ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 26

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 251

Report
Export
Collapse

Which of the following is a KEY responsibility of the second line of defense?

A.
Implementing control activities
A.
Implementing control activities
Answers
B.
Monitoring control effectiveness
B.
Monitoring control effectiveness
Answers
C.
Conducting control self-assessments
C.
Conducting control self-assessments
Answers
D.
Owning risk scenarios
D.
Owning risk scenarios
Answers
Suggested answer: B

Question 252

Report
Export
Collapse

A risk practitioner learns that the organization s industry is experiencing a trend of rising security incidents. Which of the following is the BEST course of action?

A.
Evaluate the relevance of the evolving threats.
A.
Evaluate the relevance of the evolving threats.
Answers
B.
Review past internal audit results.
B.
Review past internal audit results.
Answers
C.
Respond to organizational security threats.
C.
Respond to organizational security threats.
Answers
D.
Research industry published studies.
D.
Research industry published studies.
Answers
Suggested answer: A

Question 253

Report
Export
Collapse

A new regulator/ requirement imposes severe fines for data leakage involving customers' personally identifiable information (Pll). The risk practitioner has recommended avoiding the risk. Which of the following actions would BEST align with this recommendation?

A.
Reduce retention periods for Pll data.
A.
Reduce retention periods for Pll data.
Answers
B.
Move Pll to a highly-secured outsourced site.
B.
Move Pll to a highly-secured outsourced site.
Answers
C.
Modify business processes to stop collecting Pll.
C.
Modify business processes to stop collecting Pll.
Answers
D.
Implement strong encryption for Pll.
D.
Implement strong encryption for Pll.
Answers
Suggested answer: C

Question 254

Report
Export
Collapse

Which of the following would be MOST helpful to a risk owner when making risk-aware decisions?

A.
Risk exposure expressed in business terms
A.
Risk exposure expressed in business terms
Answers
B.
Recommendations for risk response options
B.
Recommendations for risk response options
Answers
C.
Resource requirements for risk responses
C.
Resource requirements for risk responses
Answers
D.
List of business areas affected by the risk
D.
List of business areas affected by the risk
Answers
Suggested answer: A

Question 255

Report
Export
Collapse

Which of the following is MOST important to enable well-informed cybersecurity risk decisions?

A.
Determine and understand the risk rating of scenarios.
A.
Determine and understand the risk rating of scenarios.
Answers
B.
Conduct risk assessment peer reviews.
B.
Conduct risk assessment peer reviews.
Answers
C.
Identify roles and responsibilities for security controls.
C.
Identify roles and responsibilities for security controls.
Answers
D.
Engage a third party to perform a risk assessment.
D.
Engage a third party to perform a risk assessment.
Answers
Suggested answer: A

Question 256

Report
Export
Collapse

An organization with a large number of applications wants to establish a security risk assessment program. Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

A.
Feedback from end users
A.
Feedback from end users
Answers
B.
Results of a benchmark analysis
B.
Results of a benchmark analysis
Answers
C.
Recommendations from internal audit
C.
Recommendations from internal audit
Answers
D.
Prioritization from business owners
D.
Prioritization from business owners
Answers
Suggested answer: D

Question 257

Report
Export
Collapse

When assessing the maturity level of an organization's risk management framework, which of the following deficiencies should be of GREATEST concern to a risk practitioner?

A.
Unclear organizational risk appetite
A.
Unclear organizational risk appetite
Answers
B.
Lack of senior management participation
B.
Lack of senior management participation
Answers
C.
Use of highly customized control frameworks
C.
Use of highly customized control frameworks
Answers
D.
Reliance on qualitative analysis methods
D.
Reliance on qualitative analysis methods
Answers
Suggested answer: C

Question 258

Report
Export
Collapse

Which of the following is MOST helpful in verifying that the implementation of a risk mitigation control has been completed as intended?

A.
An updated risk register
A.
An updated risk register
Answers
B.
Risk assessment results
B.
Risk assessment results
Answers
C.
Technical control validation
C.
Technical control validation
Answers
D.
Control testing results
D.
Control testing results
Answers
Suggested answer: D

Question 259

Report
Export
Collapse

A newly enacted information privacy law significantly increases financial penalties for breaches of personally identifiable information (Pll). Which of the following will MOST likely outcome for an organization affected by the new law?

A.
Increase in compliance breaches
A.
Increase in compliance breaches
Answers
B.
Increase in loss event impact
B.
Increase in loss event impact
Answers
C.
Increase in residual risk
C.
Increase in residual risk
Answers
D.
Increase in customer complaints
D.
Increase in customer complaints
Answers
Suggested answer: B

Question 260

Report
Export
Collapse

The BEST criteria when selecting a risk response is the:

A.
capability to implement the response
A.
capability to implement the response
Answers
B.
importance of IT risk within the enterprise
B.
importance of IT risk within the enterprise
Answers
C.
effectiveness of risk response options
C.
effectiveness of risk response options
Answers
D.
alignment of response to industry standards
D.
alignment of response to industry standards
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms