ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 88

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
To define the risk management strategy which of the following MUST be set by the board of directors?

Question 871

Report
Export
Collapse

An organization is conducting a review of emerging risk. Which of the following is the BEST input for this exercise?

A.
Audit reports
A.
Audit reports
Answers
B.
Industry benchmarks
B.
Industry benchmarks
Answers
C.
Financial forecasts
C.
Financial forecasts
Answers
D.
Annual threat reports
D.
Annual threat reports
Answers
Suggested answer: B

Question 872

Report
Export
Collapse

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery test of critical business processes?

A.
Percentage of job failures identified and resolved during the recovery process
A.
Percentage of job failures identified and resolved during the recovery process
Answers
B.
Percentage of processes recovered within the recovery time and point objectives
B.
Percentage of processes recovered within the recovery time and point objectives
Answers
C.
Number of current test plans and procedures
C.
Number of current test plans and procedures
Answers
D.
Number of issues and action items resolved during the recovery test
D.
Number of issues and action items resolved during the recovery test
Answers
Suggested answer: B

Question 873

Report
Export
Collapse

A financial institution has identified high risk of fraud in several business applications. Which of the following controls will BEST help reduce the risk of fraudulent internal transactions?

A.
Periodic user privileges review
A.
Periodic user privileges review
Answers
B.
Log monitoring
B.
Log monitoring
Answers
C.
Periodic internal audits
C.
Periodic internal audits
Answers
D.
Segregation of duties
D.
Segregation of duties
Answers
Suggested answer: A

Question 874

Report
Export
Collapse

An IT department originally planned to outsource the hosting of its data center at an overseas location to reduce operational expenses. After a risk assessment, the department has decided to keep the data center in-house. How should the risk treatment response be reflected in the risk register?

A.
Risk mitigation
A.
Risk mitigation
Answers
B.
Risk avoidance
B.
Risk avoidance
Answers
C.
Risk acceptance
C.
Risk acceptance
Answers
D.
Risk transfer
D.
Risk transfer
Answers
Suggested answer: A

Question 875

Report
Export
Collapse

Which element of an organization's risk register is MOST important to update following the commissioning of a new financial reporting system?

A.
Key risk indicators (KRIs)
A.
Key risk indicators (KRIs)
Answers
B.
The owner of the financial reporting process
B.
The owner of the financial reporting process
Answers
C.
The risk rating of affected financial processes
C.
The risk rating of affected financial processes
Answers
D.
The list of relevant financial controls
D.
The list of relevant financial controls
Answers
Suggested answer: C

Question 876

Report
Export
Collapse

Which of the following is a drawback in the use of quantitative risk analysis?

A.
It assigns numeric values to exposures of assets.
A.
It assigns numeric values to exposures of assets.
Answers
B.
It requires more resources than other methods
B.
It requires more resources than other methods
Answers
C.
It produces the results in numeric form.
C.
It produces the results in numeric form.
Answers
D.
It is based on impact analysis of information assets.
D.
It is based on impact analysis of information assets.
Answers
Suggested answer: B

Question 877

Report
Export
Collapse

Which of the following would present the MOST significant risk to an organization when updating the incident response plan?

A.
Obsolete response documentation
A.
Obsolete response documentation
Answers
B.
Increased stakeholder turnover
B.
Increased stakeholder turnover
Answers
C.
Failure to audit third-party providers
C.
Failure to audit third-party providers
Answers
D.
Undefined assignment of responsibility
D.
Undefined assignment of responsibility
Answers
Suggested answer: D

Question 878

Report
Export
Collapse

An organization is implementing encryption for data at rest to reduce the risk associated with unauthorized access. Which of the following MUST be considered to assess the residual risk?

A.
Data retention requirements
A.
Data retention requirements
Answers
B.
Data destruction requirements
B.
Data destruction requirements
Answers
C.
Cloud storage architecture
C.
Cloud storage architecture
Answers
D.
Key management
D.
Key management
Answers
Suggested answer: D

Question 879

Report
Export
Collapse

Which of the following would BEST indicate to senior management that IT processes are improving?

A.
Changes in the number of intrusions detected
A.
Changes in the number of intrusions detected
Answers
B.
Changes in the number of security exceptions
B.
Changes in the number of security exceptions
Answers
C.
Changes in the position in the maturity model
C.
Changes in the position in the maturity model
Answers
D.
Changes to the structure of the risk register
D.
Changes to the structure of the risk register
Answers
Suggested answer: B

Question 880

Report
Export
Collapse

Which of the following is the FIRST step when conducting a business impact analysis (BIA)?

A.
Identifying critical information assets
A.
Identifying critical information assets
Answers
B.
Identifying events impacting continuity of operations;
B.
Identifying events impacting continuity of operations;
Answers
C.
Creating a data classification scheme
C.
Creating a data classification scheme
Answers
D.
Analyzing previous risk assessment results
D.
Analyzing previous risk assessment results
Answers
Suggested answer: A
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms