ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 84

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?

Question 831

Report
Export
Collapse

Which of The following is the MOST comprehensive input to the risk assessment process specific to the effects of system downtime?

A.
Business continuity plan (BCP) testing results
A.
Business continuity plan (BCP) testing results
Answers
B.
Recovery lime objective (RTO)
B.
Recovery lime objective (RTO)
Answers
C.
Business impact analysis (BIA)
C.
Business impact analysis (BIA)
Answers
D.
results Recovery point objective (RPO)
D.
results Recovery point objective (RPO)
Answers
Suggested answer: C

Question 832

Report
Export
Collapse

A risk practitioner identifies a database application that has been developed and implemented by the business independently of IT. Which of the following is the BEST course of action?

A.
Escalate the concern to senior management.
A.
Escalate the concern to senior management.
Answers
B.
Document the reasons for the exception.
B.
Document the reasons for the exception.
Answers
C.
Include the application in IT risk assessments.
C.
Include the application in IT risk assessments.
Answers
D.
Propose that the application be transferred to IT.
D.
Propose that the application be transferred to IT.
Answers
Suggested answer: B

Question 833

Report
Export
Collapse

Which of the following is the MOST effective way to incorporate stakeholder concerns when developing risk scenarios?

A.
Evaluating risk impact
A.
Evaluating risk impact
Answers
B.
Establishing key performance indicators (KPIs)
B.
Establishing key performance indicators (KPIs)
Answers
C.
Conducting internal audits
C.
Conducting internal audits
Answers
D.
Creating quarterly risk reports
D.
Creating quarterly risk reports
Answers
Suggested answer: A

Question 834

Report
Export
Collapse

A risk practitioner has just learned about new malware that has severely impacted industry peers worldwide data loss?

A.
Customer database manager
A.
Customer database manager
Answers
B.
Customer data custodian
B.
Customer data custodian
Answers
C.
Data privacy officer
C.
Data privacy officer
Answers
D.
Audit committee
D.
Audit committee
Answers
Suggested answer: B

Question 835

Report
Export
Collapse

Which of the following is the BEST way to determine the potential organizational impact of emerging privacy regulations?

A.
Evaluate the security architecture maturity.
A.
Evaluate the security architecture maturity.
Answers
B.
Map the new requirements to the existing control framework.
B.
Map the new requirements to the existing control framework.
Answers
C.
Charter a privacy steering committee.
C.
Charter a privacy steering committee.
Answers
D.
Conduct a privacy impact assessment (PIA).
D.
Conduct a privacy impact assessment (PIA).
Answers
Suggested answer: D

Question 836

Report
Export
Collapse

An employee lost a personal mobile device that may contain sensitive corporate information. What should be the risk practitioner's recommendation?

A.
Conduct a risk analysis.
A.
Conduct a risk analysis.
Answers
B.
Initiate a remote data wipe.
B.
Initiate a remote data wipe.
Answers
C.
Invoke the incident response plan
C.
Invoke the incident response plan
Answers
D.
Disable the user account.
D.
Disable the user account.
Answers
Suggested answer: C

Question 837

Report
Export
Collapse

An organization has provided legal text explaining the rights and expected behavior of users accessing a system from geographic locations that have strong privacy regulations. Which of the following control types has been applied?

A.
Detective
A.
Detective
Answers
B.
Directive
B.
Directive
Answers
C.
Preventive
C.
Preventive
Answers
D.
Compensating
D.
Compensating
Answers
Suggested answer: B

Question 838

Report
Export
Collapse

The PRIMARY reason for prioritizing risk scenarios is to:

A.
provide an enterprise-wide view of risk
A.
provide an enterprise-wide view of risk
Answers
B.
support risk response tracking
B.
support risk response tracking
Answers
C.
assign risk ownership
C.
assign risk ownership
Answers
D.
facilitate risk response decisions.
D.
facilitate risk response decisions.
Answers
Suggested answer: D

Question 839

Report
Export
Collapse

The PRIMARY purpose of using a framework for risk analysis is to:

A.
improve accountability
A.
improve accountability
Answers
B.
improve consistency
B.
improve consistency
Answers
C.
help define risk tolerance
C.
help define risk tolerance
Answers
D.
help develop risk scenarios.
D.
help develop risk scenarios.
Answers
Suggested answer: B

Question 840

Report
Export
Collapse

Which of the following approaches to bring your own device (BYOD) service delivery provides the BEST protection from data loss?

A.
Enable data wipe capabilities
A.
Enable data wipe capabilities
Answers
B.
Penetration testing and session timeouts
B.
Penetration testing and session timeouts
Answers
C.
Implement remote monitoring
C.
Implement remote monitoring
Answers
D.
Enforce strong passwords and data encryption
D.
Enforce strong passwords and data encryption
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms