ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 31

Report
Export
Collapse

A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

A.
Business continuity manager (BCM)
A.
Business continuity manager (BCM)
Answers
B.
Human resources manager (HRM)
B.
Human resources manager (HRM)
Answers
C.
Chief risk officer (CRO)
C.
Chief risk officer (CRO)
Answers
D.
Chief information officer (CIO)
D.
Chief information officer (CIO)
Answers
Suggested answer: D

Question 32

Report
Export
Collapse

A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:

A.
map findings to objectives.
A.
map findings to objectives.
Answers
B.
provide a quantified detailed analysts.
B.
provide a quantified detailed analysts.
Answers
C.
recommend risk tolerance thresholds.
C.
recommend risk tolerance thresholds.
Answers
D.
quantify key risk indicators (KRls).
D.
quantify key risk indicators (KRls).
Answers
Suggested answer: A

Question 33

Report
Export
Collapse

A rule-based data loss prevention {DLP) tool has recently been implemented to reduce the risk of sensitive data leakage. Which of the following is MOST likely to change as a result of this implementation?

A.
Risk likelihood
A.
Risk likelihood
Answers
B.
Risk velocity
B.
Risk velocity
Answers
C.
Risk appetite
C.
Risk appetite
Answers
D.
Risk impact
D.
Risk impact
Answers
Suggested answer: A

Question 34

Report
Export
Collapse

Which of the following is MOST critical when designing controls?

A.
Involvement of internal audit
A.
Involvement of internal audit
Answers
B.
Involvement of process owner
B.
Involvement of process owner
Answers
C.
Quantitative impact of the risk
C.
Quantitative impact of the risk
Answers
D.
Identification of key risk indicators
D.
Identification of key risk indicators
Answers
Suggested answer: B

Question 35

Report
Export
Collapse

Which of the following is the MOST useful indicator to measure the efficiency of an identity and access management process?

A.
Number of tickets for provisioning new accounts
A.
Number of tickets for provisioning new accounts
Answers
B.
Average time to provision user accounts
B.
Average time to provision user accounts
Answers
C.
Password reset volume per month
C.
Password reset volume per month
Answers
D.
Average account lockout time
D.
Average account lockout time
Answers
Suggested answer: C

Question 36

Report
Export
Collapse

The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?

A.
Logs and system events
A.
Logs and system events
Answers
B.
Intrusion detection system (IDS) rules
B.
Intrusion detection system (IDS) rules
Answers
C.
Vulnerability assessment reports
C.
Vulnerability assessment reports
Answers
D.
Penetration test reports
D.
Penetration test reports
Answers
Suggested answer: D

Question 37

Report
Export
Collapse

Which of the following is the MOST important requirement for monitoring key risk indicators (KRls) using log analysis?

A.
Obtaining logs m an easily readable format
A.
Obtaining logs m an easily readable format
Answers
B.
Providing accurate logs m a timely manner
B.
Providing accurate logs m a timely manner
Answers
C.
Collecting logs from the entire set of IT systems
C.
Collecting logs from the entire set of IT systems
Answers
D.
implementing an automated log analysis tool
D.
implementing an automated log analysis tool
Answers
Suggested answer: B

Question 38

Report
Export
Collapse

Which of the following is the MOST important outcome of reviewing the risk management process?

A.
Assuring the risk profile supports the IT objectives
A.
Assuring the risk profile supports the IT objectives
Answers
B.
Improving the competencies of employees who performed the review
B.
Improving the competencies of employees who performed the review
Answers
C.
Determining what changes should be nude to IS policies to reduce risk
C.
Determining what changes should be nude to IS policies to reduce risk
Answers
D.
Determining that procedures used in risk assessment are appropriate
D.
Determining that procedures used in risk assessment are appropriate
Answers
Suggested answer: A

Question 39

Report
Export
Collapse

Which of the following should be the PRIMARY objective of promoting a risk-aware culture within an organization?

A.
Better understanding of the risk appetite
A.
Better understanding of the risk appetite
Answers
B.
Improving audit results
B.
Improving audit results
Answers
C.
Enabling risk-based decision making
C.
Enabling risk-based decision making
Answers
D.
Increasing process control efficiencies
D.
Increasing process control efficiencies
Answers
Suggested answer: C

Question 40

Report
Export
Collapse

Which of the following is the BEST method to identify unnecessary controls?

A.
Evaluating the impact of removing existing controls
A.
Evaluating the impact of removing existing controls
Answers
B.
Evaluating existing controls against audit requirements
B.
Evaluating existing controls against audit requirements
Answers
C.
Reviewing system functionalities associated with business processes
C.
Reviewing system functionalities associated with business processes
Answers
D.
Monitoring existing key risk indicators (KRIs)
D.
Monitoring existing key risk indicators (KRIs)
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms