ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 81

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 801

Report
Export
Collapse

When of the following 15 MOST important when developing a business case for a proposed security investment?

A.
identification of control requirements
A.
identification of control requirements
Answers
B.
Alignment to business objectives
B.
Alignment to business objectives
Answers
C.
Consideration of new business strategies
C.
Consideration of new business strategies
Answers
D.
inclusion of strategy for regulatory compliance
D.
inclusion of strategy for regulatory compliance
Answers
Suggested answer: B

Question 802

Report
Export
Collapse

What are the MOST essential attributes of an effective Key control indicator (KCI)?

A.
Flexibility and adaptability
A.
Flexibility and adaptability
Answers
B.
Measurability and consistency
B.
Measurability and consistency
Answers
C.
Robustness and resilience
C.
Robustness and resilience
Answers
D.
Optimal cost and benefit
D.
Optimal cost and benefit
Answers
Suggested answer: B

Question 803

Report
Export
Collapse

When of the following provides the MOST tenable evidence that a business process control is effective?

A.
Demonstration that the control is operating as designed
A.
Demonstration that the control is operating as designed
Answers
B.
A successful walk-through of the associated risk assessment
B.
A successful walk-through of the associated risk assessment
Answers
C.
Management attestation that the control is operating effectively
C.
Management attestation that the control is operating effectively
Answers
D.
Automated data indicating that risk has been reduced
D.
Automated data indicating that risk has been reduced
Answers
Suggested answer: C

Question 804

Report
Export
Collapse

During a risk treatment plan review, a risk practitioner finds the approved risk action plan has not been completed However, there were other risk mitigation actions implemented. Which of the fallowing is the BEST course of action?

A.
Review the cost-benefit of mitigating controls
A.
Review the cost-benefit of mitigating controls
Answers
B.
Mark the risk status as unresolved within the risk register
B.
Mark the risk status as unresolved within the risk register
Answers
C.
Verify the sufficiency of mitigating controls with the risk owner
C.
Verify the sufficiency of mitigating controls with the risk owner
Answers
D.
Update the risk register with implemented mitigating actions
D.
Update the risk register with implemented mitigating actions
Answers
Suggested answer: A

Question 805

Report
Export
Collapse

What should be the PRIMARY driver for periodically reviewing and adjusting key risk indicators (KRIs)?

A.
Risk impact
A.
Risk impact
Answers
B.
Risk likelihood
B.
Risk likelihood
Answers
C.
Risk appropriate
C.
Risk appropriate
Answers
D.
Control self-assessments (CSAs)
D.
Control self-assessments (CSAs)
Answers
Suggested answer: B

Question 806

Report
Export
Collapse

Which of the following controls are BEST strengthened by a clear organizational code of ethics?

A.
Detective controls
A.
Detective controls
Answers
B.
Administrative controls
B.
Administrative controls
Answers
C.
Technical controls
C.
Technical controls
Answers
D.
Preventive controls
D.
Preventive controls
Answers
Suggested answer: B

Question 807

Report
Export
Collapse

Which of the following BEST represents a critical threshold value for a key control indicator (KCI)?

A.
The value at which control effectiveness would fail
A.
The value at which control effectiveness would fail
Answers
B.
Thresholds benchmarked to peer organizations
B.
Thresholds benchmarked to peer organizations
Answers
C.
A typical operational value
C.
A typical operational value
Answers
D.
A value that represents the intended control state
D.
A value that represents the intended control state
Answers
Suggested answer: A

Question 808

Report
Export
Collapse

Which of We following is the MOST effective control to address the risk associated with compromising data privacy within the cloud?

A.
Establish baseline security configurations with the cloud service provider.
A.
Establish baseline security configurations with the cloud service provider.
Answers
B.
Require the cloud prowler 10 disclose past data privacy breaches.
B.
Require the cloud prowler 10 disclose past data privacy breaches.
Answers
C.
Ensure the cloud service provider performs an annual risk assessment.
C.
Ensure the cloud service provider performs an annual risk assessment.
Answers
D.
Specify cloud service provider liability for data privacy breaches in the contract
D.
Specify cloud service provider liability for data privacy breaches in the contract
Answers
Suggested answer: D

Question 809

Report
Export
Collapse

Which of tie following is We MOST important consideration when implementing ethical remote work monitoring?

A.
Monitoring is only conducted between official hours of business
A.
Monitoring is only conducted between official hours of business
Answers
B.
Employees are informed of how they are bong monitored
B.
Employees are informed of how they are bong monitored
Answers
C.
Reporting on nonproductive employees is sent to management on a scheduled basis
C.
Reporting on nonproductive employees is sent to management on a scheduled basis
Answers
D.
Multiple data monitoring sources are integrated into security incident response procedures
D.
Multiple data monitoring sources are integrated into security incident response procedures
Answers
Suggested answer: B

Question 810

Report
Export
Collapse

An organization outsources the processing of us payroll data A risk practitioner identifies a control weakness at the third party trial exposes the payroll data. Who should own this risk?

A.
The third party's IT operations manager
A.
The third party's IT operations manager
Answers
B.
The organization's process owner
B.
The organization's process owner
Answers
C.
The third party's chief risk officer (CRO)
C.
The third party's chief risk officer (CRO)
Answers
D.
The organization's risk practitioner
D.
The organization's risk practitioner
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms