ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 65

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 641

Report
Export
Collapse

Which of the following will BEST help in communicating strategic risk priorities?

A.
Heat map
A.
Heat map
Answers
B.
Business impact analysis (BIA)
B.
Business impact analysis (BIA)
Answers
C.
Balanced Scorecard
C.
Balanced Scorecard
Answers
D.
Risk register
D.
Risk register
Answers
Suggested answer: A

Question 642

Report
Export
Collapse

The BEST indication that risk management is effective is when risk has been reduced to meet:

A.
risk levels.
A.
risk levels.
Answers
B.
risk budgets.
B.
risk budgets.
Answers
C.
risk appetite.
C.
risk appetite.
Answers
D.
risk capacity.
D.
risk capacity.
Answers
Suggested answer: C

Question 643

Report
Export
Collapse

What is the PRIMARY purpose of a business impact analysis (BIA)?

A.
To determine the likelihood and impact of threats to business operations
A.
To determine the likelihood and impact of threats to business operations
Answers
B.
To identify important business processes in the organization
B.
To identify important business processes in the organization
Answers
C.
To estimate resource requirements for related business processes
C.
To estimate resource requirements for related business processes
Answers
D.
To evaluate the priority of business operations in case of disruption
D.
To evaluate the priority of business operations in case of disruption
Answers
Suggested answer: D

Question 644

Report
Export
Collapse

Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure?

A.
Relevance to the business process
A.
Relevance to the business process
Answers
B.
Regulatory compliance requirements
B.
Regulatory compliance requirements
Answers
C.
Cost-benefit analysis
C.
Cost-benefit analysis
Answers
D.
Comparison against best practice
D.
Comparison against best practice
Answers
Suggested answer: B

Question 645

Report
Export
Collapse

Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?

A.
Relevant risk case studies
A.
Relevant risk case studies
Answers
B.
Internal audit findings
B.
Internal audit findings
Answers
C.
Risk assessment results
C.
Risk assessment results
Answers
D.
Penetration testing results
D.
Penetration testing results
Answers
Suggested answer: C

Question 646

Report
Export
Collapse

Which of the following is the MOST important topic to cover in a risk awareness training program for all staff?

A.
Internal and external information security incidents
A.
Internal and external information security incidents
Answers
B.
The risk department's roles and responsibilities
B.
The risk department's roles and responsibilities
Answers
C.
Policy compliance requirements and exceptions process
C.
Policy compliance requirements and exceptions process
Answers
D.
The organization's information security risk profile
D.
The organization's information security risk profile
Answers
Suggested answer: C

Question 647

Report
Export
Collapse

Upon learning that the number of failed back-up attempts continually exceeds the current risk threshold, the risk practitioner should:

A.
inquire about the status of any planned corrective actions
A.
inquire about the status of any planned corrective actions
Answers
B.
keep monitoring the situation as there is evidence that this is normal
B.
keep monitoring the situation as there is evidence that this is normal
Answers
C.
adjust the risk threshold to better reflect actual performance
C.
adjust the risk threshold to better reflect actual performance
Answers
D.
initiate corrective action to address the known deficiency
D.
initiate corrective action to address the known deficiency
Answers
Suggested answer: D

Question 648

Report
Export
Collapse

A newly hired risk practitioner finds that the risk register has not been updated in the past year. What is the risk practitioner's BEST course of action?

A.
Identify changes in risk factors and initiate risk reviews.
A.
Identify changes in risk factors and initiate risk reviews.
Answers
B.
Engage an external consultant to redesign the risk management process.
B.
Engage an external consultant to redesign the risk management process.
Answers
C.
Outsource the process for updating the risk register.
C.
Outsource the process for updating the risk register.
Answers
D.
Implement a process improvement and replace the old risk register.
D.
Implement a process improvement and replace the old risk register.
Answers
Suggested answer: A

Question 649

Report
Export
Collapse

Which of the following should be implemented to BEST mitigate the risk associated with infrastructure updates?

A.
Role-specific technical training
A.
Role-specific technical training
Answers
B.
Change management audit
B.
Change management audit
Answers
C.
Change control process
C.
Change control process
Answers
D.
Risk assessment
D.
Risk assessment
Answers
Suggested answer: C

Question 650

Report
Export
Collapse

An organization practices the principle of least privilege. To ensure access remains appropriate, application owners should be required to review user access rights on a regular basis by obtaining:

A.
business purpose documentation and software license counts
A.
business purpose documentation and software license counts
Answers
B.
an access control matrix and approval from the user's manager
B.
an access control matrix and approval from the user's manager
Answers
C.
documentation indicating the intended users of the application
C.
documentation indicating the intended users of the application
Answers
D.
security logs to determine the cause of invalid login attempts
D.
security logs to determine the cause of invalid login attempts
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms