ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 91

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 901

Report
Export
Collapse

An organization wants to grant remote access to a system containing sensitive data to an overseas third party. Which of the following should be of GREATEST concern to management?

A.
Transborder data transfer restrictions
A.
Transborder data transfer restrictions
Answers
B.
Differences in regional standards
B.
Differences in regional standards
Answers
C.
Lack of monitoring over vendor activities
C.
Lack of monitoring over vendor activities
Answers
D.
Lack of after-hours incident management support
D.
Lack of after-hours incident management support
Answers
Suggested answer: C

Question 902

Report
Export
Collapse

Which of the following stakeholders are typically included as part of a line of defense within the three lines of defense model?

A.
Board of directors
A.
Board of directors
Answers
B.
Vendors
B.
Vendors
Answers
C.
Regulators
C.
Regulators
Answers
D.
Legal team
D.
Legal team
Answers
Suggested answer: A

Question 903

Report
Export
Collapse

Which of the following will BEST help to ensure new IT policies address the enterprise's requirements?

A.
involve IT leadership in the policy development process
A.
involve IT leadership in the policy development process
Answers
B.
Require business users to sign acknowledgment of the poises
B.
Require business users to sign acknowledgment of the poises
Answers
C.
involve business owners in the pokey development process
C.
involve business owners in the pokey development process
Answers
D.
Provide policy owners with greater enforcement authority
D.
Provide policy owners with greater enforcement authority
Answers
Suggested answer: B

Question 904

Report
Export
Collapse

A multinational organization is considering implementing standard background checks to' all new employees A KEY concern regarding this approach

A.
fail to identity all relevant issues.
A.
fail to identity all relevant issues.
Answers
B.
be too costly
B.
be too costly
Answers
C.
violate laws in other countries
C.
violate laws in other countries
Answers
D.
be too line consuming
D.
be too line consuming
Answers
Suggested answer: C

Question 905

Report
Export
Collapse

An organization's control environment is MOST effective when:

A.
controls perform as intended.
A.
controls perform as intended.
Answers
B.
controls operate efficiently.
B.
controls operate efficiently.
Answers
C.
controls are implemented consistent
C.
controls are implemented consistent
Answers
D.
control designs are reviewed periodically
D.
control designs are reviewed periodically
Answers
Suggested answer: A

Question 906

Report
Export
Collapse

Who is BEST suited to provide objective input when updating residual risk to reflect the results of control effectiveness?

A.
Control owner
A.
Control owner
Answers
B.
Risk owner
B.
Risk owner
Answers
C.
Internal auditor
C.
Internal auditor
Answers
D.
Compliance manager
D.
Compliance manager
Answers
Suggested answer: C

Question 907

Report
Export
Collapse

The following is the snapshot of a recently approved IT risk register maintained by an organization's information security department.

After implementing countermeasures listed in ''Risk Response Descriptions'' for each of the Risk IDs, which of the following component of the register MUST change?

A.
Risk Impact Rating
A.
Risk Impact Rating
Answers
B.
Risk Owner
B.
Risk Owner
Answers
C.
Risk Likelihood Rating
C.
Risk Likelihood Rating
Answers
D.
Risk Exposure
D.
Risk Exposure
Answers
Suggested answer: B

Question 908

Report
Export
Collapse

Of the following, who is BEST suited to assist a risk practitioner in developing a relevant set of risk scenarios?

A.
Internal auditor
A.
Internal auditor
Answers
B.
Asset owner
B.
Asset owner
Answers
C.
Finance manager
C.
Finance manager
Answers
D.
Control owner
D.
Control owner
Answers
Suggested answer: B

Question 909

Report
Export
Collapse

An organization has made a decision to purchase a new IT system. During when phase of the system development life cycle (SDLC) will identified risk MOST likely lead to architecture and design trade-offs?

A.
Acquisition
A.
Acquisition
Answers
B.
Implementation
B.
Implementation
Answers
C.
Initiation
C.
Initiation
Answers
D.
Operation and maintenance
D.
Operation and maintenance
Answers
Suggested answer: C

Question 910

Report
Export
Collapse

Recovery the objectives (RTOs) should be based on

A.
minimum tolerable downtime
A.
minimum tolerable downtime
Answers
B.
minimum tolerable loss of data.
B.
minimum tolerable loss of data.
Answers
C.
maximum tolerable downtime.
C.
maximum tolerable downtime.
Answers
D.
maximum tolerable loss of data
D.
maximum tolerable loss of data
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms