ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 92

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

Question 911

Report
Export
Collapse

Which of the following issues found during the review of a newly created disaster recovery plan (DRP) should be of MOST concern?

A.
Some critical business applications are not included in the plan
A.
Some critical business applications are not included in the plan
Answers
B.
Several recovery activities will be outsourced
B.
Several recovery activities will be outsourced
Answers
C.
The plan is not based on an internationally recognized framework
C.
The plan is not based on an internationally recognized framework
Answers
D.
The chief information security officer (CISO) has not approved the plan
D.
The chief information security officer (CISO) has not approved the plan
Answers
Suggested answer: A

Question 912

Report
Export
Collapse

Which of the following is MOST helpful in defining an early-warning threshold associated with insufficient network bandwidth''

A.
Average bandwidth usage
A.
Average bandwidth usage
Answers
B.
Peak bandwidth usage
B.
Peak bandwidth usage
Answers
C.
Total bandwidth usage
C.
Total bandwidth usage
Answers
D.
Bandwidth used during business hours
D.
Bandwidth used during business hours
Answers
Suggested answer: A

Question 913

Report
Export
Collapse

An organization maintains independent departmental risk registers that are not automatically aggregated. Which of the following is the GREATEST concern?

A.
Management may be unable to accurately evaluate the risk profile.
A.
Management may be unable to accurately evaluate the risk profile.
Answers
B.
Resources may be inefficiently allocated.
B.
Resources may be inefficiently allocated.
Answers
C.
The same risk factor may be identified in multiple areas.
C.
The same risk factor may be identified in multiple areas.
Answers
D.
Multiple risk treatment efforts may be initiated to treat a given risk.
D.
Multiple risk treatment efforts may be initiated to treat a given risk.
Answers
Suggested answer: A

Question 914

Report
Export
Collapse

it was determined that replication of a critical database used by two business units failed. Which of the following should be of GREATEST concern1?

A.
The underutilization of the replicated Iink
A.
The underutilization of the replicated Iink
Answers
B.
The cost of recovering the data
B.
The cost of recovering the data
Answers
C.
The lack of integrity of data
C.
The lack of integrity of data
Answers
D.
The loss of data confidentiality
D.
The loss of data confidentiality
Answers
Suggested answer: C

Question 915

Report
Export
Collapse

Which of the following contributes MOST to the effective implementation of risk responses?

A.
Clear understanding of the risk
A.
Clear understanding of the risk
Answers
B.
Comparable industry risk trends
B.
Comparable industry risk trends
Answers
C.
Appropriate resources
C.
Appropriate resources
Answers
D.
Detailed standards and procedures
D.
Detailed standards and procedures
Answers
Suggested answer: A

Question 916

Report
Export
Collapse

As pan of business continuity planning, which of the following is MOST important to include m a business impact analysis (BlA)?

A.
An assessment of threats to the organization
A.
An assessment of threats to the organization
Answers
B.
An assessment of recovery scenarios
B.
An assessment of recovery scenarios
Answers
C.
industry standard framework
C.
industry standard framework
Answers
D.
Documentation of testing procedures
D.
Documentation of testing procedures
Answers
Suggested answer: A

Question 917

Report
Export
Collapse

Which of the following would BEST mitigate an identified risk scenario?

A.
Conducting awareness training
A.
Conducting awareness training
Answers
B.
Executing a risk response plan
B.
Executing a risk response plan
Answers
C.
Establishing an organization's risk tolerance
C.
Establishing an organization's risk tolerance
Answers
D.
Performing periodic audits
D.
Performing periodic audits
Answers
Suggested answer: C

Question 918

Report
Export
Collapse

An organization has decided to commit to a business activity with the knowledge that the risk exposure is higher than the risk appetite. Which of the following is the risk practitioner's MOST important action related to this decision?

A.
Recommend risk remediation
A.
Recommend risk remediation
Answers
B.
Change the level of risk appetite
B.
Change the level of risk appetite
Answers
C.
Document formal acceptance of the risk
C.
Document formal acceptance of the risk
Answers
D.
Reject the business initiative
D.
Reject the business initiative
Answers
Suggested answer: C

Question 919

Report
Export
Collapse

An organization is considering outsourcing user administration controls tor a critical system. The potential vendor has offered to perform quarterly sett-audits of its controls instead of having annual independent audits. Which of the following should be of GREATEST concern to me risk practitioner?

A.
The controls may not be properly tested
A.
The controls may not be properly tested
Answers
B.
The vendor will not ensure against control failure
B.
The vendor will not ensure against control failure
Answers
C.
The vendor will not achieve best practices
C.
The vendor will not achieve best practices
Answers
D.
Lack of a risk-based approach to access control
D.
Lack of a risk-based approach to access control
Answers
Suggested answer: D

Question 920

Report
Export
Collapse

Which of the following would BEST mitigate the ongoing risk associated with operating system (OS) vulnerabilities?

A.
Temporarily mitigate the OS vulnerabilities
A.
Temporarily mitigate the OS vulnerabilities
Answers
B.
Document and implement a patching process
B.
Document and implement a patching process
Answers
C.
Evaluate permanent fixes such as patches and upgrades
C.
Evaluate permanent fixes such as patches and upgrades
Answers
D.
Identify the vulnerabilities and applicable OS patches
D.
Identify the vulnerabilities and applicable OS patches
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms