ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 56

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 551

Report
Export
Collapse

Which of the following should be the FIRST consideration when a business unit wants to use personal information for a purpose other than for which it was originally collected?

A.
Informed consent
A.
Informed consent
Answers
B.
Cross border controls
B.
Cross border controls
Answers
C.
Business impact analysis (BIA)
C.
Business impact analysis (BIA)
Answers
D.
Data breach protection
D.
Data breach protection
Answers
Suggested answer: A

Question 552

Report
Export
Collapse

The BEST metric to monitor the risk associated with changes deployed to production is the percentage of:

A.
changes due to emergencies.
A.
changes due to emergencies.
Answers
B.
changes that cause incidents.
B.
changes that cause incidents.
Answers
C.
changes not requiring user acceptance testing.
C.
changes not requiring user acceptance testing.
Answers
D.
personnel that have rights to make changes in production.
D.
personnel that have rights to make changes in production.
Answers
Suggested answer: B

Question 553

Report
Export
Collapse

Which of the following criteria associated with key risk indicators (KRIs) BEST enables effective risk monitoring?

A.
Approval by senior management
A.
Approval by senior management
Answers
B.
Low cost of development and maintenance
B.
Low cost of development and maintenance
Answers
C.
Sensitivity to changes in risk levels
C.
Sensitivity to changes in risk levels
Answers
D.
Use of industry risk data sources
D.
Use of industry risk data sources
Answers
Suggested answer: C

Question 554

Report
Export
Collapse

Which of the following BEST protects an organization against breaches when using a software as a service (SaaS) application?

A.
Control self-assessment (CSA)
A.
Control self-assessment (CSA)
Answers
B.
Security information and event management (SIEM) solutions
B.
Security information and event management (SIEM) solutions
Answers
C.
Data privacy impact assessment (DPIA)
C.
Data privacy impact assessment (DPIA)
Answers
D.
Data loss prevention (DLP) tools
D.
Data loss prevention (DLP) tools
Answers
Suggested answer: B

Question 555

Report
Export
Collapse

When an organization's disaster recovery plan (DRP) has a reciprocal agreement, which of the following risk treatment options is being applied?

A.
Acceptance
A.
Acceptance
Answers
B.
Mitigation
B.
Mitigation
Answers
C.
Transfer
C.
Transfer
Answers
D.
Avoidance
D.
Avoidance
Answers
Suggested answer: B

Question 556

Report
Export
Collapse

Which of the following is the MOST important reason to link an effective key control indicator (KCI) to relevant key risk indicators (KRIs)?

A.
To monitor changes in the risk environment
A.
To monitor changes in the risk environment
Answers
B.
To provide input to management for the adjustment of risk appetite
B.
To provide input to management for the adjustment of risk appetite
Answers
C.
To monitor the accuracy of threshold levels in metrics
C.
To monitor the accuracy of threshold levels in metrics
Answers
D.
To obtain business buy-in for investment in risk mitigation measures
D.
To obtain business buy-in for investment in risk mitigation measures
Answers
Suggested answer: A

Question 557

Report
Export
Collapse

Which of the following is MOST useful when communicating risk to management?

A.
Risk policy
A.
Risk policy
Answers
B.
Audit report
B.
Audit report
Answers
C.
Risk map
C.
Risk map
Answers
D.
Maturity model
D.
Maturity model
Answers
Suggested answer: C

Question 558

Report
Export
Collapse

Which of the following controls BEST enables an organization to ensure a complete and accurate IT asset inventory?

A.
Prohibiting the use of personal devices for business
A.
Prohibiting the use of personal devices for business
Answers
B.
Performing network scanning for unknown devices
B.
Performing network scanning for unknown devices
Answers
C.
Requesting an asset list from business owners
C.
Requesting an asset list from business owners
Answers
D.
Documenting asset configuration baselines
D.
Documenting asset configuration baselines
Answers
Suggested answer: B

Question 559

Report
Export
Collapse

Reviewing historical risk events is MOST useful for which of the following processes within the risk management life cycle?

A.
Risk monitoring
A.
Risk monitoring
Answers
B.
Risk mitigation
B.
Risk mitigation
Answers
C.
Risk aggregation
C.
Risk aggregation
Answers
D.
Risk assessment
D.
Risk assessment
Answers
Suggested answer: D

Question 560

Report
Export
Collapse

Participants in a risk workshop have become focused on the financial cost to mitigate risk rather than choosing the most appropriate response. Which of the following is the BEST way to address this type of issue in the long term?

A.
Perform a return on investment analysis.
A.
Perform a return on investment analysis.
Answers
B.
Review the risk register and risk scenarios.
B.
Review the risk register and risk scenarios.
Answers
C.
Calculate annualized loss expectancy of risk scenarios.
C.
Calculate annualized loss expectancy of risk scenarios.
Answers
D.
Raise the maturity of organizational risk management.
D.
Raise the maturity of organizational risk management.
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms