ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 51

Report
Export
Collapse

Which of the following would BEST help to ensure that suspicious network activity is identified?

A.
Analyzing intrusion detection system (IDS) logs
A.
Analyzing intrusion detection system (IDS) logs
Answers
B.
Analyzing server logs
B.
Analyzing server logs
Answers
C.
Using a third-party monitoring provider
C.
Using a third-party monitoring provider
Answers
D.
Coordinating events with appropriate agencies
D.
Coordinating events with appropriate agencies
Answers
Suggested answer: A

Question 52

Report
Export
Collapse

Which of the following would BEST help minimize the risk associated with social engineering threats?

A.
Enforcing employees sanctions
A.
Enforcing employees sanctions
Answers
B.
Conducting phishing exercises
B.
Conducting phishing exercises
Answers
C.
Enforcing segregation of dunes
C.
Enforcing segregation of dunes
Answers
D.
Reviewing the organization's risk appetite
D.
Reviewing the organization's risk appetite
Answers
Suggested answer: B

Question 53

Report
Export
Collapse

Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?

A.
Ensuring availability of resources for log analysis
A.
Ensuring availability of resources for log analysis
Answers
B.
Implementing log analysis tools to automate controls
B.
Implementing log analysis tools to automate controls
Answers
C.
Ensuring the control is proportional to the risk
C.
Ensuring the control is proportional to the risk
Answers
D.
Building correlations between logs collected from different sources
D.
Building correlations between logs collected from different sources
Answers
Suggested answer: C

Question 54

Report
Export
Collapse

Risk mitigation procedures should include:

A.
buying an insurance policy.
A.
buying an insurance policy.
Answers
B.
acceptance of exposures
B.
acceptance of exposures
Answers
C.
deployment of counter measures.
C.
deployment of counter measures.
Answers
D.
enterprise architecture implementation.
D.
enterprise architecture implementation.
Answers
Suggested answer: B

Question 55

Report
Export
Collapse

Which of the following is MOST helpful to ensure effective security controls for a cloud service provider?

A.
A control self-assessment
A.
A control self-assessment
Answers
B.
A third-party security assessment report
B.
A third-party security assessment report
Answers
C.
Internal audit reports from the vendor
C.
Internal audit reports from the vendor
Answers
D.
Service level agreement monitoring
D.
Service level agreement monitoring
Answers
Suggested answer: B

Question 56

Report
Export
Collapse

Improvements in the design and implementation of a control will MOST likely result in an update to:

A.
inherent risk.
A.
inherent risk.
Answers
B.
residual risk.
B.
residual risk.
Answers
C.
risk appetite
C.
risk appetite
Answers
D.
risk tolerance
D.
risk tolerance
Answers
Suggested answer: B

Question 57

Report
Export
Collapse

A risk practitioner has determined that a key control does not meet design expectations. Which of the following should be done NEXT?

A.
Document the finding in the risk register.
A.
Document the finding in the risk register.
Answers
B.
Invoke the incident response plan.
B.
Invoke the incident response plan.
Answers
C.
Re-evaluate key risk indicators.
C.
Re-evaluate key risk indicators.
Answers
D.
Modify the design of the control.
D.
Modify the design of the control.
Answers
Suggested answer: A

Question 58

Report
Export
Collapse

Which of the following is a PRIMARY benefit of engaging the risk owner during the risk assessment process?

A.
Identification of controls gaps that may lead to noncompliance
A.
Identification of controls gaps that may lead to noncompliance
Answers
B.
Prioritization of risk action plans across departments
B.
Prioritization of risk action plans across departments
Answers
C.
Early detection of emerging threats
C.
Early detection of emerging threats
Answers
D.
Accurate measurement of loss impact
D.
Accurate measurement of loss impact
Answers
Suggested answer: D

Question 59

Report
Export
Collapse

Which of the following should be the risk practitioner s PRIMARY focus when determining whether controls are adequate to mitigate risk?

A.
Sensitivity analysis
A.
Sensitivity analysis
Answers
B.
Level of residual risk
B.
Level of residual risk
Answers
C.
Cost-benefit analysis
C.
Cost-benefit analysis
Answers
D.
Risk appetite
D.
Risk appetite
Answers
Suggested answer: C

Question 60

Report
Export
Collapse

Which of the following would BEST provide early warning of a high-risk condition?

A.
Risk register
A.
Risk register
Answers
B.
Risk assessment
B.
Risk assessment
Answers
C.
Key risk indicator (KRI)
C.
Key risk indicator (KRI)
Answers
D.
Key performance indicator (KPI)
D.
Key performance indicator (KPI)
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms