ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 97

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 961

Report
Export
Collapse

An organization is analyzing the risk of shadow IT usage. Which of the following is the MOST important input into the assessment?

A.
Business benefits of shadow IT
A.
Business benefits of shadow IT
Answers
B.
Application-related expresses
B.
Application-related expresses
Answers
C.
Classification of the data
C.
Classification of the data
Answers
D.
Volume of data
D.
Volume of data
Answers
Suggested answer: A

Question 962

Report
Export
Collapse

Which of the following would be a risk practitioner's BEST recommendation upon learning of an updated cybersecurity regulation that could impact the organization?

A.
Perform a gap analysis
A.
Perform a gap analysis
Answers
B.
Conduct system testing
B.
Conduct system testing
Answers
C.
Implement compensating controls
C.
Implement compensating controls
Answers
D.
Update security policies
D.
Update security policies
Answers
Suggested answer: A

Question 963

Report
Export
Collapse

It is MOST important that security controls for a new system be documented in:

A.
testing requirements
A.
testing requirements
Answers
B.
the implementation plan.
B.
the implementation plan.
Answers
C.
System requirements
C.
System requirements
Answers
D.
The security policy
D.
The security policy
Answers
Suggested answer: C

Question 964

Report
Export
Collapse

An organization is planning to move its application infrastructure from on-premises to the cloud. Which of the following is the BEST course of the actin to address the risk associated with data transfer if the relationship is terminated with the vendor?

A.
Meet with the business leaders to ensure the classification of their transferred data is in place
A.
Meet with the business leaders to ensure the classification of their transferred data is in place
Answers
B.
Ensure the language in the contract explicitly states who is accountable for each step of the data transfer process
B.
Ensure the language in the contract explicitly states who is accountable for each step of the data transfer process
Answers
C.
Collect requirements for the environment to ensure the infrastructure as a service (IaaS) is configured appropriately.
C.
Collect requirements for the environment to ensure the infrastructure as a service (IaaS) is configured appropriately.
Answers
D.
Work closely with the information security officer to ensure the company has the proper security controls in place.
D.
Work closely with the information security officer to ensure the company has the proper security controls in place.
Answers
Suggested answer: B

Question 965

Report
Export
Collapse

Which of the following would be the result of a significant increase in the motivation of a malicious threat actor?

A.
Increase in mitigating control costs
A.
Increase in mitigating control costs
Answers
B.
Increase in risk event impact
B.
Increase in risk event impact
Answers
C.
Increase in risk event likelihood
C.
Increase in risk event likelihood
Answers
D.
Increase in cybersecurity premium
D.
Increase in cybersecurity premium
Answers
Suggested answer: C

Question 966

Report
Export
Collapse

Which of the following would BEST facilitate the implementation of data classification requirements?

A.
Assigning a data owner
A.
Assigning a data owner
Answers
B.
Implementing technical control over the assets
B.
Implementing technical control over the assets
Answers
C.
Implementing a data loss prevention (DLP) solution
C.
Implementing a data loss prevention (DLP) solution
Answers
D.
Scheduling periodic audits
D.
Scheduling periodic audits
Answers
Suggested answer: A

Question 967

Report
Export
Collapse

Which of the following sources is MOST relevant to reference when updating security awareness training materials?

A.
Risk management framework
A.
Risk management framework
Answers
B.
Risk register
B.
Risk register
Answers
C.
Global security standards
C.
Global security standards
Answers
D.
Recent security incidents reported by competitors
D.
Recent security incidents reported by competitors
Answers
Suggested answer: B

Question 968

Report
Export
Collapse

Which of the following should be of MOST concern to a risk practitioner reviewing an organization risk register after the completion of a series of risk assessments?

A.
Several risk action plans have missed target completion dates.
A.
Several risk action plans have missed target completion dates.
Answers
B.
Senior management has accepted more risk than usual.
B.
Senior management has accepted more risk than usual.
Answers
C.
Risk associated with many assets is only expressed in qualitative terms.
C.
Risk associated with many assets is only expressed in qualitative terms.
Answers
D.
Many risk scenarios are owned by the same senior manager.
D.
Many risk scenarios are owned by the same senior manager.
Answers
Suggested answer: A

Question 969

Report
Export
Collapse

When documenting a risk response, which of the following provides the STRONGEST evidence to support the decision?

A.
Verbal majority acceptance of risk by committee
A.
Verbal majority acceptance of risk by committee
Answers
B.
List of compensating controls
B.
List of compensating controls
Answers
C.
IT audit follow-up responses
C.
IT audit follow-up responses
Answers
D.
A memo indicating risk acceptance
D.
A memo indicating risk acceptance
Answers
Suggested answer: C

Question 970

Report
Export
Collapse

Which of the following would MOST effectively reduce risk associated with an increase of online transactions on a retailer website?

A.
Scalable infrastructure
A.
Scalable infrastructure
Answers
B.
A hot backup site
B.
A hot backup site
Answers
C.
Transaction limits
C.
Transaction limits
Answers
D.
Website activity monitoring
D.
Website activity monitoring
Answers
Suggested answer: C
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms