ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 68

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

Question 671

Report
Export
Collapse

After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:

Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

A.
External audit
A.
External audit
Answers
B.
Internal audit
B.
Internal audit
Answers
C.
Vendor performance scorecard
C.
Vendor performance scorecard
Answers
D.
Regulatory examination
D.
Regulatory examination
Answers
Suggested answer: A

Question 672

Report
Export
Collapse

When reporting on the performance of an organization's control environment including which of the following would BEST inform stakeholders risk decision-making?

A.
The audit plan for the upcoming period
A.
The audit plan for the upcoming period
Answers
B.
Spend to date on mitigating control implementation
B.
Spend to date on mitigating control implementation
Answers
C.
A report of deficiencies noted during controls testing
C.
A report of deficiencies noted during controls testing
Answers
D.
A status report of control deployment
D.
A status report of control deployment
Answers
Suggested answer: C

Question 673

Report
Export
Collapse

Which of the following provides the MOST useful information to determine risk exposure following control implementations?

A.
Strategic plan and risk management integration
A.
Strategic plan and risk management integration
Answers
B.
Risk escalation and process for communication
B.
Risk escalation and process for communication
Answers
C.
Risk limits, thresholds, and indicators
C.
Risk limits, thresholds, and indicators
Answers
D.
Policies, standards, and procedures
D.
Policies, standards, and procedures
Answers
Suggested answer: C

Question 674

Report
Export
Collapse

Which of the following is the GREATEST benefit to an organization when updates to the risk register are made promptly after the completion of a risk assessment?

A.
Improved senior management communication
A.
Improved senior management communication
Answers
B.
Optimized risk treatment decisions
B.
Optimized risk treatment decisions
Answers
C.
Enhanced awareness of risk management
C.
Enhanced awareness of risk management
Answers
D.
Improved collaboration among risk professionals
D.
Improved collaboration among risk professionals
Answers
Suggested answer: B

Question 675

Report
Export
Collapse

Which of the following is the BEST method for assessing control effectiveness against technical vulnerabilities that could be exploited to compromise an information system?

A.
Vulnerability scanning
A.
Vulnerability scanning
Answers
B.
Systems log correlation analysis
B.
Systems log correlation analysis
Answers
C.
Penetration testing
C.
Penetration testing
Answers
D.
Monitoring of intrusion detection system (IDS) alerts
D.
Monitoring of intrusion detection system (IDS) alerts
Answers
Suggested answer: C

Question 676

Report
Export
Collapse

Which of the following is an IT business owner's BEST course of action following an unexpected increase in emergency changes?

A.
Evaluating the impact to control objectives
A.
Evaluating the impact to control objectives
Answers
B.
Conducting a root cause analysis
B.
Conducting a root cause analysis
Answers
C.
Validating the adequacy of current processes
C.
Validating the adequacy of current processes
Answers
D.
Reconfiguring the IT infrastructure
D.
Reconfiguring the IT infrastructure
Answers
Suggested answer: B

Question 677

Report
Export
Collapse

Which of the following scenarios represents a threat?

A.
Connecting a laptop to a free, open, wireless access point (hotspot)
A.
Connecting a laptop to a free, open, wireless access point (hotspot)
Answers
B.
Visitors not signing in as per policy
B.
Visitors not signing in as per policy
Answers
C.
Storing corporate data in unencrypted form on a laptop
C.
Storing corporate data in unencrypted form on a laptop
Answers
D.
A virus transmitted on a USB thumb drive
D.
A virus transmitted on a USB thumb drive
Answers
Suggested answer: D

Question 678

Report
Export
Collapse

Which of the following is MOST helpful in aligning IT risk with business objectives?

A.
Introducing an approved IT governance framework
A.
Introducing an approved IT governance framework
Answers
B.
Integrating the results of top-down risk scenario analyses
B.
Integrating the results of top-down risk scenario analyses
Answers
C.
Performing a business impact analysis (BlA)
C.
Performing a business impact analysis (BlA)
Answers
D.
Implementing a risk classification system
D.
Implementing a risk classification system
Answers
Suggested answer: C

Question 679

Report
Export
Collapse

A peer review of a risk assessment finds that a relevant threat community was not included. Mitigation of the risk will require substantial changes to a software application. Which of the following is the BEST course of action?

A.
Ask the business to make a budget request to remediate the problem.
A.
Ask the business to make a budget request to remediate the problem.
Answers
B.
Build a business case to remediate the fix.
B.
Build a business case to remediate the fix.
Answers
C.
Research the types of attacks the threat can present.
C.
Research the types of attacks the threat can present.
Answers
D.
Determine the impact of the missing threat.
D.
Determine the impact of the missing threat.
Answers
Suggested answer: D

Question 680

Report
Export
Collapse

An organization has outsourced its billing function to an external service provider. Who should own the risk of customer data leakage caused by the service provider?

A.
The service provider
A.
The service provider
Answers
B.
Vendor risk manager
B.
Vendor risk manager
Answers
C.
Legal counsel
C.
Legal counsel
Answers
D.
Business process owner
D.
Business process owner
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms