ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 51

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 501

Report
Export
Collapse

Which of the following will BEST help to ensure that information system controls are effective?

A.
Responding promptly to control exceptions
A.
Responding promptly to control exceptions
Answers
B.
Implementing compensating controls
B.
Implementing compensating controls
Answers
C.
Testing controls periodically
C.
Testing controls periodically
Answers
D.
Automating manual controls
D.
Automating manual controls
Answers
Suggested answer: C

Question 502

Report
Export
Collapse

Which of the following is the MOST important information to be communicated during security awareness training?

A.
Management's expectations
A.
Management's expectations
Answers
B.
Corporate risk profile
B.
Corporate risk profile
Answers
C.
Recent security incidents
C.
Recent security incidents
Answers
D.
The current risk management capability
D.
The current risk management capability
Answers
Suggested answer: A

Question 503

Report
Export
Collapse

Which of the following requirements is MOST important to include in an outsourcing contract to help ensure sensitive data stored with a service provider is secure?

A.
A third-party assessment report of control environment effectiveness must be provided at least annually.
A.
A third-party assessment report of control environment effectiveness must be provided at least annually.
Answers
B.
Incidents related to data toss must be reported to the organization immediately after they occur.
B.
Incidents related to data toss must be reported to the organization immediately after they occur.
Answers
C.
Risk assessment results must be provided to the organization at least annually.
C.
Risk assessment results must be provided to the organization at least annually.
Answers
D.
A cyber insurance policy must be purchased to cover data loss events.
D.
A cyber insurance policy must be purchased to cover data loss events.
Answers
Suggested answer: A

Question 504

Report
Export
Collapse

Which of the following is performed after a risk assessment is completed?

A.
Defining risk taxonomy
A.
Defining risk taxonomy
Answers
B.
Identifying vulnerabilities
B.
Identifying vulnerabilities
Answers
C.
Conducting an impact analysis
C.
Conducting an impact analysis
Answers
D.
Defining risk response options
D.
Defining risk response options
Answers
Suggested answer: D

Question 505

Report
Export
Collapse

The MOST essential content to include in an IT risk awareness program is how to:

A.
populate risk register entries and build a risk profile for management reporting.
A.
populate risk register entries and build a risk profile for management reporting.
Answers
B.
prioritize IT-related actions by considering risk appetite and risk tolerance.
B.
prioritize IT-related actions by considering risk appetite and risk tolerance.
Answers
C.
define the IT risk framework for the organization.
C.
define the IT risk framework for the organization.
Answers
D.
comply with the organization's IT risk and information security policies.
D.
comply with the organization's IT risk and information security policies.
Answers
Suggested answer: D

Question 506

Report
Export
Collapse

Which of the following would qualify as a key performance indicator (KPI)?

A.
Aggregate risk of the organization
A.
Aggregate risk of the organization
Answers
B.
Number of identified system vulnerabilities
B.
Number of identified system vulnerabilities
Answers
C.
Number of exception requests processed in the past 90 days
C.
Number of exception requests processed in the past 90 days
Answers
D.
Number of attacks against the organization's website
D.
Number of attacks against the organization's website
Answers
Suggested answer: B

Question 507

Report
Export
Collapse

An organization is planning to outsource its payroll function to an external service provider Which of the following should be the MOST important consideration when selecting the provider?

A.
Disaster recovery plan (DRP) of the system
A.
Disaster recovery plan (DRP) of the system
Answers
B.
Right to audit the provider
B.
Right to audit the provider
Answers
C.
Internal controls to ensure data privacy
C.
Internal controls to ensure data privacy
Answers
D.
Transparency of key performance indicators (KPIs)
D.
Transparency of key performance indicators (KPIs)
Answers
Suggested answer: C

Question 508

Report
Export
Collapse

Which of the following is a risk practitioner's BEST course of action upon learning that a control under internal review may no longer be necessary?

A.
Obtain approval to retire the control.
A.
Obtain approval to retire the control.
Answers
B.
Update the status of the control as obsolete.
B.
Update the status of the control as obsolete.
Answers
C.
Consult the internal auditor for a second opinion.
C.
Consult the internal auditor for a second opinion.
Answers
D.
Verify the effectiveness of the original mitigation plan.
D.
Verify the effectiveness of the original mitigation plan.
Answers
Suggested answer: B

Question 509

Report
Export
Collapse

Which of the following is the BEST way to ensure ongoing control effectiveness?

A.
Establishing policies and procedures
A.
Establishing policies and procedures
Answers
B.
Periodically reviewing control design
B.
Periodically reviewing control design
Answers
C.
Measuring trends in control performance
C.
Measuring trends in control performance
Answers
D.
Obtaining management control attestations
D.
Obtaining management control attestations
Answers
Suggested answer: C

Question 510

Report
Export
Collapse

Who is responsible for IT security controls that are outsourced to an external service provider?

A.
Organization's information security manager
A.
Organization's information security manager
Answers
B.
Organization's risk function
B.
Organization's risk function
Answers
C.
Service provider's IT management
C.
Service provider's IT management
Answers
D.
Service provider's information security manager
D.
Service provider's information security manager
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms