ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 55

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

Question 541

Report
Export
Collapse

Which of the following should be done FIRST when information is no longer required to support business objectives?

A.
Archive the information to a backup database.
A.
Archive the information to a backup database.
Answers
B.
Protect the information according to the classification policy.
B.
Protect the information according to the classification policy.
Answers
C.
Assess the information against the retention policy.
C.
Assess the information against the retention policy.
Answers
D.
Securely and permanently erase the information
D.
Securely and permanently erase the information
Answers
Suggested answer: C

Question 542

Report
Export
Collapse

When developing a new risk register, a risk practitioner should focus on which of the following risk management activities?

A.
Risk management strategy planning
A.
Risk management strategy planning
Answers
B.
Risk monitoring and control
B.
Risk monitoring and control
Answers
C.
Risk identification
C.
Risk identification
Answers
D.
Risk response planning
D.
Risk response planning
Answers
Suggested answer: C

Question 543

Report
Export
Collapse

Which of the following BEST indicates whether security awareness training is effective?

A.
User self-assessment
A.
User self-assessment
Answers
B.
User behavior after training
B.
User behavior after training
Answers
C.
Course evaluation
C.
Course evaluation
Answers
D.
Quality of training materials
D.
Quality of training materials
Answers
Suggested answer: B

Question 544

Report
Export
Collapse

An organizations chief technology officer (CTO) has decided to accept the risk associated with the potential loss from a denial-of-service (DoS) attack. In this situation, the risk practitioner's BEST course of action is to:

A.
identify key risk indicators (KRls) for ongoing monitoring
A.
identify key risk indicators (KRls) for ongoing monitoring
Answers
B.
validate the CTO's decision with the business process owner
B.
validate the CTO's decision with the business process owner
Answers
C.
update the risk register with the selected risk response
C.
update the risk register with the selected risk response
Answers
D.
recommend that the CTO revisit the risk acceptance decision.
D.
recommend that the CTO revisit the risk acceptance decision.
Answers
Suggested answer: A

Question 545

Report
Export
Collapse

Several network user accounts were recently created without the required management approvals. Which of the following would be the risk practitioner's BEST recommendation to address this situation?

A.
Conduct a comprehensive compliance review.
A.
Conduct a comprehensive compliance review.
Answers
B.
Develop incident response procedures for noncompliance.
B.
Develop incident response procedures for noncompliance.
Answers
C.
Investigate the root cause of noncompliance.
C.
Investigate the root cause of noncompliance.
Answers
D.
Declare a security breach and Inform management.
D.
Declare a security breach and Inform management.
Answers
Suggested answer: C

Question 546

Report
Export
Collapse

Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

A.
Implement segregation of duties.
A.
Implement segregation of duties.
Answers
B.
Enforce an internal data access policy.
B.
Enforce an internal data access policy.
Answers
C.
Enforce the use of digital signatures.
C.
Enforce the use of digital signatures.
Answers
D.
Apply single sign-on for access control.
D.
Apply single sign-on for access control.
Answers
Suggested answer: B

Question 547

Report
Export
Collapse

A risk practitioner has become aware of production data being used in a test environment. Which of the following should be the practitioner's PRIMARY concern?

A.
Sensitivity of the data
A.
Sensitivity of the data
Answers
B.
Readability of test data
B.
Readability of test data
Answers
C.
Security of the test environment
C.
Security of the test environment
Answers
D.
Availability of data to authorized staff
D.
Availability of data to authorized staff
Answers
Suggested answer: A

Question 548

Report
Export
Collapse

Which of the following is the GREATEST advantage of implementing a risk management program?

A.
Enabling risk-aware decisions
A.
Enabling risk-aware decisions
Answers
B.
Promoting a risk-aware culture
B.
Promoting a risk-aware culture
Answers
C.
Improving security governance
C.
Improving security governance
Answers
D.
Reducing residual risk
D.
Reducing residual risk
Answers
Suggested answer: A

Question 549

Report
Export
Collapse

When updating the risk register after a risk assessment, which of the following is MOST important to include?

A.
Historical losses due to past risk events
A.
Historical losses due to past risk events
Answers
B.
Cost to reduce the impact and likelihood
B.
Cost to reduce the impact and likelihood
Answers
C.
Likelihood and impact of the risk scenario
C.
Likelihood and impact of the risk scenario
Answers
D.
Actor and threat type of the risk scenario
D.
Actor and threat type of the risk scenario
Answers
Suggested answer: C

Question 550

Report
Export
Collapse

The GREATEST benefit of including low-probability, high-impact events in a risk assessment is the ability to:

A.
develop a comprehensive risk mitigation strategy
A.
develop a comprehensive risk mitigation strategy
Answers
B.
develop understandable and realistic risk scenarios
B.
develop understandable and realistic risk scenarios
Answers
C.
identify root causes for relevant events
C.
identify root causes for relevant events
Answers
D.
perform an aggregated cost-benefit analysis
D.
perform an aggregated cost-benefit analysis
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms