ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 45

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 441

Report
Export
Collapse

Which of the following will MOST improve stakeholders' understanding of the effect of a potential threat?

A.
Establishing a risk management committee
A.
Establishing a risk management committee
Answers
B.
Updating the organization's risk register to reflect the new threat
B.
Updating the organization's risk register to reflect the new threat
Answers
C.
Communicating the results of the threat impact analysis
C.
Communicating the results of the threat impact analysis
Answers
D.
Establishing metrics to assess the effectiveness of the responses
D.
Establishing metrics to assess the effectiveness of the responses
Answers
Suggested answer: C

Question 442

Report
Export
Collapse

A risk practitioner has just learned about new done FIRST?

A.
Notify executive management.
A.
Notify executive management.
Answers
B.
Analyze the impact to the organization.
B.
Analyze the impact to the organization.
Answers
C.
Update the IT risk register.
C.
Update the IT risk register.
Answers
D.
Design IT risk mitigation plans.
D.
Design IT risk mitigation plans.
Answers
Suggested answer: B

Question 443

Report
Export
Collapse

When testing the security of an IT system, il is MOST important to ensure that;

A.
tests are conducted after business hours.
A.
tests are conducted after business hours.
Answers
B.
operators are unaware of the test.
B.
operators are unaware of the test.
Answers
C.
external experts execute the test.
C.
external experts execute the test.
Answers
D.
agreement is obtained from stakeholders.
D.
agreement is obtained from stakeholders.
Answers
Suggested answer: D

Question 444

Report
Export
Collapse

Which of the following risk scenarios would be the GREATEST concern as a result of a single sign-on implementation?

A.
User access may be restricted by additional security.
A.
User access may be restricted by additional security.
Answers
B.
Unauthorized access may be gained to multiple systems.
B.
Unauthorized access may be gained to multiple systems.
Answers
C.
Security administration may become more complex.
C.
Security administration may become more complex.
Answers
D.
User privilege changes may not be recorded.
D.
User privilege changes may not be recorded.
Answers
Suggested answer: B

Question 445

Report
Export
Collapse

Which of the following would provide the MOST objective assessment of the effectiveness of an organization's security controls?

A.
An internal audit
A.
An internal audit
Answers
B.
Security operations center review
B.
Security operations center review
Answers
C.
Internal penetration testing
C.
Internal penetration testing
Answers
D.
A third-party audit
D.
A third-party audit
Answers
Suggested answer: D

Question 446

Report
Export
Collapse

A risk owner has identified a risk with high impact and very low likelihood. The potential loss is covered by insurance. Which of the following should the risk practitioner do NEXT?

A.
Recommend avoiding the risk.
A.
Recommend avoiding the risk.
Answers
B.
Validate the risk response with internal audit.
B.
Validate the risk response with internal audit.
Answers
C.
Update the risk register.
C.
Update the risk register.
Answers
D.
Evaluate outsourcing the process.
D.
Evaluate outsourcing the process.
Answers
Suggested answer: C

Question 447

Report
Export
Collapse

A maturity model will BEST indicate:

A.
confidentiality and integrity.
A.
confidentiality and integrity.
Answers
B.
effectiveness and efficiency.
B.
effectiveness and efficiency.
Answers
C.
availability and reliability.
C.
availability and reliability.
Answers
D.
certification and accreditation.
D.
certification and accreditation.
Answers
Suggested answer: B

Question 448

Report
Export
Collapse

An organization has recently updated its disaster recovery plan (DRP). Which of the following would be the GREATEST risk if the new plan is not tested?

A.
External resources may need to be involved.
A.
External resources may need to be involved.
Answers
B.
Data privacy regulations may be violated.
B.
Data privacy regulations may be violated.
Answers
C.
Recovery costs may increase significantly.
C.
Recovery costs may increase significantly.
Answers
D.
Service interruptions may be longer than anticipated.
D.
Service interruptions may be longer than anticipated.
Answers
Suggested answer: D

Question 449

Report
Export
Collapse

What are the MOST important criteria to consider when developing a data classification scheme to facilitate risk assessment and the prioritization of risk mitigation activities?

A.
Mitigation and control value
A.
Mitigation and control value
Answers
B.
Volume and scope of data generated daily
B.
Volume and scope of data generated daily
Answers
C.
Business criticality and sensitivity
C.
Business criticality and sensitivity
Answers
D.
Recovery point objective (RPO) and recovery time objective (RTO)
D.
Recovery point objective (RPO) and recovery time objective (RTO)
Answers
Suggested answer: C

Question 450

Report
Export
Collapse

A control owner identifies that the organization's shared drive contains personally identifiable information (Pll) that can be accessed by all personnel. Which of the following is the MOST effective risk response?

A.
Protect sensitive information with access controls.
A.
Protect sensitive information with access controls.
Answers
B.
Implement a data loss prevention (DLP) solution.
B.
Implement a data loss prevention (DLP) solution.
Answers
C.
Re-communicate the data protection policy.
C.
Re-communicate the data protection policy.
Answers
D.
Implement a data encryption solution.
D.
Implement a data encryption solution.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms