ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 22

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 211

Report
Export
Collapse

The BEST way to demonstrate alignment of the risk profile with business objectives is through:

A.
risk scenarios.
A.
risk scenarios.
Answers
B.
risk tolerance.
B.
risk tolerance.
Answers
C.
risk policy.
C.
risk policy.
Answers
D.
risk appetite.
D.
risk appetite.
Answers
Suggested answer: B

Question 212

Report
Export
Collapse

The PRIMARY basis for selecting a security control is:

A.
to achieve the desired level of maturity.
A.
to achieve the desired level of maturity.
Answers
B.
the materiality of the risk.
B.
the materiality of the risk.
Answers
C.
the ability to mitigate risk.
C.
the ability to mitigate risk.
Answers
D.
the cost of the control.
D.
the cost of the control.
Answers
Suggested answer: C

Question 213

Report
Export
Collapse

Which of the following BEST helps to balance the costs and benefits of managing IT risk?

A.
Prioritizing risk responses
A.
Prioritizing risk responses
Answers
B.
Evaluating risk based on frequency and probability
B.
Evaluating risk based on frequency and probability
Answers
C.
Considering risk factors that can be quantified
C.
Considering risk factors that can be quantified
Answers
D.
Managing the risk by using controls
D.
Managing the risk by using controls
Answers
Suggested answer: A

Question 214

Report
Export
Collapse

Which of the following should management consider when selecting a risk mitigation option?

A.
Maturity of the enterprise architecture
A.
Maturity of the enterprise architecture
Answers
B.
Cost of control implementation
B.
Cost of control implementation
Answers
C.
Reliability of key performance indicators (KPIs)
C.
Reliability of key performance indicators (KPIs)
Answers
D.
Reliability of key risk indicators (KPIs)
D.
Reliability of key risk indicators (KPIs)
Answers
Suggested answer: B

Question 215

Report
Export
Collapse

Which of the following methods would BEST contribute to identifying obscure risk scenarios?

A.
Brainstorming sessions
A.
Brainstorming sessions
Answers
B.
Control self-assessments
B.
Control self-assessments
Answers
C.
Vulnerability analysis
C.
Vulnerability analysis
Answers
D.
Monte Carlo analysis
D.
Monte Carlo analysis
Answers
Suggested answer: A

Question 216

Report
Export
Collapse

Which of the following is the BEST measure of the effectiveness of an employee deprovisioning process?

A.
Number of days taken to remove access after staff separation dates
A.
Number of days taken to remove access after staff separation dates
Answers
B.
Number of days taken for IT to remove access after receipt of HR instructions
B.
Number of days taken for IT to remove access after receipt of HR instructions
Answers
C.
Number of termination requests processed per reporting period
C.
Number of termination requests processed per reporting period
Answers
D.
Number of days taken for HR to provide instructions to IT after staff separation dates
D.
Number of days taken for HR to provide instructions to IT after staff separation dates
Answers
Suggested answer: A

Question 217

Report
Export
Collapse

Which of the following is the PRIMARY reason to update a risk register with risk assessment results?

A.
To communicate the level and priority of assessed risk to management
A.
To communicate the level and priority of assessed risk to management
Answers
B.
To provide a comprehensive inventory of risk across the organization
B.
To provide a comprehensive inventory of risk across the organization
Answers
C.
To assign a risk owner to manage the risk
C.
To assign a risk owner to manage the risk
Answers
D.
To enable the creation of action plans to address nsk
D.
To enable the creation of action plans to address nsk
Answers
Suggested answer: A

Question 218

Report
Export
Collapse

The PRIMARY reason for establishing various Threshold levels for a set of key risk indicators (KRIs) is to:

A.
highlight trends of developing risk.
A.
highlight trends of developing risk.
Answers
B.
ensure accurate and reliable monitoring.
B.
ensure accurate and reliable monitoring.
Answers
C.
take appropriate actions in a timely manner.
C.
take appropriate actions in a timely manner.
Answers
D.
set different triggers for each stakeholder.
D.
set different triggers for each stakeholder.
Answers
Suggested answer: B

Question 219

Report
Export
Collapse

The risk associated with data loss from a website which contains sensitive customer information is BEST owned by:

A.
the third-party website manager
A.
the third-party website manager
Answers
B.
the business process owner
B.
the business process owner
Answers
C.
IT security
C.
IT security
Answers
D.
the compliance manager
D.
the compliance manager
Answers
Suggested answer: B

Question 220

Report
Export
Collapse

The MOST significant benefit of using a consistent risk ranking methodology across an organization is that it enables:

A.
allocation of available resources
A.
allocation of available resources
Answers
B.
clear understanding of risk levels
B.
clear understanding of risk levels
Answers
C.
assignment of risk to the appropriate owners
C.
assignment of risk to the appropriate owners
Answers
D.
risk to be expressed in quantifiable terms
D.
risk to be expressed in quantifiable terms
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms