ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 75

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 741

Report
Export
Collapse

While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:

A.
control is ineffective and should be strengthened
A.
control is ineffective and should be strengthened
Answers
B.
risk is inefficiently controlled.
B.
risk is inefficiently controlled.
Answers
C.
risk is efficiently controlled.
C.
risk is efficiently controlled.
Answers
D.
control is weak and should be removed.
D.
control is weak and should be removed.
Answers
Suggested answer: B

Question 742

Report
Export
Collapse

The PRIMARY reason to have risk owners assigned to entries in the risk register is to ensure:

A.
risk is treated appropriately
A.
risk is treated appropriately
Answers
B.
mitigating actions are prioritized
B.
mitigating actions are prioritized
Answers
C.
risk entries are regularly updated
C.
risk entries are regularly updated
Answers
D.
risk exposure is minimized.
D.
risk exposure is minimized.
Answers
Suggested answer: A

Question 743

Report
Export
Collapse

In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

A.
two-factor authentication.
A.
two-factor authentication.
Answers
B.
continuous data backup controls.
B.
continuous data backup controls.
Answers
C.
encryption for data at rest.
C.
encryption for data at rest.
Answers
D.
encryption for data in motion.
D.
encryption for data in motion.
Answers
Suggested answer: B

Question 744

Report
Export
Collapse

Which of the following should a risk practitioner recommend FIRST when an increasing trend of risk events and subsequent losses has been identified?

A.
Conduct root cause analyses for risk events.
A.
Conduct root cause analyses for risk events.
Answers
B.
Educate personnel on risk mitigation strategies.
B.
Educate personnel on risk mitigation strategies.
Answers
C.
Integrate the risk event and incident management processes.
C.
Integrate the risk event and incident management processes.
Answers
D.
Implement controls to prevent future risk events.
D.
Implement controls to prevent future risk events.
Answers
Suggested answer: C

Question 745

Report
Export
Collapse

When reviewing a report on the performance of control processes, it is MOST important to verify whether the:

A.
business process objectives have been met.
A.
business process objectives have been met.
Answers
B.
control adheres to regulatory standards.
B.
control adheres to regulatory standards.
Answers
C.
residual risk objectives have been achieved.
C.
residual risk objectives have been achieved.
Answers
D.
control process is designed effectively.
D.
control process is designed effectively.
Answers
Suggested answer: D

Question 746

Report
Export
Collapse

Which of the following BEST enforces access control for an organization that uses multiple cloud technologies?

A.
Senior management support of cloud adoption strategies
A.
Senior management support of cloud adoption strategies
Answers
B.
Creation of a cloud access risk management policy
B.
Creation of a cloud access risk management policy
Answers
C.
Adoption of a cloud access security broker (CASB) solution
C.
Adoption of a cloud access security broker (CASB) solution
Answers
D.
Expansion of security information and event management (SIEM) to cloud services
D.
Expansion of security information and event management (SIEM) to cloud services
Answers
Suggested answer: C

Question 747

Report
Export
Collapse

Which of the following scenarios presents the GREATEST risk for a global organization when implementing a data classification policy?

A.
Data encryption has not been applied to all sensitive data across the organization.
A.
Data encryption has not been applied to all sensitive data across the organization.
Answers
B.
There are many data assets across the organization that need to be classified.
B.
There are many data assets across the organization that need to be classified.
Answers
C.
Changes to information handling procedures are not documented.
C.
Changes to information handling procedures are not documented.
Answers
D.
Changes to data sensitivity during the data life cycle have not been considered.
D.
Changes to data sensitivity during the data life cycle have not been considered.
Answers
Suggested answer: D

Question 748

Report
Export
Collapse

Which of the following should be considered when selecting a risk response?

A.
Risk scenarios analysis
A.
Risk scenarios analysis
Answers
B.
Risk response costs
B.
Risk response costs
Answers
C.
Risk factor awareness
C.
Risk factor awareness
Answers
D.
Risk factor identification
D.
Risk factor identification
Answers
Suggested answer: B

Question 749

Report
Export
Collapse

Which of the following is the MOST important consideration when selecting key risk indicators (KRIs) to monitor risk trends over time?

A.
Ongoing availability of data
A.
Ongoing availability of data
Answers
B.
Ability to aggregate data
B.
Ability to aggregate data
Answers
C.
Ability to predict trends
C.
Ability to predict trends
Answers
D.
Availability of automated reporting systems
D.
Availability of automated reporting systems
Answers
Suggested answer: D

Question 750

Report
Export
Collapse

Which of the following should be the GREATEST concern for an organization that uses open source software applications?

A.
Lack of organizational policy regarding open source software
A.
Lack of organizational policy regarding open source software
Answers
B.
Lack of reliability associated with the use of open source software
B.
Lack of reliability associated with the use of open source software
Answers
C.
Lack of monitoring over installation of open source software in the organization
C.
Lack of monitoring over installation of open source software in the organization
Answers
D.
Lack of professional support for open source software
D.
Lack of professional support for open source software
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms