ExamGecko
Search Search Login
Home Home / Isaca / CRISC

Isaca CRISC Practice Test - Questions Answers, Page 99

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
Which of the following BEST confirms the existence and operating effectiveness of information systems controls?
During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
To define the risk management strategy which of the following MUST be set by the board of directors?
An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?
When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

Question 981

Report
Export
Collapse

Which of the following is MOST important to update when an organization's risk appetite changes?

A.
Key risk indicators (KRIs)
A.
Key risk indicators (KRIs)
Answers
B.
Risk reporting methodology
B.
Risk reporting methodology
Answers
C.
Key performance indicators (KPIs)
C.
Key performance indicators (KPIs)
Answers
D.
Risk taxonomy
D.
Risk taxonomy
Answers
Suggested answer: A

Question 982

Report
Export
Collapse

The BEST key performance indicator (KPI) to measure the effectiveness of the security patching process is the percentage of patches installed:

A.
by the security administration team.
A.
by the security administration team.
Answers
B.
successfully within the expected time frame.
B.
successfully within the expected time frame.
Answers
C.
successfully during the first attempt.
C.
successfully during the first attempt.
Answers
D.
without causing an unplanned system outage.
D.
without causing an unplanned system outage.
Answers
Suggested answer: B

Question 983

Report
Export
Collapse

In order to efficiently execute a risk response action plan, it is MOST important for the emergency response team members to understand:

A.
system architecture in target areas.
A.
system architecture in target areas.
Answers
B.
IT management policies and procedures.
B.
IT management policies and procedures.
Answers
C.
business objectives of the organization.
C.
business objectives of the organization.
Answers
D.
defined roles and responsibilities.
D.
defined roles and responsibilities.
Answers
Suggested answer: D

Question 984

Report
Export
Collapse

Which of the following is the BEST indicator of executive management's support for IT risk mitigation efforts?

A.
The number of stakeholders involved in IT risk identification workshops
A.
The number of stakeholders involved in IT risk identification workshops
Answers
B.
The percentage of corporate budget allocated to IT risk activities
B.
The percentage of corporate budget allocated to IT risk activities
Answers
C.
The percentage of incidents presented to the board
C.
The percentage of incidents presented to the board
Answers
D.
The number of executives attending IT security awareness training
D.
The number of executives attending IT security awareness training
Answers
Suggested answer: B

Question 985

Report
Export
Collapse

Which of the following BEST enables risk-based decision making in support of a business continuity plan (BCP)?

A.
Impact analysis
A.
Impact analysis
Answers
B.
Control analysis
B.
Control analysis
Answers
C.
Root cause analysis
C.
Root cause analysis
Answers
D.
Threat analysis
D.
Threat analysis
Answers
Suggested answer: A

Question 986

Report
Export
Collapse

Which of the following is MOST important for senior management to review during an acquisition?

A.
Risk appetite and tolerance
A.
Risk appetite and tolerance
Answers
B.
Risk framework and methodology
B.
Risk framework and methodology
Answers
C.
Key risk indicator (KRI) thresholds
C.
Key risk indicator (KRI) thresholds
Answers
D.
Risk communication plan
D.
Risk communication plan
Answers
Suggested answer: A

Question 987

Report
Export
Collapse

Senior management wants to increase investment in the organization's cybersecurity program in response to changes in the external threat landscape. Which of the following would BEST help to prioritize investment efforts?

A.
Analyzing cyber intelligence reports
A.
Analyzing cyber intelligence reports
Answers
B.
Engaging independent cybersecurity consultants
B.
Engaging independent cybersecurity consultants
Answers
C.
Increasing the frequency of updates to the risk register
C.
Increasing the frequency of updates to the risk register
Answers
D.
Reviewing the outcome of the latest security risk assessment
D.
Reviewing the outcome of the latest security risk assessment
Answers
Suggested answer: D

Question 988

Report
Export
Collapse

A recent vulnerability assessment of a web-facing application revealed several weaknesses. Which of the following should be done NEXT to determine the risk exposure?

A.
Code review
A.
Code review
Answers
B.
Penetration test
B.
Penetration test
Answers
C.
Gap assessment
C.
Gap assessment
Answers
D.
Business impact analysis (BIA)
D.
Business impact analysis (BIA)
Answers
Suggested answer: B

Question 989

Report
Export
Collapse

Which of the following should be of GREATEST concern when reviewing the results of an independent control assessment to determine the effectiveness of a vendor's control environment?

A.
The report was provided directly from the vendor.
A.
The report was provided directly from the vendor.
Answers
B.
The risk associated with multiple control gaps was accepted.
B.
The risk associated with multiple control gaps was accepted.
Answers
C.
The control owners disagreed with the auditor's recommendations.
C.
The control owners disagreed with the auditor's recommendations.
Answers
D.
The controls had recurring noncompliance.
D.
The controls had recurring noncompliance.
Answers
Suggested answer: A

Question 990

Report
Export
Collapse

Which of the following is the MOST critical factor to consider when determining an organization's risk appetite?

A.
Fiscal management practices
A.
Fiscal management practices
Answers
B.
Business maturity
B.
Business maturity
Answers
C.
Budget for implementing security
C.
Budget for implementing security
Answers
D.
Management culture
D.
Management culture
Answers
Suggested answer: D
Total 1.200 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms