ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 42

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 411

Report
Export
Collapse

Which of the following BEST promotes commitment to controls?

A.
Assigning control ownership
A.
Assigning control ownership
Answers
B.
Assigning appropriate resources
B.
Assigning appropriate resources
Answers
C.
Assigning a quality control review
C.
Assigning a quality control review
Answers
D.
Performing regular independent control reviews
D.
Performing regular independent control reviews
Answers
Suggested answer: A

Question 412

Report
Export
Collapse

Which of the following is MOST important for developing effective key risk indicators (KRIs)?

A.
Engaging sponsorship by senior management
A.
Engaging sponsorship by senior management
Answers
B.
Utilizing data and resources internal to the organization
B.
Utilizing data and resources internal to the organization
Answers
C.
Including input from risk and business unit management
C.
Including input from risk and business unit management
Answers
D.
Developing in collaboration with internal audit
D.
Developing in collaboration with internal audit
Answers
Suggested answer: C

Question 413

Report
Export
Collapse

The MOST important reason to monitor key risk indicators (KRIs) is to help management:

A.
identity early risk transfer strategies.
A.
identity early risk transfer strategies.
Answers
B.
lessen the impact of realized risk.
B.
lessen the impact of realized risk.
Answers
C.
analyze the chain of risk events.
C.
analyze the chain of risk events.
Answers
D.
identify the root cause of risk events.
D.
identify the root cause of risk events.
Answers
Suggested answer: C

Question 414

Report
Export
Collapse

The implementation of a risk treatment plan will exceed the resources originally allocated for the risk response. Which of the following should be the risk owner's NEXT action?

A.
Perform a risk assessment.
A.
Perform a risk assessment.
Answers
B.
Accept the risk of not implementing.
B.
Accept the risk of not implementing.
Answers
C.
Escalate to senior management.
C.
Escalate to senior management.
Answers
D.
Update the implementation plan.
D.
Update the implementation plan.
Answers
Suggested answer: C

Question 415

Report
Export
Collapse

Which of the following is MOST important to understand when developing key risk indicators (KRIs)?

A.
KRI thresholds
A.
KRI thresholds
Answers
B.
Integrity of the source data
B.
Integrity of the source data
Answers
C.
Control environment
C.
Control environment
Answers
D.
Stakeholder requirements
D.
Stakeholder requirements
Answers
Suggested answer: B

Question 416

Report
Export
Collapse

Which of the following is the PRIMARY benefit of identifying and communicating with stakeholders at the onset of an IT risk assessment?

A.
Obtaining funding support
A.
Obtaining funding support
Answers
B.
Defining the risk assessment scope
B.
Defining the risk assessment scope
Answers
C.
Selecting the risk assessment framework
C.
Selecting the risk assessment framework
Answers
D.
Establishing inherent risk
D.
Establishing inherent risk
Answers
Suggested answer: B

Question 417

Report
Export
Collapse

Which of the following is the BEST way to detect zero-day malware on an end user's workstation?

A.
An antivirus program
A.
An antivirus program
Answers
B.
Database activity monitoring
B.
Database activity monitoring
Answers
C.
Firewall log monitoring
C.
Firewall log monitoring
Answers
D.
File integrity monitoring
D.
File integrity monitoring
Answers
Suggested answer: C

Question 418

Report
Export
Collapse

An organization has just implemented changes to close an identified vulnerability that impacted a critical business process. What should be the NEXT course of action?

A.
Redesign the heat map.
A.
Redesign the heat map.
Answers
B.
Review the risk tolerance.
B.
Review the risk tolerance.
Answers
C.
Perform a business impact analysis (BIA)
C.
Perform a business impact analysis (BIA)
Answers
D.
Update the risk register.
D.
Update the risk register.
Answers
Suggested answer: C

Question 419

Report
Export
Collapse

Which of the following is MOST important for a risk practitioner to consider when evaluating plans for changes to IT services?

A.
Change testing schedule
A.
Change testing schedule
Answers
B.
Impact assessment of the change
B.
Impact assessment of the change
Answers
C.
Change communication plan
C.
Change communication plan
Answers
D.
User acceptance testing (UAT)
D.
User acceptance testing (UAT)
Answers
Suggested answer: B

Question 420

Report
Export
Collapse

Before implementing instant messaging within an organization using a public solution, which of the following should be in place to mitigate data leakage risk?

A.
A data extraction tool
A.
A data extraction tool
Answers
B.
An access control list
B.
An access control list
Answers
C.
An intrusion detection system (IDS)
C.
An intrusion detection system (IDS)
Answers
D.
An acceptable usage policy
D.
An acceptable usage policy
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms