ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 23

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 221

Report
Export
Collapse

An organization has decided to implement an emerging technology and incorporate the new capabilities into its strategic business plan. Business operations for the technology will be outsourced. What will be the risk practitioner's PRIMARY role during the change?

A.
Managing third-party risk
A.
Managing third-party risk
Answers
B.
Developing risk scenarios
B.
Developing risk scenarios
Answers
C.
Managing the threat landscape
C.
Managing the threat landscape
Answers
D.
Updating risk appetite
D.
Updating risk appetite
Answers
Suggested answer: B

Question 222

Report
Export
Collapse

Who is PRIMARILY accountable for risk treatment decisions?

A.
Risk owner
A.
Risk owner
Answers
B.
Business manager
B.
Business manager
Answers
C.
Data owner
C.
Data owner
Answers
D.
Risk manager
D.
Risk manager
Answers
Suggested answer: A

Question 223

Report
Export
Collapse

Which of the following presents the GREATEST challenge for an IT risk practitioner who wants to report on trends in historical IT risk levels?

A.
Qualitative measures for potential loss events
A.
Qualitative measures for potential loss events
Answers
B.
Changes in owners for identified IT risk scenarios
B.
Changes in owners for identified IT risk scenarios
Answers
C.
Changes in methods used to calculate probability
C.
Changes in methods used to calculate probability
Answers
D.
Frequent use of risk acceptance as a treatment option
D.
Frequent use of risk acceptance as a treatment option
Answers
Suggested answer: A

Question 224

Report
Export
Collapse

When presenting risk, the BEST method to ensure that the risk is measurable against the organization's risk appetite is through the use of a:

A.
risk map
A.
risk map
Answers
B.
cause-and-effect diagram
B.
cause-and-effect diagram
Answers
C.
maturity model
C.
maturity model
Answers
D.
technology strategy plan.
D.
technology strategy plan.
Answers
Suggested answer: C

Question 225

Report
Export
Collapse

What should a risk practitioner do FIRST upon learning a risk treatment owner has implemented a different control than what was specified in the IT risk action plan?

A.
Seek approval from the control owner.
A.
Seek approval from the control owner.
Answers
B.
Update the action plan in the risk register.
B.
Update the action plan in the risk register.
Answers
C.
Reassess the risk level associated with the new control.
C.
Reassess the risk level associated with the new control.
Answers
D.
Validate that the control has an established testing method.
D.
Validate that the control has an established testing method.
Answers
Suggested answer: C

Question 226

Report
Export
Collapse

The maturity of an IT risk management program is MOST influenced by:

A.
the organization's risk culture
A.
the organization's risk culture
Answers
B.
benchmarking results against similar organizations
B.
benchmarking results against similar organizations
Answers
C.
industry-specific regulatory requirements
C.
industry-specific regulatory requirements
Answers
D.
expertise available within the IT department
D.
expertise available within the IT department
Answers
Suggested answer: A

Question 227

Report
Export
Collapse

Which of the following is the BEST approach for performing a business impact analysis (BIA) of a supply-chain management application?

A.
Reviewing the organization's policies and procedures
A.
Reviewing the organization's policies and procedures
Answers
B.
Interviewing groups of key stakeholders
B.
Interviewing groups of key stakeholders
Answers
C.
Circulating questionnaires to key internal stakeholders
C.
Circulating questionnaires to key internal stakeholders
Answers
D.
Accepting IT personnel s view of business issues
D.
Accepting IT personnel s view of business issues
Answers
Suggested answer: B

Question 228

Report
Export
Collapse

Which of the following will provide the BEST measure of compliance with IT policies?

A.
Evaluate past policy review reports.
A.
Evaluate past policy review reports.
Answers
B.
Conduct regular independent reviews.
B.
Conduct regular independent reviews.
Answers
C.
Perform penetration testing.
C.
Perform penetration testing.
Answers
D.
Test staff on their compliance responsibilities.
D.
Test staff on their compliance responsibilities.
Answers
Suggested answer: C

Question 229

Report
Export
Collapse

From a risk management perspective, which of the following is the PRIMARY benefit of using automated system configuration validation tools?

A.
Residual risk is reduced.
A.
Residual risk is reduced.
Answers
B.
Staff costs are reduced.
B.
Staff costs are reduced.
Answers
C.
Operational costs are reduced.
C.
Operational costs are reduced.
Answers
D.
Inherent risk is reduced.
D.
Inherent risk is reduced.
Answers
Suggested answer: C

Question 230

Report
Export
Collapse

Which of the following is a KEY outcome of risk ownership?

A.
Risk responsibilities are addressed.
A.
Risk responsibilities are addressed.
Answers
B.
Risk-related information is communicated.
B.
Risk-related information is communicated.
Answers
C.
Risk-oriented tasks are defined.
C.
Risk-oriented tasks are defined.
Answers
D.
Business process risk is analyzed.
D.
Business process risk is analyzed.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms