ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 50

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 491

Report
Export
Collapse

An organization is increasingly concerned about loss of sensitive data and asks the risk practitioner to assess the current risk level. Which of the following should the risk practitioner do FIRST?

A.
Identify staff members who have access to the organization's sensitive data.
A.
Identify staff members who have access to the organization's sensitive data.
Answers
B.
Identify locations where the organization's sensitive data is stored.
B.
Identify locations where the organization's sensitive data is stored.
Answers
C.
Identify risk scenarios and owners associated with possible data loss vectors.
C.
Identify risk scenarios and owners associated with possible data loss vectors.
Answers
D.
Identify existing data loss controls and their levels of effectiveness.
D.
Identify existing data loss controls and their levels of effectiveness.
Answers
Suggested answer: D

Question 492

Report
Export
Collapse

A risk practitioner has been notified that an employee sent an email in error containing customers' personally identifiable information (Pll). Which of the following is the risk practitioner's BEST course of action?

A.
Report it to the chief risk officer.
A.
Report it to the chief risk officer.
Answers
B.
Advise the employee to forward the email to the phishing team.
B.
Advise the employee to forward the email to the phishing team.
Answers
C.
follow incident reporting procedures.
C.
follow incident reporting procedures.
Answers
D.
Advise the employee to permanently delete the email.
D.
Advise the employee to permanently delete the email.
Answers
Suggested answer: C

Question 493

Report
Export
Collapse

Reviewing which of the following provides the BEST indication of an organizations risk tolerance?

A.
Risk sharing strategy
A.
Risk sharing strategy
Answers
B.
Risk transfer agreements
B.
Risk transfer agreements
Answers
C.
Risk policies
C.
Risk policies
Answers
D.
Risk assessments
D.
Risk assessments
Answers
Suggested answer: D

Question 494

Report
Export
Collapse

Which of the following is MOST essential for an effective change control environment?

A.
Business management approval of change requests
A.
Business management approval of change requests
Answers
B.
Separation of development and production environments
B.
Separation of development and production environments
Answers
C.
Requirement of an implementation rollback plan
C.
Requirement of an implementation rollback plan
Answers
D.
IT management review of implemented changes
D.
IT management review of implemented changes
Answers
Suggested answer: A

Question 495

Report
Export
Collapse

The PRIMARY reason for periodically monitoring key risk indicators (KRIs) is to:

A.
rectify errors in results of KRIs.
A.
rectify errors in results of KRIs.
Answers
B.
detect changes in the risk profile.
B.
detect changes in the risk profile.
Answers
C.
reduce costs of risk mitigation controls.
C.
reduce costs of risk mitigation controls.
Answers
D.
continually improve risk assessments.
D.
continually improve risk assessments.
Answers
Suggested answer: B

Question 496

Report
Export
Collapse

Which of the following is the GREATEST risk associated with the transition of a sensitive data backup solution from on-premise to a cloud service provider?

A.
More complex test restores
A.
More complex test restores
Answers
B.
Inadequate service level agreement (SLA) with the provider
B.
Inadequate service level agreement (SLA) with the provider
Answers
C.
More complex incident response procedures
C.
More complex incident response procedures
Answers
D.
Inadequate data encryption
D.
Inadequate data encryption
Answers
Suggested answer: D

Question 497

Report
Export
Collapse

For no apparent reason, the time required to complete daily processing for a legacy application is approaching a risk threshold. Which of the following activities should be performed FIRST?

A.
Temporarily increase the risk threshold.
A.
Temporarily increase the risk threshold.
Answers
B.
Suspend processing to investigate the problem.
B.
Suspend processing to investigate the problem.
Answers
C.
Initiate a feasibility study for a new application.
C.
Initiate a feasibility study for a new application.
Answers
D.
Conduct a root-cause analysis.
D.
Conduct a root-cause analysis.
Answers
Suggested answer: D

Question 498

Report
Export
Collapse

An organization plans to migrate sensitive information to a public cloud infrastructure. Which of the following is the GREATEST security risk in this scenario?

A.
Data may be commingled with other tenants' data.
A.
Data may be commingled with other tenants' data.
Answers
B.
System downtime does not meet the organization's thresholds.
B.
System downtime does not meet the organization's thresholds.
Answers
C.
The infrastructure will be managed by the public cloud administrator.
C.
The infrastructure will be managed by the public cloud administrator.
Answers
D.
The cloud provider is not independently certified.
D.
The cloud provider is not independently certified.
Answers
Suggested answer: A

Question 499

Report
Export
Collapse

Which of the following is the MOST important reason to create risk scenarios?

A.
To assist with risk identification
A.
To assist with risk identification
Answers
B.
To determine risk tolerance
B.
To determine risk tolerance
Answers
C.
To determine risk appetite
C.
To determine risk appetite
Answers
D.
To assist in the development of risk responses
D.
To assist in the development of risk responses
Answers
Suggested answer: A

Question 500

Report
Export
Collapse

The MAIN purpose of a risk register is to:

A.
document the risk universe of the organization.
A.
document the risk universe of the organization.
Answers
B.
promote an understanding of risk across the organization.
B.
promote an understanding of risk across the organization.
Answers
C.
enable well-informed risk management decisions.
C.
enable well-informed risk management decisions.
Answers
D.
identify stakeholders associated with risk scenarios.
D.
identify stakeholders associated with risk scenarios.
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms