ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 38

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?

Question 371

Report
Export
Collapse

Which of the following IT key risk indicators (KRIs) provides management with the BEST feedback on IT capacity?

A.
Trends in IT resource usage
A.
Trends in IT resource usage
Answers
B.
Trends in IT maintenance costs
B.
Trends in IT maintenance costs
Answers
C.
Increased resource availability
C.
Increased resource availability
Answers
D.
Increased number of incidents
D.
Increased number of incidents
Answers
Suggested answer: A

Question 372

Report
Export
Collapse

A risk owner has accepted a high-impact risk because the control was adversely affecting process efficiency. Before updating the risk register, it is MOST important for the risk practitioner to:

A.
ensure suitable insurance coverage is purchased.
A.
ensure suitable insurance coverage is purchased.
Answers
B.
negotiate with the risk owner on control efficiency.
B.
negotiate with the risk owner on control efficiency.
Answers
C.
reassess the risk to confirm the impact.
C.
reassess the risk to confirm the impact.
Answers
D.
obtain approval from senior management.
D.
obtain approval from senior management.
Answers
Suggested answer: D

Question 373

Report
Export
Collapse

Controls should be defined during the design phase of system development because:

A.
it is more cost-effective to determine controls in the early design phase.
A.
it is more cost-effective to determine controls in the early design phase.
Answers
B.
structured analysis techniques exclude identification of controls.
B.
structured analysis techniques exclude identification of controls.
Answers
C.
structured programming techniques require that controls be designed before coding begins.
C.
structured programming techniques require that controls be designed before coding begins.
Answers
D.
technical specifications are defined during this phase.
D.
technical specifications are defined during this phase.
Answers
Suggested answer: A

Question 374

Report
Export
Collapse

Which of the following would present the GREATEST challenge when assigning accountability for control ownership?

A.
Weak governance structures
A.
Weak governance structures
Answers
B.
Senior management scrutiny
B.
Senior management scrutiny
Answers
C.
Complex regulatory environment
C.
Complex regulatory environment
Answers
D.
Unclear reporting relationships
D.
Unclear reporting relationships
Answers
Suggested answer: D

Question 375

Report
Export
Collapse

Which of the following would MOST likely result in updates to an IT risk appetite statement?

A.
External audit findings
A.
External audit findings
Answers
B.
Feedback from focus groups
B.
Feedback from focus groups
Answers
C.
Self-assessment reports
C.
Self-assessment reports
Answers
D.
Changes in senior management
D.
Changes in senior management
Answers
Suggested answer: D

Question 376

Report
Export
Collapse

The risk associated with a high-risk vulnerability in an application is owned by the:

A.
security department.
A.
security department.
Answers
B.
business unit
B.
business unit
Answers
C.
vendor.
C.
vendor.
Answers
D.
IT department.
D.
IT department.
Answers
Suggested answer: B

Question 377

Report
Export
Collapse

An organization's internal audit department is considering the implementation of robotics process automation (RPA) to automate certain continuous auditing tasks. Who would own the risk associated with ineffective design of the software bots?

A.
Lead auditor
A.
Lead auditor
Answers
B.
Project manager
B.
Project manager
Answers
C.
Chief audit executive (CAE)
C.
Chief audit executive (CAE)
Answers
D.
Chief information officer (CIO)
D.
Chief information officer (CIO)
Answers
Suggested answer: C

Question 378

Report
Export
Collapse

Which of the following BEST helps to identify significant events that could impact an organization?

Vulnerability analysis

A.
Control analysis
A.
Control analysis
Answers
B.
Scenario analysis
B.
Scenario analysis
Answers
C.
Heat map analysis
C.
Heat map analysis
Answers
Suggested answer: C

Question 379

Report
Export
Collapse

Which of the following is the BEST key performance indicator (KPI) for determining how well an IT policy is aligned to business requirements?

A.
Total cost to support the policy
A.
Total cost to support the policy
Answers
B.
Number of exceptions to the policy
B.
Number of exceptions to the policy
Answers
C.
Total cost of policy breaches
C.
Total cost of policy breaches
Answers
D.
Number of inquiries regarding the policy
D.
Number of inquiries regarding the policy
Answers
Suggested answer: C

Question 380

Report
Export
Collapse

Which of the following provides the BEST evidence that risk mitigation plans have been implemented effectively?

A.
Self-assessments by process owners
A.
Self-assessments by process owners
Answers
B.
Mitigation plan progress reports
B.
Mitigation plan progress reports
Answers
C.
Risk owner attestation
C.
Risk owner attestation
Answers
D.
Change in the level of residual risk
D.
Change in the level of residual risk
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms