ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 66

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

Question 651

Report
Export
Collapse

Which of the following BEST indicates the condition of a risk management program?

A.
Number of risk register entries
A.
Number of risk register entries
Answers
B.
Number of controls
B.
Number of controls
Answers
C.
Level of financial support
C.
Level of financial support
Answers
D.
Amount of residual risk
D.
Amount of residual risk
Answers
Suggested answer: D

Question 652

Report
Export
Collapse

Which of the following is MOST important to have in place to ensure the effectiveness of risk and security metrics reporting?

A.
Organizational reporting process
A.
Organizational reporting process
Answers
B.
Incident reporting procedures
B.
Incident reporting procedures
Answers
C.
Regularly scheduled audits
C.
Regularly scheduled audits
Answers
D.
Incident management policy
D.
Incident management policy
Answers
Suggested answer: A

Question 653

Report
Export
Collapse

Which of the following is MOST important when developing risk scenarios?

A.
Reviewing business impact analysis (BIA)
A.
Reviewing business impact analysis (BIA)
Answers
B.
Collaborating with IT audit
B.
Collaborating with IT audit
Answers
C.
Conducting vulnerability assessments
C.
Conducting vulnerability assessments
Answers
D.
Obtaining input from key stakeholders
D.
Obtaining input from key stakeholders
Answers
Suggested answer: D

Question 654

Report
Export
Collapse

Which of the following approaches will BEST help to ensure the effectiveness of risk awareness training?

A.
Piloting courses with focus groups
A.
Piloting courses with focus groups
Answers
B.
Using reputable third-party training programs
B.
Using reputable third-party training programs
Answers
C.
Reviewing content with senior management
C.
Reviewing content with senior management
Answers
D.
Creating modules for targeted audiences
D.
Creating modules for targeted audiences
Answers
Suggested answer: D

Question 655

Report
Export
Collapse

Which of the following BEST measures the impact of business interruptions caused by an IT service outage?

A.
Sustained financial loss
A.
Sustained financial loss
Answers
B.
Cost of remediation efforts
B.
Cost of remediation efforts
Answers
C.
Duration of service outage
C.
Duration of service outage
Answers
D.
Average time to recovery
D.
Average time to recovery
Answers
Suggested answer: A

Question 656

Report
Export
Collapse

The MOST important objective of information security controls is to:

A.
Identify threats and vulnerability
A.
Identify threats and vulnerability
Answers
B.
Ensure alignment with industry standards
B.
Ensure alignment with industry standards
Answers
C.
Provide measurable risk reduction
C.
Provide measurable risk reduction
Answers
D.
Enforce strong security solutions
D.
Enforce strong security solutions
Answers
Suggested answer: C

Question 657

Report
Export
Collapse

Which of the following will be MOST effective in uniquely identifying the originator of electronic transactions?

A.
Digital signature
A.
Digital signature
Answers
B.
Edit checks
B.
Edit checks
Answers
C.
Encryption
C.
Encryption
Answers
D.
Multifactor authentication
D.
Multifactor authentication
Answers
Suggested answer: A

Question 658

Report
Export
Collapse

The PRIMARY benefit of conducting continuous monitoring of access controls is the ability to identify:

A.
inconsistencies between security policies and procedures
A.
inconsistencies between security policies and procedures
Answers
B.
possible noncompliant activities that lead to data disclosure
B.
possible noncompliant activities that lead to data disclosure
Answers
C.
leading or lagging key risk indicators (KRIs)
C.
leading or lagging key risk indicators (KRIs)
Answers
D.
unknown threats to undermine existing access controls
D.
unknown threats to undermine existing access controls
Answers
Suggested answer: B

Question 659

Report
Export
Collapse

Which of the following is the PRIMARY role of a data custodian in the risk management process?

A.
Performing periodic data reviews according to policy
A.
Performing periodic data reviews according to policy
Answers
B.
Reporting and escalating data breaches to senior management
B.
Reporting and escalating data breaches to senior management
Answers
C.
Being accountable for control design
C.
Being accountable for control design
Answers
D.
Ensuring data is protected according to the classification
D.
Ensuring data is protected according to the classification
Answers
Suggested answer: D

Question 660

Report
Export
Collapse

An organization planning to transfer and store its customer data with an offshore cloud service provider should be PRIMARILY concerned with:

A.
data aggregation
A.
data aggregation
Answers
B.
data privacy
B.
data privacy
Answers
C.
data quality
C.
data quality
Answers
D.
data validation
D.
data validation
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms