ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 87

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 861

Report
Export
Collapse

Which of the following is MOST helpful in preventing risk events from materializing?

A.
Prioritizing and tracking issues
A.
Prioritizing and tracking issues
Answers
B.
Establishing key risk indicators (KRIs)
B.
Establishing key risk indicators (KRIs)
Answers
C.
Reviewing and analyzing security incidents
C.
Reviewing and analyzing security incidents
Answers
D.
Maintaining the risk register
D.
Maintaining the risk register
Answers
Suggested answer: A

Question 862

Report
Export
Collapse

While reviewing the risk register, a risk practitioner notices that different business units have significant variances in inherent risk for the same risk scenario. Which of the following is the BEST course of action?

A.
Update the risk register with the average of residual risk for both business units.
A.
Update the risk register with the average of residual risk for both business units.
Answers
B.
Review the assumptions of both risk scenarios to determine whether the variance is reasonable.
B.
Review the assumptions of both risk scenarios to determine whether the variance is reasonable.
Answers
C.
Update the risk register to ensure both risk scenarios have the highest residual risk.
C.
Update the risk register to ensure both risk scenarios have the highest residual risk.
Answers
D.
Request that both business units conduct another review of the risk.
D.
Request that both business units conduct another review of the risk.
Answers
Suggested answer: B

Question 863

Report
Export
Collapse

Which of the following would be MOST helpful when communicating roles associated with the IT risk management process?

A.
Skills matrix
A.
Skills matrix
Answers
B.
Job descriptions
B.
Job descriptions
Answers
C.
RACI chart
C.
RACI chart
Answers
D.
Organizational chart
D.
Organizational chart
Answers
Suggested answer: A

Question 864

Report
Export
Collapse

Which of the following is MOST important to include in a risk assessment of an emerging technology?

A.
Risk response plans
A.
Risk response plans
Answers
B.
Risk and control ownership
B.
Risk and control ownership
Answers
C.
Key controls
C.
Key controls
Answers
D.
Impact and likelihood ratings
D.
Impact and likelihood ratings
Answers
Suggested answer: D

Question 865

Report
Export
Collapse

Which of the following is the BEST indicator of an effective IT security awareness program?

A.
Decreased success rate of internal phishing tests
A.
Decreased success rate of internal phishing tests
Answers
B.
Decreased number of reported security incidents
B.
Decreased number of reported security incidents
Answers
C.
Number of disciplinary actions issued for security violations
C.
Number of disciplinary actions issued for security violations
Answers
D.
Number of employees that complete security training
D.
Number of employees that complete security training
Answers
Suggested answer: A

Question 866

Report
Export
Collapse

Who should have the authority to approve an exception to a control?

A.
information security manager
A.
information security manager
Answers
B.
Control owner
B.
Control owner
Answers
C.
Risk owner
C.
Risk owner
Answers
D.
Risk manager
D.
Risk manager
Answers
Suggested answer: C

Question 867

Report
Export
Collapse

Which type of indicators should be developed to measure the effectiveness of an organization's firewall rule set?

A.
Key risk indicators (KRIs)
A.
Key risk indicators (KRIs)
Answers
B.
Key management indicators (KMIs)
B.
Key management indicators (KMIs)
Answers
C.
Key performance indicators (KPIs)
C.
Key performance indicators (KPIs)
Answers
D.
Key control indicators (KCIs)
D.
Key control indicators (KCIs)
Answers
Suggested answer: D

Question 868

Report
Export
Collapse

Which of the following is the MOST appropriate action when a tolerance threshold is exceeded?

A.
Communicate potential impact to decision makers.
A.
Communicate potential impact to decision makers.
Answers
B.
Research the root cause of similar incidents.
B.
Research the root cause of similar incidents.
Answers
C.
Verify the response plan is adequate.
C.
Verify the response plan is adequate.
Answers
D.
Increase human resources to respond in the interim.
D.
Increase human resources to respond in the interim.
Answers
Suggested answer: A

Question 869

Report
Export
Collapse

Which of the following will be the GREATEST concern when assessing the risk profile of an organization?

A.
The risk profile was not updated after a recent incident
A.
The risk profile was not updated after a recent incident
Answers
B.
The risk profile was developed without using industry standards.
B.
The risk profile was developed without using industry standards.
Answers
C.
The risk profile was last reviewed two years ago.
C.
The risk profile was last reviewed two years ago.
Answers
D.
The risk profile does not contain historical loss data.
D.
The risk profile does not contain historical loss data.
Answers
Suggested answer: A

Question 870

Report
Export
Collapse

Which of the following is the PRIMARY risk management responsibility of the second line of defense?

A.
Monitoring risk responses
A.
Monitoring risk responses
Answers
B.
Applying risk treatments
B.
Applying risk treatments
Answers
C.
Providing assurance of control effectiveness
C.
Providing assurance of control effectiveness
Answers
D.
Implementing internal controls
D.
Implementing internal controls
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms