ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 24

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 231

Report
Export
Collapse

A risk practitioner has learned that an effort to implement a risk mitigation action plan has stalled due to lack of funding. The risk practitioner should report that the associated risk has been:

A.
mitigated
A.
mitigated
Answers
B.
accepted
B.
accepted
Answers
C.
avoided
C.
avoided
Answers
D.
deferred
D.
deferred
Answers
Suggested answer: B

Question 232

Report
Export
Collapse

Which of the following is MOST important for an organization to have in place when developing a risk management framework?

A.
A strategic approach to risk including an established risk appetite
A.
A strategic approach to risk including an established risk appetite
Answers
B.
A risk-based internal audit plan for the organization
B.
A risk-based internal audit plan for the organization
Answers
C.
A control function within the risk management team
C.
A control function within the risk management team
Answers
D.
An organization-wide risk awareness training program
D.
An organization-wide risk awareness training program
Answers
Suggested answer: A

Question 233

Report
Export
Collapse

Which of the following is MOST important for a risk practitioner to ensure once a risk action plan has been completed?

A.
The risk owner has validated outcomes.
A.
The risk owner has validated outcomes.
Answers
B.
The risk register has been updated.
B.
The risk register has been updated.
Answers
C.
The control objectives are mapped to risk objectives.
C.
The control objectives are mapped to risk objectives.
Answers
D.
The requirements have been achieved.
D.
The requirements have been achieved.
Answers
Suggested answer: B

Question 234

Report
Export
Collapse

An organization has opened a subsidiary in a foreign country. Which of the following would be the BEST way to measure the effectiveness of the subsidiary's IT systems controls?

A.
Implement IT systems in alignment with business objectives.
A.
Implement IT systems in alignment with business objectives.
Answers
B.
Review metrics and key performance indicators (KPIs).
B.
Review metrics and key performance indicators (KPIs).
Answers
C.
Review design documentation of IT systems.
C.
Review design documentation of IT systems.
Answers
D.
Evaluate compliance with legal and regulatory requirements.
D.
Evaluate compliance with legal and regulatory requirements.
Answers
Suggested answer: D

Question 235

Report
Export
Collapse

When communicating changes in the IT risk profile, which of the following should be included to BEST enable stakeholder decision making?

A.
List of recent incidents affecting industry peers
A.
List of recent incidents affecting industry peers
Answers
B.
Results of external attacks and related compensating controls
B.
Results of external attacks and related compensating controls
Answers
C.
Gaps between current and desired states of the control environment
C.
Gaps between current and desired states of the control environment
Answers
D.
Review of leading IT risk management practices within the industry
D.
Review of leading IT risk management practices within the industry
Answers
Suggested answer: C

Question 236

Report
Export
Collapse

Which of the following is the MOST important consideration when selecting either a qualitative or quantitative risk analysis?

A.
Expertise in both methodologies
A.
Expertise in both methodologies
Answers
B.
Maturity of the risk management program
B.
Maturity of the risk management program
Answers
C.
Time available for risk analysis
C.
Time available for risk analysis
Answers
D.
Resources available for data analysis
D.
Resources available for data analysis
Answers
Suggested answer: D

Question 237

Report
Export
Collapse

Which of the following would be of GREATEST concern to a risk practitioner reviewing current key risk indicators (KRIs)?

A.
The KRIs' source data lacks integrity.
A.
The KRIs' source data lacks integrity.
Answers
B.
The KRIs are not automated.
B.
The KRIs are not automated.
Answers
C.
The KRIs are not quantitative.
C.
The KRIs are not quantitative.
Answers
D.
The KRIs do not allow for trend analysis.
D.
The KRIs do not allow for trend analysis.
Answers
Suggested answer: A

Question 238

Report
Export
Collapse

Which of the following risk register elements is MOST likely to be updated if the attack surface or exposure of an asset is reduced?

A.
Likelihood rating
A.
Likelihood rating
Answers
B.
Control effectiveness
B.
Control effectiveness
Answers
C.
Assessment approach
C.
Assessment approach
Answers
D.
Impact rating
D.
Impact rating
Answers
Suggested answer: A

Question 239

Report
Export
Collapse

An organization's risk tolerance should be defined and approved by which of the following?

A.
The chief risk officer (CRO)
A.
The chief risk officer (CRO)
Answers
B.
The board of directors
B.
The board of directors
Answers
C.
The chief executive officer (CEO)
C.
The chief executive officer (CEO)
Answers
D.
The chief information officer (CIO)
D.
The chief information officer (CIO)
Answers
Suggested answer: B

Question 240

Report
Export
Collapse

It is MOST important for a risk practitioner to have an awareness of an organization s processes in order to:

A.
perform a business impact analysis.
A.
perform a business impact analysis.
Answers
B.
identify potential sources of risk.
B.
identify potential sources of risk.
Answers
C.
establish risk guidelines.
C.
establish risk guidelines.
Answers
D.
understand control design.
D.
understand control design.
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms