ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 25

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 241

Report
Export
Collapse

Which of the following is the MOST important input when developing risk scenarios?

A.
Key performance indicators
A.
Key performance indicators
Answers
B.
Business objectives
B.
Business objectives
Answers
C.
The organization's risk framework
C.
The organization's risk framework
Answers
D.
Risk appetite
D.
Risk appetite
Answers
Suggested answer: B

Question 242

Report
Export
Collapse

Which of the following is the GREATEST concern associated with the transmission of healthcare data across the internet?

A.
Unencrypted data
A.
Unencrypted data
Answers
B.
Lack of redundant circuits
B.
Lack of redundant circuits
Answers
C.
Low bandwidth connections
C.
Low bandwidth connections
Answers
D.
Data integrity
D.
Data integrity
Answers
Suggested answer: A

Question 243

Report
Export
Collapse

Which of the following should be included in a risk assessment report to BEST facilitate senior management's understanding of the results?

A.
Benchmarking parameters likely to affect the results
A.
Benchmarking parameters likely to affect the results
Answers
B.
Tools and techniques used by risk owners to perform the assessments
B.
Tools and techniques used by risk owners to perform the assessments
Answers
C.
A risk heat map with a summary of risk identified and assessed
C.
A risk heat map with a summary of risk identified and assessed
Answers
D.
The possible impact of internal and external risk factors on the assessment results
D.
The possible impact of internal and external risk factors on the assessment results
Answers
Suggested answer: C

Question 244

Report
Export
Collapse

The MOST important reason to aggregate results from multiple risk assessments on interdependent information systems is to:

A.
establish overall impact to the organization
A.
establish overall impact to the organization
Answers
B.
efficiently manage the scope of the assignment
B.
efficiently manage the scope of the assignment
Answers
C.
identify critical information systems
C.
identify critical information systems
Answers
D.
facilitate communication to senior management
D.
facilitate communication to senior management
Answers
Suggested answer: A

Question 245

Report
Export
Collapse

Which of the following would be MOST relevant to stakeholders regarding ineffective control implementation?

A.
Threat to IT
A.
Threat to IT
Answers
B.
Number of control failures
B.
Number of control failures
Answers
C.
Impact on business
C.
Impact on business
Answers
D.
Risk ownership
D.
Risk ownership
Answers
Suggested answer: C

Question 246

Report
Export
Collapse

During a risk assessment, the risk practitioner finds a new risk scenario without controls has been entered into the risk register. Which of the following is the MOST appropriate action?

A.
Include the new risk scenario in the current risk assessment.
A.
Include the new risk scenario in the current risk assessment.
Answers
B.
Postpone the risk assessment until controls are identified.
B.
Postpone the risk assessment until controls are identified.
Answers
C.
Request the risk scenario be removed from the register.
C.
Request the risk scenario be removed from the register.
Answers
D.
Exclude the new risk scenario from the current risk assessment
D.
Exclude the new risk scenario from the current risk assessment
Answers
Suggested answer: A

Question 247

Report
Export
Collapse

Which of the following should be initiated when a high number of noncompliant conditions are observed during review of a control procedure?

A.
Disciplinary action
A.
Disciplinary action
Answers
B.
A control self-assessment
B.
A control self-assessment
Answers
C.
A review of the awareness program
C.
A review of the awareness program
Answers
D.
Root cause analysis
D.
Root cause analysis
Answers
Suggested answer: D

Question 248

Report
Export
Collapse

A new policy has been published to forbid copying of data onto removable medi a. Which type of control has been implemented?

A.
Preventive
A.
Preventive
Answers
B.
Detective
B.
Detective
Answers
C.
Directive
C.
Directive
Answers
D.
Deterrent
D.
Deterrent
Answers
Suggested answer: C

Question 249

Report
Export
Collapse

Which of the following is the BEST indicator of the effectiveness of a control monitoring program?

A.
Time between control failure and failure detection
A.
Time between control failure and failure detection
Answers
B.
Number of key controls as a percentage of total control count
B.
Number of key controls as a percentage of total control count
Answers
C.
Time spent on internal control assessment reviews
C.
Time spent on internal control assessment reviews
Answers
D.
Number of internal control failures within the measurement period
D.
Number of internal control failures within the measurement period
Answers
Suggested answer: A

Question 250

Report
Export
Collapse

Which of the following provides The MOST useful information when determining a risk management program's maturity level?

A.
Risk assessment results
A.
Risk assessment results
Answers
B.
A recently reviewed risk register
B.
A recently reviewed risk register
Answers
C.
Key performance indicators (KPIs)
C.
Key performance indicators (KPIs)
Answers
D.
The organization's risk framework
D.
The organization's risk framework
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms