ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 85

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?

Question 841

Report
Export
Collapse

To reduce costs, an organization is combining the second and third tines of defense in a new department that reports to a recently appointed C-level executive. Which of the following is the GREATEST concern with this situation?

A.
The risk governance approach of the second and third lines of defense may differ.
A.
The risk governance approach of the second and third lines of defense may differ.
Answers
B.
The independence of the internal third line of defense may be compromised.
B.
The independence of the internal third line of defense may be compromised.
Answers
C.
Cost reductions may negatively impact the productivity of other departments.
C.
Cost reductions may negatively impact the productivity of other departments.
Answers
D.
The new structure is not aligned to the organization's internal control framework.
D.
The new structure is not aligned to the organization's internal control framework.
Answers
Suggested answer: B

Question 842

Report
Export
Collapse

Which of the following should be management's PRIMARY focus when key risk indicators (KRIs) begin to rapidly approach defined thresholds?

A.
Designing compensating controls
A.
Designing compensating controls
Answers
B.
Determining if KRIs have been updated recently
B.
Determining if KRIs have been updated recently
Answers
C.
Assessing the effectiveness of the incident response plan
C.
Assessing the effectiveness of the incident response plan
Answers
D.
Determining what has changed in the environment
D.
Determining what has changed in the environment
Answers
Suggested answer: D

Question 843

Report
Export
Collapse

Legal and regulatory risk associated with business conducted over the Internet is driven by:

A.
the jurisdiction in which an organization has its principal headquarters
A.
the jurisdiction in which an organization has its principal headquarters
Answers
B.
international law and a uniform set of regulations.
B.
international law and a uniform set of regulations.
Answers
C.
the laws and regulations of each individual country
C.
the laws and regulations of each individual country
Answers
D.
international standard-setting bodies.
D.
international standard-setting bodies.
Answers
Suggested answer: C

Question 844

Report
Export
Collapse

When formulating a social media policy lo address information leakage, which of the following is the MOST important concern to address?

A.
Sharing company information on social media
A.
Sharing company information on social media
Answers
B.
Sharing personal information on social media
B.
Sharing personal information on social media
Answers
C.
Using social media to maintain contact with business associates
C.
Using social media to maintain contact with business associates
Answers
D.
Using social media for personal purposes during working hours
D.
Using social media for personal purposes during working hours
Answers
Suggested answer: A

Question 845

Report
Export
Collapse

Which of the following should be the PRIMARY focus of an IT risk awareness program?

A.
Ensure compliance with the organization's internal policies
A.
Ensure compliance with the organization's internal policies
Answers
B.
Cultivate long-term behavioral change.
B.
Cultivate long-term behavioral change.
Answers
C.
Communicate IT risk policy to the participants.
C.
Communicate IT risk policy to the participants.
Answers
D.
Demonstrate regulatory compliance.
D.
Demonstrate regulatory compliance.
Answers
Suggested answer: B

Question 846

Report
Export
Collapse

In an organization that allows employee use of social media accounts for work purposes, which of the following is the BEST way to protect company sensitive information from being exposed?

A.
Educating employees on what needs to be kept confidential
A.
Educating employees on what needs to be kept confidential
Answers
B.
Implementing a data loss prevention (DLP) solution
B.
Implementing a data loss prevention (DLP) solution
Answers
C.
Taking punitive action against employees who expose confidential data
C.
Taking punitive action against employees who expose confidential data
Answers
D.
Requiring employees to sign nondisclosure agreements
D.
Requiring employees to sign nondisclosure agreements
Answers
Suggested answer: B

Question 847

Report
Export
Collapse

Which of the following is a risk practitioner's BEST recommendation to address an organization's need to secure multiple systems with limited IT resources?

A.
Apply available security patches.
A.
Apply available security patches.
Answers
B.
Schedule a penetration test.
B.
Schedule a penetration test.
Answers
C.
Conduct a business impact analysis (BIA)
C.
Conduct a business impact analysis (BIA)
Answers
D.
Perform a vulnerability analysis.
D.
Perform a vulnerability analysis.
Answers
Suggested answer: C

Question 848

Report
Export
Collapse

Risk acceptance of an exception to a security control would MOST likely be justified when:

A.
automation cannot be applied to the control
A.
automation cannot be applied to the control
Answers
B.
business benefits exceed the loss exposure.
B.
business benefits exceed the loss exposure.
Answers
C.
the end-user license agreement has expired.
C.
the end-user license agreement has expired.
Answers
D.
the control is difficult to enforce in practice.
D.
the control is difficult to enforce in practice.
Answers
Suggested answer: B

Question 849

Report
Export
Collapse

Print jobs containing confidential information are sent to a shared network printer located in a secure room. Which of the following is the BEST control to prevent the inappropriate disclosure of confidential information?

A.
Requiring a printer access code for each user
A.
Requiring a printer access code for each user
Answers
B.
Using physical controls to access the printer room
B.
Using physical controls to access the printer room
Answers
C.
Using video surveillance in the printer room
C.
Using video surveillance in the printer room
Answers
D.
Ensuring printer parameters are properly configured
D.
Ensuring printer parameters are properly configured
Answers
Suggested answer: A

Question 850

Report
Export
Collapse

For a large software development project, risk assessments are MOST effective when performed:

A.
before system development begins.
A.
before system development begins.
Answers
B.
at system development.
B.
at system development.
Answers
C.
at each stage of the system development life cycle (SDLC).
C.
at each stage of the system development life cycle (SDLC).
Answers
D.
during the development of the business case.
D.
during the development of the business case.
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms