ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 41

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 401

Report
Export
Collapse

Which of the following provides the BEST evidence that risk responses have been executed according to their risk action plans?

A.
Risk policy review
A.
Risk policy review
Answers
B.
Business impact analysis (B1A)
B.
Business impact analysis (B1A)
Answers
C.
Control catalog
C.
Control catalog
Answers
D.
Risk register
D.
Risk register
Answers
Suggested answer: D

Question 402

Report
Export
Collapse

Which of the following methods is the BEST way to measure the effectiveness of automated information security controls prior to going live?

A.
Testing in a non-production environment
A.
Testing in a non-production environment
Answers
B.
Performing a security control review
B.
Performing a security control review
Answers
C.
Reviewing the security audit report
C.
Reviewing the security audit report
Answers
D.
Conducting a risk assessment
D.
Conducting a risk assessment
Answers
Suggested answer: A

Question 403

Report
Export
Collapse

A bank wants to send a critical payment order via email to one of its offshore branches. Which of the following is the BEST way to ensure the message reaches the intended recipient without alteration?

A.
Add a digital certificate
A.
Add a digital certificate
Answers
B.
Apply multi-factor authentication
B.
Apply multi-factor authentication
Answers
C.
Add a hash to the message
C.
Add a hash to the message
Answers
D.
Add a secret key
D.
Add a secret key
Answers
Suggested answer: C

Question 404

Report
Export
Collapse

Which of the following will be MOST effective to mitigate the risk associated with the loss of company data stored on personal devices?

A.
An acceptable use policy for personal devices
A.
An acceptable use policy for personal devices
Answers
B.
Required user log-on before synchronizing data
B.
Required user log-on before synchronizing data
Answers
C.
Enforced authentication and data encryption
C.
Enforced authentication and data encryption
Answers
D.
Security awareness training and testing
D.
Security awareness training and testing
Answers
Suggested answer: C

Question 405

Report
Export
Collapse

Who should be responsible for strategic decisions on risk management?

A.
Chief information officer (CIO)
A.
Chief information officer (CIO)
Answers
B.
Executive management team
B.
Executive management team
Answers
C.
Audit committee
C.
Audit committee
Answers
D.
Business process owner
D.
Business process owner
Answers
Suggested answer: B

Question 406

Report
Export
Collapse

Which of the following would MOST likely drive the need to review and update key performance indicators (KPIs) for critical IT assets?

A.
The outsourcing of related IT processes
A.
The outsourcing of related IT processes
Answers
B.
Outcomes of periodic risk assessments
B.
Outcomes of periodic risk assessments
Answers
C.
Changes in service level objectives
C.
Changes in service level objectives
Answers
D.
Findings from continuous monitoring
D.
Findings from continuous monitoring
Answers
Suggested answer: B

Question 407

Report
Export
Collapse

Which of the following will BEST help ensure that risk factors identified during an information systems review are addressed?

A.
Informing business process owners of the risk
A.
Informing business process owners of the risk
Answers
B.
Reviewing and updating the risk register
B.
Reviewing and updating the risk register
Answers
C.
Assigning action items and deadlines to specific individuals
C.
Assigning action items and deadlines to specific individuals
Answers
D.
Implementing new control technologies
D.
Implementing new control technologies
Answers
Suggested answer: C

Question 408

Report
Export
Collapse

An internally developed payroll application leverages Platform as a Service (PaaS) infrastructure from the cloud. Who owns the related data confidentiality risk?

A.
IT infrastructure head
A.
IT infrastructure head
Answers
B.
Human resources head
B.
Human resources head
Answers
C.
Supplier management head
C.
Supplier management head
Answers
D.
Application development head
D.
Application development head
Answers
Suggested answer: B

Question 409

Report
Export
Collapse

Following a review of a third-party vendor, it is MOST important for an organization to ensure:

A.
results of the review are accurately reported to management.
A.
results of the review are accurately reported to management.
Answers
B.
identified findings are reviewed by the organization.
B.
identified findings are reviewed by the organization.
Answers
C.
results of the review are validated by internal audit.
C.
results of the review are validated by internal audit.
Answers
D.
identified findings are approved by the vendor.
D.
identified findings are approved by the vendor.
Answers
Suggested answer: A

Question 410

Report
Export
Collapse

A risk practitioner has observed that risk owners have approved a high number of exceptions to the information security policy. Which of the following should be the risk practitioner's GREATEST concern?

A.
Security policies are being reviewed infrequently.
A.
Security policies are being reviewed infrequently.
Answers
B.
Controls are not operating efficiently.
B.
Controls are not operating efficiently.
Answers
C.
Vulnerabilities are not being mitigated
C.
Vulnerabilities are not being mitigated
Answers
D.
Aggregate risk is approaching the tolerance threshold
D.
Aggregate risk is approaching the tolerance threshold
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms