ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 43

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 421

Report
Export
Collapse

To mitigate the risk of using a spreadsheet to analyze financial data, IT has engaged a third-party vendor to deploy a standard application to automate the process. Which of the following parties should own the risk associated with calculation errors?

A.
business owner
A.
business owner
Answers
B.
IT department
B.
IT department
Answers
C.
Risk manager
C.
Risk manager
Answers
D.
Third-party provider
D.
Third-party provider
Answers
Suggested answer: A

Question 422

Report
Export
Collapse

A risk practitioner shares the results of a vulnerability assessment for a critical business application with the business manager. Which of the following is the NEXT step?

A.
Develop a risk action plan to address the findings.
A.
Develop a risk action plan to address the findings.
Answers
B.
Evaluate the impact of the vulnerabilities to the business application.
B.
Evaluate the impact of the vulnerabilities to the business application.
Answers
C.
Escalate the findings to senior management and internal audit.
C.
Escalate the findings to senior management and internal audit.
Answers
D.
Conduct a penetration test to validate the vulnerabilities from the findings.
D.
Conduct a penetration test to validate the vulnerabilities from the findings.
Answers
Suggested answer: B

Question 423

Report
Export
Collapse

Which of the following provides the MOST helpful reference point when communicating the results of a risk assessment to stakeholders?

A.
Risk tolerance
A.
Risk tolerance
Answers
B.
Risk appetite
B.
Risk appetite
Answers
C.
Risk awareness
C.
Risk awareness
Answers
D.
Risk policy
D.
Risk policy
Answers
Suggested answer: B

Question 424

Report
Export
Collapse

Which of the following is MOST influential when management makes risk response decisions?

A.
Risk appetite
A.
Risk appetite
Answers
B.
Audit risk
B.
Audit risk
Answers
C.
Residual risk
C.
Residual risk
Answers
D.
Detection risk
D.
Detection risk
Answers
Suggested answer: A

Question 425

Report
Export
Collapse

The risk appetite for an organization could be derived from which of the following?

A.
Cost of controls
A.
Cost of controls
Answers
B.
Annual loss expectancy (ALE)
B.
Annual loss expectancy (ALE)
Answers
C.
Inherent risk
C.
Inherent risk
Answers
D.
Residual risk
D.
Residual risk
Answers
Suggested answer: A

Question 426

Report
Export
Collapse

A third-party vendor has offered to perform user access provisioning and termination. Which of the following control accountabilities is BEST retained within the organization?

A.
Reviewing access control lists
A.
Reviewing access control lists
Answers
B.
Authorizing user access requests
B.
Authorizing user access requests
Answers
C.
Performing user access recertification
C.
Performing user access recertification
Answers
D.
Terminating inactive user access
D.
Terminating inactive user access
Answers
Suggested answer: B

Question 427

Report
Export
Collapse

Which of the following BEST reduces the probability of laptop theft?

A.
Cable lock
A.
Cable lock
Answers
B.
Acceptable use policy
B.
Acceptable use policy
Answers
C.
Data encryption
C.
Data encryption
Answers
D.
Asset tag with GPS
D.
Asset tag with GPS
Answers
Suggested answer: A

Question 428

Report
Export
Collapse

Which of the following resources is MOST helpful when creating a manageable set of IT risk scenarios?

A.
Results of current and past risk assessments
A.
Results of current and past risk assessments
Answers
B.
Organizational strategy and objectives
B.
Organizational strategy and objectives
Answers
C.
Lessons learned from materialized risk scenarios
C.
Lessons learned from materialized risk scenarios
Answers
D.
Internal and external audit findings
D.
Internal and external audit findings
Answers
Suggested answer: B

Question 429

Report
Export
Collapse

The BEST key performance indicator (KPI) to measure the effectiveness of a vendor risk management program is the percentage of:

A.
vendors providing risk assessments on time.
A.
vendors providing risk assessments on time.
Answers
B.
vendor contracts reviewed in the past year.
B.
vendor contracts reviewed in the past year.
Answers
C.
vendor risk mitigation action items completed on time.
C.
vendor risk mitigation action items completed on time.
Answers
D.
vendors that have reported control-related incidents.
D.
vendors that have reported control-related incidents.
Answers
Suggested answer: A

Question 430

Report
Export
Collapse

What is the MOST important consideration when aligning IT risk management with the enterprise risk management (ERM) framework?

A.
Risk and control ownership
A.
Risk and control ownership
Answers
B.
Senior management participation
B.
Senior management participation
Answers
C.
Business unit support
C.
Business unit support
Answers
D.
Risk nomenclature and taxonomy
D.
Risk nomenclature and taxonomy
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms