ExamGecko
Login
Home / Isaca / CRISC / List of questions
Ask Question

Isaca CRISC Practice Test - Questions Answers, Page 99

Add to Whishlist

List of questions

Question 981

Report Export Collapse

Which of the following is MOST important to update when an organization's risk appetite changes?

Become a Premium Member for full access
  Unlock Premium Member

Question 982

Report Export Collapse

The BEST key performance indicator (KPI) to measure the effectiveness of the security patching process is the percentage of patches installed:

Become a Premium Member for full access
  Unlock Premium Member

Question 983

Report Export Collapse

In order to efficiently execute a risk response action plan, it is MOST important for the emergency response team members to understand:

Become a Premium Member for full access
  Unlock Premium Member

Question 984

Report Export Collapse

Which of the following is the BEST indicator of executive management's support for IT risk mitigation efforts?

Become a Premium Member for full access
  Unlock Premium Member

Question 985

Report Export Collapse

Which of the following BEST enables risk-based decision making in support of a business continuity plan (BCP)?

Become a Premium Member for full access
  Unlock Premium Member

Question 986

Report Export Collapse

Which of the following is MOST important for senior management to review during an acquisition?

Become a Premium Member for full access
  Unlock Premium Member

Question 987

Report Export Collapse

Senior management wants to increase investment in the organization's cybersecurity program in response to changes in the external threat landscape. Which of the following would BEST help to prioritize investment efforts?

Become a Premium Member for full access
  Unlock Premium Member

Question 988

Report Export Collapse

A recent vulnerability assessment of a web-facing application revealed several weaknesses. Which of the following should be done NEXT to determine the risk exposure?

Become a Premium Member for full access
  Unlock Premium Member

Question 989

Report Export Collapse

Which of the following should be of GREATEST concern when reviewing the results of an independent control assessment to determine the effectiveness of a vendor's control environment?

Become a Premium Member for full access
  Unlock Premium Member

Question 990

Report Export Collapse

Which of the following is the MOST critical factor to consider when determining an organization's risk appetite?

Become a Premium Member for full access
  Unlock Premium Member
Total 1.573 questions
Go to page: of 158
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
An effective control environment is BEST indicated by controls that:
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization. Which of the following components of this review would provide the MOST useful information?
Which of the following is the MOST effective way to integrate business risk management with IT operations?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?