ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 26

Add to Whishlist

List of questions

Question 251

Report Export Collapse

Which of the following is a KEY responsibility of the second line of defense?

Implementing control activities
Implementing control activities
Monitoring control effectiveness
Monitoring control effectiveness
Conducting control self-assessments
Conducting control self-assessments
Owning risk scenarios
Owning risk scenarios
Suggested answer: B
asked 18/09/2024
Caridade Martins
50 questions

Question 252

Report Export Collapse

A risk practitioner learns that the organization s industry is experiencing a trend of rising security incidents. Which of the following is the BEST course of action?

Evaluate the relevance of the evolving threats.
Evaluate the relevance of the evolving threats.
Review past internal audit results.
Review past internal audit results.
Respond to organizational security threats.
Respond to organizational security threats.
Research industry published studies.
Research industry published studies.
Suggested answer: A
asked 18/09/2024
Nivenl Surnder
38 questions

Question 253

Report Export Collapse

A new regulator/ requirement imposes severe fines for data leakage involving customers' personally identifiable information (Pll). The risk practitioner has recommended avoiding the risk. Which of the following actions would BEST align with this recommendation?

Reduce retention periods for Pll data.
Reduce retention periods for Pll data.
Move Pll to a highly-secured outsourced site.
Move Pll to a highly-secured outsourced site.
Modify business processes to stop collecting Pll.
Modify business processes to stop collecting Pll.
Implement strong encryption for Pll.
Implement strong encryption for Pll.
Suggested answer: C
asked 18/09/2024
Stan Nichols
43 questions

Question 254

Report Export Collapse

Which of the following would be MOST helpful to a risk owner when making risk-aware decisions?

Risk exposure expressed in business terms
Risk exposure expressed in business terms
Recommendations for risk response options
Recommendations for risk response options
Resource requirements for risk responses
Resource requirements for risk responses
List of business areas affected by the risk
List of business areas affected by the risk
Suggested answer: A
asked 18/09/2024
taheireem shaikh
42 questions

Question 255

Report Export Collapse

Which of the following is MOST important to enable well-informed cybersecurity risk decisions?

Determine and understand the risk rating of scenarios.
Determine and understand the risk rating of scenarios.
Conduct risk assessment peer reviews.
Conduct risk assessment peer reviews.
Identify roles and responsibilities for security controls.
Identify roles and responsibilities for security controls.
Engage a third party to perform a risk assessment.
Engage a third party to perform a risk assessment.
Suggested answer: A
asked 18/09/2024
Salman Hashmi
52 questions

Question 256

Report Export Collapse

An organization with a large number of applications wants to establish a security risk assessment program. Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

Feedback from end users
Feedback from end users
Results of a benchmark analysis
Results of a benchmark analysis
Recommendations from internal audit
Recommendations from internal audit
Prioritization from business owners
Prioritization from business owners
Suggested answer: D
asked 18/09/2024
niels valk
48 questions

Question 257

Report Export Collapse

When assessing the maturity level of an organization's risk management framework, which of the following deficiencies should be of GREATEST concern to a risk practitioner?

Unclear organizational risk appetite
Unclear organizational risk appetite
Most voted
(1)
Most voted
Lack of senior management participation
Lack of senior management participation
Use of highly customized control frameworks
Use of highly customized control frameworks
Reliance on qualitative analysis methods
Reliance on qualitative analysis methods
Suggested answer: C
asked 18/09/2024
Maksim Alpatov
50 questions

Question 258

Report Export Collapse

Which of the following is MOST helpful in verifying that the implementation of a risk mitigation control has been completed as intended?

An updated risk register
An updated risk register
Risk assessment results
Risk assessment results
Technical control validation
Technical control validation
Control testing results
Control testing results
Suggested answer: D
asked 18/09/2024
david buisan garcia
43 questions

Question 259

Report Export Collapse

A newly enacted information privacy law significantly increases financial penalties for breaches of personally identifiable information (Pll). Which of the following will MOST likely outcome for an organization affected by the new law?

Increase in compliance breaches
Increase in compliance breaches
Increase in loss event impact
Increase in loss event impact
Increase in residual risk
Increase in residual risk
Increase in customer complaints
Increase in customer complaints
Suggested answer: B
asked 18/09/2024
CLINTON PLESS
47 questions

Question 260

Report Export Collapse

The BEST criteria when selecting a risk response is the:

capability to implement the response
capability to implement the response
importance of IT risk within the enterprise
importance of IT risk within the enterprise
effectiveness of risk response options
effectiveness of risk response options
alignment of response to industry standards
alignment of response to industry standards
Suggested answer: C
asked 18/09/2024
William Hopson
35 questions
Total 1.573 questions
Go to page: of 158
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?