ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 49

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 481

Report
Export
Collapse

An organization is unable to implement a multi-factor authentication requirement until the next fiscal year due to budget constraints. Consequently, a policy exception must be submitted. Which of the following is MOST important to include in the analysis of the exception?

A.
Sections of the policy that may justify not implementing the requirement
A.
Sections of the policy that may justify not implementing the requirement
Answers
B.
Risk associated with the inability to implement the requirement
B.
Risk associated with the inability to implement the requirement
Answers
C.
Budget justification to implement the new requirement during the current year
C.
Budget justification to implement the new requirement during the current year
Answers
D.
Industry best practices with respect to implementation of the proposed control
D.
Industry best practices with respect to implementation of the proposed control
Answers
Suggested answer: B

Question 482

Report
Export
Collapse

Business areas within an organization have engaged various cloud service providers directly without assistance from the IT department. What should the risk practitioner do?

A.
Recommend the IT department remove access to the cloud services.
A.
Recommend the IT department remove access to the cloud services.
Answers
B.
Engage with the business area managers to review controls applied.
B.
Engage with the business area managers to review controls applied.
Answers
C.
Escalate to the risk committee.
C.
Escalate to the risk committee.
Answers
D.
Recommend a risk assessment be conducted.
D.
Recommend a risk assessment be conducted.
Answers
Suggested answer: B

Question 483

Report
Export
Collapse

A bank is experiencing an increasing incidence of customer identity theft. Which of the following is the BEST way to mitigate this risk?

A.
Implement monitoring techniques.
A.
Implement monitoring techniques.
Answers
B.
Implement layered security.
B.
Implement layered security.
Answers
C.
Outsource to a local processor.
C.
Outsource to a local processor.
Answers
D.
Conduct an awareness campaign.
D.
Conduct an awareness campaign.
Answers
Suggested answer: B

Question 484

Report
Export
Collapse

Which of the following is the BEST method for identifying vulnerabilities?

A.
Batch job failure monitoring
A.
Batch job failure monitoring
Answers
B.
Periodic network scanning
B.
Periodic network scanning
Answers
C.
Annual penetration testing
C.
Annual penetration testing
Answers
D.
Risk assessments
D.
Risk assessments
Answers
Suggested answer: C

Question 485

Report
Export
Collapse

An organization striving to be on the leading edge in regard to risk monitoring would MOST likely implement:

A.
procedures to monitor the operation of controls.
A.
procedures to monitor the operation of controls.
Answers
B.
a tool for monitoring critical activities and controls.
B.
a tool for monitoring critical activities and controls.
Answers
C.
real-time monitoring of risk events and control exceptions.
C.
real-time monitoring of risk events and control exceptions.
Answers
D.
monitoring activities for all critical assets.
D.
monitoring activities for all critical assets.
Answers
E.
Perform a controls assessment.
E.
Perform a controls assessment.
Answers
Suggested answer: C

Question 486

Report
Export
Collapse

Which of the following is a crucial component of a key risk indicator (KRI) to ensure appropriate action is taken to mitigate risk?

A.
Management intervention
A.
Management intervention
Answers
B.
Risk appetite
B.
Risk appetite
Answers
C.
Board commentary
C.
Board commentary
Answers
D.
Escalation triggers
D.
Escalation triggers
Answers
Suggested answer: D

Question 487

Report
Export
Collapse

Which of the following would MOST likely cause a risk practitioner to reassess risk scenarios?

A.
A change in the risk management policy
A.
A change in the risk management policy
Answers
B.
A major security incident
B.
A major security incident
Answers
C.
A change in the regulatory environment
C.
A change in the regulatory environment
Answers
D.
An increase in intrusion attempts
D.
An increase in intrusion attempts
Answers
Suggested answer: C

Question 488

Report
Export
Collapse

Which of the following should be the risk practitioner s FIRST course of action when an organization has decided to expand into new product areas?

A.
Identify any new business objectives with stakeholders.
A.
Identify any new business objectives with stakeholders.
Answers
B.
Present a business case for new controls to stakeholders.
B.
Present a business case for new controls to stakeholders.
Answers
C.
Revise the organization's risk and control policy.
C.
Revise the organization's risk and control policy.
Answers
D.
Review existing risk scenarios with stakeholders.
D.
Review existing risk scenarios with stakeholders.
Answers
Suggested answer: D

Question 489

Report
Export
Collapse

An organization's HR department has implemented a policy requiring staff members to take a minimum of five consecutive days leave per year to mitigate the risk of malicious insider activities. Which of the following is the BEST key performance indicator (KPI) of the effectiveness of this policy?

A.
Number of malicious activities occurring during staff members leave
A.
Number of malicious activities occurring during staff members leave
Answers
B.
Percentage of staff members seeking exception to the policy
B.
Percentage of staff members seeking exception to the policy
Answers
C.
Percentage of staff members taking leave according to the policy
C.
Percentage of staff members taking leave according to the policy
Answers
D.
Financial loss incurred due to malicious activities during staff members' leave
D.
Financial loss incurred due to malicious activities during staff members' leave
Answers
Suggested answer: B

Question 490

Report
Export
Collapse

An organization operates in a jurisdiction where heavy fines are imposed for leakage of customer data. Which of the following provides the BEST input to assess the inherent risk impact?

A.
Number of customer records held
A.
Number of customer records held
Answers
B.
Number of databases that host customer data
B.
Number of databases that host customer data
Answers
C.
Number of encrypted customer databases
C.
Number of encrypted customer databases
Answers
D.
Number of staff members having access to customer data
D.
Number of staff members having access to customer data
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms