ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 39

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?

Question 381

Report
Export
Collapse

Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?

A.
Providing oversight of risk management processes
A.
Providing oversight of risk management processes
Answers
B.
Implementing processes to detect and deter fraud
B.
Implementing processes to detect and deter fraud
Answers
C.
Ensuring that risk and control assessments consider fraud
C.
Ensuring that risk and control assessments consider fraud
Answers
D.
Monitoring the results of actions taken to mitigate fraud
D.
Monitoring the results of actions taken to mitigate fraud
Answers
Suggested answer: B

Question 382

Report
Export
Collapse

Mapping open risk issues to an enterprise risk heat map BEST facilitates:

A.
risk response.
A.
risk response.
Answers
B.
control monitoring.
B.
control monitoring.
Answers
C.
risk identification.
C.
risk identification.
Answers
D.
risk ownership.
D.
risk ownership.
Answers
Suggested answer: A

Question 383

Report
Export
Collapse

Which of the following BEST enables the risk profile to serve as an effective resource to support business objectives?

A.
Engaging external risk professionals to periodically review the risk
A.
Engaging external risk professionals to periodically review the risk
Answers
B.
Prioritizing global standards over local requirements in the risk profile
B.
Prioritizing global standards over local requirements in the risk profile
Answers
C.
Updating the risk profile with risk assessment results
C.
Updating the risk profile with risk assessment results
Answers
D.
Assigning quantitative values to qualitative metrics in the risk register
D.
Assigning quantitative values to qualitative metrics in the risk register
Answers
Suggested answer: C

Question 384

Report
Export
Collapse

Which of the following will BEST ensure that information security risk factors are mitigated when developing in-house applications?

A.
Identify information security controls in the requirements analysis
A.
Identify information security controls in the requirements analysis
Answers
B.
Identify key risk indicators (KRIs) as process output.
B.
Identify key risk indicators (KRIs) as process output.
Answers
C.
Design key performance indicators (KPIs) for security in system specifications.
C.
Design key performance indicators (KPIs) for security in system specifications.
Answers
D.
Include information security control specifications in business cases.
D.
Include information security control specifications in business cases.
Answers
Suggested answer: D

Question 385

Report
Export
Collapse

An organization has identified that terminated employee accounts are not disabled or deleted within the time required by corporate policy. Unsure of the reason, the organization has decided to monitor the situation for three months to obtain more information. As a result of this decision, the risk has been:

A.
avoided.
A.
avoided.
Answers
B.
accepted.
B.
accepted.
Answers
C.
mitigated.
C.
mitigated.
Answers
D.
transferred.
D.
transferred.
Answers
Suggested answer: B

Question 386

Report
Export
Collapse

Which of the following is MOST effective in continuous risk management process improvement?

A.
Periodic assessments
A.
Periodic assessments
Answers
B.
Change management
B.
Change management
Answers
C.
Awareness training
C.
Awareness training
Answers
D.
Policy updates
D.
Policy updates
Answers
Suggested answer: A

Question 387

Report
Export
Collapse

Which of the following would provide executive management with the BEST information to make risk decisions as a result of a risk assessment?

A.
A companion of risk assessment results to the desired state
A.
A companion of risk assessment results to the desired state
Answers
B.
A quantitative presentation of risk assessment results
B.
A quantitative presentation of risk assessment results
Answers
C.
An assessment of organizational maturity levels and readiness
C.
An assessment of organizational maturity levels and readiness
Answers
D.
A qualitative presentation of risk assessment results
D.
A qualitative presentation of risk assessment results
Answers
Suggested answer: A

Question 388

Report
Export
Collapse

Implementing which of the following controls would BEST reduce the impact of a vulnerability that has been exploited?

A.
Detective control
A.
Detective control
Answers
B.
Deterrent control
B.
Deterrent control
Answers
C.
Preventive control
C.
Preventive control
Answers
D.
Corrective control
D.
Corrective control
Answers
Suggested answer: D

Question 389

Report
Export
Collapse

What should be the PRIMARY objective for a risk practitioner performing a post-implementation review of an IT risk mitigation project?

A.
Documenting project lessons learned
A.
Documenting project lessons learned
Answers
B.
Validating the risk mitigation project has been completed
B.
Validating the risk mitigation project has been completed
Answers
C.
Confirming that the project budget was not exceeded
C.
Confirming that the project budget was not exceeded
Answers
D.
Verifying that the risk level has been lowered
D.
Verifying that the risk level has been lowered
Answers
Suggested answer: D

Question 390

Report
Export
Collapse

Which of the following is MOST important when discussing risk within an organization?

A.
Adopting a common risk taxonomy
A.
Adopting a common risk taxonomy
Answers
B.
Using key performance indicators (KPIs)
B.
Using key performance indicators (KPIs)
Answers
C.
Creating a risk communication policy
C.
Creating a risk communication policy
Answers
D.
Using key risk indicators (KRIs)
D.
Using key risk indicators (KRIs)
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms