ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 8

Add to Whishlist

List of questions

Question 71

Report Export Collapse

Which of the following will BEST mitigate the risk associated with IT and business misalignment?

Establishing business key performance indicators (KPIs)
Establishing business key performance indicators (KPIs)
Introducing an established framework for IT architecture
Introducing an established framework for IT architecture
Establishing key risk indicators (KRIs)
Establishing key risk indicators (KRIs)
Involving the business process owner in IT strategy
Involving the business process owner in IT strategy
Suggested answer: D
asked 18/09/2024
Yannik Huith blu Systems GmbH
37 questions

Question 72

Report Export Collapse

A trusted third party service provider has determined that the risk of a client's systems being hacked is low. Which of the following would be the client's BEST course of action?

Perform their own risk assessment
Perform their own risk assessment
Implement additional controls to address the risk.
Implement additional controls to address the risk.
Accept the risk based on the third party's risk assessment
Accept the risk based on the third party's risk assessment
Perform an independent audit of the third party.
Perform an independent audit of the third party.
Suggested answer: C
asked 18/09/2024
Aparecido Lemos
40 questions

Question 73

Report Export Collapse

The MAIN purpose of conducting a control self-assessment (CSA) is to:

gain a better understanding of the control effectiveness in the organization
gain a better understanding of the control effectiveness in the organization
gain a better understanding of the risk in the organization
gain a better understanding of the risk in the organization
adjust the controls prior to an external audit
adjust the controls prior to an external audit
reduce the dependency on external audits
reduce the dependency on external audits
Suggested answer: A
asked 18/09/2024
Djordje Novakovic
43 questions

Question 74

Report Export Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery plan (DRP)?

Number of users that participated in the DRP testing
Number of users that participated in the DRP testing
Number of issues identified during DRP testing
Number of issues identified during DRP testing
Percentage of applications that met the RTO during DRP testing
Percentage of applications that met the RTO during DRP testing
Percentage of issues resolved as a result of DRP testing
Percentage of issues resolved as a result of DRP testing
Suggested answer: B
asked 18/09/2024
Joe Pardee
58 questions

Question 75

Report Export Collapse

The risk associated with an asset before controls are applied can be expressed as:

a function of the likelihood and impact
a function of the likelihood and impact
Most voted
(1)
Most voted
the magnitude of an impact
the magnitude of an impact
a function of the cost and effectiveness of control.
a function of the cost and effectiveness of control.
the likelihood of a given threat
the likelihood of a given threat
Suggested answer: C
asked 18/09/2024
Nathalie Yip
40 questions

Question 76

Report Export Collapse

In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?

The control catalog
The control catalog
The asset profile
The asset profile
Business objectives
Business objectives
Key risk indicators (KRls)
Key risk indicators (KRls)
Suggested answer: C
asked 18/09/2024
Amy Sukkar
46 questions

Question 77

Report Export Collapse

Which of the following is the MOST important key performance indicator (KPI) to establish in the service level agreement (SLA) for an outsourced data center?

Percentage of systems included in recovery processes
Percentage of systems included in recovery processes
Number of key systems hosted
Number of key systems hosted
Average response time to resolve system incidents
Average response time to resolve system incidents
Percentage of system availability
Percentage of system availability
Suggested answer: C
asked 18/09/2024
Ben Clark
39 questions

Question 78

Report Export Collapse

After a risk has been identified, who is in the BEST position to select the appropriate risk treatment option?

The risk practitioner
The risk practitioner
The business process owner
The business process owner
The risk owner
The risk owner
The control owner
The control owner
Suggested answer: C
asked 18/09/2024
Reselan Govender
45 questions

Question 79

Report Export Collapse

A key risk indicator (KRI) is reported to senior management on a periodic basis as exceeding thresholds, but each time senior management has decided to take no action to reduce the risk. Which of the following is the MOST likely reason for senior management's response?

The underlying data source for the KRI is using inaccurate data and needs to be corrected.
The underlying data source for the KRI is using inaccurate data and needs to be corrected.
The KRI is not providing useful information and should be removed from the KRI inventory.
The KRI is not providing useful information and should be removed from the KRI inventory.
The KRI threshold needs to be revised to better align with the organization s risk appetite
The KRI threshold needs to be revised to better align with the organization s risk appetite
Senior management does not understand the KRI and should undergo risk training.
Senior management does not understand the KRI and should undergo risk training.
Suggested answer: C
asked 18/09/2024
waleed Haridi
40 questions

Question 80

Report Export Collapse

A business unit is updating a risk register with assessment results for a key project. Which of the following is MOST important to capture in the register?

The team that performed the risk assessment
The team that performed the risk assessment
An assigned risk manager to provide oversight
An assigned risk manager to provide oversight
Action plans to address risk scenarios requiring treatment
Action plans to address risk scenarios requiring treatment
Most voted
(1)
Most voted
The methodology used to perform the risk assessment
The methodology used to perform the risk assessment
Suggested answer: B
asked 18/09/2024
JORGE ROCHA
38 questions
Total 1.573 questions
Go to page: of 158
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?