ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 79

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?

Question 781

Report
Export
Collapse

Which of the following is the BEST evidence that risk management is driving business decisions in an organization?

A.
Compliance breaches are addressed in a timely manner.
A.
Compliance breaches are addressed in a timely manner.
Answers
B.
Risk ownership is identified and assigned.
B.
Risk ownership is identified and assigned.
Answers
C.
Risk treatment options receive adequate funding.
C.
Risk treatment options receive adequate funding.
Answers
D.
Residual risk is within risk tolerance.
D.
Residual risk is within risk tolerance.
Answers
Suggested answer: B

Question 782

Report
Export
Collapse

Analyzing trends in key control indicators (KCIs) BEST enables a risk practitioner to proactively identify impacts on an organization's:

A.
risk classification methods
A.
risk classification methods
Answers
B.
risk-based capital allocation
B.
risk-based capital allocation
Answers
C.
risk portfolio
C.
risk portfolio
Answers
D.
risk culture
D.
risk culture
Answers
Suggested answer: C

Question 783

Report
Export
Collapse

An IT control gap has been identified in a key process. Who would be the MOST appropriate owner of the risk associated with this gap?

A.
Key control owner
A.
Key control owner
Answers
B.
Operational risk manager
B.
Operational risk manager
Answers
C.
Business process owner
C.
Business process owner
Answers
D.
Chief information security officer (CISO)
D.
Chief information security officer (CISO)
Answers
Suggested answer: A

Question 784

Report
Export
Collapse

A risk practitioner has been asked to advise management on developing a log collection and correlation strategy. Which of the following should be the MOST important consideration when developing this strategy?

A.
Ensuring time synchronization of log sources.
A.
Ensuring time synchronization of log sources.
Answers
B.
Ensuring the inclusion of external threat intelligence log sources.
B.
Ensuring the inclusion of external threat intelligence log sources.
Answers
C.
Ensuring the inclusion of all computing resources as log sources.
C.
Ensuring the inclusion of all computing resources as log sources.
Answers
D.
Ensuring read-write access to all log sources
D.
Ensuring read-write access to all log sources
Answers
Suggested answer: A

Question 785

Report
Export
Collapse

Which of the following is MOST important to compare against the corporate risk profile?

A.
Industry benchmarks
A.
Industry benchmarks
Answers
B.
Risk tolerance
B.
Risk tolerance
Answers
C.
Risk appetite
C.
Risk appetite
Answers
D.
Regulatory compliance
D.
Regulatory compliance
Answers
Suggested answer: D

Question 786

Report
Export
Collapse

Which of the following is the BEST way for an organization to enable risk treatment decisions?

A.
Allocate sufficient funds for risk remediation.
A.
Allocate sufficient funds for risk remediation.
Answers
B.
Promote risk and security awareness.
B.
Promote risk and security awareness.
Answers
C.
Establish clear accountability for risk.
C.
Establish clear accountability for risk.
Answers
D.
Develop comprehensive policies and standards.
D.
Develop comprehensive policies and standards.
Answers
Suggested answer: C

Question 787

Report
Export
Collapse

The PRIMARY reason for tracking the status of risk mitigation plans is to ensure:

A.
the proposed controls are implemented as scheduled.
A.
the proposed controls are implemented as scheduled.
Answers
B.
security controls are tested prior to implementation.
B.
security controls are tested prior to implementation.
Answers
C.
compliance with corporate policies.
C.
compliance with corporate policies.
Answers
D.
the risk response strategy has been decided.
D.
the risk response strategy has been decided.
Answers
Suggested answer: A

Question 788

Report
Export
Collapse

Which of the following is the GREATEST benefit for an organization with a strong risk awareness culture?

A.
Reducing the involvement by senior management
A.
Reducing the involvement by senior management
Answers
B.
Using more risk specialists
B.
Using more risk specialists
Answers
C.
Reducing the need for risk policies and guidelines
C.
Reducing the need for risk policies and guidelines
Answers
D.
Discussing and managing risk as a team
D.
Discussing and managing risk as a team
Answers
Suggested answer: D

Question 789

Report
Export
Collapse

A PRIMARY advantage of involving business management in evaluating and managing risk is that management:

A.
better understands the system architecture.
A.
better understands the system architecture.
Answers
B.
is more objective than risk management.
B.
is more objective than risk management.
Answers
C.
can balance technical and business risk.
C.
can balance technical and business risk.
Answers
D.
can make better-informed business decisions.
D.
can make better-informed business decisions.
Answers
Suggested answer: D

Question 790

Report
Export
Collapse

The MAIN purpose of reviewing a control after implementation is to validate that the control:

A.
operates as intended.
A.
operates as intended.
Answers
B.
is being monitored.
B.
is being monitored.
Answers
C.
meets regulatory requirements.
C.
meets regulatory requirements.
Answers
D.
operates efficiently.
D.
operates efficiently.
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms