ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 61

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
An effective control environment is BEST indicated by controls that:

Question 601

Report
Export
Collapse

Which of the following provides the BEST measurement of an organization's risk management maturity level?

A.
Level of residual risk
A.
Level of residual risk
Answers
B.
The results of a gap analysis
B.
The results of a gap analysis
Answers
C.
IT alignment to business objectives
C.
IT alignment to business objectives
Answers
D.
Key risk indicators (KRIs)
D.
Key risk indicators (KRIs)
Answers
Suggested answer: C

Question 602

Report
Export
Collapse

Which of the following statements BEST illustrates the relationship between key performance indicators (KPIs) and key control indicators (KCIs)?

A.
KPIs measure manual controls, while KCIs measure automated controls.
A.
KPIs measure manual controls, while KCIs measure automated controls.
Answers
B.
KPIs and KCIs both contribute to understanding of control effectiveness.
B.
KPIs and KCIs both contribute to understanding of control effectiveness.
Answers
C.
A robust KCI program will replace the need to measure KPIs.
C.
A robust KCI program will replace the need to measure KPIs.
Answers
D.
KCIs are applied at the operational level while KPIs are at the strategic level.
D.
KCIs are applied at the operational level while KPIs are at the strategic level.
Answers
Suggested answer: B

Question 603

Report
Export
Collapse

Which of the following is the GREATEST risk associated with an environment that lacks documentation of the architecture?

A.
Unknown vulnerabilities
A.
Unknown vulnerabilities
Answers
B.
Legacy technology systems
B.
Legacy technology systems
Answers
C.
Network isolation
C.
Network isolation
Answers
D.
Overlapping threats
D.
Overlapping threats
Answers
Suggested answer: D

Question 604

Report
Export
Collapse

The BEST way to determine the likelihood of a system availability risk scenario is by assessing the:

A.
availability of fault tolerant software.
A.
availability of fault tolerant software.
Answers
B.
strategic plan for business growth.
B.
strategic plan for business growth.
Answers
C.
vulnerability scan results of critical systems.
C.
vulnerability scan results of critical systems.
Answers
D.
redundancy of technical infrastructure.
D.
redundancy of technical infrastructure.
Answers
Suggested answer: D

Question 605

Report
Export
Collapse

An organization uses a vendor to destroy hard drives. Which of the following would BEST reduce the risk of data leakage?

A.
Require the vendor to degauss the hard drives
A.
Require the vendor to degauss the hard drives
Answers
B.
Implement an encryption policy for the hard drives.
B.
Implement an encryption policy for the hard drives.
Answers
C.
Require confirmation of destruction from the IT manager.
C.
Require confirmation of destruction from the IT manager.
Answers
D.
Use an accredited vendor to dispose of the hard drives.
D.
Use an accredited vendor to dispose of the hard drives.
Answers
Suggested answer: B

Question 606

Report
Export
Collapse

The BEST key performance indicator (KPI) for monitoring adherence to an organization's user accounts provisioning practices is the percentage of:

A.
accounts without documented approval
A.
accounts without documented approval
Answers
B.
user accounts with default passwords
B.
user accounts with default passwords
Answers
C.
active accounts belonging to former personnel
C.
active accounts belonging to former personnel
Answers
D.
accounts with dormant activity.
D.
accounts with dormant activity.
Answers
Suggested answer: A

Question 607

Report
Export
Collapse

Which of the following BEST enables the identification of trends in risk levels?

A.
Correlation between risk levels and key risk indicators (KRIs) is positive.
A.
Correlation between risk levels and key risk indicators (KRIs) is positive.
Answers
B.
Measurements for key risk indicators (KRIs) are repeatable
B.
Measurements for key risk indicators (KRIs) are repeatable
Answers
C.
Quantitative measurements are used for key risk indicators (KRIs).
C.
Quantitative measurements are used for key risk indicators (KRIs).
Answers
D.
Qualitative definitions for key risk indicators (KRIs) are used.
D.
Qualitative definitions for key risk indicators (KRIs) are used.
Answers
Suggested answer: B

Question 608

Report
Export
Collapse

While reviewing an organization's monthly change management metrics, a risk practitioner notes that the number of emergency changes has increased substantially Which of the following would be the BEST approach for the risk practitioner to take?

A.
Temporarily suspend emergency changes.
A.
Temporarily suspend emergency changes.
Answers
B.
Document the control deficiency in the risk register.
B.
Document the control deficiency in the risk register.
Answers
C.
Conduct a root cause analysis.
C.
Conduct a root cause analysis.
Answers
D.
Continue monitoring change management metrics.
D.
Continue monitoring change management metrics.
Answers
Suggested answer: C

Question 609

Report
Export
Collapse

An organization has implemented a preventive control to lock user accounts after three unsuccessful login attempts. This practice has been proven to be unproductive, and a change in the control threshold value has been recommended. Who should authorize changing this threshold?

A.
Risk owner
A.
Risk owner
Answers
B.
IT security manager
B.
IT security manager
Answers
C.
IT system owner
C.
IT system owner
Answers
D.
Control owner
D.
Control owner
Answers
Suggested answer: D

Question 610

Report
Export
Collapse

Which of the following is the MOST effective control to maintain the integrity of system configuration files?

A.
Recording changes to configuration files
A.
Recording changes to configuration files
Answers
B.
Implementing automated vulnerability scanning
B.
Implementing automated vulnerability scanning
Answers
C.
Restricting access to configuration documentation
C.
Restricting access to configuration documentation
Answers
D.
Monitoring against the configuration standard
D.
Monitoring against the configuration standard
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms