ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 29

Add to Whishlist

List of questions

Question 281

Report Export Collapse

Quantifying the value of a single asset helps the organization to understand the:

overall effectiveness of risk management
overall effectiveness of risk management
consequences of risk materializing
consequences of risk materializing
necessity of developing a risk strategy,
necessity of developing a risk strategy,
organization s risk threshold.
organization s risk threshold.
Suggested answer: B
asked 18/09/2024
Alemu, Fissha
40 questions

Question 282

Report Export Collapse

A PRIMARY function of the risk register is to provide supporting information for the development of an organization's risk:

strategy.
strategy.
profile.
profile.
process.
process.
map.
map.
Suggested answer: A
asked 18/09/2024
shaoyu huang
32 questions

Question 283

Report Export Collapse

A risk practitioner recently discovered that sensitive data from the production environment is required for testing purposes in non-production environments. Which of the following i the BEST recommendation to address this situation?

Enable data encryption in the test environment
Enable data encryption in the test environment
Implement equivalent security in the test environment.
Implement equivalent security in the test environment.
Prevent the use of production data for test purposes
Prevent the use of production data for test purposes
Mask data before being transferred to the test environment.
Mask data before being transferred to the test environment.
Suggested answer: B
asked 18/09/2024
Corey Rivers
43 questions

Question 284

Report Export Collapse

IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:

the cost associated with each control.
the cost associated with each control.
historical risk assessments.
historical risk assessments.
key risk indicators (KRls).
key risk indicators (KRls).
information from the risk register.
information from the risk register.
Suggested answer: D
asked 18/09/2024
Amy Sukkar
46 questions

Question 285

Report Export Collapse

Which of the following is the MAIN benefit of involving stakeholders in the selection of key risk indicators (KRIs)?

Improving risk awareness
Improving risk awareness
Obtaining buy-in from risk owners
Obtaining buy-in from risk owners
Leveraging existing metrics
Leveraging existing metrics
Optimizing risk treatment decisions
Optimizing risk treatment decisions
Suggested answer: B
asked 18/09/2024
Ramon Vieira da Rocha
42 questions

Question 286

Report Export Collapse

Which of the following BEST indicates effective information security incident management?

Monthly trend of information security-related incidents
Monthly trend of information security-related incidents
Average time to identify critical information security incidents
Average time to identify critical information security incidents
Frequency of information security incident response plan testing
Frequency of information security incident response plan testing
Percentage of high risk security incidents
Percentage of high risk security incidents
Suggested answer: C
asked 18/09/2024
Stašo Zver
41 questions

Question 287

Report Export Collapse

Which of the following is a detective control?

Limit check
Limit check
Periodic access review
Periodic access review
Access control software
Access control software
Rerun procedures
Rerun procedures
Suggested answer: B
asked 18/09/2024
Lampros Diamantopoulos
36 questions

Question 288

Report Export Collapse

Whose risk tolerance matters MOST when making a risk decision?

Customers who would be affected by a breach
Customers who would be affected by a breach
Auditors, regulators and standards organizations
Auditors, regulators and standards organizations
The business process owner of the exposed assets
The business process owner of the exposed assets
The information security manager
The information security manager
Suggested answer: C
asked 18/09/2024
Mario Peralta
40 questions

Question 289

Report Export Collapse

An identified high probability risk scenario involving a critical, proprietary business function has an annualized cost of control higher than the annual loss expectancy. Which of the following is the BEST risk response?

Mitigate
Mitigate
Accept
Accept
Transfer
Transfer
Avoid
Avoid
Suggested answer: B
asked 18/09/2024
PRADESH MATHEW
43 questions

Question 290

Report Export Collapse

After identifying new risk events during a project, the project manager s NEXT step should be to:

determine if the scenarios need 10 be accepted or responded to.
determine if the scenarios need 10 be accepted or responded to.
record the scenarios into the risk register.
record the scenarios into the risk register.
continue with a qualitative risk analysis.
continue with a qualitative risk analysis.
continue with a quantitative risk analysis.
continue with a quantitative risk analysis.
Suggested answer: B
asked 18/09/2024
Sebasteen Lawrance
50 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?