ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 21

Report
Export
Collapse

Which of the following would BEST help to ensure that identified risk is efficiently managed?

A.
Reviewing the maturity of the control environment
A.
Reviewing the maturity of the control environment
Answers
B.
Regularly monitoring the project plan
B.
Regularly monitoring the project plan
Answers
C.
Maintaining a key risk indicator for each asset in the risk register
C.
Maintaining a key risk indicator for each asset in the risk register
Answers
D.
Periodically reviewing controls per the risk treatment plan
D.
Periodically reviewing controls per the risk treatment plan
Answers
Suggested answer: D

Question 22

Report
Export
Collapse

The head of a business operations department asks to review the entire IT risk register. Which of the following would be the risk manager s BEST approach to this request before sharing the register?

A.
Escalate to senior management
A.
Escalate to senior management
Answers
B.
Require a nondisclosure agreement.
B.
Require a nondisclosure agreement.
Answers
C.
Sanitize portions of the register
C.
Sanitize portions of the register
Answers
D.
Determine the purpose of the request
D.
Determine the purpose of the request
Answers
Suggested answer: D

Question 23

Report
Export
Collapse

Which of the following techniques would be used during a risk assessment to demonstrate to stakeholders that all known alternatives were evaluated?

A.
Control chart
A.
Control chart
Answers
B.
Sensitivity analysis
B.
Sensitivity analysis
Answers
C.
Trend analysis
C.
Trend analysis
Answers
D.
Decision tree
D.
Decision tree
Answers
Suggested answer: D

Question 24

Report
Export
Collapse

During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised?

A.
Data validation
A.
Data validation
Answers
B.
Identification
B.
Identification
Answers
C.
Authentication
C.
Authentication
Answers
D.
Data integrity
D.
Data integrity
Answers
Suggested answer: C

Question 25

Report
Export
Collapse

Which of the following BEST describes the role of the IT risk profile in strategic IT-related decisions?

A.
It compares performance levels of IT assets to value delivered.
A.
It compares performance levels of IT assets to value delivered.
Answers
B.
It facilitates the alignment of strategic IT objectives to business objectives.
B.
It facilitates the alignment of strategic IT objectives to business objectives.
Answers
C.
It provides input to business managers when preparing a business case for new IT projects.
C.
It provides input to business managers when preparing a business case for new IT projects.
Answers
D.
It helps assess the effects of IT decisions on risk exposure
D.
It helps assess the effects of IT decisions on risk exposure
Answers
Suggested answer: B

Question 26

Report
Export
Collapse

Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?

A.
Risk tolerance is decreased.
A.
Risk tolerance is decreased.
Answers
B.
Residual risk is increased.
B.
Residual risk is increased.
Answers
C.
Inherent risk is increased.
C.
Inherent risk is increased.
Answers
D.
Risk appetite is decreased
D.
Risk appetite is decreased
Answers
Suggested answer: B

Question 27

Report
Export
Collapse

Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?

A.
Performing a benchmark analysis and evaluating gaps
A.
Performing a benchmark analysis and evaluating gaps
Answers
B.
Conducting risk assessments and implementing controls
B.
Conducting risk assessments and implementing controls
Answers
C.
Communicating components of risk and their acceptable levels
C.
Communicating components of risk and their acceptable levels
Answers
D.
Participating in peer reviews and implementing best practices
D.
Participating in peer reviews and implementing best practices
Answers
Suggested answer: C

Question 28

Report
Export
Collapse

Which of the following is the MAIN reason for documenting the performance of controls?

A.
Obtaining management sign-off
A.
Obtaining management sign-off
Answers
B.
Demonstrating effective risk mitigation
B.
Demonstrating effective risk mitigation
Answers
C.
Justifying return on investment
C.
Justifying return on investment
Answers
D.
Providing accurate risk reporting
D.
Providing accurate risk reporting
Answers
Suggested answer: D

Question 29

Report
Export
Collapse

When using a third party to perform penetration testing, which of the following is the MOST important control to minimize operational impact?

A.
Perform a background check on the vendor.
A.
Perform a background check on the vendor.
Answers
B.
Require the vendor to sign a nondisclosure agreement.
B.
Require the vendor to sign a nondisclosure agreement.
Answers
C.
Require the vendor to have liability insurance.
C.
Require the vendor to have liability insurance.
Answers
D.
Clearly define the project scope
D.
Clearly define the project scope
Answers
Suggested answer: D

Question 30

Report
Export
Collapse

Which of the following attributes of a key risk indicator (KRI) is MOST important?

A.
Repeatable
A.
Repeatable
Answers
B.
Automated
B.
Automated
Answers
C.
Quantitative
C.
Quantitative
Answers
D.
Qualitative
D.
Qualitative
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms