ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 40

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 391

Report
Export
Collapse

Which of the following should an organization perform to forecast the effects of a disaster?

A.
Develop a business impact analysis (BIA).
A.
Develop a business impact analysis (BIA).
Answers
B.
Define recovery time objectives (RTO).
B.
Define recovery time objectives (RTO).
Answers
C.
Analyze capability maturity model gaps.
C.
Analyze capability maturity model gaps.
Answers
D.
Simulate a disaster recovery.
D.
Simulate a disaster recovery.
Answers
Suggested answer: A

Question 392

Report
Export
Collapse

Which of the following can be used to assign a monetary value to risk?

A.
Annual loss expectancy (ALE)
A.
Annual loss expectancy (ALE)
Answers
B.
Business impact analysis
B.
Business impact analysis
Answers
C.
Cost-benefit analysis
C.
Cost-benefit analysis
Answers
D.
Inherent vulnerabilities
D.
Inherent vulnerabilities
Answers
Suggested answer: A

Question 393

Report
Export
Collapse

A recent internal risk review reveals the majority of core IT application recovery time objectives (RTOs) have exceeded the maximum time defined by the business application owners. Which of the following is MOST likely to change as a result?

A.
Risk forecasting
A.
Risk forecasting
Answers
B.
Risk tolerance
B.
Risk tolerance
Answers
C.
Risk likelihood
C.
Risk likelihood
Answers
D.
Risk appetite
D.
Risk appetite
Answers
Suggested answer: B

Question 394

Report
Export
Collapse

A business manager wants to leverage an existing approved vendor solution from another area within the organization. Which of the following is the risk practitioner's BEST course of action?

A.
Recommend allowing the new usage based on prior approval.
A.
Recommend allowing the new usage based on prior approval.
Answers
B.
Request a new third-party review.
B.
Request a new third-party review.
Answers
C.
Request revalidation of the original use case.
C.
Request revalidation of the original use case.
Answers
D.
Assess the risk associated with the new use case.
D.
Assess the risk associated with the new use case.
Answers
Suggested answer: D

Question 395

Report
Export
Collapse

It is MOST important to the effectiveness of an IT risk management function that the associated processes are:

A.
aligned to an industry-accepted framework.
A.
aligned to an industry-accepted framework.
Answers
B.
reviewed and approved by senior management.
B.
reviewed and approved by senior management.
Answers
C.
periodically assessed against regulatory requirements.
C.
periodically assessed against regulatory requirements.
Answers
D.
updated and monitored on a continuous basis.
D.
updated and monitored on a continuous basis.
Answers
Suggested answer: C

Question 396

Report
Export
Collapse

A department has been granted an exception to bypass the existing approval process for purchase orders. The risk practitioner should verify the exception has been approved by which of the following?

A.
Internal audit
A.
Internal audit
Answers
B.
Control owner
B.
Control owner
Answers
C.
Senior management
C.
Senior management
Answers
D.
Risk manager
D.
Risk manager
Answers
Suggested answer: B

Question 397

Report
Export
Collapse

Which of the following would be MOST beneficial as a key risk indicator (KRI)?

A.
Current capital allocation reserves
A.
Current capital allocation reserves
Answers
B.
Negative security return on investment (ROI)
B.
Negative security return on investment (ROI)
Answers
C.
Project cost variances
C.
Project cost variances
Answers
D.
Annualized loss projections
D.
Annualized loss projections
Answers
Suggested answer: D

Question 398

Report
Export
Collapse

Of the following, who should be responsible for determining the inherent risk rating of an application?

A.
Application owner
A.
Application owner
Answers
B.
Senior management
B.
Senior management
Answers
C.
Risk practitioner
C.
Risk practitioner
Answers
D.
Business process owner
D.
Business process owner
Answers
Suggested answer: C

Question 399

Report
Export
Collapse

Which of the following would provide the MOST comprehensive information for updating an organization's risk register?

A.
Results of the latest risk assessment
A.
Results of the latest risk assessment
Answers
B.
Results of a risk forecasting analysis
B.
Results of a risk forecasting analysis
Answers
C.
A review of compliance regulations
C.
A review of compliance regulations
Answers
D.
Findings of the most recent audit
D.
Findings of the most recent audit
Answers
Suggested answer: A

Question 400

Report
Export
Collapse

Which of the following statements in an organization's current risk profile report is cause for further action by senior management?

A.
Key performance indicator (KPI) trend data is incomplete.
A.
Key performance indicator (KPI) trend data is incomplete.
Answers
B.
New key risk indicators (KRIs) have been established.
B.
New key risk indicators (KRIs) have been established.
Answers
C.
Key performance indicators (KPIs) are outside of targets.
C.
Key performance indicators (KPIs) are outside of targets.
Answers
D.
Key risk indicators (KRIs) are lagging.
D.
Key risk indicators (KRIs) are lagging.
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms