ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 35

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?

Question 341

Report
Export
Collapse

After mapping generic risk scenarios to organizational security policies, the NEXT course of action should be to:

A.
record risk scenarios in the risk register for analysis.
A.
record risk scenarios in the risk register for analysis.
Answers
B.
validate the risk scenarios for business applicability.
B.
validate the risk scenarios for business applicability.
Answers
C.
reduce the number of risk scenarios to a manageable set.
C.
reduce the number of risk scenarios to a manageable set.
Answers
D.
perform a risk analysis on the risk scenarios.
D.
perform a risk analysis on the risk scenarios.
Answers
Suggested answer: B

Question 342

Report
Export
Collapse

Which of the following is MOST likely to be impacted as a result of a new policy which allows staff members to remotely connect to the organization's IT systems via personal or public computers?

A.
Risk appetite
A.
Risk appetite
Answers
B.
Inherent risk
B.
Inherent risk
Answers
C.
Key risk indicator (KRI)
C.
Key risk indicator (KRI)
Answers
D.
Risk tolerance
D.
Risk tolerance
Answers
Suggested answer: B

Question 343

Report
Export
Collapse

Which of the following MUST be assessed before considering risk treatment options for a scenario with significant impact?

A.
Risk magnitude
A.
Risk magnitude
Answers
B.
Incident probability
B.
Incident probability
Answers
C.
Risk appetite
C.
Risk appetite
Answers
D.
Cost-benefit analysis
D.
Cost-benefit analysis
Answers
Suggested answer: D

Question 344

Report
Export
Collapse

The PRIMARY goal of a risk management program is to:

A.
facilitate resource availability.
A.
facilitate resource availability.
Answers
B.
help ensure objectives are met.
B.
help ensure objectives are met.
Answers
C.
safeguard corporate assets.
C.
safeguard corporate assets.
Answers
D.
help prevent operational losses.
D.
help prevent operational losses.
Answers
Suggested answer: D

Question 345

Report
Export
Collapse

Which of the following is the BEST way to determine software license compliance?

A.
List non-compliant systems in the risk register.
A.
List non-compliant systems in the risk register.
Answers
B.
Conduct periodic compliance reviews.
B.
Conduct periodic compliance reviews.
Answers
C.
Review whistlebtower reports of noncompliance.
C.
Review whistlebtower reports of noncompliance.
Answers
D.
Monitor user software download activity.
D.
Monitor user software download activity.
Answers
Suggested answer: B

Question 346

Report
Export
Collapse

An organization has outsourced its lease payment process to a service provider who lacks evidence of compliance with a necessary regulatory standard. Which risk treatment was adopted by the organization?

A.
Acceptance
A.
Acceptance
Answers
B.
Transfer
B.
Transfer
Answers
C.
Mitigation
C.
Mitigation
Answers
D.
Avoidance
D.
Avoidance
Answers
Suggested answer: A

Question 347

Report
Export
Collapse

Which of the following indicates an organization follows IT risk management best practice?

A.
The risk register template uses an industry standard.
A.
The risk register template uses an industry standard.
Answers
B.
The risk register is regularly updated.
B.
The risk register is regularly updated.
Answers
C.
All fields in the risk register have been completed.
C.
All fields in the risk register have been completed.
Answers
D.
Controls are listed against risk entries in the register.
D.
Controls are listed against risk entries in the register.
Answers
Suggested answer: A

Question 348

Report
Export
Collapse

Which of the following should be the MAIN consideration when validating an organization's risk appetite?

A.
Comparison against regulations
A.
Comparison against regulations
Answers
B.
Maturity of the risk culture
B.
Maturity of the risk culture
Answers
C.
Capacity to withstand loss
C.
Capacity to withstand loss
Answers
D.
Cost of risk mitigation options
D.
Cost of risk mitigation options
Answers
Suggested answer: B

Question 349

Report
Export
Collapse

Which of the following is the BEST way to promote adherence to the risk tolerance level set by management?

A.
Defining expectations in the enterprise risk policy
A.
Defining expectations in the enterprise risk policy
Answers
B.
Increasing organizational resources to mitigate risks
B.
Increasing organizational resources to mitigate risks
Answers
C.
Communicating external audit results
C.
Communicating external audit results
Answers
D.
Avoiding risks that could materialize into substantial losses
D.
Avoiding risks that could materialize into substantial losses
Answers
Suggested answer: A

Question 350

Report
Export
Collapse

A software developer has administrative access to a production application. Which of the following should be of GREATEST concern to a risk practitioner?

A.
The administrative access does not allow for activity log monitoring.
A.
The administrative access does not allow for activity log monitoring.
Answers
B.
The administrative access does not follow password management protocols.
B.
The administrative access does not follow password management protocols.
Answers
C.
The administrative access represents a deviation from corporate policy.
C.
The administrative access represents a deviation from corporate policy.
Answers
D.
The administrative access represents a segregation of duties conflict.
D.
The administrative access represents a segregation of duties conflict.
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms