ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 90

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An organization has allowed several employees to retire early in order to avoid layoffs Many of these employees have been subject matter experts for critical assets Which type of risk is MOST likely to materialize?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

Question 891

Report
Export
Collapse

The PRIMARY benefit of using a maturity model is that it helps to evaluate the:

A.
capability to implement new processes
A.
capability to implement new processes
Answers
B.
evolution of process improvements
B.
evolution of process improvements
Answers
C.
degree of compliance with policies and procedures
C.
degree of compliance with policies and procedures
Answers
D.
control requirements.
D.
control requirements.
Answers
Suggested answer: B

Question 892

Report
Export
Collapse

Which of the following provides the BEST evidence that a selected risk treatment plan is effective?

A.
Identifying key risk indicators (KRIs)
A.
Identifying key risk indicators (KRIs)
Answers
B.
Evaluating the return on investment (ROI)
B.
Evaluating the return on investment (ROI)
Answers
C.
Evaluating the residual risk level
C.
Evaluating the residual risk level
Answers
D.
Performing a cost-benefit analysis
D.
Performing a cost-benefit analysis
Answers
Suggested answer: D

Question 893

Report
Export
Collapse

Senior management has asked the risk practitioner for the overall residual risk level for a process that contains numerous risk scenarios. Which of the following should be provided?

A.
The sum of residual risk levels for each scenario
A.
The sum of residual risk levels for each scenario
Answers
B.
The loss expectancy for aggregated risk scenarios
B.
The loss expectancy for aggregated risk scenarios
Answers
C.
The highest loss expectancy among the risk scenarios
C.
The highest loss expectancy among the risk scenarios
Answers
D.
The average of anticipated residual risk levels
D.
The average of anticipated residual risk levels
Answers
Suggested answer: D

Explanation:

Topic 4, Exam Pool D

Question 894

Report
Export
Collapse

Which of the following is the PRIMARY benefit of stakeholder involvement in risk scenario development?

A.
Ability to determine business impact
A.
Ability to determine business impact
Answers
B.
Up-to-date knowledge on risk responses
B.
Up-to-date knowledge on risk responses
Answers
C.
Decision-making authority for risk treatment
C.
Decision-making authority for risk treatment
Answers
D.
Awareness of emerging business threats
D.
Awareness of emerging business threats
Answers
Suggested answer: A

Question 895

Report
Export
Collapse

Which of the following is MOST helpful to understand the consequences of an IT risk event?

A.
Fault tree analysis
A.
Fault tree analysis
Answers
B.
Historical trend analysis
B.
Historical trend analysis
Answers
C.
Root cause analysis
C.
Root cause analysis
Answers
D.
Business impact analysis (BIA)
D.
Business impact analysis (BIA)
Answers
Suggested answer: B

Question 896

Report
Export
Collapse

Which of the following is the BEST way to help ensure risk will be managed properly after a business process has been re-engineered?

A.
Reassessing control effectiveness of the process
A.
Reassessing control effectiveness of the process
Answers
B.
Conducting a post-implementation review to determine lessons learned
B.
Conducting a post-implementation review to determine lessons learned
Answers
C.
Reporting key performance indicators (KPIs) for core processes
C.
Reporting key performance indicators (KPIs) for core processes
Answers
D.
Establishing escalation procedures for anomaly events
D.
Establishing escalation procedures for anomaly events
Answers
Suggested answer: A

Question 897

Report
Export
Collapse

Which of the following would be a risk practitioner's BEST course of action when a project team has accepted a risk outside the established risk appetite?

A.
Reject the risk acceptance and require mitigating controls.
A.
Reject the risk acceptance and require mitigating controls.
Answers
B.
Monitor the residual risk level of the accepted risk.
B.
Monitor the residual risk level of the accepted risk.
Answers
C.
Escalate the risk decision to the project sponsor for review.
C.
Escalate the risk decision to the project sponsor for review.
Answers
D.
Document the risk decision in the project risk register.
D.
Document the risk decision in the project risk register.
Answers
Suggested answer: B

Question 898

Report
Export
Collapse

When reviewing the business continuity plan (BCP) of an online sales order system, a risk practitioner notices that the recovery time objective (RTO) has a shorter lime than what is defined in the disaster recovery plan (DRP). Which of the following is the BEST way for the risk practitioner to address this concern?

A.
Adopt the RTO defined in the BCR
A.
Adopt the RTO defined in the BCR
Answers
B.
Update the risk register to reflect the discrepancy.
B.
Update the risk register to reflect the discrepancy.
Answers
C.
Adopt the RTO defined in the DRP.
C.
Adopt the RTO defined in the DRP.
Answers
D.
Communicate the discrepancy to the DR manager for follow-up.
D.
Communicate the discrepancy to the DR manager for follow-up.
Answers
Suggested answer: D

Question 899

Report
Export
Collapse

Which of the following is MOST important for maintaining the effectiveness of an IT risk register?

A.
Removing entries from the register after the risk has been treated
A.
Removing entries from the register after the risk has been treated
Answers
B.
Recording and tracking the status of risk response plans within the register
B.
Recording and tracking the status of risk response plans within the register
Answers
C.
Communicating the register to key stakeholders
C.
Communicating the register to key stakeholders
Answers
D.
Performing regular reviews and updates to the register
D.
Performing regular reviews and updates to the register
Answers
Suggested answer: D

Question 900

Report
Export
Collapse

Which of the following is the MOST important consideration when developing risk strategies?

A.
Organization's industry sector
A.
Organization's industry sector
Answers
B.
Long-term organizational goals
B.
Long-term organizational goals
Answers
C.
Concerns of the business process owners
C.
Concerns of the business process owners
Answers
D.
History of risk events
D.
History of risk events
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms