ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 27

Add to Whishlist

List of questions

Question 261

Report Export Collapse

A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration when establishing a contingency plan and an alternate processing site?

The alternative site is a hot site with equipment ready to resume processing immediately.
The alternative site is a hot site with equipment ready to resume processing immediately.
The contingency plan provides for backup media to be taken to the alternative site.
The contingency plan provides for backup media to be taken to the alternative site.
The contingency plan for high priority applications does not involve a shared cold site.
The contingency plan for high priority applications does not involve a shared cold site.
The alternative site does not reside on the same fault to matter how the distance apart.
The alternative site does not reside on the same fault to matter how the distance apart.
Suggested answer: B
asked 18/09/2024
Joost Huggers
37 questions

Question 262

Report Export Collapse

A risk practitioner observes that the fraud detection controls in an online payment system do not perform as expected. Which of the following will MOST likely change as a result?

Impact
Impact
Residual risk
Residual risk
Inherent risk
Inherent risk
Risk appetite
Risk appetite
Suggested answer: B
asked 18/09/2024
marco antonio villanueva
41 questions

Question 263

Report Export Collapse

Which of the following is the GREATEST concern when an organization uses a managed security service provider as a firewall administrator?

Exposure of log data
Exposure of log data
Lack of governance
Lack of governance
Increased number of firewall rules
Increased number of firewall rules
Lack of agreed-upon standards
Lack of agreed-upon standards
Suggested answer: B
asked 18/09/2024
Jeremiah Gem Galeon
50 questions

Question 264

Report Export Collapse

The FIRST task when developing a business continuity plan should be to:

determine data backup and recovery availability at an alternate site.
determine data backup and recovery availability at an alternate site.
identify critical business functions and resources.
identify critical business functions and resources.
define roles and responsibilities for implementation.
define roles and responsibilities for implementation.
identify recovery time objectives (RTOs) for critical business applications.
identify recovery time objectives (RTOs) for critical business applications.
Suggested answer: B
asked 18/09/2024
Francisco Julian Mota Fraile
47 questions

Question 265

Report Export Collapse

The MAIN goal of the risk analysis process is to determine the:

potential severity of impact
potential severity of impact
frequency and magnitude of loss
frequency and magnitude of loss
control deficiencies
control deficiencies
threats and vulnerabilities
threats and vulnerabilities
Suggested answer: B
asked 18/09/2024
Mark Green
55 questions

Question 266

Report Export Collapse

A risk practitioner is reviewing the status of an action plan to mitigate an emerging IT risk and finds the risk level has increased. The BEST course of action would be to:

implement the planned controls and accept the remaining risk.
implement the planned controls and accept the remaining risk.
suspend the current action plan in order to reassess the risk.
suspend the current action plan in order to reassess the risk.
revise the action plan to include additional mitigating controls.
revise the action plan to include additional mitigating controls.
evaluate whether selected controls are still appropriate.
evaluate whether selected controls are still appropriate.
Suggested answer: D
asked 18/09/2024
H Barral Vila
36 questions

Question 267

Report Export Collapse

Which of the following is the MOST important consideration when identifying stakeholders to review risk scenarios developed by a risk analyst? The reviewers are:

accountable for the affected processes.
accountable for the affected processes.
members of senior management.
members of senior management.
authorized to select risk mitigation options.
authorized to select risk mitigation options.
independent from the business operations.
independent from the business operations.
Suggested answer: D
asked 18/09/2024
yassine harbeg
42 questions

Question 268

Report Export Collapse

An upward trend in which of the following metrics should be of MOST concern?

Number of business change management requests
Number of business change management requests
Number of revisions to security policy
Number of revisions to security policy
Number of security policy exceptions approved
Number of security policy exceptions approved
Number of changes to firewall rules
Number of changes to firewall rules
Suggested answer: C
asked 18/09/2024
Srinivasan Kumaresan
40 questions

Question 269

Report Export Collapse

Who is MOST likely to be responsible for the coordination between the IT risk strategy and the business risk strategy?

Chief financial officer
Chief financial officer
Information security director
Information security director
Internal audit director
Internal audit director
Chief information officer
Chief information officer
Suggested answer: B
asked 18/09/2024
Gokul Kalaiselvi Loganathan
51 questions

Question 270

Report Export Collapse

Which of the following provides the MOST important information to facilitate a risk response decision?

Audit findings
Audit findings
Risk appetite
Risk appetite
Key risk indicators
Key risk indicators
Industry best practices
Industry best practices
Suggested answer: B
asked 18/09/2024
Srecka Kovacevic
43 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?