ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 59

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 581

Report
Export
Collapse

Which of the following methods is an example of risk mitigation?

A.
Not providing capability for employees to work remotely
A.
Not providing capability for employees to work remotely
Answers
B.
Outsourcing the IT activities and infrastructure
B.
Outsourcing the IT activities and infrastructure
Answers
C.
Enforcing change and configuration management processes
C.
Enforcing change and configuration management processes
Answers
D.
Taking out insurance coverage for IT-related incidents
D.
Taking out insurance coverage for IT-related incidents
Answers
Suggested answer: C

Question 582

Report
Export
Collapse

A service provider is managing a client's servers. During an audit of the service, a noncompliant control is discovered that will not be resolved before the next audit because the client cannot afford the downtime required to correct the issue. The service provider's MOST appropriate action would be to:

A.
develop a risk remediation plan overriding the client's decision
A.
develop a risk remediation plan overriding the client's decision
Answers
B.
make a note for this item in the next audit explaining the situation
B.
make a note for this item in the next audit explaining the situation
Answers
C.
insist that the remediation occur for the benefit of other customers
C.
insist that the remediation occur for the benefit of other customers
Answers
D.
ask the client to document the formal risk acceptance for the provider
D.
ask the client to document the formal risk acceptance for the provider
Answers
Suggested answer: D

Question 583

Report
Export
Collapse

The PRIMARY purpose of IT control status reporting is to:

A.
ensure compliance with IT governance strategy.
A.
ensure compliance with IT governance strategy.
Answers
B.
assist internal audit in evaluating and initiating remediation efforts.
B.
assist internal audit in evaluating and initiating remediation efforts.
Answers
C.
benchmark IT controls with Industry standards.
C.
benchmark IT controls with Industry standards.
Answers
D.
facilitate the comparison of the current and desired states.
D.
facilitate the comparison of the current and desired states.
Answers
Suggested answer: A

Question 584

Report
Export
Collapse

An IT risk practitioner has been asked to regularly report on the overall status and effectiveness of the IT risk management program. Which of the following is MOST useful for this purpose?

A.
Balanced scorecard
A.
Balanced scorecard
Answers
B.
Capability maturity level
B.
Capability maturity level
Answers
C.
Internal audit plan
C.
Internal audit plan
Answers
D.
Control self-assessment (CSA)
D.
Control self-assessment (CSA)
Answers
Suggested answer: A

Question 585

Report
Export
Collapse

Which of the following risk management practices BEST facilitates the incorporation of IT risk scenarios into the enterprise-wide risk register?

A.
Key risk indicators (KRls) are developed for key IT risk scenarios
A.
Key risk indicators (KRls) are developed for key IT risk scenarios
Answers
B.
IT risk scenarios are assessed by the enterprise risk management team
B.
IT risk scenarios are assessed by the enterprise risk management team
Answers
C.
Risk appetites for IT risk scenarios are approved by key business stakeholders.
C.
Risk appetites for IT risk scenarios are approved by key business stakeholders.
Answers
D.
IT risk scenarios are developed in the context of organizational objectives.
D.
IT risk scenarios are developed in the context of organizational objectives.
Answers
Suggested answer: D

Question 586

Report
Export
Collapse

Senior management has asked a risk practitioner to develop technical risk scenarios related to a recently developed enterprise resource planning (ERP) system. These scenarios will be owned by the system manager. Which of the following would be the BEST method to use when developing the scenarios?

A.
Cause-and-effect diagram
A.
Cause-and-effect diagram
Answers
B.
Delphi technique
B.
Delphi technique
Answers
C.
Bottom-up approach
C.
Bottom-up approach
Answers
D.
Top-down approach
D.
Top-down approach
Answers
Suggested answer: A

Question 587

Report
Export
Collapse

An organization must make a choice among multiple options to respond to a risk. The stakeholders cannot agree and decide to postpone the decision. Which of the following risk responses has the organization adopted?

A.
Transfer
A.
Transfer
Answers
B.
Mitigation
B.
Mitigation
Answers
C.
Avoidance
C.
Avoidance
Answers
D.
Acceptance
D.
Acceptance
Answers
Suggested answer: D

Question 588

Report
Export
Collapse

Which of the following is the MOST important technology control to reduce the likelihood of fraudulent payments committed internally?

A.
Automated access revocation
A.
Automated access revocation
Answers
B.
Daily transaction reconciliation
B.
Daily transaction reconciliation
Answers
C.
Rule-based data analytics
C.
Rule-based data analytics
Answers
D.
Role-based user access model
D.
Role-based user access model
Answers
Suggested answer: B

Question 589

Report
Export
Collapse

Which of the following should be included in a risk scenario to be used for risk analysis?

A.
Risk appetite
A.
Risk appetite
Answers
B.
Threat type
B.
Threat type
Answers
C.
Risk tolerance
C.
Risk tolerance
Answers
D.
Residual risk
D.
Residual risk
Answers
Suggested answer: B

Question 590

Report
Export
Collapse

While reviewing a contract of a cloud services vendor, it was discovered that the vendor refuses to accept liability for a sensitive data breach. Which of the following controls will BES reduce the risk associated with such a data breach?

A.
Ensuring the vendor does not know the encryption key
A.
Ensuring the vendor does not know the encryption key
Answers
B.
Engaging a third party to validate operational controls
B.
Engaging a third party to validate operational controls
Answers
C.
Using the same cloud vendor as a competitor
C.
Using the same cloud vendor as a competitor
Answers
D.
Using field-level encryption with a vendor supplied key
D.
Using field-level encryption with a vendor supplied key
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms