ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 61

Report
Export
Collapse

From a business perspective, which of the following is the MOST important objective of a disaster recovery test?

A.
The organization gains assurance it can recover from a disaster
A.
The organization gains assurance it can recover from a disaster
Answers
B.
Errors are discovered in the disaster recovery process.
B.
Errors are discovered in the disaster recovery process.
Answers
C.
All business critical systems are successfully tested.
C.
All business critical systems are successfully tested.
Answers
D.
All critical data is recovered within recovery time objectives (RTOs).
D.
All critical data is recovered within recovery time objectives (RTOs).
Answers
Suggested answer: B

Question 62

Report
Export
Collapse

Which of the following is MOST important to understand when determining an appropriate risk assessment approach?

A.
Complexity of the IT infrastructure
A.
Complexity of the IT infrastructure
Answers
B.
Value of information assets
B.
Value of information assets
Answers
C.
Management culture
C.
Management culture
Answers
D.
Threats and vulnerabilities
D.
Threats and vulnerabilities
Answers
Suggested answer: B

Question 63

Report
Export
Collapse

A risk practitioner is organizing a training session lo communicate risk assessment methodologies to ensure a consistent risk view within the organization Which of the following i< the MOST important topic to cover in this training?

A.
Applying risk appetite
A.
Applying risk appetite
Answers
B.
Applying risk factors
B.
Applying risk factors
Answers
C.
Referencing risk event data
C.
Referencing risk event data
Answers
D.
Understanding risk culture
D.
Understanding risk culture
Answers
Suggested answer: D

Question 64

Report
Export
Collapse

During the risk assessment of an organization that processes credit cards, a number of existing controls have been found to be ineffective and do not meet industry standards. The overall control environment may still be effective if:

A.
compensating controls are in place.
A.
compensating controls are in place.
Answers
B.
a control mitigation plan is in place.
B.
a control mitigation plan is in place.
Answers
C.
risk management is effective.
C.
risk management is effective.
Answers
D.
residual risk is accepted.
D.
residual risk is accepted.
Answers
Suggested answer: A

Question 65

Report
Export
Collapse

An organization has procured a managed hosting service and just discovered the location is likely to be flooded every 20 years. Of the following, who should be notified of this new information FIRST.

A.
The risk owner who also owns the business service enabled by this infrastructure
A.
The risk owner who also owns the business service enabled by this infrastructure
Answers
B.
The data center manager who is also employed under the managed hosting services contract
B.
The data center manager who is also employed under the managed hosting services contract
Answers
C.
The site manager who is required to provide annual risk assessments under the contract
C.
The site manager who is required to provide annual risk assessments under the contract
Answers
D.
The chief information officer (CIO) who is responsible for the hosted services
D.
The chief information officer (CIO) who is responsible for the hosted services
Answers
Suggested answer: A

Question 66

Report
Export
Collapse

Which of the following is the BEST metric to demonstrate the effectiveness of an organization's change management process?

A.
Increase in the frequency of changes
A.
Increase in the frequency of changes
Answers
B.
Percent of unauthorized changes
B.
Percent of unauthorized changes
Answers
C.
Increase in the number of emergency changes
C.
Increase in the number of emergency changes
Answers
D.
Average time to complete changes
D.
Average time to complete changes
Answers
Suggested answer: B

Question 67

Report
Export
Collapse

Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?

A.
Encrypted storage of data
A.
Encrypted storage of data
Answers
B.
Links to source data
B.
Links to source data
Answers
C.
Audit trails for updates and deletions
C.
Audit trails for updates and deletions
Answers
D.
Check totals on data records and data fields
D.
Check totals on data records and data fields
Answers
Suggested answer: D

Question 68

Report
Export
Collapse

A risk practitioner is organizing risk awareness training for senior management. Which of the following is the MOST important topic to cover in the training session?

A.
The organization's strategic risk management projects
A.
The organization's strategic risk management projects
Answers
B.
Senior management roles and responsibilities
B.
Senior management roles and responsibilities
Answers
C.
The organizations risk appetite and tolerance
C.
The organizations risk appetite and tolerance
Answers
D.
Senior management allocation of risk management resources
D.
Senior management allocation of risk management resources
Answers
Suggested answer: B

Question 69

Report
Export
Collapse

An organization wants to assess the maturity of its internal control environment. The FIRST step should be to:

A.
validate control process execution.
A.
validate control process execution.
Answers
B.
determine if controls are effective.
B.
determine if controls are effective.
Answers
C.
identify key process owners.
C.
identify key process owners.
Answers
D.
conduct a baseline assessment.
D.
conduct a baseline assessment.
Answers
Suggested answer: C

Question 70

Report
Export
Collapse

An organization has allowed its cyber risk insurance to lapse while seeking a new insurance provider. The risk practitioner should report to management that the risk has been:

A.
transferred
A.
transferred
Answers
B.
mitigated.
B.
mitigated.
Answers
C.
accepted
C.
accepted
Answers
D.
avoided
D.
avoided
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms