ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 24

Add to Whishlist

List of questions

Question 231

Report Export Collapse

A risk practitioner has learned that an effort to implement a risk mitigation action plan has stalled due to lack of funding. The risk practitioner should report that the associated risk has been:

mitigated
mitigated
accepted
accepted
avoided
avoided
deferred
deferred
Suggested answer: B
asked 18/09/2024
Kunle Fodeke
55 questions

Question 232

Report Export Collapse

Which of the following is MOST important for an organization to have in place when developing a risk management framework?

A strategic approach to risk including an established risk appetite
A strategic approach to risk including an established risk appetite
A risk-based internal audit plan for the organization
A risk-based internal audit plan for the organization
A control function within the risk management team
A control function within the risk management team
An organization-wide risk awareness training program
An organization-wide risk awareness training program
Suggested answer: A
asked 18/09/2024
Gerhard Seher
32 questions

Question 233

Report Export Collapse

Which of the following is MOST important for a risk practitioner to ensure once a risk action plan has been completed?

The risk owner has validated outcomes.
The risk owner has validated outcomes.
The risk register has been updated.
The risk register has been updated.
The control objectives are mapped to risk objectives.
The control objectives are mapped to risk objectives.
The requirements have been achieved.
The requirements have been achieved.
Suggested answer: B
asked 18/09/2024
Kefash White
44 questions

Question 234

Report Export Collapse

An organization has opened a subsidiary in a foreign country. Which of the following would be the BEST way to measure the effectiveness of the subsidiary's IT systems controls?

Implement IT systems in alignment with business objectives.
Implement IT systems in alignment with business objectives.
Review metrics and key performance indicators (KPIs).
Review metrics and key performance indicators (KPIs).
Review design documentation of IT systems.
Review design documentation of IT systems.
Evaluate compliance with legal and regulatory requirements.
Evaluate compliance with legal and regulatory requirements.
Suggested answer: D
asked 18/09/2024
massamba gaye
31 questions

Question 235

Report Export Collapse

When communicating changes in the IT risk profile, which of the following should be included to BEST enable stakeholder decision making?

List of recent incidents affecting industry peers
List of recent incidents affecting industry peers
Results of external attacks and related compensating controls
Results of external attacks and related compensating controls
Gaps between current and desired states of the control environment
Gaps between current and desired states of the control environment
Review of leading IT risk management practices within the industry
Review of leading IT risk management practices within the industry
Suggested answer: C
asked 18/09/2024
Thutcha sudjitjjoon
41 questions

Question 236

Report Export Collapse

Which of the following is the MOST important consideration when selecting either a qualitative or quantitative risk analysis?

Expertise in both methodologies
Expertise in both methodologies
Maturity of the risk management program
Maturity of the risk management program
Time available for risk analysis
Time available for risk analysis
Resources available for data analysis
Resources available for data analysis
Suggested answer: D
asked 18/09/2024
Josh Rose
45 questions

Question 237

Report Export Collapse

Which of the following would be of GREATEST concern to a risk practitioner reviewing current key risk indicators (KRIs)?

The KRIs' source data lacks integrity.
The KRIs' source data lacks integrity.
The KRIs are not automated.
The KRIs are not automated.
The KRIs are not quantitative.
The KRIs are not quantitative.
The KRIs do not allow for trend analysis.
The KRIs do not allow for trend analysis.
Suggested answer: A
asked 18/09/2024
Tolga Kesici
51 questions

Question 238

Report Export Collapse

Which of the following risk register elements is MOST likely to be updated if the attack surface or exposure of an asset is reduced?

Likelihood rating
Likelihood rating
Control effectiveness
Control effectiveness
Assessment approach
Assessment approach
Impact rating
Impact rating
Suggested answer: A
asked 18/09/2024
Tarnauceanu Diana
44 questions

Question 239

Report Export Collapse

An organization's risk tolerance should be defined and approved by which of the following?

The chief risk officer (CRO)
The chief risk officer (CRO)
The board of directors
The board of directors
The chief executive officer (CEO)
The chief executive officer (CEO)
The chief information officer (CIO)
The chief information officer (CIO)
Suggested answer: B
asked 18/09/2024
Vijayakumar Dhandapani
45 questions

Question 240

Report Export Collapse

It is MOST important for a risk practitioner to have an awareness of an organization s processes in order to:

perform a business impact analysis.
perform a business impact analysis.
identify potential sources of risk.
identify potential sources of risk.
establish risk guidelines.
establish risk guidelines.
understand control design.
understand control design.
Suggested answer: B
asked 18/09/2024
Aung Hain Htet
31 questions
Total 1.573 questions
Go to page: of 158
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?