ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 28

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 271

Report
Export
Collapse

During a control review, the control owner states that an existing control has deteriorated over time. What is the BEST recommendation to the control owner?

A.
Implement compensating controls to reduce residual risk
A.
Implement compensating controls to reduce residual risk
Answers
B.
Escalate the issue to senior management
B.
Escalate the issue to senior management
Answers
C.
Discuss risk mitigation options with the risk owner.
C.
Discuss risk mitigation options with the risk owner.
Answers
D.
Certify the control after documenting the concern.
D.
Certify the control after documenting the concern.
Answers
Suggested answer: A

Question 272

Report
Export
Collapse

The MOST effective approach to prioritize risk scenarios is by:

A.
assessing impact to the strategic plan.
A.
assessing impact to the strategic plan.
Answers
B.
aligning with industry best practices.
B.
aligning with industry best practices.
Answers
C.
soliciting input from risk management experts.
C.
soliciting input from risk management experts.
Answers
D.
evaluating the cost of risk response.
D.
evaluating the cost of risk response.
Answers
Suggested answer: A

Question 273

Report
Export
Collapse

The BEST way to test the operational effectiveness of a data backup procedure is to:

A.
conduct an audit of files stored offsite.
A.
conduct an audit of files stored offsite.
Answers
B.
interview employees to compare actual with expected procedures.
B.
interview employees to compare actual with expected procedures.
Answers
C.
inspect a selection of audit trails and backup logs.
C.
inspect a selection of audit trails and backup logs.
Answers
D.
demonstrate a successful recovery from backup files.
D.
demonstrate a successful recovery from backup files.
Answers
Suggested answer: D

Question 274

Report
Export
Collapse

Which of The following is the PRIMARY consideration when establishing an organization's risk management methodology?

A.
Business context
A.
Business context
Answers
B.
Risk tolerance level
B.
Risk tolerance level
Answers
C.
Resource requirements
C.
Resource requirements
Answers
D.
Benchmarking information
D.
Benchmarking information
Answers
Suggested answer: A

Question 275

Report
Export
Collapse

Which of the following would prompt changes in key risk indicator {KRI) thresholds?

A.
Changes to the risk register
A.
Changes to the risk register
Answers
B.
Changes in risk appetite or tolerance
B.
Changes in risk appetite or tolerance
Answers
C.
Modification to risk categories
C.
Modification to risk categories
Answers
D.
Knowledge of new and emerging threats
D.
Knowledge of new and emerging threats
Answers
Suggested answer: B

Question 276

Report
Export
Collapse

Which of the following can be interpreted from a single data point on a risk heat map?

A.
Risk tolerance
A.
Risk tolerance
Answers
B.
Risk magnitude
B.
Risk magnitude
Answers
C.
Risk response
C.
Risk response
Answers
D.
Risk appetite
D.
Risk appetite
Answers
Suggested answer: B

Question 277

Report
Export
Collapse

An organization has raised the risk appetite for technology risk. The MOST likely result would be:

A.
increased inherent risk.
A.
increased inherent risk.
Answers
B.
higher risk management cost
B.
higher risk management cost
Answers
C.
decreased residual risk.
C.
decreased residual risk.
Answers
D.
lower risk management cost.
D.
lower risk management cost.
Answers
Suggested answer: D

Question 278

Report
Export
Collapse

Following a significant change to a business process, a risk practitioner believes the associated risk has been reduced. The risk practitioner should advise the risk owner to FIRST

A.
review the key risk indicators.
A.
review the key risk indicators.
Answers
B.
conduct a risk analysis.
B.
conduct a risk analysis.
Answers
C.
update the risk register
C.
update the risk register
Answers
D.
reallocate risk response resources.
D.
reallocate risk response resources.
Answers
Suggested answer: A

Question 279

Report
Export
Collapse

Which of the following BEST measures the efficiency of an incident response process?

A.
Number of incidents escalated to management
A.
Number of incidents escalated to management
Answers
B.
Average time between changes and updating of escalation matrix
B.
Average time between changes and updating of escalation matrix
Answers
C.
Average gap between actual and agreed response times
C.
Average gap between actual and agreed response times
Answers
D.
Number of incidents lacking responses
D.
Number of incidents lacking responses
Answers
Suggested answer: C

Question 280

Report
Export
Collapse

A risk owner should be the person accountable for:

A.
the risk management process
A.
the risk management process
Answers
B.
managing controls.
B.
managing controls.
Answers
C.
implementing actions.
C.
implementing actions.
Answers
D.
the business process.
D.
the business process.
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms