ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 77

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 761

Report
Export
Collapse

A risk practitioner is developing a set of bottom-up IT risk scenarios. The MOST important time to involve business stakeholders is when:

A.
updating the risk register
A.
updating the risk register
Answers
B.
documenting the risk scenarios.
B.
documenting the risk scenarios.
Answers
C.
validating the risk scenarios
C.
validating the risk scenarios
Answers
D.
identifying risk mitigation controls.
D.
identifying risk mitigation controls.
Answers
Suggested answer: C

Question 762

Report
Export
Collapse

A department allows multiple users to perform maintenance on a system using a single set of credentials. A risk practitioner determined this practice to be high-risk. Which of the following is the MOST effective way to mitigate this risk?

A.
Single sign-on
A.
Single sign-on
Answers
B.
Audit trail review
B.
Audit trail review
Answers
C.
Multi-factor authentication
C.
Multi-factor authentication
Answers
D.
Data encryption at rest
D.
Data encryption at rest
Answers
Suggested answer: B

Question 763

Report
Export
Collapse

The PRIMARY benefit associated with key risk indicators (KRls) is that they:

A.
help an organization identify emerging threats.
A.
help an organization identify emerging threats.
Answers
B.
benchmark the organization's risk profile.
B.
benchmark the organization's risk profile.
Answers
C.
identify trends in the organization's vulnerabilities.
C.
identify trends in the organization's vulnerabilities.
Answers
D.
enable ongoing monitoring of emerging risk.
D.
enable ongoing monitoring of emerging risk.
Answers
Suggested answer: D

Question 764

Report
Export
Collapse

Which of the following BEST informs decision-makers about the value of a notice and consent control for the collection of personal information?

A.
A comparison of the costs of notice and consent control options
A.
A comparison of the costs of notice and consent control options
Answers
B.
Examples of regulatory fines incurred by industry peers for noncompliance
B.
Examples of regulatory fines incurred by industry peers for noncompliance
Answers
C.
A report of critical controls showing the importance of notice and consent
C.
A report of critical controls showing the importance of notice and consent
Answers
D.
A cost-benefit analysis of the control versus probable legal action
D.
A cost-benefit analysis of the control versus probable legal action
Answers
Suggested answer: D

Question 765

Report
Export
Collapse

Which of the following is MOST important for a risk practitioner to verify when evaluating the effectiveness of an organization's existing controls?

A.
Senior management has approved the control design.
A.
Senior management has approved the control design.
Answers
B.
Inherent risk has been reduced from original levels.
B.
Inherent risk has been reduced from original levels.
Answers
C.
Residual risk remains within acceptable levels.
C.
Residual risk remains within acceptable levels.
Answers
D.
Costs for control maintenance are reasonable.
D.
Costs for control maintenance are reasonable.
Answers
Suggested answer: C

Question 766

Report
Export
Collapse

Which of the following would be the BEST key performance indicator (KPI) for monitoring the effectiveness of the IT asset management process?

A.
Percentage of unpatched IT assets
A.
Percentage of unpatched IT assets
Answers
B.
Percentage of IT assets without ownership
B.
Percentage of IT assets without ownership
Answers
C.
The number of IT assets securely disposed during the past year
C.
The number of IT assets securely disposed during the past year
Answers
D.
The number of IT assets procured during the previous month
D.
The number of IT assets procured during the previous month
Answers
Suggested answer: B

Question 767

Report
Export
Collapse

An organization's IT infrastructure is running end-of-life software that is not allowed without exception approval. Which of the following would provide the MOST helpful information to justify investing in updated software?

A.
The balanced scorecard
A.
The balanced scorecard
Answers
B.
A cost-benefit analysis
B.
A cost-benefit analysis
Answers
C.
The risk management framework D, A roadmap of IT strategic planning
C.
The risk management framework D, A roadmap of IT strategic planning
Answers
Suggested answer: B

Question 768

Report
Export
Collapse

Which of the following BEST indicates that an organization has implemented IT performance requirements?

A.
Service level agreements (SLA)
A.
Service level agreements (SLA)
Answers
B.
Vendor references
B.
Vendor references
Answers
C.
Benchmarking data
C.
Benchmarking data
Answers
D.
Accountability matrix
D.
Accountability matrix
Answers
Suggested answer: A

Question 769

Report
Export
Collapse

The BEST reason to classify IT assets during a risk assessment is to determine the:

A.
priority in the risk register.
A.
priority in the risk register.
Answers
B.
business process owner.
B.
business process owner.
Answers
C.
enterprise risk profile.
C.
enterprise risk profile.
Answers
D.
appropriate level of protection.
D.
appropriate level of protection.
Answers
Suggested answer: D

Question 770

Report
Export
Collapse

Which of the following would be MOST useful to senior management when determining an appropriate risk response?

A.
A comparison of current risk levels with established tolerance
A.
A comparison of current risk levels with established tolerance
Answers
B.
A comparison of cost variance with defined response strategies
B.
A comparison of cost variance with defined response strategies
Answers
C.
A comparison of current risk levels with estimated inherent risk levels
C.
A comparison of current risk levels with estimated inherent risk levels
Answers
D.
A comparison of accepted risk scenarios associated with regulatory compliance
D.
A comparison of accepted risk scenarios associated with regulatory compliance
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms