ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 36

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?

Question 351

Report
Export
Collapse

The BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability remediation program is the number of:

A.
vulnerability scans.
A.
vulnerability scans.
Answers
B.
recurring vulnerabilities.
B.
recurring vulnerabilities.
Answers
C.
vulnerabilities remediated,
C.
vulnerabilities remediated,
Answers
D.
new vulnerabilities identified.
D.
new vulnerabilities identified.
Answers
Suggested answer: C

Question 352

Report
Export
Collapse

Which of the following should a risk practitioner do FIRST when an organization decides to use a cloud service?

A.
Review the vendor selection process and vetting criteria.
A.
Review the vendor selection process and vetting criteria.
Answers
B.
Assess whether use of service falls within risk tolerance thresholds.
B.
Assess whether use of service falls within risk tolerance thresholds.
Answers
C.
Establish service level agreements (SLAs) with the vendor.
C.
Establish service level agreements (SLAs) with the vendor.
Answers
D.
Check the contract for appropriate security risk and control provisions.
D.
Check the contract for appropriate security risk and control provisions.
Answers
Suggested answer: D

Question 353

Report
Export
Collapse

Which of the following would BEST help secure online financial transactions from improper users?

A.
Review of log-in attempts
A.
Review of log-in attempts
Answers
B.
Multi-level authorization
B.
Multi-level authorization
Answers
C.
Periodic review of audit trails
C.
Periodic review of audit trails
Answers
D.
Multi-factor authentication
D.
Multi-factor authentication
Answers
Suggested answer: D

Question 354

Report
Export
Collapse

The purpose of requiring source code escrow in a contractual agreement is to:

A.
ensure that the source code is valid and exists.
A.
ensure that the source code is valid and exists.
Answers
B.
ensure that the source code is available if the vendor ceases to exist.
B.
ensure that the source code is available if the vendor ceases to exist.
Answers
C.
review the source code for adequacy of controls.
C.
review the source code for adequacy of controls.
Answers
D.
ensure the source code is available when bugs occur.
D.
ensure the source code is available when bugs occur.
Answers
Suggested answer: B

Question 355

Report
Export
Collapse

Which of the following is the BEST indication of the effectiveness of a business continuity program?

A.
Business continuity tests are performed successfully and issues are addressed.
A.
Business continuity tests are performed successfully and issues are addressed.
Answers
B.
Business impact analyses are reviewed and updated in a timely manner.
B.
Business impact analyses are reviewed and updated in a timely manner.
Answers
C.
Business continuity and disaster recovery plans are regularly updated.
C.
Business continuity and disaster recovery plans are regularly updated.
Answers
D.
Business units are familiar with the business continuity plans and process.
D.
Business units are familiar with the business continuity plans and process.
Answers
Suggested answer: A

Question 356

Report
Export
Collapse

When reviewing a risk response strategy, senior management's PRIMARY focus should be placed on the:

A.
cost-benefit analysis.
A.
cost-benefit analysis.
Answers
B.
investment portfolio.
B.
investment portfolio.
Answers
C.
key performance indicators (KPIs).
C.
key performance indicators (KPIs).
Answers
D.
alignment with risk appetite.
D.
alignment with risk appetite.
Answers
Suggested answer: D

Question 357

Report
Export
Collapse

An organization's financial analysis department uses an in-house forecasting application for business projections. Who is responsible for defining access roles to protect the sensitive data within this application?

A.
IT risk manager
A.
IT risk manager
Answers
B.
IT system owner
B.
IT system owner
Answers
C.
Information security manager
C.
Information security manager
Answers
D.
Business owner
D.
Business owner
Answers
Suggested answer: D

Question 358

Report
Export
Collapse

Which of the following is MOST important for an organization that wants to reduce IT operational risk?

A.
Increasing senior management's understanding of IT operations
A.
Increasing senior management's understanding of IT operations
Answers
B.
Increasing the frequency of data backups
B.
Increasing the frequency of data backups
Answers
C.
Minimizing complexity of IT infrastructure
C.
Minimizing complexity of IT infrastructure
Answers
D.
Decentralizing IT infrastructure
D.
Decentralizing IT infrastructure
Answers
Suggested answer: C

Question 359

Report
Export
Collapse

Which of the following should be a risk practitioner's NEXT action after identifying a high probability of data loss in a system?

A.
Enhance the security awareness program.
A.
Enhance the security awareness program.
Answers
B.
Increase the frequency of incident reporting.
B.
Increase the frequency of incident reporting.
Answers
C.
Purchase cyber insurance from a third party.
C.
Purchase cyber insurance from a third party.
Answers
D.
Conduct a control assessment.
D.
Conduct a control assessment.
Answers
Suggested answer: D

Question 360

Report
Export
Collapse

Which of the following is the MOST important consideration when determining whether to accept residual risk after security controls have been implemented on a critical system?

A.
Cost versus benefit of additional mitigating controls
A.
Cost versus benefit of additional mitigating controls
Answers
B.
Annualized loss expectancy (ALE) for the system
B.
Annualized loss expectancy (ALE) for the system
Answers
C.
Frequency of business impact
C.
Frequency of business impact
Answers
D.
Cost of the Information control system
D.
Cost of the Information control system
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms