ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 48

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 471

Report
Export
Collapse

Which of the following is MOST helpful to management when determining the resources needed to mitigate a risk?

A.
An internal audit
A.
An internal audit
Answers
B.
A heat map
B.
A heat map
Answers
C.
A business impact analysis (BIA)
C.
A business impact analysis (BIA)
Answers
D.
A vulnerability report
D.
A vulnerability report
Answers
Suggested answer: C

Question 472

Report
Export
Collapse

Which of the following is the MOST important reason to revisit a previously accepted risk?

A.
To update risk ownership
A.
To update risk ownership
Answers
B.
To review the risk acceptance with new stakeholders
B.
To review the risk acceptance with new stakeholders
Answers
C.
To ensure risk levels have not changed
C.
To ensure risk levels have not changed
Answers
D.
To ensure controls are still operating effectively
D.
To ensure controls are still operating effectively
Answers
Suggested answer: C

Question 473

Report
Export
Collapse

Which of the following is the FIRST step when developing a business case to drive the adoption of a risk remediation project by senior management?

A.
Calculating the cost
A.
Calculating the cost
Answers
B.
Analyzing cost-effectiveness
B.
Analyzing cost-effectiveness
Answers
C.
Determining the stakeholders
C.
Determining the stakeholders
Answers
D.
Identifying the objectives
D.
Identifying the objectives
Answers
Suggested answer: A

Question 474

Report
Export
Collapse

An organization has implemented a system capable of comprehensive employee monitoring. Which of the following should direct how the system is used?

A.
Organizational strategy
A.
Organizational strategy
Answers
B.
Employee code of conduct
B.
Employee code of conduct
Answers
C.
Industry best practices
C.
Industry best practices
Answers
D.
Organizational policy
D.
Organizational policy
Answers
Suggested answer: D

Question 475

Report
Export
Collapse

Which of the following is MOST important for a risk practitioner to consider when determining the control requirements for data privacy arising from emerging technologies?

A.
internal audit recommendations
A.
internal audit recommendations
Answers
B.
Laws and regulations
B.
Laws and regulations
Answers
C.
Policies and procedures
C.
Policies and procedures
Answers
D.
Standards and frameworks
D.
Standards and frameworks
Answers
Suggested answer: B

Question 476

Report
Export
Collapse

Which of the following controls would BEST reduce the likelihood of a successful network attack through social engineering?

A.
Automated controls
A.
Automated controls
Answers
B.
Security awareness training
B.
Security awareness training
Answers
C.
Multifactor authentication
C.
Multifactor authentication
Answers
D.
Employee sanctions
D.
Employee sanctions
Answers
Suggested answer: B

Question 477

Report
Export
Collapse

Which of the following is the GREATEST concern associated with business end users developing their own applications on end user spreadsheets and database programs?

A.
An IT project manager is not assigned to oversee development.
A.
An IT project manager is not assigned to oversee development.
Answers
B.
Controls are not applied to the applications.
B.
Controls are not applied to the applications.
Answers
C.
There is a lack of technology recovery options.
C.
There is a lack of technology recovery options.
Answers
D.
The applications are not captured in the risk profile.
D.
The applications are not captured in the risk profile.
Answers
Suggested answer: C

Question 478

Report
Export
Collapse

What is MOST important for the risk practitioner to understand when creating an initial IT risk register?

A.
Enterprise architecture (EA)
A.
Enterprise architecture (EA)
Answers
B.
Control environment
B.
Control environment
Answers
C.
IT objectives
C.
IT objectives
Answers
D.
Organizational objectives
D.
Organizational objectives
Answers
Suggested answer: D

Question 479

Report
Export
Collapse

A risk assessment has identified increased losses associated with an IT risk scenario. It is MOST important for the risk practitioner to:

A.
update the risk rating.
A.
update the risk rating.
Answers
B.
reevaluate inherent risk.
B.
reevaluate inherent risk.
Answers
C.
develop new risk scenarios.
C.
develop new risk scenarios.
Answers
D.
implement additional controls.
D.
implement additional controls.
Answers
Suggested answer: A

Question 480

Report
Export
Collapse

Which of the following activities is PRIMARILY the responsibility of senior management?

A.
Bottom-up identification of emerging risks
A.
Bottom-up identification of emerging risks
Answers
B.
Categorization of risk scenarios against a standard taxonomy
B.
Categorization of risk scenarios against a standard taxonomy
Answers
C.
Prioritization of risk scenarios based on severity
C.
Prioritization of risk scenarios based on severity
Answers
D.
Review of external loss data
D.
Review of external loss data
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms