ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 34

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?

Question 331

Report
Export
Collapse

Which of the following will BEST help an organization evaluate the control environment of several third-party vendors?

A.
Review vendors' internal risk assessments covering key risk and controls.
A.
Review vendors' internal risk assessments covering key risk and controls.
Answers
B.
Obtain independent control reports from high-risk vendors.
B.
Obtain independent control reports from high-risk vendors.
Answers
C.
Review vendors performance metrics on quality and delivery of processes.
C.
Review vendors performance metrics on quality and delivery of processes.
Answers
D.
Obtain vendor references from third parties.
D.
Obtain vendor references from third parties.
Answers
Suggested answer: B

Question 332

Report
Export
Collapse

When prioritizing risk response, management should FIRST:

A.
evaluate the organization s ability and expertise to implement the solution.
A.
evaluate the organization s ability and expertise to implement the solution.
Answers
B.
evaluate the risk response of similar organizations.
B.
evaluate the risk response of similar organizations.
Answers
C.
address high risk factors that have efficient and effective solutions.
C.
address high risk factors that have efficient and effective solutions.
Answers
D.
determine which risk factors have high remediation costs
D.
determine which risk factors have high remediation costs
Answers
Suggested answer: C

Question 333

Report
Export
Collapse

An audit reveals that there are changes in the environment that are not reflected in the risk profile. Which of the following is the BEST course of action?

A.
Review the risk identification process.
A.
Review the risk identification process.
Answers
B.
Inform the risk scenario owners.
B.
Inform the risk scenario owners.
Answers
C.
Create a risk awareness communication plan.
C.
Create a risk awareness communication plan.
Answers
D.
Update the risk register.
D.
Update the risk register.
Answers
Suggested answer: A

Question 334

Report
Export
Collapse

Which of the following is the MAIN reason for analyzing risk scenarios?

A.
Identifying additional risk scenarios
A.
Identifying additional risk scenarios
Answers
B.
Updating the heat map
B.
Updating the heat map
Answers
C.
Assessing loss expectancy
C.
Assessing loss expectancy
Answers
D.
Establishing a risk appetite
D.
Establishing a risk appetite
Answers
Suggested answer: C

Question 335

Report
Export
Collapse

Which of the following is MOST commonly compared against the risk appetite?

A.
IT risk
A.
IT risk
Answers
B.
Inherent risk
B.
Inherent risk
Answers
C.
Financial risk
C.
Financial risk
Answers
D.
Residual risk
D.
Residual risk
Answers
Suggested answer: D

Question 336

Report
Export
Collapse

An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?

A.
Enforce criminal background checks.
A.
Enforce criminal background checks.
Answers
B.
Mask customer data fields.
B.
Mask customer data fields.
Answers
C.
Require vendor to sign a confidentiality agreement.
C.
Require vendor to sign a confidentiality agreement.
Answers
D.
Restrict access to customer data on a 'need to know'' basis.
D.
Restrict access to customer data on a 'need to know'' basis.
Answers
Suggested answer: D

Question 337

Report
Export
Collapse

The MAIN purpose of having a documented risk profile is to:

A.
comply with external and internal requirements.
A.
comply with external and internal requirements.
Answers
B.
enable well-informed decision making.
B.
enable well-informed decision making.
Answers
C.
prioritize investment projects.
C.
prioritize investment projects.
Answers
D.
keep the risk register up-to-date.
D.
keep the risk register up-to-date.
Answers
Suggested answer: B

Question 338

Report
Export
Collapse

Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?

A.
Quantitative analysis might not be possible.
A.
Quantitative analysis might not be possible.
Answers
B.
Risk factors might not be relevant to the organization
B.
Risk factors might not be relevant to the organization
Answers
C.
Implementation costs might increase.
C.
Implementation costs might increase.
Answers
D.
Inherent risk might not be considered.
D.
Inherent risk might not be considered.
Answers
Suggested answer: B

Question 339

Report
Export
Collapse

Which of the following activities should be performed FIRST when establishing IT risk management processes?

A.
Collect data of past incidents and lessons learned.
A.
Collect data of past incidents and lessons learned.
Answers
B.
Conduct a high-level risk assessment based on the nature of business.
B.
Conduct a high-level risk assessment based on the nature of business.
Answers
C.
Identify the risk appetite of the organization.
C.
Identify the risk appetite of the organization.
Answers
D.
Assess the goals and culture of the organization.
D.
Assess the goals and culture of the organization.
Answers
Suggested answer: D

Question 340

Report
Export
Collapse

An organization has introduced risk ownership to establish clear accountability for each process. To ensure effective risk ownership, it is MOST important that:

A.
senior management has oversight of the process.
A.
senior management has oversight of the process.
Answers
B.
process ownership aligns with IT system ownership.
B.
process ownership aligns with IT system ownership.
Answers
C.
segregation of duties exists between risk and process owners.
C.
segregation of duties exists between risk and process owners.
Answers
D.
risk owners have decision-making authority.
D.
risk owners have decision-making authority.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms