ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 53

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

Question 521

Report
Export
Collapse

A risk assessment indicates the residual risk associated with a new bring your own device (BYOD) program is within organizational risk tolerance. Which of the following should the risk practitioner recommend be done NEXT?

A.
Implement targeted awareness training for new BYOD users.
A.
Implement targeted awareness training for new BYOD users.
Answers
B.
Implement monitoring to detect control deterioration.
B.
Implement monitoring to detect control deterioration.
Answers
C.
Identify log sources to monitor BYOD usage and risk impact.
C.
Identify log sources to monitor BYOD usage and risk impact.
Answers
D.
Reduce the risk tolerance level.
D.
Reduce the risk tolerance level.
Answers
Suggested answer: B

Question 522

Report
Export
Collapse

The PRIMARY benefit of classifying information assets is that it helps to:

A.
communicate risk to senior management
A.
communicate risk to senior management
Answers
B.
assign risk ownership
B.
assign risk ownership
Answers
C.
facilitate internal audit
C.
facilitate internal audit
Answers
D.
determine the appropriate level of control
D.
determine the appropriate level of control
Answers
Suggested answer: D

Question 523

Report
Export
Collapse

A payroll manager discovers that fields in certain payroll reports have been modified without authorization. Which of the following control weaknesses could have contributed MOST to this problem?

A.
The user requirements were not documented.
A.
The user requirements were not documented.
Answers
B.
Payroll files were not under the control of a librarian.
B.
Payroll files were not under the control of a librarian.
Answers
C.
The programmer had access to the production programs.
C.
The programmer had access to the production programs.
Answers
D.
The programmer did not involve the user in testing.
D.
The programmer did not involve the user in testing.
Answers
Suggested answer: B

Question 524

Report
Export
Collapse

Once a risk owner has decided to implement a control to mitigate risk, it is MOST important to develop:

A.
a process for measuring and reporting control performance.
A.
a process for measuring and reporting control performance.
Answers
B.
an alternate control design in case of failure of the identified control.
B.
an alternate control design in case of failure of the identified control.
Answers
C.
a process for bypassing control procedures in case of exceptions.
C.
a process for bypassing control procedures in case of exceptions.
Answers
D.
procedures to ensure the effectiveness of the control.
D.
procedures to ensure the effectiveness of the control.
Answers
Suggested answer: A

Question 525

Report
Export
Collapse

After migrating a key financial system to a new provider, it was discovered that a developer could gain access to the production environment. Which of the following is the BEST way to mitigate the risk in this situation?

A.
Escalate the issue to the service provider.
A.
Escalate the issue to the service provider.
Answers
B.
Re-certify the application access controls.
B.
Re-certify the application access controls.
Answers
C.
Remove the developer's access.
C.
Remove the developer's access.
Answers
D.
Review the results of pre-migration testing.
D.
Review the results of pre-migration testing.
Answers
Suggested answer: B

Question 526

Report
Export
Collapse

Which of the following is the MOST important data attribute of key risk indicators (KRIs)?

A.
The data is measurable.
A.
The data is measurable.
Answers
B.
The data is calculated continuously.
B.
The data is calculated continuously.
Answers
C.
The data is relevant.
C.
The data is relevant.
Answers
D.
The data is automatically produced.
D.
The data is automatically produced.
Answers
Suggested answer: C

Question 527

Report
Export
Collapse

Prior to selecting key performance indicators (KPIs), itis MOST important to ensure:

A.
trending data is available.
A.
trending data is available.
Answers
B.
process flowcharts are current.
B.
process flowcharts are current.
Answers
C.
measurement objectives are defined.
C.
measurement objectives are defined.
Answers
D.
data collection technology is available.
D.
data collection technology is available.
Answers
Suggested answer: C

Question 528

Report
Export
Collapse

Which of the following is MOST important to the effective monitoring of key risk indicators (KRIS)?

A.
Updating the threat inventory with new threats
A.
Updating the threat inventory with new threats
Answers
B.
Automating log data analysis
B.
Automating log data analysis
Answers
C.
Preventing the generation of false alerts
C.
Preventing the generation of false alerts
Answers
D.
Determining threshold levels
D.
Determining threshold levels
Answers
Suggested answer: D

Question 529

Report
Export
Collapse

Which of the following would BEST enable a risk practitioner to embed risk management within the organization?

A.
Provide risk management feedback to key stakeholders.
A.
Provide risk management feedback to key stakeholders.
Answers
B.
Collect and analyze risk data for report generation.
B.
Collect and analyze risk data for report generation.
Answers
C.
Monitor and prioritize risk data according to the heat map.
C.
Monitor and prioritize risk data according to the heat map.
Answers
D.
Engage key stakeholders in risk management practices.
D.
Engage key stakeholders in risk management practices.
Answers
Suggested answer: D

Question 530

Report
Export
Collapse

Which of the following is MOST helpful in determining the effectiveness of an organization's IT risk mitigation efforts?

A.
Assigning identification dates for risk scenarios in the risk register
A.
Assigning identification dates for risk scenarios in the risk register
Answers
B.
Updating impact assessments for risk scenario
B.
Updating impact assessments for risk scenario
Answers
C.
Verifying whether risk action plans have been completed
C.
Verifying whether risk action plans have been completed
Answers
D.
Reviewing key risk indicators (KRIS)
D.
Reviewing key risk indicators (KRIS)
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms