ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 98

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 971

Report
Export
Collapse

Which of the following is the BEST method of creating risk awareness in an organization?

A.
Marking the risk register available to project stakeholders
A.
Marking the risk register available to project stakeholders
Answers
B.
Ensuring senior management commitment to risk training
B.
Ensuring senior management commitment to risk training
Answers
C.
Providing regular communication to risk managers
C.
Providing regular communication to risk managers
Answers
D.
Appointing the risk manager from the business units
D.
Appointing the risk manager from the business units
Answers
Suggested answer: B

Question 972

Report
Export
Collapse

A bank recently incorporated Blockchain technology with the potential to impact known risk within the organization. Which of the following is the risk practitioner's BEST course of action?

A.
Determine whether risk responses are still adequate.
A.
Determine whether risk responses are still adequate.
Answers
B.
Analyze and update control assessments with the new processes.
B.
Analyze and update control assessments with the new processes.
Answers
C.
Analyze the risk and update the risk register as needed.
C.
Analyze the risk and update the risk register as needed.
Answers
D.
Conduct testing of the control that mitigate the existing risk.
D.
Conduct testing of the control that mitigate the existing risk.
Answers
Suggested answer: B

Question 973

Report
Export
Collapse

When developing risk scenario using a list of generic scenarios based on industry best practices, it is MOST imported to:

A.
Assess generic risk scenarios with business users.
A.
Assess generic risk scenarios with business users.
Answers
B.
Validate the generic risk scenarios for relevance.
B.
Validate the generic risk scenarios for relevance.
Answers
C.
Select the maximum possible risk scenarios from the list.
C.
Select the maximum possible risk scenarios from the list.
Answers
D.
Identify common threats causing generic risk scenarios
D.
Identify common threats causing generic risk scenarios
Answers
Suggested answer: B

Question 974

Report
Export
Collapse

Which of the following would be a risk practitioner's GREATEST concern with the use of a vulnerability scanning tool?

A.
Increased time to remediate vulnerabilities
A.
Increased time to remediate vulnerabilities
Answers
B.
Inaccurate reporting of results
B.
Inaccurate reporting of results
Answers
C.
Increased number of vulnerabilities
C.
Increased number of vulnerabilities
Answers
D.
Network performance degradation
D.
Network performance degradation
Answers
Suggested answer: B

Question 975

Report
Export
Collapse

Which of the following is the PRIMARY reason to perform periodic vendor risk assessments?

A.
To provide input to the organization's risk appetite
A.
To provide input to the organization's risk appetite
Answers
B.
To monitor the vendor's control effectiveness
B.
To monitor the vendor's control effectiveness
Answers
C.
To verify the vendor's ongoing financial viability
C.
To verify the vendor's ongoing financial viability
Answers
D.
To assess the vendor's risk mitigation plans
D.
To assess the vendor's risk mitigation plans
Answers
Suggested answer: B

Question 976

Report
Export
Collapse

Which of the following is the MOST important objective from a cost perspective for considering aggregated risk responses in an organization?

A.
Prioritize risk response options
A.
Prioritize risk response options
Answers
B.
Reduce likelihood.
B.
Reduce likelihood.
Answers
C.
Address more than one risk response
C.
Address more than one risk response
Answers
D.
Reduce impact
D.
Reduce impact
Answers
Suggested answer: C

Question 977

Report
Export
Collapse

Which of the following is MOST helpful in providing an overview of an organization's risk management program?

A.
Risk management treatment plan
A.
Risk management treatment plan
Answers
B.
Risk assessment results
B.
Risk assessment results
Answers
C.
Risk management framework
C.
Risk management framework
Answers
D.
Risk register
D.
Risk register
Answers
Suggested answer: C

Question 978

Report
Export
Collapse

Effective risk communication BEST benefits an organization by:

A.
helping personnel make better-informed decisions
A.
helping personnel make better-informed decisions
Answers
B.
assisting the development of a risk register.
B.
assisting the development of a risk register.
Answers
C.
improving the effectiveness of IT controls.
C.
improving the effectiveness of IT controls.
Answers
D.
increasing participation in the risk assessment process.
D.
increasing participation in the risk assessment process.
Answers
Suggested answer: A

Question 979

Report
Export
Collapse

Which of the following is the BEST control to minimize the risk associated with scope creep in software development?

A.
An established process for project change management
A.
An established process for project change management
Answers
B.
Retention of test data and results for review purposes
B.
Retention of test data and results for review purposes
Answers
C.
Business managements review of functional requirements
C.
Business managements review of functional requirements
Answers
D.
Segregation between development, test, and production
D.
Segregation between development, test, and production
Answers
Suggested answer: A

Question 980

Report
Export
Collapse

An organization has recently hired a large number of part-time employees. During the annual audit, it was discovered that many user IDs and passwords were documented in procedure manuals for use by the part-time employees. Which of the following BEST describes this situation?

A.
Threat
A.
Threat
Answers
B.
Risk
B.
Risk
Answers
C.
Vulnerability
C.
Vulnerability
Answers
D.
Policy violation
D.
Policy violation
Answers
Suggested answer: B
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms