ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 73

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 721

Report
Export
Collapse

Which of the following would BEST help an enterprise define and communicate its risk appetite?

A.
Gap analysis
A.
Gap analysis
Answers
B.
Risk assessment
B.
Risk assessment
Answers
C.
Heat map
C.
Heat map
Answers
D.
Risk register
D.
Risk register
Answers
Suggested answer: C

Question 722

Report
Export
Collapse

An IT department has provided a shared drive for personnel to store information to which all employees have access. Which of the following parties is accountable for the risk of potential loss of confidential information?

A.
Risk manager
A.
Risk manager
Answers
B.
Data owner
B.
Data owner
Answers
C.
End user
C.
End user
Answers
D.
IT department
D.
IT department
Answers
Suggested answer: D

Question 723

Report
Export
Collapse

From a risk management perspective, the PRIMARY objective of using maturity models is to enable:

A.
solution delivery.
A.
solution delivery.
Answers
B.
resource utilization.
B.
resource utilization.
Answers
C.
strategic alignment.
C.
strategic alignment.
Answers
D.
performance evaluation.
D.
performance evaluation.
Answers
Suggested answer: C

Question 724

Report
Export
Collapse

During an internal IT audit, an active network account belonging to a former employee was identified. Which of the following is the BEST way to prevent future occurrences?

A.
Conduct a comprehensive review of access management processes.
A.
Conduct a comprehensive review of access management processes.
Answers
B.
Declare a security incident and engage the incident response team.
B.
Declare a security incident and engage the incident response team.
Answers
C.
Conduct a comprehensive awareness session for system administrators.
C.
Conduct a comprehensive awareness session for system administrators.
Answers
D.
Evaluate system administrators' technical skills to identify if training is required.
D.
Evaluate system administrators' technical skills to identify if training is required.
Answers
Suggested answer: A

Question 725

Report
Export
Collapse

An organization has initiated a project to launch an IT-based service to customers and take advantage of being the first to market. Which of the following should be of GREATEST concern to senior management?

A.
More time has been allotted for testing.
A.
More time has been allotted for testing.
Answers
B.
The project is likely to deliver the product late.
B.
The project is likely to deliver the product late.
Answers
C.
A new project manager is handling the project.
C.
A new project manager is handling the project.
Answers
D.
The cost of the project will exceed the allotted budget.
D.
The cost of the project will exceed the allotted budget.
Answers
Suggested answer: B

Question 726

Report
Export
Collapse

Which of The following should be of GREATEST concern for an organization considering the adoption of a bring your own device (BYOD) initiative?

A.
Device corruption
A.
Device corruption
Answers
B.
Data loss
B.
Data loss
Answers
C.
Malicious users
C.
Malicious users
Answers
D.
User support
D.
User support
Answers
Suggested answer: B

Question 727

Report
Export
Collapse

While conducting an organization-wide risk assessment, it is noted that many of the information security policies have not changed in the past three years. The BEST course of action is to:

A.
review and update the policies to align with industry standards.
A.
review and update the policies to align with industry standards.
Answers
B.
determine that the policies should be updated annually.
B.
determine that the policies should be updated annually.
Answers
C.
report that the policies are adequate and do not need to be updated frequently.
C.
report that the policies are adequate and do not need to be updated frequently.
Answers
D.
review the policies against current needs to determine adequacy.
D.
review the policies against current needs to determine adequacy.
Answers
Suggested answer: D

Question 728

Report
Export
Collapse

A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner's BEST course of action when a compensating control needs to be applied?

A.
Obtain the risk owner's approval.
A.
Obtain the risk owner's approval.
Answers
B.
Record the risk as accepted in the risk register.
B.
Record the risk as accepted in the risk register.
Answers
C.
Inform senior management.
C.
Inform senior management.
Answers
D.
update the risk response plan.
D.
update the risk response plan.
Answers
Suggested answer: A

Question 729

Report
Export
Collapse

Which of the following would MOST likely cause a risk practitioner to change the likelihood rating in the risk register?

A.
Risk appetite
A.
Risk appetite
Answers
B.
Control cost
B.
Control cost
Answers
C.
Control effectiveness
C.
Control effectiveness
Answers
D.
Risk tolerance
D.
Risk tolerance
Answers
Suggested answer: C

Question 730

Report
Export
Collapse

An organization operates in an environment where reduced time-to-market for new software products is a top business priority. Which of the following should be the risk practitioner's GREATEST concern?

A.
Sufficient resources are not assigned to IT development projects.
A.
Sufficient resources are not assigned to IT development projects.
Answers
B.
Customer support help desk staff does not have adequate training.
B.
Customer support help desk staff does not have adequate training.
Answers
C.
Email infrastructure does not have proper rollback plans.
C.
Email infrastructure does not have proper rollback plans.
Answers
D.
The corporate email system does not identify and store phishing emails.
D.
The corporate email system does not identify and store phishing emails.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms