ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 82

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 811

Report
Export
Collapse

Which of the following BEST mitigates the risk of violating privacy laws when transferring personal information lo a supplier?

A.
Encrypt the data while in transit lo the supplier
A.
Encrypt the data while in transit lo the supplier
Answers
B.
Contractually obligate the supplier to follow privacy laws.
B.
Contractually obligate the supplier to follow privacy laws.
Answers
C.
Require independent audits of the supplier's control environment
C.
Require independent audits of the supplier's control environment
Answers
D.
Utilize blockchain during the data transfer
D.
Utilize blockchain during the data transfer
Answers
Suggested answer: B

Question 812

Report
Export
Collapse

Which of the following poses the GREATEST risk to an organization's operations during a major it transformation?

A.
Lack of robust awareness programs
A.
Lack of robust awareness programs
Answers
B.
infrequent risk assessments of key controls
B.
infrequent risk assessments of key controls
Answers
C.
Rapid changes in IT procedures
C.
Rapid changes in IT procedures
Answers
D.
Unavailability of critical IT systems
D.
Unavailability of critical IT systems
Answers
Suggested answer: D

Question 813

Report
Export
Collapse

When performing a risk assessment of a new service to support a ewe Business process. which of the following should be done FRST10 ensure continuity of operations?

A.
a identity conditions that may cause disruptions
A.
a identity conditions that may cause disruptions
Answers
B.
Review incident response procedures
B.
Review incident response procedures
Answers
C.
Evaluate the probability of risk events
C.
Evaluate the probability of risk events
Answers
D.
Define metrics for restoring availability
D.
Define metrics for restoring availability
Answers
Suggested answer: A

Question 814

Report
Export
Collapse

Which of the following is the BEST way to mitigate the risk to IT infrastructure availability?

A.
Establishing a disaster recovery plan (DRP)
A.
Establishing a disaster recovery plan (DRP)
Answers
B.
Establishing recovery time objectives (RTOs)
B.
Establishing recovery time objectives (RTOs)
Answers
C.
Maintaining a current list of staff contact delays
C.
Maintaining a current list of staff contact delays
Answers
D.
Maintaining a risk register
D.
Maintaining a risk register
Answers
Suggested answer: D

Question 815

Report
Export
Collapse

Which of me following is MOST helpful to mitigate the risk associated with an application under development not meeting business objectives?

A.
Identifying tweets that may compromise enterprise architecture (EA)
A.
Identifying tweets that may compromise enterprise architecture (EA)
Answers
B.
Including diverse Business scenarios in user acceptance testing (UAT)
B.
Including diverse Business scenarios in user acceptance testing (UAT)
Answers
C.
Performing risk assessments during the business case development stage
C.
Performing risk assessments during the business case development stage
Answers
D.
Including key stakeholders in review of user requirements
D.
Including key stakeholders in review of user requirements
Answers
Suggested answer: D

Question 816

Report
Export
Collapse

Winch of the following key control indicators (KCIs) BEST indicates whether security requirements are identified and managed throughout a project He cycle?

A.
Number of projects going live without a security review
A.
Number of projects going live without a security review
Answers
B.
Number of employees completing project-specific security training
B.
Number of employees completing project-specific security training
Answers
C.
Number of security projects started in core departments
C.
Number of security projects started in core departments
Answers
D.
Number of security-related status reports submitted by project managers
D.
Number of security-related status reports submitted by project managers
Answers
Suggested answer: A

Question 817

Report
Export
Collapse

Which of the following BEST facilities the alignment of IT risk management with enterprise risk management (ERM)?

A.
Adopting qualitative enterprise risk assessment methods
A.
Adopting qualitative enterprise risk assessment methods
Answers
B.
Linking IT risk scenarios to technology objectives
B.
Linking IT risk scenarios to technology objectives
Answers
C.
linking IT risk scenarios to enterprise strategy
C.
linking IT risk scenarios to enterprise strategy
Answers
D.
Adopting quantitative enterprise risk assessment methods
D.
Adopting quantitative enterprise risk assessment methods
Answers
Suggested answer: C

Question 818

Report
Export
Collapse

An organization is implementing internet of Things (loT) technology to control temperature and lighting in its headquarters. Which of the following should be of GREATEST concern?

A.
Insufficient network isolation
A.
Insufficient network isolation
Answers
B.
impact on network performance
B.
impact on network performance
Answers
C.
insecure data transmission protocols
C.
insecure data transmission protocols
Answers
D.
Lack of interoperability between sensors
D.
Lack of interoperability between sensors
Answers
Suggested answer: D

Question 819

Report
Export
Collapse

Which of the following is the BEST Key control indicator KCO to monitor the effectiveness of patch management?

A.
Percentage of legacy servers out of support
A.
Percentage of legacy servers out of support
Answers
B.
Percentage of severs receiving automata patches
B.
Percentage of severs receiving automata patches
Answers
C.
Number of unremediated vulnerabilities
C.
Number of unremediated vulnerabilities
Answers
D.
Number of intrusion attempts
D.
Number of intrusion attempts
Answers
Suggested answer: D

Question 820

Report
Export
Collapse

Winch of the following is the BEST evidence of an effective risk treatment plan?

A.
The inherent risk is below the asset residual risk.
A.
The inherent risk is below the asset residual risk.
Answers
B.
Remediation cost is below the asset business value
B.
Remediation cost is below the asset business value
Answers
C.
The risk tolerance threshold s above the asset residual
C.
The risk tolerance threshold s above the asset residual
Answers
D.
Remediation is completed within the asset recovery time objective (RTO)
D.
Remediation is completed within the asset recovery time objective (RTO)
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms