ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 96

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 951

Report
Export
Collapse

Which of the following is MOST important to the effectiveness of key performance indicators (KPIs)?

A.
Management approval
A.
Management approval
Answers
B.
Annual review
B.
Annual review
Answers
C.
Relevance
C.
Relevance
Answers
D.
Automation
D.
Automation
Answers
Suggested answer: A

Question 952

Report
Export
Collapse

Which of the following is the MOST comprehensive resource for prioritizing the implementation of information systems controls?

A.
Data classification policy
A.
Data classification policy
Answers
B.
Emerging technology trends
B.
Emerging technology trends
Answers
C.
The IT strategic plan
C.
The IT strategic plan
Answers
D.
The risk register
D.
The risk register
Answers
Suggested answer: C

Question 953

Report
Export
Collapse

Which of the following will BEST help to ensure implementation of corrective action plans?

A.
Establishing employee awareness training
A.
Establishing employee awareness training
Answers
B.
Assigning accountability to risk owners
B.
Assigning accountability to risk owners
Answers
C.
Selling target dates to complete actions
C.
Selling target dates to complete actions
Answers
D.
Contracting to third parties
D.
Contracting to third parties
Answers
Suggested answer: B

Question 954

Report
Export
Collapse

Which of the following would BEST facilitate the implementation of data classification requirements?

A.
Implementing a data toss prevention (DLP) solution
A.
Implementing a data toss prevention (DLP) solution
Answers
B.
Assigning a data owner
B.
Assigning a data owner
Answers
C.
Scheduling periodic audits
C.
Scheduling periodic audits
Answers
D.
Implementing technical controls over the assets
D.
Implementing technical controls over the assets
Answers
Suggested answer: B

Question 955

Report
Export
Collapse

Which of the following is MOST important for mitigating ethical risk when establishing accountability for control ownership?

A.
Ensuring processes are documented to enable effective control execution
A.
Ensuring processes are documented to enable effective control execution
Answers
B.
Ensuring regular risk messaging is Included in business communications from leadership
B.
Ensuring regular risk messaging is Included in business communications from leadership
Answers
C.
Ensuring schedules and deadlines for control-related deliverables are strictly monitored
C.
Ensuring schedules and deadlines for control-related deliverables are strictly monitored
Answers
D.
Ensuring performance metrics balance business goals with risk appetiie
D.
Ensuring performance metrics balance business goals with risk appetiie
Answers
Suggested answer: B

Question 956

Report
Export
Collapse

Which of the following management action will MOST likely change the likelihood rating of a risk scenario related to remote network access?

A.
Updating the organizational policy for remote access
A.
Updating the organizational policy for remote access
Answers
B.
Creating metrics to track remote connections
B.
Creating metrics to track remote connections
Answers
C.
Implementing multi-factor authentication
C.
Implementing multi-factor authentication
Answers
D.
Updating remote desktop software
D.
Updating remote desktop software
Answers
Suggested answer: A

Question 957

Report
Export
Collapse

After the implementation of internal of Things (IoT) devices, new risk scenarios were identified. What is the PRIMARY reason to report this information to risk owners?

A.
To reevaluate continued use to IoT devices
A.
To reevaluate continued use to IoT devices
Answers
B.
The add new controls to mitigate the risk
B.
The add new controls to mitigate the risk
Answers
C.
The recommend changes to the IoT policy
C.
The recommend changes to the IoT policy
Answers
D.
To confirm the impact to the risk profile
D.
To confirm the impact to the risk profile
Answers
Suggested answer: D

Question 958

Report
Export
Collapse

An organization control environment is MOST effective when:

A.
control designs are reviewed periodically
A.
control designs are reviewed periodically
Answers
B.
controls perform as intended.
B.
controls perform as intended.
Answers
C.
controls are implemented consistently.
C.
controls are implemented consistently.
Answers
D.
controls operate efficiently
D.
controls operate efficiently
Answers
Suggested answer: B

Question 959

Report
Export
Collapse

When is the BEST to identify risk associated with major project to determine a mitigation plan?

A.
Project execution phase
A.
Project execution phase
Answers
B.
Project initiation phase
B.
Project initiation phase
Answers
C.
Project closing phase
C.
Project closing phase
Answers
D.
Project planning phase
D.
Project planning phase
Answers
Suggested answer: D

Question 960

Report
Export
Collapse

The PRIMARY objective of collecting information and reviewing documentation when performing periodic risk analysis should be to:

A.
Identify new or emerging risk issues.
A.
Identify new or emerging risk issues.
Answers
B.
Satisfy audit requirements.
B.
Satisfy audit requirements.
Answers
C.
Survey and analyze historical risk data.
C.
Survey and analyze historical risk data.
Answers
D.
Understand internal and external threat agents.
D.
Understand internal and external threat agents.
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms