ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 70

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

Question 691

Report
Export
Collapse

Which of the following approaches BEST identifies information systems control deficiencies?

A.
Countermeasures analysis
A.
Countermeasures analysis
Answers
B.
Best practice assessment
B.
Best practice assessment
Answers
C.
Gap analysis
C.
Gap analysis
Answers
D.
Risk assessment
D.
Risk assessment
Answers
Suggested answer: C

Question 692

Report
Export
Collapse

Which of the following is the BEST recommendation to senior management when the results of a risk and control assessment indicate a risk scenario can only be partially mitigated?

A.
Implement controls to bring the risk to a level within appetite and accept the residual risk.
A.
Implement controls to bring the risk to a level within appetite and accept the residual risk.
Answers
B.
Implement a key performance indicator (KPI) to monitor the existing control performance.
B.
Implement a key performance indicator (KPI) to monitor the existing control performance.
Answers
C.
Accept the residual risk in its entirety and obtain executive management approval.
C.
Accept the residual risk in its entirety and obtain executive management approval.
Answers
D.
Separate the risk into multiple components and avoid the risk components that cannot be mitigated.
D.
Separate the risk into multiple components and avoid the risk components that cannot be mitigated.
Answers
Suggested answer: C

Question 693

Report
Export
Collapse

A violation of segregation of duties is when the same:

A.
user requests and tests the change prior to production.
A.
user requests and tests the change prior to production.
Answers
B.
user authorizes and monitors the change post-implementation.
B.
user authorizes and monitors the change post-implementation.
Answers
C.
programmer requests and tests the change prior to production.
C.
programmer requests and tests the change prior to production.
Answers
D.
programmer writes and promotes code into production.
D.
programmer writes and promotes code into production.
Answers
Suggested answer: D

Question 694

Report
Export
Collapse

Which of the following is the BEST key control indicator (KCI) for risk related to IT infrastructure failure?

A.
Number of times the recovery plan is reviewed
A.
Number of times the recovery plan is reviewed
Answers
B.
Number of successful recovery plan tests
B.
Number of successful recovery plan tests
Answers
C.
Percentage of systems with outdated virus protection
C.
Percentage of systems with outdated virus protection
Answers
D.
Percentage of employees who can work remotely
D.
Percentage of employees who can work remotely
Answers
Suggested answer: B

Question 695

Report
Export
Collapse

Which of the following is the MOST important consideration when sharing risk management updates with executive management?

A.
Including trend analysis of risk metrics
A.
Including trend analysis of risk metrics
Answers
B.
Using an aggregated view of organizational risk
B.
Using an aggregated view of organizational risk
Answers
C.
Relying on key risk indicator (KRI) data
C.
Relying on key risk indicator (KRI) data
Answers
D.
Ensuring relevance to organizational goals
D.
Ensuring relevance to organizational goals
Answers
Suggested answer: D

Question 696

Report
Export
Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of an antivirus program?

A.
Percentage of IT assets with current malware definitions
A.
Percentage of IT assets with current malware definitions
Answers
B.
Number of false positives defected over a period of time
B.
Number of false positives defected over a period of time
Answers
C.
Number of alerts generated by the anti-virus software
C.
Number of alerts generated by the anti-virus software
Answers
D.
Frequency of anti-vinjs software updates
D.
Frequency of anti-vinjs software updates
Answers
Suggested answer: A

Question 697

Report
Export
Collapse

Which of the following is the BEST source for identifying key control indicators (KCIs)?

A.
Privileged user activity monitoring controls
A.
Privileged user activity monitoring controls
Answers
B.
Controls mapped to organizational risk scenarios
B.
Controls mapped to organizational risk scenarios
Answers
C.
Recent audit findings of control weaknesses
C.
Recent audit findings of control weaknesses
Answers
D.
A list of critical security processes
D.
A list of critical security processes
Answers
Suggested answer: B

Question 698

Report
Export
Collapse

An organization discovers significant vulnerabilities in a recently purchased commercial off-the-shelf software product which will not be corrected until the next release. Which of the following is the risk manager's BEST course of action?

A.
Review the risk of implementing versus postponing with stakeholders.
A.
Review the risk of implementing versus postponing with stakeholders.
Answers
B.
Run vulnerability testing tools to independently verify the vulnerabilities.
B.
Run vulnerability testing tools to independently verify the vulnerabilities.
Answers
C.
Review software license to determine the vendor's responsibility regarding vulnerabilities.
C.
Review software license to determine the vendor's responsibility regarding vulnerabilities.
Answers
D.
Require the vendor to correct significant vulnerabilities prior to installation.
D.
Require the vendor to correct significant vulnerabilities prior to installation.
Answers
Suggested answer: C

Question 699

Report
Export
Collapse

The BEST way to improve a risk register is to ensure the register:

A.
is updated based upon significant events.
A.
is updated based upon significant events.
Answers
B.
documents possible countermeasures.
B.
documents possible countermeasures.
Answers
C.
contains the risk assessment completion date.
C.
contains the risk assessment completion date.
Answers
D.
is regularly audited.
D.
is regularly audited.
Answers
Suggested answer: A

Question 700

Report
Export
Collapse

During implementation of an intrusion detection system (IDS) to monitor network traffic, a high number of alerts is reported. The risk practitioner should recommend to:

A.
reset the alert threshold based on peak traffic
A.
reset the alert threshold based on peak traffic
Answers
B.
analyze the traffic to minimize the false negatives
B.
analyze the traffic to minimize the false negatives
Answers
C.
analyze the alerts to minimize the false positives
C.
analyze the alerts to minimize the false positives
Answers
D.
sniff the traffic using a network analyzer
D.
sniff the traffic using a network analyzer
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms