ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 28

Add to Whishlist

List of questions

Question 271

Report Export Collapse

During a control review, the control owner states that an existing control has deteriorated over time. What is the BEST recommendation to the control owner?

Implement compensating controls to reduce residual risk
Implement compensating controls to reduce residual risk
Escalate the issue to senior management
Escalate the issue to senior management
Discuss risk mitigation options with the risk owner.
Discuss risk mitigation options with the risk owner.
Certify the control after documenting the concern.
Certify the control after documenting the concern.
Suggested answer: A
asked 18/09/2024
Osama Rahman
35 questions

Question 272

Report Export Collapse

The MOST effective approach to prioritize risk scenarios is by:

assessing impact to the strategic plan.
assessing impact to the strategic plan.
aligning with industry best practices.
aligning with industry best practices.
soliciting input from risk management experts.
soliciting input from risk management experts.
evaluating the cost of risk response.
evaluating the cost of risk response.
Suggested answer: A
asked 18/09/2024
Josefa Vera Gago
43 questions

Question 273

Report Export Collapse

The BEST way to test the operational effectiveness of a data backup procedure is to:

conduct an audit of files stored offsite.
conduct an audit of files stored offsite.
interview employees to compare actual with expected procedures.
interview employees to compare actual with expected procedures.
inspect a selection of audit trails and backup logs.
inspect a selection of audit trails and backup logs.
demonstrate a successful recovery from backup files.
demonstrate a successful recovery from backup files.
Suggested answer: D
asked 18/09/2024
Sae Frrr
32 questions

Question 274

Report Export Collapse

Which of The following is the PRIMARY consideration when establishing an organization's risk management methodology?

Business context
Business context
Risk tolerance level
Risk tolerance level
Resource requirements
Resource requirements
Benchmarking information
Benchmarking information
Suggested answer: A
asked 18/09/2024
Gerson Rodrigo Menendez
44 questions

Question 275

Report Export Collapse

Which of the following would prompt changes in key risk indicator {KRI) thresholds?

Changes to the risk register
Changes to the risk register
Changes in risk appetite or tolerance
Changes in risk appetite or tolerance
Modification to risk categories
Modification to risk categories
Knowledge of new and emerging threats
Knowledge of new and emerging threats
Suggested answer: B
asked 18/09/2024
Michele Lorengo
42 questions

Question 276

Report Export Collapse

Which of the following can be interpreted from a single data point on a risk heat map?

Risk tolerance
Risk tolerance
Risk magnitude
Risk magnitude
Risk response
Risk response
Risk appetite
Risk appetite
Suggested answer: B
asked 18/09/2024
Memo Albah
29 questions

Question 277

Report Export Collapse

An organization has raised the risk appetite for technology risk. The MOST likely result would be:

increased inherent risk.
increased inherent risk.
higher risk management cost
higher risk management cost
decreased residual risk.
decreased residual risk.
lower risk management cost.
lower risk management cost.
Suggested answer: D
asked 18/09/2024
Aygul Korkmazlar
40 questions

Question 278

Report Export Collapse

Following a significant change to a business process, a risk practitioner believes the associated risk has been reduced. The risk practitioner should advise the risk owner to FIRST

review the key risk indicators.
review the key risk indicators.
conduct a risk analysis.
conduct a risk analysis.
update the risk register
update the risk register
reallocate risk response resources.
reallocate risk response resources.
Suggested answer: A
asked 18/09/2024
Rita Marques
46 questions

Question 279

Report Export Collapse

Which of the following BEST measures the efficiency of an incident response process?

Number of incidents escalated to management
Number of incidents escalated to management
Average time between changes and updating of escalation matrix
Average time between changes and updating of escalation matrix
Average gap between actual and agreed response times
Average gap between actual and agreed response times
Number of incidents lacking responses
Number of incidents lacking responses
Suggested answer: C
asked 18/09/2024
Stefan Finke
44 questions

Question 280

Report Export Collapse

A risk owner should be the person accountable for:

the risk management process
the risk management process
managing controls.
managing controls.
implementing actions.
implementing actions.
the business process.
the business process.
Suggested answer: C
asked 18/09/2024
William Kerr
46 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?