ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 31

Add to Whishlist

List of questions

Question 301

Report Export Collapse

Which of the following key risk indicators (KRIs) is MOST effective for monitoring risk related to a bring your own device (BYOD) program?

Number of users who have signed a BYOD acceptable use policy
Number of users who have signed a BYOD acceptable use policy
Number of incidents originating from BYOD devices
Number of incidents originating from BYOD devices
Budget allocated to the BYOD program security controls
Budget allocated to the BYOD program security controls
Number of devices enrolled in the BYOD program
Number of devices enrolled in the BYOD program
Suggested answer: D
asked 18/09/2024
Kareem Dadoul
53 questions

Question 302

Report Export Collapse

Which of the following is the BEST course of action when risk is found to be above the acceptable risk appetite?

Review risk tolerance levels
Review risk tolerance levels
Maintain the current controls.
Maintain the current controls.
Analyze the effectiveness of controls.
Analyze the effectiveness of controls.
Execute the risk response plan
Execute the risk response plan
Suggested answer: D
asked 18/09/2024
alvaro Vasconcelos
41 questions

Question 303

Report Export Collapse

Which of the following is MOST critical to the design of relevant risk scenarios?

The scenarios are based on past incidents.
The scenarios are based on past incidents.
The scenarios are linked to probable organizational situations.
The scenarios are linked to probable organizational situations.
The scenarios are mapped to incident management capabilities.
The scenarios are mapped to incident management capabilities.
The scenarios are aligned with risk management capabilities.
The scenarios are aligned with risk management capabilities.
Suggested answer: B
asked 18/09/2024
Khaled Mohamed Abdraboh Metwalli
37 questions

Question 304

Report Export Collapse

Which of the following BEST indicates that an organizations risk management program is effective?

Fewer security incidents have been reported.
Fewer security incidents have been reported.
The number of audit findings has decreased.
The number of audit findings has decreased.
Residual risk is reduced.
Residual risk is reduced.
inherent risk Is unchanged.
inherent risk Is unchanged.
Suggested answer: C
asked 18/09/2024
Newton Vela
50 questions

Question 305

Report Export Collapse

An organization is planning to acquire a new financial system. Which of the following stakeholders would provide the MOST relevant information for analyzing the risk associated with the new IT solution?

Project sponsor
Project sponsor
Process owner
Process owner
Risk manager
Risk manager
Internal auditor
Internal auditor
Suggested answer: B
asked 18/09/2024
Melvin Bruijnaers
37 questions

Question 306

Report Export Collapse

What is the GREATEST concern with maintaining decentralized risk registers instead of a consolidated risk register?

Aggregated risk may exceed the enterprise's risk appetite and tolerance.
Aggregated risk may exceed the enterprise's risk appetite and tolerance.
Duplicate resources may be used to manage risk registers.
Duplicate resources may be used to manage risk registers.
Standardization of risk management practices may be difficult to enforce.
Standardization of risk management practices may be difficult to enforce.
Risk analysis may be inconsistent due to non-uniform impact and likelihood scales.
Risk analysis may be inconsistent due to non-uniform impact and likelihood scales.
Suggested answer: C
asked 18/09/2024
Jordan Arribas Aranda
39 questions

Question 307

Report Export Collapse

Which of the following is the PRIMARY role of the board of directors in corporate risk governance?

Approving operational strategies and objectives
Approving operational strategies and objectives
Monitoring the results of actions taken to mitigate risk
Monitoring the results of actions taken to mitigate risk
Ensuring the effectiveness of the risk management program
Ensuring the effectiveness of the risk management program
Ensuring risk scenarios are identified and recorded in the risk register
Ensuring risk scenarios are identified and recorded in the risk register
Suggested answer: C
asked 18/09/2024
Sergey Aleksandrov
58 questions

Question 308

Report Export Collapse

Which of the following BEST contributes to the implementation of an effective risk response action plan?

An IT tactical plan
An IT tactical plan
Disaster recovery and continuity testing
Disaster recovery and continuity testing
Assigned roles and responsibilities
Assigned roles and responsibilities
A business impact analysis
A business impact analysis
Suggested answer: C
asked 18/09/2024
Lampros Diamantopoulos
36 questions

Question 309

Report Export Collapse

Which of the following would be the BEST justification to invest in the development of a governance, risk, and compliance (GRC) solution?

Facilitating risk-aware decision making by stakeholders
Facilitating risk-aware decision making by stakeholders
Demonstrating management commitment to mitigate risk
Demonstrating management commitment to mitigate risk
Closing audit findings on a timely basis
Closing audit findings on a timely basis
Ensuring compliance to industry standards
Ensuring compliance to industry standards
Suggested answer: A
asked 18/09/2024
Marcin Weglarski
39 questions

Question 310

Report Export Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability management process?

Percentage of vulnerabilities remediated within the agreed service level
Percentage of vulnerabilities remediated within the agreed service level
Number of vulnerabilities identified during the period
Number of vulnerabilities identified during the period
Number of vulnerabilities re-opened during the period
Number of vulnerabilities re-opened during the period
Percentage of vulnerabilities escalated to senior management
Percentage of vulnerabilities escalated to senior management
Suggested answer: A
asked 18/09/2024
Albert Hidalgo Bassons
49 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?