ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 64

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 631

Report
Export
Collapse

Which of the following is MOST important when considering risk in an enterprise risk management (ERM) process?

A.
Financial risk is given a higher priority.
A.
Financial risk is given a higher priority.
Answers
B.
Risk with strategic impact is included.
B.
Risk with strategic impact is included.
Answers
C.
Security strategy is given a higher priority.
C.
Security strategy is given a higher priority.
Answers
D.
Risk identified by industry benchmarking is included.
D.
Risk identified by industry benchmarking is included.
Answers
Suggested answer: B

Question 632

Report
Export
Collapse

Which of the following is a KEY consideration for a risk practitioner to communicate to senior management evaluating the introduction of artificial intelligence (Al) solutions into the organization?

A.
Al requires entirely new risk management processes.
A.
Al requires entirely new risk management processes.
Answers
B.
Al potentially introduces new types of risk.
B.
Al potentially introduces new types of risk.
Answers
C.
Al will result in changes to business processes.
C.
Al will result in changes to business processes.
Answers
D.
Third-party Al solutions increase regulatory obligations.
D.
Third-party Al solutions increase regulatory obligations.
Answers
Suggested answer: B

Question 633

Report
Export
Collapse

The BEST way to obtain senior management support for investment in a control implementation would be to articulate the reduction in:

A.
detected incidents.
A.
detected incidents.
Answers
B.
residual risk.
B.
residual risk.
Answers
C.
vulnerabilities.
C.
vulnerabilities.
Answers
D.
inherent risk.
D.
inherent risk.
Answers
Suggested answer: D

Question 634

Report
Export
Collapse

All business units within an organization have the same risk response plan for creating local disaster recovery plans. In an effort to achieve cost effectiveness, the BEST course of action would be to:

A.
select a provider to standardize the disaster recovery plans.
A.
select a provider to standardize the disaster recovery plans.
Answers
B.
outsource disaster recovery to an external provider.
B.
outsource disaster recovery to an external provider.
Answers
C.
centralize the risk response function at the enterprise level.
C.
centralize the risk response function at the enterprise level.
Answers
D.
evaluate opportunities to combine disaster recovery plans.
D.
evaluate opportunities to combine disaster recovery plans.
Answers
Suggested answer: D

Question 635

Report
Export
Collapse

Which of the following would BEST mitigate the risk associated with reputational damage from inappropriate use of social media sites by employees?

A.
Validating employee social media accounts and passwords
A.
Validating employee social media accounts and passwords
Answers
B.
Monitoring Internet usage on employee workstations
B.
Monitoring Internet usage on employee workstations
Answers
C.
Disabling social media access from the organization's technology
C.
Disabling social media access from the organization's technology
Answers
D.
Implementing training and awareness programs
D.
Implementing training and awareness programs
Answers
Suggested answer: D

Question 636

Report
Export
Collapse

After the review of a risk record, internal audit questioned why the risk was lowered from medium to low. Which of the following is the BEST course of action in responding to this inquiry?

A.
Obtain industry benchmarks related to the specific risk.
A.
Obtain industry benchmarks related to the specific risk.
Answers
B.
Provide justification for the lower risk rating.
B.
Provide justification for the lower risk rating.
Answers
C.
Notify the business at the next risk briefing.
C.
Notify the business at the next risk briefing.
Answers
D.
Reopen the risk issue and complete a full assessment.
D.
Reopen the risk issue and complete a full assessment.
Answers
Suggested answer: B

Question 637

Report
Export
Collapse

Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?

A.
A high number of approved exceptions exist with compensating controls.
A.
A high number of approved exceptions exist with compensating controls.
Answers
B.
Successive assessments have the same recurring vulnerabilities.
B.
Successive assessments have the same recurring vulnerabilities.
Answers
C.
Redundant compensating controls are in place.
C.
Redundant compensating controls are in place.
Answers
D.
Asset custodians are responsible for defining controls instead of asset owners.
D.
Asset custodians are responsible for defining controls instead of asset owners.
Answers
Suggested answer: B

Question 638

Report
Export
Collapse

Which of the following would be MOST helpful to a risk practitioner when ensuring that mitigated risk remains within acceptable limits?

A.
Building an organizational risk profile after updating the risk register
A.
Building an organizational risk profile after updating the risk register
Answers
B.
Ensuring risk owners participate in a periodic control testing process
B.
Ensuring risk owners participate in a periodic control testing process
Answers
C.
Designing a process for risk owners to periodically review identified risk
C.
Designing a process for risk owners to periodically review identified risk
Answers
D.
Implementing a process for ongoing monitoring of control effectiveness
D.
Implementing a process for ongoing monitoring of control effectiveness
Answers
Suggested answer: D

Question 639

Report
Export
Collapse

Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

A.
Updating the risk register to include the risk mitigation plan
A.
Updating the risk register to include the risk mitigation plan
Answers
B.
Determining processes for monitoring the effectiveness of the controls
B.
Determining processes for monitoring the effectiveness of the controls
Answers
C.
Ensuring that control design reduces risk to an acceptable level
C.
Ensuring that control design reduces risk to an acceptable level
Answers
D.
Confirming to management the controls reduce the likelihood of the risk
D.
Confirming to management the controls reduce the likelihood of the risk
Answers
Suggested answer: C

Question 640

Report
Export
Collapse

Which of the following is the MOST appropriate key risk indicator (KRI) for backup media that is recycled monthly?

A.
Time required for backup restoration testing
A.
Time required for backup restoration testing
Answers
B.
Change in size of data backed up
B.
Change in size of data backed up
Answers
C.
Successful completion of backup operations
C.
Successful completion of backup operations
Answers
D.
Percentage of failed restore tests
D.
Percentage of failed restore tests
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms