ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 27

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 261

Report
Export
Collapse

A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration when establishing a contingency plan and an alternate processing site?

A.
The alternative site is a hot site with equipment ready to resume processing immediately.
A.
The alternative site is a hot site with equipment ready to resume processing immediately.
Answers
B.
The contingency plan provides for backup media to be taken to the alternative site.
B.
The contingency plan provides for backup media to be taken to the alternative site.
Answers
C.
The contingency plan for high priority applications does not involve a shared cold site.
C.
The contingency plan for high priority applications does not involve a shared cold site.
Answers
D.
The alternative site does not reside on the same fault to matter how the distance apart.
D.
The alternative site does not reside on the same fault to matter how the distance apart.
Answers
Suggested answer: B

Question 262

Report
Export
Collapse

A risk practitioner observes that the fraud detection controls in an online payment system do not perform as expected. Which of the following will MOST likely change as a result?

A.
Impact
A.
Impact
Answers
B.
Residual risk
B.
Residual risk
Answers
C.
Inherent risk
C.
Inherent risk
Answers
D.
Risk appetite
D.
Risk appetite
Answers
Suggested answer: B

Question 263

Report
Export
Collapse

Which of the following is the GREATEST concern when an organization uses a managed security service provider as a firewall administrator?

A.
Exposure of log data
A.
Exposure of log data
Answers
B.
Lack of governance
B.
Lack of governance
Answers
C.
Increased number of firewall rules
C.
Increased number of firewall rules
Answers
D.
Lack of agreed-upon standards
D.
Lack of agreed-upon standards
Answers
Suggested answer: B

Question 264

Report
Export
Collapse

The FIRST task when developing a business continuity plan should be to:

A.
determine data backup and recovery availability at an alternate site.
A.
determine data backup and recovery availability at an alternate site.
Answers
B.
identify critical business functions and resources.
B.
identify critical business functions and resources.
Answers
C.
define roles and responsibilities for implementation.
C.
define roles and responsibilities for implementation.
Answers
D.
identify recovery time objectives (RTOs) for critical business applications.
D.
identify recovery time objectives (RTOs) for critical business applications.
Answers
Suggested answer: B

Question 265

Report
Export
Collapse

The MAIN goal of the risk analysis process is to determine the:

A.
potential severity of impact
A.
potential severity of impact
Answers
B.
frequency and magnitude of loss
B.
frequency and magnitude of loss
Answers
C.
control deficiencies
C.
control deficiencies
Answers
D.
threats and vulnerabilities
D.
threats and vulnerabilities
Answers
Suggested answer: B

Question 266

Report
Export
Collapse

A risk practitioner is reviewing the status of an action plan to mitigate an emerging IT risk and finds the risk level has increased. The BEST course of action would be to:

A.
implement the planned controls and accept the remaining risk.
A.
implement the planned controls and accept the remaining risk.
Answers
B.
suspend the current action plan in order to reassess the risk.
B.
suspend the current action plan in order to reassess the risk.
Answers
C.
revise the action plan to include additional mitigating controls.
C.
revise the action plan to include additional mitigating controls.
Answers
D.
evaluate whether selected controls are still appropriate.
D.
evaluate whether selected controls are still appropriate.
Answers
Suggested answer: D

Question 267

Report
Export
Collapse

Which of the following is the MOST important consideration when identifying stakeholders to review risk scenarios developed by a risk analyst? The reviewers are:

A.
accountable for the affected processes.
A.
accountable for the affected processes.
Answers
B.
members of senior management.
B.
members of senior management.
Answers
C.
authorized to select risk mitigation options.
C.
authorized to select risk mitigation options.
Answers
D.
independent from the business operations.
D.
independent from the business operations.
Answers
Suggested answer: D

Question 268

Report
Export
Collapse

An upward trend in which of the following metrics should be of MOST concern?

A.
Number of business change management requests
A.
Number of business change management requests
Answers
B.
Number of revisions to security policy
B.
Number of revisions to security policy
Answers
C.
Number of security policy exceptions approved
C.
Number of security policy exceptions approved
Answers
D.
Number of changes to firewall rules
D.
Number of changes to firewall rules
Answers
Suggested answer: C

Question 269

Report
Export
Collapse

Who is MOST likely to be responsible for the coordination between the IT risk strategy and the business risk strategy?

A.
Chief financial officer
A.
Chief financial officer
Answers
B.
Information security director
B.
Information security director
Answers
C.
Internal audit director
C.
Internal audit director
Answers
D.
Chief information officer
D.
Chief information officer
Answers
Suggested answer: B

Question 270

Report
Export
Collapse

Which of the following provides the MOST important information to facilitate a risk response decision?

A.
Audit findings
A.
Audit findings
Answers
B.
Risk appetite
B.
Risk appetite
Answers
C.
Key risk indicators
C.
Key risk indicators
Answers
D.
Industry best practices
D.
Industry best practices
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms