ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 30

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 291

Report
Export
Collapse

Which of the following is the BEST way to identify changes in the risk profile of an organization?

A.
Monitor key risk indicators (KRIs).
A.
Monitor key risk indicators (KRIs).
Answers
B.
Monitor key performance indicators (KPIs).
B.
Monitor key performance indicators (KPIs).
Answers
C.
Interview the risk owner.
C.
Interview the risk owner.
Answers
D.
Conduct a gap analysis
D.
Conduct a gap analysis
Answers
Suggested answer: D

Question 292

Report
Export
Collapse

Sensitive data has been lost after an employee inadvertently removed a file from the premises, in violation of organizational policy. Which of the following controls MOST likely failed?

A.
Background checks
A.
Background checks
Answers
B.
Awareness training
B.
Awareness training
Answers
C.
User access
C.
User access
Answers
D.
Policy management
D.
Policy management
Answers
Suggested answer: C

Question 293

Report
Export
Collapse

Which of the following statements BEST describes risk appetite?

A.
The amount of risk an organization is willing to accept
A.
The amount of risk an organization is willing to accept
Answers
B.
The effective management of risk and internal control environments
B.
The effective management of risk and internal control environments
Answers
C.
Acceptable variation between risk thresholds and business objectives
C.
Acceptable variation between risk thresholds and business objectives
Answers
D.
The acceptable variation relative to the achievement of objectives
D.
The acceptable variation relative to the achievement of objectives
Answers
Suggested answer: A

Question 294

Report
Export
Collapse

An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?

A.
Classification of the data
A.
Classification of the data
Answers
B.
Type of device
B.
Type of device
Answers
C.
Remote management capabilities
C.
Remote management capabilities
Answers
D.
Volume of data
D.
Volume of data
Answers
Suggested answer: A

Question 295

Report
Export
Collapse

An organization has four different projects competing for funding to reduce overall IT risk. Which project should management defer?

A.
Project Charlie
A.
Project Charlie
Answers
B.
Project Bravo
B.
Project Bravo
Answers
C.
Project Alpha
C.
Project Alpha
Answers
D.
Project Delta
D.
Project Delta
Answers
Suggested answer: A

Question 296

Report
Export
Collapse

What can be determined from the risk scenario chart?

A.
Relative positions on the risk map
A.
Relative positions on the risk map
Answers
B.
Risk treatment options
B.
Risk treatment options
Answers
C.
Capability of enterprise to implement
C.
Capability of enterprise to implement
Answers
D.
The multiple risk factors addressed by a chosen response
D.
The multiple risk factors addressed by a chosen response
Answers
Suggested answer: A

Question 297

Report
Export
Collapse

As part of an overall IT risk management plan, an IT risk register BEST helps management:

A.
align IT processes with business objectives.
A.
align IT processes with business objectives.
Answers
B.
communicate the enterprise risk management policy.
B.
communicate the enterprise risk management policy.
Answers
C.
stay current with existing control status.
C.
stay current with existing control status.
Answers
D.
understand the organizational risk profile.
D.
understand the organizational risk profile.
Answers
Suggested answer: D

Question 298

Report
Export
Collapse

To help ensure all applicable risk scenarios are incorporated into the risk register, it is MOST important to review the:

A.
risk mitigation approach
A.
risk mitigation approach
Answers
B.
cost-benefit analysis.
B.
cost-benefit analysis.
Answers
C.
risk assessment results.
C.
risk assessment results.
Answers
D.
vulnerability assessment results
D.
vulnerability assessment results
Answers
Suggested answer: C

Question 299

Report
Export
Collapse

An organization has completed a project to implement encryption on all databases that host customer data. Which of the following elements of the risk register should be updated the reflect this change?

A.
Risk likelihood
A.
Risk likelihood
Answers
B.
Inherent risk
B.
Inherent risk
Answers
C.
Risk appetite
C.
Risk appetite
Answers
D.
Risk tolerance
D.
Risk tolerance
Answers
Suggested answer: B

Question 300

Report
Export
Collapse

When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

A.
risk appetite.
A.
risk appetite.
Answers
B.
security policies
B.
security policies
Answers
C.
process maps.
C.
process maps.
Answers
D.
risk tolerance level
D.
risk tolerance level
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms