ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 31

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 301

Report
Export
Collapse

Which of the following key risk indicators (KRIs) is MOST effective for monitoring risk related to a bring your own device (BYOD) program?

A.
Number of users who have signed a BYOD acceptable use policy
A.
Number of users who have signed a BYOD acceptable use policy
Answers
B.
Number of incidents originating from BYOD devices
B.
Number of incidents originating from BYOD devices
Answers
C.
Budget allocated to the BYOD program security controls
C.
Budget allocated to the BYOD program security controls
Answers
D.
Number of devices enrolled in the BYOD program
D.
Number of devices enrolled in the BYOD program
Answers
Suggested answer: D

Question 302

Report
Export
Collapse

Which of the following is the BEST course of action when risk is found to be above the acceptable risk appetite?

A.
Review risk tolerance levels
A.
Review risk tolerance levels
Answers
B.
Maintain the current controls.
B.
Maintain the current controls.
Answers
C.
Analyze the effectiveness of controls.
C.
Analyze the effectiveness of controls.
Answers
D.
Execute the risk response plan
D.
Execute the risk response plan
Answers
Suggested answer: D

Question 303

Report
Export
Collapse

Which of the following is MOST critical to the design of relevant risk scenarios?

A.
The scenarios are based on past incidents.
A.
The scenarios are based on past incidents.
Answers
B.
The scenarios are linked to probable organizational situations.
B.
The scenarios are linked to probable organizational situations.
Answers
C.
The scenarios are mapped to incident management capabilities.
C.
The scenarios are mapped to incident management capabilities.
Answers
D.
The scenarios are aligned with risk management capabilities.
D.
The scenarios are aligned with risk management capabilities.
Answers
Suggested answer: B

Question 304

Report
Export
Collapse

Which of the following BEST indicates that an organizations risk management program is effective?

A.
Fewer security incidents have been reported.
A.
Fewer security incidents have been reported.
Answers
B.
The number of audit findings has decreased.
B.
The number of audit findings has decreased.
Answers
C.
Residual risk is reduced.
C.
Residual risk is reduced.
Answers
D.
inherent risk Is unchanged.
D.
inherent risk Is unchanged.
Answers
Suggested answer: C

Question 305

Report
Export
Collapse

An organization is planning to acquire a new financial system. Which of the following stakeholders would provide the MOST relevant information for analyzing the risk associated with the new IT solution?

A.
Project sponsor
A.
Project sponsor
Answers
B.
Process owner
B.
Process owner
Answers
C.
Risk manager
C.
Risk manager
Answers
D.
Internal auditor
D.
Internal auditor
Answers
Suggested answer: B

Question 306

Report
Export
Collapse

What is the GREATEST concern with maintaining decentralized risk registers instead of a consolidated risk register?

A.
Aggregated risk may exceed the enterprise's risk appetite and tolerance.
A.
Aggregated risk may exceed the enterprise's risk appetite and tolerance.
Answers
B.
Duplicate resources may be used to manage risk registers.
B.
Duplicate resources may be used to manage risk registers.
Answers
C.
Standardization of risk management practices may be difficult to enforce.
C.
Standardization of risk management practices may be difficult to enforce.
Answers
D.
Risk analysis may be inconsistent due to non-uniform impact and likelihood scales.
D.
Risk analysis may be inconsistent due to non-uniform impact and likelihood scales.
Answers
Suggested answer: C

Question 307

Report
Export
Collapse

Which of the following is the PRIMARY role of the board of directors in corporate risk governance?

A.
Approving operational strategies and objectives
A.
Approving operational strategies and objectives
Answers
B.
Monitoring the results of actions taken to mitigate risk
B.
Monitoring the results of actions taken to mitigate risk
Answers
C.
Ensuring the effectiveness of the risk management program
C.
Ensuring the effectiveness of the risk management program
Answers
D.
Ensuring risk scenarios are identified and recorded in the risk register
D.
Ensuring risk scenarios are identified and recorded in the risk register
Answers
Suggested answer: C

Question 308

Report
Export
Collapse

Which of the following BEST contributes to the implementation of an effective risk response action plan?

A.
An IT tactical plan
A.
An IT tactical plan
Answers
B.
Disaster recovery and continuity testing
B.
Disaster recovery and continuity testing
Answers
C.
Assigned roles and responsibilities
C.
Assigned roles and responsibilities
Answers
D.
A business impact analysis
D.
A business impact analysis
Answers
Suggested answer: C

Question 309

Report
Export
Collapse

Which of the following would be the BEST justification to invest in the development of a governance, risk, and compliance (GRC) solution?

A.
Facilitating risk-aware decision making by stakeholders
A.
Facilitating risk-aware decision making by stakeholders
Answers
B.
Demonstrating management commitment to mitigate risk
B.
Demonstrating management commitment to mitigate risk
Answers
C.
Closing audit findings on a timely basis
C.
Closing audit findings on a timely basis
Answers
D.
Ensuring compliance to industry standards
D.
Ensuring compliance to industry standards
Answers
Suggested answer: A

Question 310

Report
Export
Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability management process?

A.
Percentage of vulnerabilities remediated within the agreed service level
A.
Percentage of vulnerabilities remediated within the agreed service level
Answers
B.
Number of vulnerabilities identified during the period
B.
Number of vulnerabilities identified during the period
Answers
C.
Number of vulnerabilities re-opened during the period
C.
Number of vulnerabilities re-opened during the period
Answers
D.
Percentage of vulnerabilities escalated to senior management
D.
Percentage of vulnerabilities escalated to senior management
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms