ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 5

Add to Whishlist

List of questions

Question 41

Report Export Collapse

What is the BEST information to present to business control owners when justifying costs related to controls?

Loss event frequency and magnitude
Loss event frequency and magnitude
The previous year's budget and actuals
The previous year's budget and actuals
Industry benchmarks and standards
Industry benchmarks and standards
Return on IT security-related investments
Return on IT security-related investments
Suggested answer: D
asked 18/09/2024
Nabil BENIKHLEF
47 questions

Question 42

Report Export Collapse

A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?

Key risk indicators (KRls)
Key risk indicators (KRls)
Inherent risk
Inherent risk
Residual risk
Residual risk
Risk appetite
Risk appetite
Suggested answer: C
asked 18/09/2024
marco damone
43 questions

Question 43

Report Export Collapse

A data processing center operates in a jurisdiction where new regulations have significantly increased penalties for data breaches. Which of the following elements of the risk register is MOST important to update to reflect this change?

Risk impact
Risk impact
Risk trend
Risk trend
Risk appetite
Risk appetite
Risk likelihood
Risk likelihood
Suggested answer: A
asked 18/09/2024
Mike Rachuj
41 questions

Question 44

Report Export Collapse

Which of the following is the MOST important benefit of key risk indicators (KRIs)'

Assisting in continually optimizing risk governance
Assisting in continually optimizing risk governance
Enabling the documentation and analysis of trends
Enabling the documentation and analysis of trends
Ensuring compliance with regulatory requirements
Ensuring compliance with regulatory requirements
Providing an early warning to take proactive actions
Providing an early warning to take proactive actions
Suggested answer: D
asked 18/09/2024
Alex Tzibosnik
42 questions

Question 45

Report Export Collapse

IT risk assessments can BEST be used by management:

for compliance with laws and regulations
for compliance with laws and regulations
as a basis for cost-benefit analysis.
as a basis for cost-benefit analysis.
as input foe decision-making
as input foe decision-making
to measure organizational success.
to measure organizational success.
Suggested answer: C
asked 18/09/2024
Vishal Vitthal Pawar
47 questions

Question 46

Report Export Collapse

A risk practitioner has identified that the organization's secondary data center does not provide redundancy for a critical application. Who should have the authority to accept the associated risk?

Business continuity director
Business continuity director
Disaster recovery manager
Disaster recovery manager
Business application owner
Business application owner
Data center manager
Data center manager
Suggested answer: C
asked 18/09/2024
Gennadiy Volkov
42 questions

Question 47

Report Export Collapse

Which of the following will BEST quantify the risk associated with malicious users in an organization?

Business impact analysis
Business impact analysis
Risk analysis
Risk analysis
Threat risk assessment
Threat risk assessment
Vulnerability assessment
Vulnerability assessment
Suggested answer: A
asked 18/09/2024
Sérgio Filipe Soares
47 questions

Question 48

Report Export Collapse

Which of the following is the MOST important element of a successful risk awareness training program?

Customizing content for the audience
Customizing content for the audience
Providing incentives to participants
Providing incentives to participants
Mapping to a recognized standard
Mapping to a recognized standard
Providing metrics for measurement
Providing metrics for measurement
Suggested answer: A
asked 18/09/2024
victoria nagy
42 questions

Question 49

Report Export Collapse

Whether the results of risk analyses should be presented in quantitative or qualitative terms should be based PRIMARILY on the:

requirements of management.
requirements of management.
specific risk analysis framework being used.
specific risk analysis framework being used.
organizational risk tolerance
organizational risk tolerance
results of the risk assessment.
results of the risk assessment.
Suggested answer: A
asked 18/09/2024
Joseph Lewis
49 questions

Question 50

Report Export Collapse

An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system. The risk practitioner is documenting the risk in the risk register. The risk should be owned by the:

chief risk officer.
chief risk officer.
project manager.
project manager.
chief information officer.
chief information officer.
business process owner.
business process owner.
Suggested answer: D
asked 18/09/2024
Khoi Le
43 questions
Total 1.573 questions
Go to page: of 158
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?