ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 63

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 621

Report
Export
Collapse

To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

A.
require the vendor to sign a nondisclosure agreement
A.
require the vendor to sign a nondisclosure agreement
Answers
B.
clearly define the project scope.
B.
clearly define the project scope.
Answers
C.
perform background checks on the vendor.
C.
perform background checks on the vendor.
Answers
D.
notify network administrators before testing
D.
notify network administrators before testing
Answers
Suggested answer: A

Question 622

Report
Export
Collapse

Which of the following tasks should be completed prior to creating a disaster recovery plan (DRP)?

A.
Conducting a business impact analysis (BIA)
A.
Conducting a business impact analysis (BIA)
Answers
B.
Identifying the recovery response team
B.
Identifying the recovery response team
Answers
C.
Procuring a recovery site
C.
Procuring a recovery site
Answers
D.
Assigning sensitivity levels to data
D.
Assigning sensitivity levels to data
Answers
Suggested answer: A

Question 623

Report
Export
Collapse

Which of the following BEST indicates the efficiency of a process for granting access privileges?

A.
Average time to grant access privileges
A.
Average time to grant access privileges
Answers
B.
Number of changes in access granted to users
B.
Number of changes in access granted to users
Answers
C.
Average number of access privilege exceptions
C.
Average number of access privilege exceptions
Answers
D.
Number and type of locked obsolete accounts
D.
Number and type of locked obsolete accounts
Answers
Suggested answer: C

Question 624

Report
Export
Collapse

Several newly identified risk scenarios are being integrated into an organization's risk register. The MOST appropriate risk owner would be the individual who:

A.
is in charge of information security.
A.
is in charge of information security.
Answers
B.
is responsible for enterprise risk management (ERM)
B.
is responsible for enterprise risk management (ERM)
Answers
C.
can implement remediation action plans.
C.
can implement remediation action plans.
Answers
D.
is accountable for loss if the risk materializes.
D.
is accountable for loss if the risk materializes.
Answers
Suggested answer: D

Question 625

Report
Export
Collapse

An internal audit report reveals that not all IT application databases have encryption in place. Which of the following information would be MOST important for assessing the risk impact?

A.
The number of users who can access sensitive data
A.
The number of users who can access sensitive data
Answers
B.
A list of unencrypted databases which contain sensitive data
B.
A list of unencrypted databases which contain sensitive data
Answers
C.
The reason some databases have not been encrypted
C.
The reason some databases have not been encrypted
Answers
D.
The cost required to enforce encryption
D.
The cost required to enforce encryption
Answers
Suggested answer: B

Question 626

Report
Export
Collapse

Which of the following is the GREATEST benefit of analyzing logs collected from different systems?

A.
A record of incidents is maintained.
A.
A record of incidents is maintained.
Answers
B.
Forensic investigations are facilitated.
B.
Forensic investigations are facilitated.
Answers
C.
Security violations can be identified.
C.
Security violations can be identified.
Answers
D.
Developing threats are detected earlier.
D.
Developing threats are detected earlier.
Answers
Suggested answer: C

Question 627

Report
Export
Collapse

Which of the following is the BEST approach when a risk practitioner has been asked by a business unit manager for special consideration during a risk assessment of a system?

A.
Conduct an abbreviated version of the assessment.
A.
Conduct an abbreviated version of the assessment.
Answers
B.
Report the business unit manager for a possible ethics violation.
B.
Report the business unit manager for a possible ethics violation.
Answers
C.
Perform the assessment as it would normally be done.
C.
Perform the assessment as it would normally be done.
Answers
D.
Recommend an internal auditor perform the review.
D.
Recommend an internal auditor perform the review.
Answers
Suggested answer: B

Question 628

Report
Export
Collapse

What is the PRIMARY reason to periodically review key performance indicators (KPIs)?

A.
Ensure compliance.
A.
Ensure compliance.
Answers
B.
Identify trends.
B.
Identify trends.
Answers
C.
Promote a risk-aware culture.
C.
Promote a risk-aware culture.
Answers
D.
Optimize resources needed for controls
D.
Optimize resources needed for controls
Answers
Suggested answer: A

Question 629

Report
Export
Collapse

The MOST important reason for implementing change control procedures is to ensure:

A.
only approved changes are implemented
A.
only approved changes are implemented
Answers
B.
timely evaluation of change events
B.
timely evaluation of change events
Answers
C.
an audit trail exists.
C.
an audit trail exists.
Answers
D.
that emergency changes are logged.
D.
that emergency changes are logged.
Answers
Suggested answer: A

Question 630

Report
Export
Collapse

Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?

A.
To enable consistent data on risk to be obtained
A.
To enable consistent data on risk to be obtained
Answers
B.
To allow for proper review of risk tolerance
B.
To allow for proper review of risk tolerance
Answers
C.
To identify dependencies for reporting risk
C.
To identify dependencies for reporting risk
Answers
D.
To provide consistent and clear terminology
D.
To provide consistent and clear terminology
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms