ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 32

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 311

Report
Export
Collapse

An organization has engaged a third party to provide an Internet gateway encryption service that protects sensitive data uploaded to a cloud service. This is an example of risk:

A.
mitigation.
A.
mitigation.
Answers
B.
avoidance.
B.
avoidance.
Answers
C.
transfer.
C.
transfer.
Answers
D.
acceptance.
D.
acceptance.
Answers
Suggested answer: A

Question 312

Report
Export
Collapse

An IT license audit has revealed that there are several unlicensed copies of co be to:

A.
immediately uninstall the unlicensed software from the laptops
A.
immediately uninstall the unlicensed software from the laptops
Answers
B.
centralize administration rights on laptops so that installations are controlled
B.
centralize administration rights on laptops so that installations are controlled
Answers
C.
report the issue to management so appropriate action can be taken.
C.
report the issue to management so appropriate action can be taken.
Answers
D.
procure the requisite licenses for the software to minimize business impact.
D.
procure the requisite licenses for the software to minimize business impact.
Answers
Suggested answer: B

Question 313

Report
Export
Collapse

Which of the following conditions presents the GREATEST risk to an application?

A.
Application controls are manual.
A.
Application controls are manual.
Answers
B.
Application development is outsourced.
B.
Application development is outsourced.
Answers
C.
Source code is escrowed.
C.
Source code is escrowed.
Answers
D.
Developers have access to production environment.
D.
Developers have access to production environment.
Answers
Suggested answer: D

Question 314

Report
Export
Collapse

The annualized loss expectancy (ALE) method of risk analysis:

A.
helps in calculating the expected cost of controls
A.
helps in calculating the expected cost of controls
Answers
B.
uses qualitative risk rankings such as low. medium and high.
B.
uses qualitative risk rankings such as low. medium and high.
Answers
C.
can be used m a cost-benefit analysts
C.
can be used m a cost-benefit analysts
Answers
D.
can be used to determine the indirect business impact.
D.
can be used to determine the indirect business impact.
Answers
Suggested answer: C

Question 315

Report
Export
Collapse

During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?

A.
Communicate the decision to the risk owner for approval
A.
Communicate the decision to the risk owner for approval
Answers
B.
Seek approval from the previous action plan manager.
B.
Seek approval from the previous action plan manager.
Answers
C.
Identify an owner for the new control.
C.
Identify an owner for the new control.
Answers
D.
Modify the action plan in the risk register.
D.
Modify the action plan in the risk register.
Answers
Suggested answer: A

Question 316

Report
Export
Collapse

The GREATEST concern when maintaining a risk register is that:

A.
impacts are recorded in qualitative terms.
A.
impacts are recorded in qualitative terms.
Answers
B.
executive management does not perform periodic reviews.
B.
executive management does not perform periodic reviews.
Answers
C.
IT risk is not linked with IT assets.
C.
IT risk is not linked with IT assets.
Answers
D.
significant changes in risk factors are excluded.
D.
significant changes in risk factors are excluded.
Answers
Suggested answer: D

Question 317

Report
Export
Collapse

Which of the following is the BEST way to support communication of emerging risk?

A.
Update residual risk levels to reflect the expected risk impact.
A.
Update residual risk levels to reflect the expected risk impact.
Answers
B.
Adjust inherent risk levels upward.
B.
Adjust inherent risk levels upward.
Answers
C.
Include it on the next enterprise risk committee agenda.
C.
Include it on the next enterprise risk committee agenda.
Answers
D.
Include it in the risk register for ongoing monitoring.
D.
Include it in the risk register for ongoing monitoring.
Answers
Suggested answer: D

Question 318

Report
Export
Collapse

Which of the following is the BEST indication that an organization's risk management program has not reached the desired maturity level?

A.
Significant increases in risk mitigation budgets
A.
Significant increases in risk mitigation budgets
Answers
B.
Large fluctuations in risk ratings between assessments
B.
Large fluctuations in risk ratings between assessments
Answers
C.
A steady increase in the time to recover from incidents
C.
A steady increase in the time to recover from incidents
Answers
D.
A large number of control exceptions
D.
A large number of control exceptions
Answers
Suggested answer: B

Question 319

Report
Export
Collapse

An IT organization is replacing the customer relationship management (CRM) system. Who should own the risk associated with customer data leakage caused by insufficient IT security controls for the new system?

A.
Chief information security officer
A.
Chief information security officer
Answers
B.
Business process owner
B.
Business process owner
Answers
C.
Chief risk officer
C.
Chief risk officer
Answers
D.
IT controls manager
D.
IT controls manager
Answers
Suggested answer: B

Question 320

Report
Export
Collapse

Which of the following provides the MOST important information to facilitate a risk response decision?

A.
Audit findings
A.
Audit findings
Answers
B.
Risk appetite
B.
Risk appetite
Answers
C.
Key risk indicators
C.
Key risk indicators
Answers
D.
Industry best practices
D.
Industry best practices
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms