ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 30

Add to Whishlist

List of questions

Question 291

Report Export Collapse

Which of the following is the BEST way to identify changes in the risk profile of an organization?

Monitor key risk indicators (KRIs).
Monitor key risk indicators (KRIs).
Monitor key performance indicators (KPIs).
Monitor key performance indicators (KPIs).
Interview the risk owner.
Interview the risk owner.
Conduct a gap analysis
Conduct a gap analysis
Suggested answer: D
asked 18/09/2024
Luis Antonio Sanchez Estrada
38 questions

Question 292

Report Export Collapse

Sensitive data has been lost after an employee inadvertently removed a file from the premises, in violation of organizational policy. Which of the following controls MOST likely failed?

Background checks
Background checks
Awareness training
Awareness training
User access
User access
Policy management
Policy management
Suggested answer: C
asked 18/09/2024
HNO Oo
42 questions

Question 293

Report Export Collapse

Which of the following statements BEST describes risk appetite?

The amount of risk an organization is willing to accept
The amount of risk an organization is willing to accept
The effective management of risk and internal control environments
The effective management of risk and internal control environments
Acceptable variation between risk thresholds and business objectives
Acceptable variation between risk thresholds and business objectives
The acceptable variation relative to the achievement of objectives
The acceptable variation relative to the achievement of objectives
Suggested answer: A
asked 18/09/2024
Norman Camacho
53 questions

Question 294

Report Export Collapse

An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?

Classification of the data
Classification of the data
Type of device
Type of device
Remote management capabilities
Remote management capabilities
Volume of data
Volume of data
Suggested answer: A
asked 18/09/2024
Paul Cessant
42 questions

Question 295

Report Export Collapse

An organization has four different projects competing for funding to reduce overall IT risk. Which project should management defer?

Isaca CRISC image Question 295 43978 09182024210337000000

Project Charlie
Project Charlie
Project Bravo
Project Bravo
Project Alpha
Project Alpha
Project Delta
Project Delta
Suggested answer: A
asked 18/09/2024
walterio mendez
33 questions

Question 296

Report Export Collapse

What can be determined from the risk scenario chart?

Isaca CRISC image Question 296 43979 09182024210337000000

Relative positions on the risk map
Relative positions on the risk map
Risk treatment options
Risk treatment options
Capability of enterprise to implement
Capability of enterprise to implement
The multiple risk factors addressed by a chosen response
The multiple risk factors addressed by a chosen response
Suggested answer: A
asked 18/09/2024
Bryan Smith
45 questions

Question 297

Report Export Collapse

As part of an overall IT risk management plan, an IT risk register BEST helps management:

align IT processes with business objectives.
align IT processes with business objectives.
communicate the enterprise risk management policy.
communicate the enterprise risk management policy.
stay current with existing control status.
stay current with existing control status.
understand the organizational risk profile.
understand the organizational risk profile.
Suggested answer: D
asked 18/09/2024
So young Jang
33 questions

Question 298

Report Export Collapse

To help ensure all applicable risk scenarios are incorporated into the risk register, it is MOST important to review the:

risk mitigation approach
risk mitigation approach
cost-benefit analysis.
cost-benefit analysis.
risk assessment results.
risk assessment results.
vulnerability assessment results
vulnerability assessment results
Suggested answer: C
asked 18/09/2024
Haleem SHITOU OGUNGBEMI
46 questions

Question 299

Report Export Collapse

An organization has completed a project to implement encryption on all databases that host customer data. Which of the following elements of the risk register should be updated the reflect this change?

Risk likelihood
Risk likelihood
Inherent risk
Inherent risk
Risk appetite
Risk appetite
Risk tolerance
Risk tolerance
Suggested answer: B
asked 18/09/2024
Sai C H
39 questions

Question 300

Report Export Collapse

When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

risk appetite.
risk appetite.
security policies
security policies
process maps.
process maps.
risk tolerance level
risk tolerance level
Suggested answer: B
asked 18/09/2024
Yener Yuksel
42 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?