ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 74

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 731

Report
Export
Collapse

Which of the following BEST mitigates the risk of sensitive personal data leakage from a software development environment?

A.
Tokenized personal data only in test environments
A.
Tokenized personal data only in test environments
Answers
B.
Data loss prevention tools (DLP) installed in passive mode
B.
Data loss prevention tools (DLP) installed in passive mode
Answers
C.
Anonymized personal data in non-production environments
C.
Anonymized personal data in non-production environments
Answers
D.
Multi-factor authentication for access to non-production environments
D.
Multi-factor authentication for access to non-production environments
Answers
Suggested answer: C

Question 732

Report
Export
Collapse

Which of the following should be an element of the risk appetite of an organization?

A.
The effectiveness of compensating controls
A.
The effectiveness of compensating controls
Answers
B.
The enterprise's capacity to absorb loss
B.
The enterprise's capacity to absorb loss
Answers
C.
The residual risk affected by preventive controls
C.
The residual risk affected by preventive controls
Answers
D.
The amount of inherent risk considered appropriate
D.
The amount of inherent risk considered appropriate
Answers
Suggested answer: B

Question 733

Report
Export
Collapse

In an organization where each division manages risk independently, which of the following would BEST enable management of risk at the enterprise level?

A.
A standardized risk taxonomy
A.
A standardized risk taxonomy
Answers
B.
A list of control deficiencies
B.
A list of control deficiencies
Answers
C.
An enterprise risk ownership policy
C.
An enterprise risk ownership policy
Answers
D.
An updated risk tolerance metric
D.
An updated risk tolerance metric
Answers
Suggested answer: A

Question 734

Report
Export
Collapse

Which of the following would require updates to an organization's IT risk register?

A.
Discovery of an ineffectively designed key IT control
A.
Discovery of an ineffectively designed key IT control
Answers
B.
Management review of key risk indicators (KRls)
B.
Management review of key risk indicators (KRls)
Answers
C.
Changes to the team responsible for maintaining the register
C.
Changes to the team responsible for maintaining the register
Answers
D.
Completion of the latest internal audit
D.
Completion of the latest internal audit
Answers
Suggested answer: A

Question 735

Report
Export
Collapse

Which of the following controls BEST helps to ensure that transaction data reaches its destination?

A.
Securing the network from attacks
A.
Securing the network from attacks
Answers
B.
Providing acknowledgments from receiver to sender
B.
Providing acknowledgments from receiver to sender
Answers
C.
Digitally signing individual messages
C.
Digitally signing individual messages
Answers
D.
Encrypting data-in-transit
D.
Encrypting data-in-transit
Answers
Suggested answer: B

Question 736

Report
Export
Collapse

Which of the following is the BEST control to detect an advanced persistent threat (APT)?

A.
Utilizing antivirus systems and firewalls
A.
Utilizing antivirus systems and firewalls
Answers
B.
Conducting regular penetration tests
B.
Conducting regular penetration tests
Answers
C.
Monitoring social media activities
C.
Monitoring social media activities
Answers
D.
Implementing automated log monitoring
D.
Implementing automated log monitoring
Answers
Suggested answer: D

Question 737

Report
Export
Collapse

Which of the following BEST supports ethical IT risk management practices?

A.
Robust organizational communication channels
A.
Robust organizational communication channels
Answers
B.
Mapping of key risk indicators (KRIs) to corporate strategy
B.
Mapping of key risk indicators (KRIs) to corporate strategy
Answers
C.
Capability maturity models integrated with risk management frameworks
C.
Capability maturity models integrated with risk management frameworks
Answers
D.
Rigorously enforced operational service level agreements (SLAs)
D.
Rigorously enforced operational service level agreements (SLAs)
Answers
Suggested answer: A

Question 738

Report
Export
Collapse

Which of the following is the MOST effective way to integrate risk and compliance management?

A.
Embedding risk management into compliance decision-making
A.
Embedding risk management into compliance decision-making
Answers
B.
Designing corrective actions to improve risk response capabilities
B.
Designing corrective actions to improve risk response capabilities
Answers
C.
Embedding risk management into processes that are aligned with business drivers
C.
Embedding risk management into processes that are aligned with business drivers
Answers
D.
Conducting regular self-assessments to verify compliance
D.
Conducting regular self-assessments to verify compliance
Answers
Suggested answer: A

Question 739

Report
Export
Collapse

A business unit is implementing a data analytics platform to enhance its customer relationship management (CRM) system primarily to process data that has been provided by its customers. Which of the following presents the GREATEST risk to the organization's reputation?

A.
Third-party software is used for data analytics.
A.
Third-party software is used for data analytics.
Answers
B.
Data usage exceeds individual consent.
B.
Data usage exceeds individual consent.
Answers
C.
Revenue generated is not disclosed to customers.
C.
Revenue generated is not disclosed to customers.
Answers
D.
Use of a data analytics system is not disclosed to customers.
D.
Use of a data analytics system is not disclosed to customers.
Answers
Suggested answer: B

Question 740

Report
Export
Collapse

Which of the following should be the MOST important consideration when performing a vendor risk assessment?

A.
Results of the last risk assessment of the vendor
A.
Results of the last risk assessment of the vendor
Answers
B.
Inherent risk of the business process supported by the vendor
B.
Inherent risk of the business process supported by the vendor
Answers
C.
Risk tolerance of the vendor
C.
Risk tolerance of the vendor
Answers
D.
Length of time since the last risk assessment of the vendor
D.
Length of time since the last risk assessment of the vendor
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms