ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 94

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 931

Report
Export
Collapse

When of the following standard operating procedure (SOP) statements BEST illustrates appropriate risk register maintenance?

A.
Remove risk that has been mitigated by third-party transfer
A.
Remove risk that has been mitigated by third-party transfer
Answers
B.
Remove risk that management has decided to accept
B.
Remove risk that management has decided to accept
Answers
C.
Remove risk only following a significant change in the risk environment
C.
Remove risk only following a significant change in the risk environment
Answers
D.
Remove risk when mitigation results in residual risk within tolerance levels
D.
Remove risk when mitigation results in residual risk within tolerance levels
Answers
Suggested answer: C

Question 932

Report
Export
Collapse

Which of the blowing is MOST important when implementing an organization s security policy?

A.
Obtaining management support
A.
Obtaining management support
Answers
B.
Benchmarking against industry standards
B.
Benchmarking against industry standards
Answers
C.
Assessing compliance requirements
C.
Assessing compliance requirements
Answers
D.
Identifying threats and vulnerabilities
D.
Identifying threats and vulnerabilities
Answers
Suggested answer: A

Question 933

Report
Export
Collapse

A cote data center went offline abruptly for several hours affecting many transactions across multiple locations. Which of the to' owing would provide the MOST useful information to determine mitigating controls?

A.
Forensic analysis
A.
Forensic analysis
Answers
B.
Risk assessment
B.
Risk assessment
Answers
C.
Root cause analysis
C.
Root cause analysis
Answers
D.
Business impact analysis (BlA)
D.
Business impact analysis (BlA)
Answers
Suggested answer: A

Question 934

Report
Export
Collapse

A risk practitioner observed Vial a high number of pokey exceptions were approved by senior management. Which of the following is the risk practitioner's BEST course of action to determine root cause?

A.
Review the risk profile
A.
Review the risk profile
Answers
B.
Review pokey change history
B.
Review pokey change history
Answers
C.
interview the control owner
C.
interview the control owner
Answers
D.
Perform control testing
D.
Perform control testing
Answers
Suggested answer: C

Question 935

Report
Export
Collapse

The BEST way to mitigate the high cost of retrieving electronic evidence associated with potential litigation is to implement policies and procedures for.

A.
data logging and monitoring
A.
data logging and monitoring
Answers
B.
data mining and analytics
B.
data mining and analytics
Answers
C.
data classification and labeling
C.
data classification and labeling
Answers
D.
data retention and destruction
D.
data retention and destruction
Answers
Suggested answer: C

Question 936

Report
Export
Collapse

An organization has completed a risk assessment of one of its service providers. Who should be accountable for ensuring that risk responses are implemented?

A.
IT risk practitioner
A.
IT risk practitioner
Answers
B.
Third -partf3ecurity team
B.
Third -partf3ecurity team
Answers
C.
The relationship owner
C.
The relationship owner
Answers
D.
Legal representation of the business
D.
Legal representation of the business
Answers
Suggested answer: C

Question 937

Report
Export
Collapse

Which of the following would MOST likely require a risk practitioner to update the risk register?

A.
An alert being reported by the security operations center.
A.
An alert being reported by the security operations center.
Answers
B.
Development of a project schedule for implementing a risk response
B.
Development of a project schedule for implementing a risk response
Answers
C.
Completion of a project for implementing a new control
C.
Completion of a project for implementing a new control
Answers
D.
Engagement of a third party to conduct a vulnerability scan
D.
Engagement of a third party to conduct a vulnerability scan
Answers
Suggested answer: C

Question 938

Report
Export
Collapse

An IT risk threat analysis is BEST used to establish

A.
risk scenarios
A.
risk scenarios
Answers
B.
risk maps
B.
risk maps
Answers
C.
risk appetite
C.
risk appetite
Answers
D.
risk ownership.
D.
risk ownership.
Answers
Suggested answer: A

Question 939

Report
Export
Collapse

Which of the following is a risk practitioner's MOST important responsibility in managing risk acceptance that exceeds risk tolerance?

A.
Verify authorization by senior management.
A.
Verify authorization by senior management.
Answers
B.
Increase the risk appetite to align with the current risk level
B.
Increase the risk appetite to align with the current risk level
Answers
C.
Ensure the acceptance is set to expire over lime
C.
Ensure the acceptance is set to expire over lime
Answers
D.
Update the risk response in the risk register.
D.
Update the risk response in the risk register.
Answers
Suggested answer: A

Question 940

Report
Export
Collapse

Which of the following would provide the BEST evidence of an effective internal control environment/?

A.
Risk assessment results
A.
Risk assessment results
Answers
B.
Adherence to governing policies
B.
Adherence to governing policies
Answers
C.
Regular stakeholder briefings
C.
Regular stakeholder briefings
Answers
D.
Independent audit results
D.
Independent audit results
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms