ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 62

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 611

Report
Export
Collapse

When reviewing a business continuity plan (BCP). which of the following would be the MOST significant deficiency?

A.
BCP testing is net in conjunction with the disaster recovery plan (DRP)
A.
BCP testing is net in conjunction with the disaster recovery plan (DRP)
Answers
B.
Recovery time objectives (RTOs) do not meet business requirements.
B.
Recovery time objectives (RTOs) do not meet business requirements.
Answers
C.
BCP is often tested using the walk-through method.
C.
BCP is often tested using the walk-through method.
Answers
D.
Each business location has separate, inconsistent BCPs.
D.
Each business location has separate, inconsistent BCPs.
Answers
Suggested answer: B

Question 612

Report
Export
Collapse

Which of the following is the STRONGEST indication an organization has ethics management issues?

A.
Employees do not report IT risk issues for fear of consequences.
A.
Employees do not report IT risk issues for fear of consequences.
Answers
B.
Internal IT auditors report to the chief information security officer (CISO).
B.
Internal IT auditors report to the chief information security officer (CISO).
Answers
C.
Employees face sanctions for not signing the organization's acceptable use policy.
C.
Employees face sanctions for not signing the organization's acceptable use policy.
Answers
D.
The organization has only two lines of defense.
D.
The organization has only two lines of defense.
Answers
Suggested answer: A

Question 613

Report
Export
Collapse

Which of the following is the BEST evidence that a user account has been properly authorized?

A.
An email from the user accepting the account
A.
An email from the user accepting the account
Answers
B.
Notification from human resources that the account is active
B.
Notification from human resources that the account is active
Answers
C.
User privileges matching the request form
C.
User privileges matching the request form
Answers
D.
Formal approval of the account by the user's manager
D.
Formal approval of the account by the user's manager
Answers
Suggested answer: C

Question 614

Report
Export
Collapse

Which of the following is the BEST way to manage the risk associated with malicious activities performed by database administrators (DBAs)?

A.
Activity logging and monitoring
A.
Activity logging and monitoring
Answers
B.
Periodic access review
B.
Periodic access review
Answers
C.
Two-factor authentication
C.
Two-factor authentication
Answers
D.
Awareness training and background checks
D.
Awareness training and background checks
Answers
Suggested answer: A

Question 615

Report
Export
Collapse

Which of the following would BEST assist in reconstructing the sequence of events following a security incident across multiple IT systems in the organization's network?

A.
Network monitoring infrastructure
A.
Network monitoring infrastructure
Answers
B.
Centralized vulnerability management
B.
Centralized vulnerability management
Answers
C.
Incident management process
C.
Incident management process
Answers
D.
Centralized log management
D.
Centralized log management
Answers
Suggested answer: D

Question 616

Report
Export
Collapse

To communicate the risk associated with IT in business terms, which of the following MUST be defined?

A.
Compliance objectives
A.
Compliance objectives
Answers
B.
Risk appetite of the organization
B.
Risk appetite of the organization
Answers
C.
Organizational objectives
C.
Organizational objectives
Answers
D.
Inherent and residual risk
D.
Inherent and residual risk
Answers
Suggested answer: C

Question 617

Report
Export
Collapse

Which of the following is the GREATEST risk associated with the misclassification of data?

A.
inadequate resource allocation
A.
inadequate resource allocation
Answers
B.
Data disruption
B.
Data disruption
Answers
C.
Unauthorized access
C.
Unauthorized access
Answers
D.
Inadequate retention schedules
D.
Inadequate retention schedules
Answers
Suggested answer: A

Question 618

Report
Export
Collapse

Which of the following is the MOST critical element to maximize the potential for a successful security implementation?

A.
The organization's knowledge
A.
The organization's knowledge
Answers
B.
Ease of implementation
B.
Ease of implementation
Answers
C.
The organization's culture
C.
The organization's culture
Answers
D.
industry-leading security tools
D.
industry-leading security tools
Answers
Suggested answer: C

Question 619

Report
Export
Collapse

Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?

A.
Align business objectives with risk appetite.
A.
Align business objectives with risk appetite.
Answers
B.
Enable risk-based decision making.
B.
Enable risk-based decision making.
Answers
C.
Design and implement risk response action plans.
C.
Design and implement risk response action plans.
Answers
D.
Update risk responses in the risk register
D.
Update risk responses in the risk register
Answers
Suggested answer: B

Question 620

Report
Export
Collapse

Which of the following is necessary to enable an IT risk register to be consolidated with the rest of the organization's risk register?

A.
Risk taxonomy
A.
Risk taxonomy
Answers
B.
Risk response
B.
Risk response
Answers
C.
Risk appetite
C.
Risk appetite
Answers
D.
Risk ranking
D.
Risk ranking
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms