed per reporting period
Number of days taken for HR to provide instructions to IT after staff separation dates
Number of days taken for HR to provide instructions to IT after staff separation dates
Suggested answer: A
asked 18/09/2024
Roger Warner
40 questions

Question 217

Report Export Collapse

Which of the following is the PRIMARY reason to update a risk register with risk assessment results?

To communicate the level and priority of assessed risk to management
To communicate the level and priority of assessed risk to management
To provide a comprehensive inventory of risk across the organization
To provide a comprehensive inventory of risk across the organization
To assign a risk owner to manage the risk
To assign a risk owner to manage the risk
To enable the creation of action plans to address nsk
To enable the creation of action plans to address nsk
Suggested answer: A
asked 18/09/2024
Robert Calderon
39 questions

Question 218

Report Export Collapse

The PRIMARY reason for establishing various Threshold levels for a set of key risk indicators (KRIs) is to:

highlight trends of developing risk.
highlight trends of developing risk.
ensure accurate and reliable monitoring.
ensure accurate and reliable monitoring.
take appropriate actions in a timely manner.
take appropriate actions in a timely manner.
set different triggers for each stakeholder.
set different triggers for each stakeholder.
Suggested answer: B
asked 18/09/2024
loveneel kataria
35 questions

Question 219

Report Export Collapse

The risk associated with data loss from a website which contains sensitive customer information is BEST owned by:

the third-party website manager
the third-party website manager
the business process owner
the business process owner
IT security
IT security
the compliance manager
the compliance manager
Suggested answer: B
asked 18/09/2024
Lin Joel
30 questions

Question 220

Report Export Collapse

The MOST significant benefit of using a consistent risk ranking methodology across an organization is that it enables:

allocation of available resources
allocation of available resources
clear understanding of risk levels
clear understanding of risk levels
assignment of risk to the appropriate owners
assignment of risk to the appropriate owners
risk to be expressed in quantifiable terms
risk to be expressed in quantifiable terms
Suggested answer: B
asked 18/09/2024
Nomandla Asiya
42 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?