ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 67

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

Question 661

Report
Export
Collapse

A risk manager has determined there is excessive risk with a particular technology. Who is the BEST person to own the unmitigated risk of the technology?

A.
IT system owner
A.
IT system owner
Answers
B.
Chief financial officer
B.
Chief financial officer
Answers
C.
Chief risk officer
C.
Chief risk officer
Answers
D.
Business process owner
D.
Business process owner
Answers
Suggested answer: D

Question 662

Report
Export
Collapse

An organization learns of a new ransomware attack affecting organizations worldwide. Which of the following should be done FIRST to reduce the likelihood of infection from the attack?

A.
Identify systems that are vulnerable to being exploited by the attack.
A.
Identify systems that are vulnerable to being exploited by the attack.
Answers
B.
Confirm with the antivirus solution vendor whether the next update will detect the attack.
B.
Confirm with the antivirus solution vendor whether the next update will detect the attack.
Answers
C.
Verify the data backup process and confirm which backups are the most recent ones available.
C.
Verify the data backup process and confirm which backups are the most recent ones available.
Answers
D.
Obtain approval for funding to purchase a cyber insurance plan.
D.
Obtain approval for funding to purchase a cyber insurance plan.
Answers
Suggested answer: A

Question 663

Report
Export
Collapse

Which of the following is the MOST important objective of establishing an enterprise risk management (ERM) function within an organization?

A.
To have a unified approach to risk management across the organization
A.
To have a unified approach to risk management across the organization
Answers
B.
To have a standard risk management process for complying with regulations
B.
To have a standard risk management process for complying with regulations
Answers
C.
To optimize risk management resources across the organization
C.
To optimize risk management resources across the organization
Answers
D.
To ensure risk profiles are presented in a consistent format within the organization
D.
To ensure risk profiles are presented in a consistent format within the organization
Answers
Suggested answer: A

Question 664

Report
Export
Collapse

Which of the following is the BEST key control indicator (KCI) for a vulnerability management program?

A.
Percentage of high-risk vulnerabilities missed
A.
Percentage of high-risk vulnerabilities missed
Answers
B.
Number of high-risk vulnerabilities outstanding
B.
Number of high-risk vulnerabilities outstanding
Answers
C.
Defined thresholds for high-risk vulnerabilities
C.
Defined thresholds for high-risk vulnerabilities
Answers
D.
Percentage of high-risk vulnerabilities addressed
D.
Percentage of high-risk vulnerabilities addressed
Answers
Suggested answer: D

Question 665

Report
Export
Collapse

Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

A.
Data owner
A.
Data owner
Answers
B.
Control owner
B.
Control owner
Answers
C.
Risk owner
C.
Risk owner
Answers
D.
System owner
D.
System owner
Answers
Suggested answer: B

Question 666

Report
Export
Collapse

Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?

A.
Develop a risk treatment plan.
A.
Develop a risk treatment plan.
Answers
B.
Validate organizational risk appetite.
B.
Validate organizational risk appetite.
Answers
C.
Review results of prior risk assessments.
C.
Review results of prior risk assessments.
Answers
D.
Include the current and desired states in the risk register.
D.
Include the current and desired states in the risk register.
Answers
Suggested answer: A

Question 667

Report
Export
Collapse

An application runs a scheduled job that compiles financial data from multiple business systems and updates the financial reporting system. If this job runs too long, it can delay financial reporting. Which of the following is the risk practitioner's BEST recommendation?

A.
Implement database activity and capacity monitoring.
A.
Implement database activity and capacity monitoring.
Answers
B.
Ensure the business is aware of the risk.
B.
Ensure the business is aware of the risk.
Answers
C.
Ensure the enterprise has a process to detect such situations.
C.
Ensure the enterprise has a process to detect such situations.
Answers
D.
Consider providing additional system resources to this job.
D.
Consider providing additional system resources to this job.
Answers
Suggested answer: C

Question 668

Report
Export
Collapse

Which of the following roles is BEST suited to help a risk practitioner understand the impact of IT-related events on business objectives?

A.
IT management
A.
IT management
Answers
B.
Internal audit
B.
Internal audit
Answers
C.
Process owners
C.
Process owners
Answers
D.
Senior management
D.
Senior management
Answers
Suggested answer: C

Question 669

Report
Export
Collapse

Which of the following is the MOST effective control to ensure user access is maintained on a least-privilege basis?

A.
User authorization
A.
User authorization
Answers
B.
User recertification
B.
User recertification
Answers
C.
Change log review
C.
Change log review
Answers
D.
Access log monitoring
D.
Access log monitoring
Answers
Suggested answer: B

Question 670

Report
Export
Collapse

A deficient control has been identified which could result in great harm to an organization should a low frequency threat event occur. When communicating the associated risk to senior management the risk practitioner should explain:

A.
mitigation plans for threat events should be prepared in the current planning period.
A.
mitigation plans for threat events should be prepared in the current planning period.
Answers
B.
this risk scenario is equivalent to more frequent but lower impact risk scenarios.
B.
this risk scenario is equivalent to more frequent but lower impact risk scenarios.
Answers
C.
the current level of risk is within tolerance.
C.
the current level of risk is within tolerance.
Answers
D.
an increase in threat events could cause a loss sooner than anticipated.
D.
an increase in threat events could cause a loss sooner than anticipated.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms