ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 71

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 701

Report
Export
Collapse

A chief information officer (CIO) has identified risk associated with shadow systems being maintained by business units to address specific functionality gaps in the organization's enterprise resource planning (ERP) system. What is the BEST way to reduce this risk going forward?

A.
Align applications to business processes.
A.
Align applications to business processes.
Answers
B.
Implement an enterprise architecture (EA).
B.
Implement an enterprise architecture (EA).
Answers
C.
Define the software development life cycle (SDLC).
C.
Define the software development life cycle (SDLC).
Answers
D.
Define enterprise-wide system procurement requirements.
D.
Define enterprise-wide system procurement requirements.
Answers
Suggested answer: B

Question 702

Report
Export
Collapse

Which of the following provides the MOST useful information when developing a risk profile for management approval?

A.
Residual risk and risk appetite
A.
Residual risk and risk appetite
Answers
B.
Strength of detective and preventative controls
B.
Strength of detective and preventative controls
Answers
C.
Effectiveness and efficiency of controls
C.
Effectiveness and efficiency of controls
Answers
D.
Inherent risk and risk tolerance
D.
Inherent risk and risk tolerance
Answers
Suggested answer: A

Question 703

Report
Export
Collapse

Which of the following approaches would BEST help to identify relevant risk scenarios?

A.
Engage line management in risk assessment workshops.
A.
Engage line management in risk assessment workshops.
Answers
B.
Escalate the situation to risk leadership.
B.
Escalate the situation to risk leadership.
Answers
C.
Engage internal audit for risk assessment workshops.
C.
Engage internal audit for risk assessment workshops.
Answers
D.
Review system and process documentation.
D.
Review system and process documentation.
Answers
Suggested answer: A

Question 704

Report
Export
Collapse

Which of the following BEST indicates the effectiveness of anti-malware software?

A.
Number of staff hours lost due to malware attacks
A.
Number of staff hours lost due to malware attacks
Answers
B.
Number of downtime hours in business critical servers
B.
Number of downtime hours in business critical servers
Answers
C.
Number of patches made to anti-malware software
C.
Number of patches made to anti-malware software
Answers
D.
Number of successful attacks by malicious software
D.
Number of successful attacks by malicious software
Answers
Suggested answer: D

Question 705

Report
Export
Collapse

To minimize the risk of a potential acquisition being exposed externally, an organization has selected a few key employees to be engaged in the due diligence process. A member of the due diligence team realizes a close acquaintance is a high-ranking IT professional at a subsidiary of the company about to be acquired. What is the BEST course of action for this team member?

A.
Enforce segregation of duties.
A.
Enforce segregation of duties.
Answers
B.
Disclose potential conflicts of interest.
B.
Disclose potential conflicts of interest.
Answers
C.
Delegate responsibilities involving the acquaintance.
C.
Delegate responsibilities involving the acquaintance.
Answers
D.
Notify the subsidiary's legal team.
D.
Notify the subsidiary's legal team.
Answers
Suggested answer: B

Question 706

Report
Export
Collapse

Vulnerabilities have been detected on an organization's systems. Applications installed on these systems will not operate if the underlying servers are updated. Which of the following is the risk practitioner's BEST course of action?

A.
Recommend the business change the application.
A.
Recommend the business change the application.
Answers
B.
Recommend a risk treatment plan.
B.
Recommend a risk treatment plan.
Answers
C.
Include the risk in the next quarterly update to management.
C.
Include the risk in the next quarterly update to management.
Answers
D.
Implement compensating controls.
D.
Implement compensating controls.
Answers
Suggested answer: D

Question 707

Report
Export
Collapse

Which of the following should be management's PRIMARY consideration when approving risk response action plans?

A.
Ability of the action plans to address multiple risk scenarios
A.
Ability of the action plans to address multiple risk scenarios
Answers
B.
Ease of implementing the risk treatment solution
B.
Ease of implementing the risk treatment solution
Answers
C.
Changes in residual risk after implementing the plans
C.
Changes in residual risk after implementing the plans
Answers
D.
Prioritization for implementing the action plans
D.
Prioritization for implementing the action plans
Answers
Suggested answer: C

Question 708

Report
Export
Collapse

Which of the following is the MOST common concern associated with outsourcing to a service provider?

A.
Lack of technical expertise
A.
Lack of technical expertise
Answers
B.
Combining incompatible duties
B.
Combining incompatible duties
Answers
C.
Unauthorized data usage
C.
Unauthorized data usage
Answers
D.
Denial of service attacks
D.
Denial of service attacks
Answers
Suggested answer: C

Question 709

Report
Export
Collapse

Which of the following roles would be MOST helpful in providing a high-level view of risk related to customer data loss?

A.
Customer database manager
A.
Customer database manager
Answers
B.
Customer data custodian
B.
Customer data custodian
Answers
C.
Data privacy officer
C.
Data privacy officer
Answers
D.
Audit committee
D.
Audit committee
Answers
Suggested answer: B

Question 710

Report
Export
Collapse

When an organization is having new software implemented under contract, which of the following is key to controlling escalating costs?

A.
Risk management
A.
Risk management
Answers
B.
Change management
B.
Change management
Answers
C.
Problem management
C.
Problem management
Answers
D.
Quality management
D.
Quality management
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms