ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 23

Add to Whishlist

List of questions

Question 221

Report Export Collapse

An organization has decided to implement an emerging technology and incorporate the new capabilities into its strategic business plan. Business operations for the technology will be outsourced. What will be the risk practitioner's PRIMARY role during the change?

Managing third-party risk
Managing third-party risk
Developing risk scenarios
Developing risk scenarios
Managing the threat landscape
Managing the threat landscape
Updating risk appetite
Updating risk appetite
Suggested answer: B
asked 18/09/2024
Neha Dua
49 questions

Question 222

Report Export Collapse

Who is PRIMARILY accountable for risk treatment decisions?

Risk owner
Risk owner
Business manager
Business manager
Data owner
Data owner
Risk manager
Risk manager
Suggested answer: A
asked 18/09/2024
Robert L Swafford
44 questions

Question 223

Report Export Collapse

Which of the following presents the GREATEST challenge for an IT risk practitioner who wants to report on trends in historical IT risk levels?

Qualitative measures for potential loss events
Qualitative measures for potential loss events
Changes in owners for identified IT risk scenarios
Changes in owners for identified IT risk scenarios
Changes in methods used to calculate probability
Changes in methods used to calculate probability
Frequent use of risk acceptance as a treatment option
Frequent use of risk acceptance as a treatment option
Suggested answer: A
asked 18/09/2024
owais mansoor
52 questions

Question 224

Report Export Collapse

When presenting risk, the BEST method to ensure that the risk is measurable against the organization's risk appetite is through the use of a:

risk map
risk map
cause-and-effect diagram
cause-and-effect diagram
maturity model
maturity model
technology strategy plan.
technology strategy plan.
Suggested answer: C
asked 18/09/2024
Hendrik van Bemmel
39 questions

Question 225

Report Export Collapse

What should a risk practitioner do FIRST upon learning a risk treatment owner has implemented a different control than what was specified in the IT risk action plan?

Seek approval from the control owner.
Seek approval from the control owner.
Update the action plan in the risk register.
Update the action plan in the risk register.
Reassess the risk level associated with the new control.
Reassess the risk level associated with the new control.
Validate that the control has an established testing method.
Validate that the control has an established testing method.
Suggested answer: C
asked 18/09/2024
Luis Raul Juarez Cosio
44 questions

Question 226

Report Export Collapse

The maturity of an IT risk management program is MOST influenced by:

the organization's risk culture
the organization's risk culture
benchmarking results against similar organizations
benchmarking results against similar organizations
industry-specific regulatory requirements
industry-specific regulatory requirements
expertise available within the IT department
expertise available within the IT department
Suggested answer: A
asked 18/09/2024
Anu V
37 questions

Question 227

Report Export Collapse

Which of the following is the BEST approach for performing a business impact analysis (BIA) of a supply-chain management application?

Reviewing the organization's policies and procedures
Reviewing the organization's policies and procedures
Interviewing groups of key stakeholders
Interviewing groups of key stakeholders
Circulating questionnaires to key internal stakeholders
Circulating questionnaires to key internal stakeholders
Accepting IT personnel s view of business issues
Accepting IT personnel s view of business issues
Suggested answer: B
asked 18/09/2024
Tobias Barcelos
48 questions

Question 228

Report Export Collapse

Which of the following will provide the BEST measure of compliance with IT policies?

Evaluate past policy review reports.
Evaluate past policy review reports.
Conduct regular independent reviews.
Conduct regular independent reviews.
Perform penetration testing.
Perform penetration testing.
Test staff on their compliance responsibilities.
Test staff on their compliance responsibilities.
Suggested answer: C
asked 18/09/2024
corey shields
32 questions

Question 229

Report Export Collapse

From a risk management perspective, which of the following is the PRIMARY benefit of using automated system configuration validation tools?

Residual risk is reduced.
Residual risk is reduced.
Staff costs are reduced.
Staff costs are reduced.
Operational costs are reduced.
Operational costs are reduced.
Inherent risk is reduced.
Inherent risk is reduced.
Suggested answer: C
asked 18/09/2024
Christie Clark
42 questions

Question 230

Report Export Collapse

Which of the following is a KEY outcome of risk ownership?

Risk responsibilities are addressed.
Risk responsibilities are addressed.
Risk-related information is communicated.
Risk-related information is communicated.
Risk-oriented tasks are defined.
Risk-oriented tasks are defined.
Business process risk is analyzed.
Business process risk is analyzed.
Suggested answer: A
asked 18/09/2024
Suman Konda
52 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?