ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 76

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 751

Report
Export
Collapse

An organization has recently been experiencing frequent data corruption incidents. Implementing a file corruption detection tool as a risk response strategy will help to:

A.
reduce the likelihood of future events
A.
reduce the likelihood of future events
Answers
B.
restore availability
B.
restore availability
Answers
C.
reduce the impact of future events
C.
reduce the impact of future events
Answers
D.
address the root cause
D.
address the root cause
Answers
Suggested answer: D

Question 752

Report
Export
Collapse

Accountability for a particular risk is BEST represented in a:

A.
risk register
A.
risk register
Answers
B.
risk catalog
B.
risk catalog
Answers
C.
risk scenario
C.
risk scenario
Answers
D.
RACI matrix
D.
RACI matrix
Answers
Suggested answer: D

Question 753

Report
Export
Collapse

Which of the following is MOST likely to cause a key risk indicator (KRI) to exceed thresholds?

A.
Occurrences of specific events
A.
Occurrences of specific events
Answers
B.
A performance measurement
B.
A performance measurement
Answers
C.
The risk tolerance level
C.
The risk tolerance level
Answers
D.
Risk scenarios
D.
Risk scenarios
Answers
Suggested answer: C

Question 754

Report
Export
Collapse

Which of the following is the MOST important responsibility of a risk owner?

A.
Testing control design
A.
Testing control design
Answers
B.
Accepting residual risk
B.
Accepting residual risk
Answers
C.
Establishing business information criteria
C.
Establishing business information criteria
Answers
D.
Establishing the risk register
D.
Establishing the risk register
Answers
Suggested answer: C

Question 755

Report
Export
Collapse

The PRIMARY objective for requiring an independent review of an organization's IT risk management process should be to:

A.
assess gaps in IT risk management operations and strategic focus.
A.
assess gaps in IT risk management operations and strategic focus.
Answers
B.
confirm that IT risk assessment results are expressed as business impact.
B.
confirm that IT risk assessment results are expressed as business impact.
Answers
C.
verify implemented controls to reduce the likelihood of threat materialization.
C.
verify implemented controls to reduce the likelihood of threat materialization.
Answers
D.
ensure IT risk management is focused on mitigating potential risk.
D.
ensure IT risk management is focused on mitigating potential risk.
Answers
Suggested answer: D

Question 756

Report
Export
Collapse

Which of the following is the PRIMARY benefit of using an entry in the risk register to track the aggregate risk associated with server failure?

A.
It provides a cost-benefit analysis on control options available for implementation.
A.
It provides a cost-benefit analysis on control options available for implementation.
Answers
B.
It provides a view on where controls should be applied to maximize the uptime of servers.
B.
It provides a view on where controls should be applied to maximize the uptime of servers.
Answers
C.
It provides historical information about the impact of individual servers malfunctioning.
C.
It provides historical information about the impact of individual servers malfunctioning.
Answers
D.
It provides a comprehensive view of the impact should the servers simultaneously fail.
D.
It provides a comprehensive view of the impact should the servers simultaneously fail.
Answers
Suggested answer: D

Question 757

Report
Export
Collapse

An information system for a key business operation is being moved from an in-house application to a Software as a Service (SaaS) vendor. Which of the following will have the GREATEST impact on the ability to monitor risk?

A.
Reduced ability to evaluate key risk indicators (KRIs)
A.
Reduced ability to evaluate key risk indicators (KRIs)
Answers
B.
Reduced access to internal audit reports
B.
Reduced access to internal audit reports
Answers
C.
Dependency on the vendor's key performance indicators (KPIs)
C.
Dependency on the vendor's key performance indicators (KPIs)
Answers
D.
Dependency on service level agreements (SLAs)
D.
Dependency on service level agreements (SLAs)
Answers
Suggested answer: A

Question 758

Report
Export
Collapse

Key risk indicators (KRIs) are MOST useful during which of the following risk management phases?

A.
Monitoring
A.
Monitoring
Answers
B.
Analysis
B.
Analysis
Answers
C.
Identification
C.
Identification
Answers
D.
Response selection
D.
Response selection
Answers
Suggested answer: A

Question 759

Report
Export
Collapse

Which of the following BEST enables an organization to determine whether external emerging risk factors will impact the organization's risk profile?

A.
Control identification and mitigation
A.
Control identification and mitigation
Answers
B.
Adoption of a compliance-based approach
B.
Adoption of a compliance-based approach
Answers
C.
Prevention and detection techniques
C.
Prevention and detection techniques
Answers
D.
Scenario analysis and stress testing
D.
Scenario analysis and stress testing
Answers
Suggested answer: D

Question 760

Report
Export
Collapse

In an organization dependent on data analytics to drive decision-making, which of the following would BEST help to minimize the risk associated with inaccurate data?

A.
Establishing an intellectual property agreement
A.
Establishing an intellectual property agreement
Answers
B.
Evaluating each of the data sources for vulnerabilities
B.
Evaluating each of the data sources for vulnerabilities
Answers
C.
Periodically reviewing big data strategies
C.
Periodically reviewing big data strategies
Answers
D.
Benchmarking to industry best practice
D.
Benchmarking to industry best practice
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms