ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 33

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 321

Report
Export
Collapse

Which of the following would BEST help identify the owner for each risk scenario in a risk register?

A.
Determining which departments contribute most to risk
A.
Determining which departments contribute most to risk
Answers
B.
Allocating responsibility for risk factors equally to asset owners
B.
Allocating responsibility for risk factors equally to asset owners
Answers
C.
Mapping identified risk factors to specific business processes
C.
Mapping identified risk factors to specific business processes
Answers
D.
Determining resource dependency of assets
D.
Determining resource dependency of assets
Answers
Suggested answer: C

Question 322

Report
Export
Collapse

A key risk indicator (KRI) indicates a reduction in the percentage of appropriately patched servers. Which of the following is the risk practitioner's BEST course of action?

A.
Determine changes in the risk level.
A.
Determine changes in the risk level.
Answers
B.
Outsource the vulnerability management process.
B.
Outsource the vulnerability management process.
Answers
C.
Review the patch management process.
C.
Review the patch management process.
Answers
D.
Add agenda item to the next risk committee meeting.
D.
Add agenda item to the next risk committee meeting.
Answers
Suggested answer: C

Question 323

Report
Export
Collapse

Implementing which of the following will BEST help ensure that systems comply with an established baseline before deployment?

A.
Vulnerability scanning
A.
Vulnerability scanning
Answers
B.
Continuous monitoring and alerting
B.
Continuous monitoring and alerting
Answers
C.
Configuration management
C.
Configuration management
Answers
D.
Access controls and active logging
D.
Access controls and active logging
Answers
Suggested answer: C

Question 324

Report
Export
Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of an anti-virus program?

A.
Frequency of anti-virus software updates
A.
Frequency of anti-virus software updates
Answers
B.
Number of alerts generated by the anti-virus software
B.
Number of alerts generated by the anti-virus software
Answers
C.
Number of false positives detected over a period of time
C.
Number of false positives detected over a period of time
Answers
D.
Percentage of IT assets with current malware definitions
D.
Percentage of IT assets with current malware definitions
Answers
Suggested answer: C

Question 325

Report
Export
Collapse

During the control evaluation phase of a risk assessment, it is noted that multiple controls are ineffective. Which of the following should be the risk practitioner's FIRST course of action?

A.
Recommend risk remediation of the ineffective controls.
A.
Recommend risk remediation of the ineffective controls.
Answers
B.
Compare the residual risk to the current risk appetite.
B.
Compare the residual risk to the current risk appetite.
Answers
C.
Determine the root cause of the control failures.
C.
Determine the root cause of the control failures.
Answers
D.
Escalate the control failures to senior management.
D.
Escalate the control failures to senior management.
Answers
Suggested answer: C

Question 326

Report
Export
Collapse

Performing a background check on a new employee candidate before hiring is an example of what type of control?

A.
Detective
A.
Detective
Answers
B.
Compensating
B.
Compensating
Answers
C.
Corrective
C.
Corrective
Answers
D.
Preventive
D.
Preventive
Answers
Suggested answer: C

Question 327

Report
Export
Collapse

When reporting risk assessment results to senior management, which of the following is MOST important to include to enable risk-based decision making?

A.
Risk action plans and associated owners
A.
Risk action plans and associated owners
Answers
B.
Recent audit and self-assessment results
B.
Recent audit and self-assessment results
Answers
C.
Potential losses compared to treatment cost
C.
Potential losses compared to treatment cost
Answers
D.
A list of assets exposed to the highest risk
D.
A list of assets exposed to the highest risk
Answers
Suggested answer: A

Question 328

Report
Export
Collapse

A business unit has decided to accept the risk of implementing an off-the-shelf, commercial software package that uses weak password controls. The BEST course of action would be to:

A.
obtain management approval for policy exception.
A.
obtain management approval for policy exception.
Answers
B.
develop an improved password software routine.
B.
develop an improved password software routine.
Answers
C.
select another application with strong password controls.
C.
select another application with strong password controls.
Answers
D.
continue the implementation with no changes.
D.
continue the implementation with no changes.
Answers
Suggested answer: B

Question 329

Report
Export
Collapse

Which of the following is the BEST way for a risk practitioner to verify that management has addressed control issues identified during a previous external audit?

A.
Interview control owners.
A.
Interview control owners.
Answers
B.
Observe the control enhancements in operation.
B.
Observe the control enhancements in operation.
Answers
C.
Inspect external audit documentation.
C.
Inspect external audit documentation.
Answers
D.
Review management's detailed action plans.
D.
Review management's detailed action plans.
Answers
Suggested answer: B

Question 330

Report
Export
Collapse

Who is accountable for risk treatment?

A.
Enterprise risk management team
A.
Enterprise risk management team
Answers
B.
Risk mitigation manager
B.
Risk mitigation manager
Answers
C.
Business process owner
C.
Business process owner
Answers
D.
Risk owner
D.
Risk owner
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms