ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following will BEST support management repotting on risk?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 71

Report
Export
Collapse

Which of the following will BEST mitigate the risk associated with IT and business misalignment?

A.
Establishing business key performance indicators (KPIs)
A.
Establishing business key performance indicators (KPIs)
Answers
B.
Introducing an established framework for IT architecture
B.
Introducing an established framework for IT architecture
Answers
C.
Establishing key risk indicators (KRIs)
C.
Establishing key risk indicators (KRIs)
Answers
D.
Involving the business process owner in IT strategy
D.
Involving the business process owner in IT strategy
Answers
Suggested answer: D

Question 72

Report
Export
Collapse

A trusted third party service provider has determined that the risk of a client's systems being hacked is low. Which of the following would be the client's BEST course of action?

A.
Perform their own risk assessment
A.
Perform their own risk assessment
Answers
B.
Implement additional controls to address the risk.
B.
Implement additional controls to address the risk.
Answers
C.
Accept the risk based on the third party's risk assessment
C.
Accept the risk based on the third party's risk assessment
Answers
D.
Perform an independent audit of the third party.
D.
Perform an independent audit of the third party.
Answers
Suggested answer: C

Question 73

Report
Export
Collapse

The MAIN purpose of conducting a control self-assessment (CSA) is to:

A.
gain a better understanding of the control effectiveness in the organization
A.
gain a better understanding of the control effectiveness in the organization
Answers
B.
gain a better understanding of the risk in the organization
B.
gain a better understanding of the risk in the organization
Answers
C.
adjust the controls prior to an external audit
C.
adjust the controls prior to an external audit
Answers
D.
reduce the dependency on external audits
D.
reduce the dependency on external audits
Answers
Suggested answer: A

Question 74

Report
Export
Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery plan (DRP)?

A.
Number of users that participated in the DRP testing
A.
Number of users that participated in the DRP testing
Answers
B.
Number of issues identified during DRP testing
B.
Number of issues identified during DRP testing
Answers
C.
Percentage of applications that met the RTO during DRP testing
C.
Percentage of applications that met the RTO during DRP testing
Answers
D.
Percentage of issues resolved as a result of DRP testing
D.
Percentage of issues resolved as a result of DRP testing
Answers
Suggested answer: B

Question 75

Report
Export
Collapse

The risk associated with an asset before controls are applied can be expressed as:

A.
a function of the likelihood and impact
A.
a function of the likelihood and impact
Answers
B.
the magnitude of an impact
B.
the magnitude of an impact
Answers
C.
a function of the cost and effectiveness of control.
C.
a function of the cost and effectiveness of control.
Answers
D.
the likelihood of a given threat
D.
the likelihood of a given threat
Answers
Suggested answer: C

Question 76

Report
Export
Collapse

In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?

A.
The control catalog
A.
The control catalog
Answers
B.
The asset profile
B.
The asset profile
Answers
C.
Business objectives
C.
Business objectives
Answers
D.
Key risk indicators (KRls)
D.
Key risk indicators (KRls)
Answers
Suggested answer: C

Question 77

Report
Export
Collapse

Which of the following is the MOST important key performance indicator (KPI) to establish in the service level agreement (SLA) for an outsourced data center?

A.
Percentage of systems included in recovery processes
A.
Percentage of systems included in recovery processes
Answers
B.
Number of key systems hosted
B.
Number of key systems hosted
Answers
C.
Average response time to resolve system incidents
C.
Average response time to resolve system incidents
Answers
D.
Percentage of system availability
D.
Percentage of system availability
Answers
Suggested answer: C

Question 78

Report
Export
Collapse

After a risk has been identified, who is in the BEST position to select the appropriate risk treatment option?

A.
The risk practitioner
A.
The risk practitioner
Answers
B.
The business process owner
B.
The business process owner
Answers
C.
The risk owner
C.
The risk owner
Answers
D.
The control owner
D.
The control owner
Answers
Suggested answer: C

Question 79

Report
Export
Collapse

A key risk indicator (KRI) is reported to senior management on a periodic basis as exceeding thresholds, but each time senior management has decided to take no action to reduce the risk. Which of the following is the MOST likely reason for senior management's response?

A.
The underlying data source for the KRI is using inaccurate data and needs to be corrected.
A.
The underlying data source for the KRI is using inaccurate data and needs to be corrected.
Answers
B.
The KRI is not providing useful information and should be removed from the KRI inventory.
B.
The KRI is not providing useful information and should be removed from the KRI inventory.
Answers
C.
The KRI threshold needs to be revised to better align with the organization s risk appetite
C.
The KRI threshold needs to be revised to better align with the organization s risk appetite
Answers
D.
Senior management does not understand the KRI and should undergo risk training.
D.
Senior management does not understand the KRI and should undergo risk training.
Answers
Suggested answer: C

Question 80

Report
Export
Collapse

A business unit is updating a risk register with assessment results for a key project. Which of the following is MOST important to capture in the register?

A.
The team that performed the risk assessment
A.
The team that performed the risk assessment
Answers
B.
An assigned risk manager to provide oversight
B.
An assigned risk manager to provide oversight
Answers
C.
Action plans to address risk scenarios requiring treatment
C.
Action plans to address risk scenarios requiring treatment
Answers
D.
The methodology used to perform the risk assessment
D.
The methodology used to perform the risk assessment
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms