ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 54

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

Question 531

Report
Export
Collapse

What should a risk practitioner do FIRST when vulnerability assessment results identify a weakness in an application?

A.
Review regular control testing results.
A.
Review regular control testing results.
Answers
B.
Recommend a penetration test.
B.
Recommend a penetration test.
Answers
C.
Assess the risk to determine mitigation needed.
C.
Assess the risk to determine mitigation needed.
Answers
D.
Analyze key performance indicators (KPIs).
D.
Analyze key performance indicators (KPIs).
Answers
Suggested answer: C

Question 532

Report
Export
Collapse

A risk practitioner notices a trend of noncompliance with an IT-related control. Which of the following would BEST assist in making a recommendation to management?

A.
Assessing the degree to which the control hinders business objectives
A.
Assessing the degree to which the control hinders business objectives
Answers
B.
Reviewing the IT policy with the risk owner
B.
Reviewing the IT policy with the risk owner
Answers
C.
Reviewing the roles and responsibilities of control process owners
C.
Reviewing the roles and responsibilities of control process owners
Answers
D.
Assessing noncompliance with control best practices
D.
Assessing noncompliance with control best practices
Answers
Suggested answer: A

Question 533

Report
Export
Collapse

Within the three lines of defense model, the accountability for the system of internal control resides with:

A.
the chief information officer (CIO).
A.
the chief information officer (CIO).
Answers
B.
the board of directors
B.
the board of directors
Answers
C.
enterprise risk management
C.
enterprise risk management
Answers
D.
the risk practitioner
D.
the risk practitioner
Answers
Suggested answer: B

Question 534

Report
Export
Collapse

Which of the following should be the PRIMARY recipient of reports showing the progress of a current IT risk mitigation project?

A.
Senior management
A.
Senior management
Answers
B.
Project manager
B.
Project manager
Answers
C.
Project sponsor
C.
Project sponsor
Answers
D.
IT risk manager
D.
IT risk manager
Answers
Suggested answer: A

Question 535

Report
Export
Collapse

Which of these documents is MOST important to request from a cloud service provider during a vendor risk assessment?

A.
Nondisclosure agreement (NDA)
A.
Nondisclosure agreement (NDA)
Answers
B.
Independent audit report
B.
Independent audit report
Answers
C.
Business impact analysis (BIA)
C.
Business impact analysis (BIA)
Answers
D.
Service level agreement (SLA)
D.
Service level agreement (SLA)
Answers
Suggested answer: B

Question 536

Report
Export
Collapse

Which type of cloud computing deployment provides the consumer the GREATEST degree of control over the environment?

A.
Community cloud
A.
Community cloud
Answers
B.
Private cloud
B.
Private cloud
Answers
C.
Hybrid cloud
C.
Hybrid cloud
Answers
D.
Public cloud
D.
Public cloud
Answers
Suggested answer: B

Question 537

Report
Export
Collapse

An organization is considering adopting artificial intelligence (AI). Which of the following is the risk practitioner's MOST important course of action?

A.
Develop key risk indicators (KRIs).
A.
Develop key risk indicators (KRIs).
Answers
B.
Ensure sufficient pre-implementation testing.
B.
Ensure sufficient pre-implementation testing.
Answers
C.
Identify applicable risk scenarios.
C.
Identify applicable risk scenarios.
Answers
D.
Identify the organization's critical data.
D.
Identify the organization's critical data.
Answers
Suggested answer: C

Question 538

Report
Export
Collapse

Mitigating technology risk to acceptable levels should be based PRIMARILY upon:

A.
organizational risk appetite.
A.
organizational risk appetite.
Answers
B.
business sector best practices.
B.
business sector best practices.
Answers
C.
business process requirements.
C.
business process requirements.
Answers
D.
availability of automated solutions
D.
availability of automated solutions
Answers
Suggested answer: C

Explanation:

Topic 3, Exam Pool C

Question 539

Report
Export
Collapse

An organization is preparing to transfer a large number of customer service representatives to the sales department. Of the following, who is responsible for mitigating the risk associated with residual system access?

A.
IT service desk manager
A.
IT service desk manager
Answers
B.
Sales manager
B.
Sales manager
Answers
C.
Customer service manager
C.
Customer service manager
Answers
D.
Access control manager
D.
Access control manager
Answers
Suggested answer: D

Question 540

Report
Export
Collapse

A change management process has recently been updated with new testing procedures. What is the NEXT course of action?

A.
Monitor processes to ensure recent updates are being followed.
A.
Monitor processes to ensure recent updates are being followed.
Answers
B.
Communicate to those who test and promote changes.
B.
Communicate to those who test and promote changes.
Answers
C.
Conduct a cost-benefit analysis to justify the cost of the control.
C.
Conduct a cost-benefit analysis to justify the cost of the control.
Answers
D.
Assess the maturity of the change management process.
D.
Assess the maturity of the change management process.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms