ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 47

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 461

Report
Export
Collapse

Which of the following BEST enables a proactive approach to minimizing the potential impact of unauthorized data disclosure?

A.
Key risk indicators (KRIs)
A.
Key risk indicators (KRIs)
Answers
B.
Data backups
B.
Data backups
Answers
C.
Incident response plan
C.
Incident response plan
Answers
D.
Cyber insurance
D.
Cyber insurance
Answers
Suggested answer: C

Question 462

Report
Export
Collapse

Which of the following is the PRIMARY reason to establish the root cause of an IT security incident?

A.
Prepare a report for senior management.
A.
Prepare a report for senior management.
Answers
B.
Assign responsibility and accountability for the incident.
B.
Assign responsibility and accountability for the incident.
Answers
C.
Update the risk register.
C.
Update the risk register.
Answers
D.
Avoid recurrence of the incident.
D.
Avoid recurrence of the incident.
Answers
Suggested answer: D

Question 463

Report
Export
Collapse

Which of the following is the BEST indicator of the effectiveness of a control action plan's implementation?

A.
Increased number of controls
A.
Increased number of controls
Answers
B.
Reduced risk level
B.
Reduced risk level
Answers
C.
Increased risk appetite
C.
Increased risk appetite
Answers
D.
Stakeholder commitment
D.
Stakeholder commitment
Answers
Suggested answer: B

Question 464

Report
Export
Collapse

Which of the following is MOST important to include in a Software as a Service (SaaS) vendor agreement?

A.
An annual contract review
A.
An annual contract review
Answers
B.
A service level agreement (SLA)
B.
A service level agreement (SLA)
Answers
C.
A requirement to adopt an established risk management framework
C.
A requirement to adopt an established risk management framework
Answers
D.
A requirement to provide an independent audit report
D.
A requirement to provide an independent audit report
Answers
Suggested answer: B

Question 465

Report
Export
Collapse

Which of the following should be the PRIMARY focus of an independent review of a risk management process?

A.
Accuracy of risk tolerance levels
A.
Accuracy of risk tolerance levels
Answers
B.
Consistency of risk process results
B.
Consistency of risk process results
Answers
C.
Participation of stakeholders
C.
Participation of stakeholders
Answers
D.
Maturity of the process
D.
Maturity of the process
Answers
Suggested answer: B

Question 466

Report
Export
Collapse

To minimize risk in a software development project, when is the BEST time to conduct a risk analysis?

A.
During the business requirement definitions phase
A.
During the business requirement definitions phase
Answers
B.
Before periodic steering committee meetings
B.
Before periodic steering committee meetings
Answers
C.
At each stage of the development life cycle
C.
At each stage of the development life cycle
Answers
D.
During the business case development
D.
During the business case development
Answers
Suggested answer: A

Question 467

Report
Export
Collapse

A large organization needs to report risk at all levels for a new centralized visualization project to reduce cost and improve performance. Which of the following would MOST effectively represent the overall risk of the project to senior management?

A.
Aggregated key performance indicators (KPls)
A.
Aggregated key performance indicators (KPls)
Answers
B.
Key risk indicators (KRIs)
B.
Key risk indicators (KRIs)
Answers
C.
Centralized risk register
C.
Centralized risk register
Answers
D.
Risk heat map
D.
Risk heat map
Answers
Suggested answer: D

Question 468

Report
Export
Collapse

An organization has received notification that it is a potential victim of a cybercrime that may have compromised sensitive customer data. What should be The FIRST course of action?

A.
Invoke the incident response plan.
A.
Invoke the incident response plan.
Answers
B.
Determine the business impact.
B.
Determine the business impact.
Answers
C.
Conduct a forensic investigation.
C.
Conduct a forensic investigation.
Answers
D.
Invoke the business continuity plan (BCP).
D.
Invoke the business continuity plan (BCP).
Answers
Suggested answer: A

Question 469

Report
Export
Collapse

The PRIMARY purpose of vulnerability assessments is to:

A.
provide clear evidence that the system is sufficiently secure.
A.
provide clear evidence that the system is sufficiently secure.
Answers
B.
determine the impact of potential threats.
B.
determine the impact of potential threats.
Answers
C.
test intrusion detection systems (IDS) and response procedures.
C.
test intrusion detection systems (IDS) and response procedures.
Answers
D.
detect weaknesses that could lead to system compromise.
D.
detect weaknesses that could lead to system compromise.
Answers
Suggested answer: D

Question 470

Report
Export
Collapse

Which of the following BEST facilitates the development of effective IT risk scenarios?

A.
Utilization of a cross-functional team
A.
Utilization of a cross-functional team
Answers
B.
Participation by IT subject matter experts
B.
Participation by IT subject matter experts
Answers
C.
Integration of contingency planning
C.
Integration of contingency planning
Answers
D.
Validation by senior management
D.
Validation by senior management
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms