ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 29

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 281

Report
Export
Collapse

Quantifying the value of a single asset helps the organization to understand the:

A.
overall effectiveness of risk management
A.
overall effectiveness of risk management
Answers
B.
consequences of risk materializing
B.
consequences of risk materializing
Answers
C.
necessity of developing a risk strategy,
C.
necessity of developing a risk strategy,
Answers
D.
organization s risk threshold.
D.
organization s risk threshold.
Answers
Suggested answer: B

Question 282

Report
Export
Collapse

A PRIMARY function of the risk register is to provide supporting information for the development of an organization's risk:

A.
strategy.
A.
strategy.
Answers
B.
profile.
B.
profile.
Answers
C.
process.
C.
process.
Answers
D.
map.
D.
map.
Answers
Suggested answer: A

Question 283

Report
Export
Collapse

A risk practitioner recently discovered that sensitive data from the production environment is required for testing purposes in non-production environments. Which of the following i the BEST recommendation to address this situation?

A.
Enable data encryption in the test environment
A.
Enable data encryption in the test environment
Answers
B.
Implement equivalent security in the test environment.
B.
Implement equivalent security in the test environment.
Answers
C.
Prevent the use of production data for test purposes
C.
Prevent the use of production data for test purposes
Answers
D.
Mask data before being transferred to the test environment.
D.
Mask data before being transferred to the test environment.
Answers
Suggested answer: B

Question 284

Report
Export
Collapse

IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:

A.
the cost associated with each control.
A.
the cost associated with each control.
Answers
B.
historical risk assessments.
B.
historical risk assessments.
Answers
C.
key risk indicators (KRls).
C.
key risk indicators (KRls).
Answers
D.
information from the risk register.
D.
information from the risk register.
Answers
Suggested answer: D

Question 285

Report
Export
Collapse

Which of the following is the MAIN benefit of involving stakeholders in the selection of key risk indicators (KRIs)?

A.
Improving risk awareness
A.
Improving risk awareness
Answers
B.
Obtaining buy-in from risk owners
B.
Obtaining buy-in from risk owners
Answers
C.
Leveraging existing metrics
C.
Leveraging existing metrics
Answers
D.
Optimizing risk treatment decisions
D.
Optimizing risk treatment decisions
Answers
Suggested answer: B

Question 286

Report
Export
Collapse

Which of the following BEST indicates effective information security incident management?

A.
Monthly trend of information security-related incidents
A.
Monthly trend of information security-related incidents
Answers
B.
Average time to identify critical information security incidents
B.
Average time to identify critical information security incidents
Answers
C.
Frequency of information security incident response plan testing
C.
Frequency of information security incident response plan testing
Answers
D.
Percentage of high risk security incidents
D.
Percentage of high risk security incidents
Answers
Suggested answer: C

Question 287

Report
Export
Collapse

Which of the following is a detective control?

A.
Limit check
A.
Limit check
Answers
B.
Periodic access review
B.
Periodic access review
Answers
C.
Access control software
C.
Access control software
Answers
D.
Rerun procedures
D.
Rerun procedures
Answers
Suggested answer: B

Question 288

Report
Export
Collapse

Whose risk tolerance matters MOST when making a risk decision?

A.
Customers who would be affected by a breach
A.
Customers who would be affected by a breach
Answers
B.
Auditors, regulators and standards organizations
B.
Auditors, regulators and standards organizations
Answers
C.
The business process owner of the exposed assets
C.
The business process owner of the exposed assets
Answers
D.
The information security manager
D.
The information security manager
Answers
Suggested answer: C

Question 289

Report
Export
Collapse

An identified high probability risk scenario involving a critical, proprietary business function has an annualized cost of control higher than the annual loss expectancy. Which of the following is the BEST risk response?

A.
Mitigate
A.
Mitigate
Answers
B.
Accept
B.
Accept
Answers
C.
Transfer
C.
Transfer
Answers
D.
Avoid
D.
Avoid
Answers
Suggested answer: B

Question 290

Report
Export
Collapse

After identifying new risk events during a project, the project manager s NEXT step should be to:

A.
determine if the scenarios need 10 be accepted or responded to.
A.
determine if the scenarios need 10 be accepted or responded to.
Answers
B.
record the scenarios into the risk register.
B.
record the scenarios into the risk register.
Answers
C.
continue with a qualitative risk analysis.
C.
continue with a qualitative risk analysis.
Answers
D.
continue with a quantitative risk analysis.
D.
continue with a quantitative risk analysis.
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms