ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 95

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 941

Report
Export
Collapse

An organization is concerned that its employees may be unintentionally disclosing data through the use of social media sites. Which of the following will MOST effectively mitigate tins risk?

A.
Requiring the use of virtual private networks (VPNs)
A.
Requiring the use of virtual private networks (VPNs)
Answers
B.
Establishing a data classification policy
B.
Establishing a data classification policy
Answers
C.
Conducting user awareness training
C.
Conducting user awareness training
Answers
D.
Requiring employee agreement of the acceptable use policy
D.
Requiring employee agreement of the acceptable use policy
Answers
Suggested answer: C

Question 942

Report
Export
Collapse

Who should be responsible (of evaluating the residual risk after a compensating control has been

A.
Compliance manager
A.
Compliance manager
Answers
B.
Risk owner
B.
Risk owner
Answers
C.
Control owner
C.
Control owner
Answers
D.
Risk practitioner
D.
Risk practitioner
Answers
Suggested answer: D

Question 943

Report
Export
Collapse

A global company s business continuity plan (BCP) requires the transfer of its customer information....

event of a disaster. Which of the following should be the MOST important risk consideration?

A.
The difference In the management practices between each company
A.
The difference In the management practices between each company
Answers
B.
The cloud computing environment is shared with another company
B.
The cloud computing environment is shared with another company
Answers
C.
The lack of a service level agreement (SLA) in the vendor contract
C.
The lack of a service level agreement (SLA) in the vendor contract
Answers
D.
The organizational culture differences between each country
D.
The organizational culture differences between each country
Answers
Suggested answer: B

Question 944

Report
Export
Collapse

Which of the following is the BEST approach to mitigate the risk associated with a control deficiency?

A.
Perform a business case analysis
A.
Perform a business case analysis
Answers
B.
Implement compensating controls.
B.
Implement compensating controls.
Answers
C.
Conduct a control sell-assessment (CSA)
C.
Conduct a control sell-assessment (CSA)
Answers
D.
Build a provision for risk
D.
Build a provision for risk
Answers
Suggested answer: C

Question 945

Report
Export
Collapse

Which of the following is PRIMARILY a risk management responsibly of the first line of defense?

A.
Implementing risk treatment plans
A.
Implementing risk treatment plans
Answers
B.
Validating the status of risk mitigation efforts
B.
Validating the status of risk mitigation efforts
Answers
C.
Establishing risk policies and standards
C.
Establishing risk policies and standards
Answers
D.
Conducting independent reviews of risk assessment results
D.
Conducting independent reviews of risk assessment results
Answers
Suggested answer: C

Question 946

Report
Export
Collapse

Which of the following would be the GREATEST concern for an IT risk practitioner when an employees.....

A.
The organization's structure has not been updated
A.
The organization's structure has not been updated
Answers
B.
Unnecessary access permissions have not been removed.
B.
Unnecessary access permissions have not been removed.
Answers
C.
Company equipment has not been retained by IT
C.
Company equipment has not been retained by IT
Answers
D.
Job knowledge was not transferred to employees m the former department
D.
Job knowledge was not transferred to employees m the former department
Answers
Suggested answer: B

Question 947

Report
Export
Collapse

Which of the following is the BEST indication that key risk indicators (KRls) should be revised?

A.
A decrease in the number of critical assets covered by risk thresholds
A.
A decrease in the number of critical assets covered by risk thresholds
Answers
B.
An Increase In the number of risk threshold exceptions
B.
An Increase In the number of risk threshold exceptions
Answers
C.
An increase in the number of change events pending management review
C.
An increase in the number of change events pending management review
Answers
D.
A decrease In the number of key performance indicators (KPls)
D.
A decrease In the number of key performance indicators (KPls)
Answers
Suggested answer: B

Question 948

Report
Export
Collapse

In order to determining a risk is under-controlled the risk practitioner will need to

A.
understand the risk tolerance
A.
understand the risk tolerance
Answers
B.
monitor and evaluate IT performance
B.
monitor and evaluate IT performance
Answers
C.
identify risk management best practices
C.
identify risk management best practices
Answers
D.
determine the sufficiency of the IT risk budget
D.
determine the sufficiency of the IT risk budget
Answers
Suggested answer: A

Question 949

Report
Export
Collapse

An organization is considering the adoption of an aggressive business strategy to achieve desired growth From a risk management perspective what should the risk practitioner do NEXT?

A.
Identify new threats resorting from the new business strategy
A.
Identify new threats resorting from the new business strategy
Answers
B.
Update risk awareness training to reflect current levels of risk appetite and tolerance
B.
Update risk awareness training to reflect current levels of risk appetite and tolerance
Answers
C.
Inform the board of potential risk scenarios associated with aggressive business strategies
C.
Inform the board of potential risk scenarios associated with aggressive business strategies
Answers
D.
Increase the scale for measuring impact due to threat materialization
D.
Increase the scale for measuring impact due to threat materialization
Answers
Suggested answer: A

Question 950

Report
Export
Collapse

Which of the following practices would be MOST effective in protecting personality identifiable information (Ptl) from unauthorized access m a cloud environment?

A.
Apply data classification policy
A.
Apply data classification policy
Answers
B.
Utilize encryption with logical access controls
B.
Utilize encryption with logical access controls
Answers
C.
Require logical separation of company data
C.
Require logical separation of company data
Answers
D.
Obtain the right to audit
D.
Obtain the right to audit
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms