ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 72

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 711

Report
Export
Collapse

Which of the following is the FIRST step in risk assessment?

A.
Review risk governance
A.
Review risk governance
Answers
B.
Asset identification
B.
Asset identification
Answers
C.
Identify risk factors
C.
Identify risk factors
Answers
D.
Inherent risk identification
D.
Inherent risk identification
Answers
Suggested answer: B

Question 712

Report
Export
Collapse

The PRIMARY objective of a risk identification process is to:

A.
evaluate how risk conditions are managed.
A.
evaluate how risk conditions are managed.
Answers
B.
determine threats and vulnerabilities.
B.
determine threats and vulnerabilities.
Answers
C.
estimate anticipated financial impact of risk conditions.
C.
estimate anticipated financial impact of risk conditions.
Answers
D.
establish risk response options.
D.
establish risk response options.
Answers
Suggested answer: B

Question 713

Report
Export
Collapse

A risk practitioner has received an updated enterprise risk management (ERM) report showing that residual risk is now within the organization's defined appetite and tolerance levels. Which of the following is the risk practitioner's BEST course of action?

A.
Identify new risk entries to include in ERM.
A.
Identify new risk entries to include in ERM.
Answers
B.
Remove the risk entries from the ERM register.
B.
Remove the risk entries from the ERM register.
Answers
C.
Re-perform the risk assessment to confirm results.
C.
Re-perform the risk assessment to confirm results.
Answers
D.
Verify the adequacy of risk monitoring plans.
D.
Verify the adequacy of risk monitoring plans.
Answers
Suggested answer: D

Question 714

Report
Export
Collapse

An organization's risk register contains a large volume of risk scenarios that senior management considers overwhelming. Which of the following would BEST help to improve the risk register?

A.
Analyzing the residual risk components
A.
Analyzing the residual risk components
Answers
B.
Performing risk prioritization
B.
Performing risk prioritization
Answers
C.
Validating the risk appetite level
C.
Validating the risk appetite level
Answers
D.
Conducting a risk assessment
D.
Conducting a risk assessment
Answers
Suggested answer: D

Question 715

Report
Export
Collapse

Which of the following is MOST important when developing key risk indicators (KRIs)?

A.
Alignment with regulatory requirements
A.
Alignment with regulatory requirements
Answers
B.
Availability of qualitative data
B.
Availability of qualitative data
Answers
C.
Properly set thresholds
C.
Properly set thresholds
Answers
D.
Alignment with industry benchmarks
D.
Alignment with industry benchmarks
Answers
Suggested answer: C

Question 716

Report
Export
Collapse

A risk practitioner has been asked by executives to explain how existing risk treatment plans would affect risk posture at the end of the year. Which of the following is MOST helpful in responding to this request?

A.
Assessing risk with no controls in place
A.
Assessing risk with no controls in place
Answers
B.
Showing projected residual risk
B.
Showing projected residual risk
Answers
C.
Providing peer benchmarking results
C.
Providing peer benchmarking results
Answers
D.
Assessing risk with current controls in place
D.
Assessing risk with current controls in place
Answers
Suggested answer: D

Question 717

Report
Export
Collapse

Which of the following presents the GREATEST risk to change control in business application development over the complete life cycle?

A.
Emphasis on multiple application testing cycles
A.
Emphasis on multiple application testing cycles
Answers
B.
Lack of an integrated development environment (IDE) tool
B.
Lack of an integrated development environment (IDE) tool
Answers
C.
Introduction of requirements that have not been approved
C.
Introduction of requirements that have not been approved
Answers
D.
Bypassing quality requirements before go-live
D.
Bypassing quality requirements before go-live
Answers
Suggested answer: C

Question 718

Report
Export
Collapse

An IT risk practitioner has determined that mitigation activities differ from an approved risk action plan. Which of the following is the risk practitioner's BEST course of action?

A.
Report the observation to the chief risk officer (CRO).
A.
Report the observation to the chief risk officer (CRO).
Answers
B.
Validate the adequacy of the implemented risk mitigation measures.
B.
Validate the adequacy of the implemented risk mitigation measures.
Answers
C.
Update the risk register with the implemented risk mitigation actions.
C.
Update the risk register with the implemented risk mitigation actions.
Answers
D.
Revert the implemented mitigation measures until approval is obtained
D.
Revert the implemented mitigation measures until approval is obtained
Answers
Suggested answer: B

Question 719

Report
Export
Collapse

Which of the following is MOST important to communicate to senior management during the initial implementation of a risk management program?

A.
Regulatory compliance
A.
Regulatory compliance
Answers
B.
Risk ownership
B.
Risk ownership
Answers
C.
Best practices
C.
Best practices
Answers
D.
Desired risk level
D.
Desired risk level
Answers
Suggested answer: D

Question 720

Report
Export
Collapse

Determining if organizational risk is tolerable requires:

A.
mapping residual risk with cost of controls
A.
mapping residual risk with cost of controls
Answers
B.
comparing against regulatory requirements
B.
comparing against regulatory requirements
Answers
C.
comparing industry risk appetite with the organization's.
C.
comparing industry risk appetite with the organization's.
Answers
D.
understanding the organization's risk appetite.
D.
understanding the organization's risk appetite.
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms