isaca crisc practice test

Certified in Risk and Information Systems Control

Last exam update: Dec 15 ,2024
Page 1 out of 73. Viewing questions 1-15 out of 1089

Question 1 Topic 4

Topic 4
Which of the following is MOST helpful in preventing risk events from materializing?

  • A. Maintaining the risk register
  • B. Reviewing and analyzing security incidents
  • C. Establishing key risk indicators (KRIs)
  • D. Prioritizing and tracking issues
Mark Question:
Answer:

B

User Votes:
A 3 votes
50%
B 4 votes
50%
C 6 votes
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
SowndharyaRaj
2 months, 1 week ago

Asdffgghhjjk

0

Question 2 Topic 4

Topic 4
An organization will be impacted by a new data privacy regulation due to the location of its production facilities. What action
should the risk practitioner take when evaluating the new regulation?

  • A. Perform an analysis of the new regulation to ensure current risk is identified.
  • B. Evaluate if the existing risk responses to the previous regulation are still adequate.
  • C. Assess the validity and perform update testing on data privacy controls.
  • D. Develop internal control assessments over data privacy for the new regulation.
Mark Question:
Answer:

A

User Votes:
A 5 votes
50%
B 2 votes
50%
C 2 votes
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3 Topic 4

Topic 4
An organization has provided legal text explaining the rights and expected behavior of users accessing a system from
geographic locations that have strong privacy regulations. Which of the following control types has been applied?

  • A. Detective
  • B. Preventive
  • C. Compensating
  • D. Directive
Mark Question:
Answer:

D

User Votes:
A
50%
B 4 votes
50%
C
50%
D 5 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4 Topic 4

Topic 4
Which of the following would present the MOST significant risk to an organization when updating the incident response plan?

  • A. Undefined assignment of responsibility
  • B. Obsolete response documentation
  • C. Increased stakeholder turnover
  • D. Failure to audit third-party providers
Mark Question:
Answer:

A

User Votes:
A 7 votes
50%
B 1 votes
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5 Topic 4

Topic 4
A recent risk workshop has identified risk owners and responses for newly identified risk scenarios. Which of the following
should be the risk practitioner's NEXT step?

  • A. Identify resources for implementing responses.
  • B. Prepare a business case for the response options.
  • C. Update the risk register with the results.
  • D. Develop a mechanism for monitoring residual risk.
Mark Question:
Answer:

C

User Votes:
A
50%
B 4 votes
50%
C 4 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6 Topic 4

Topic 4
Which of the following BEST helps to identify significant events that could impact an organization?

  • A. Vulnerability analysis
  • B. Scenario analysis
  • C. Heat map analysis
  • D. Control analysis
Mark Question:
Answer:

A

User Votes:
A 3 votes
50%
B 3 votes
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7 Topic 4

Topic 4
A risk practitioner is presenting the risk profile to management, indicating an increase in the number of successful network
attacks. This information would be MOST helpful to:

  • A. determine the availability of network resources.
  • B. justify additional controls.
  • C. justify investing in a log collection system.
  • D. determine the frequency of monitoring.
Mark Question:
Answer:

B

User Votes:
A
50%
B 6 votes
50%
C 2 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8 Topic 4

Topic 4
Which of the following MOST effectively limits the impact of a ransomware attack?

  • A. End user training
  • B. Cyber insurance
  • C. Data backups
  • D. Cryptocurrency reserve
Mark Question:
Answer:

A

User Votes:
A 3 votes
50%
B 2 votes
50%
C 4 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9 Topic 4

Topic 4
A company has recently acquired a customer relationship management (CRM) application from a certified software vendor.
Which of the following will BEST help to prevent technical vulnerabilities from being exploited?

  • A. Verify the software agreement indemnifies the company from losses.
  • B. Update the software with the latest patches and updates.
  • C. Review the source code and error reporting of the application.
  • D. Implement code reviews and quality assurance on a regular basis.
Mark Question:
Answer:

B

User Votes:
A 1 votes
50%
B 6 votes
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10 Topic 4

Topic 4
A risk practitioner has been asked to evaluate the adoption of a third-party blockchain integration platform based on the
value added by the platform and the organization's risk appetite. Which of the following is the risk practitioners BEST course
of action?

  • A. Update the risk register with the process changes.
  • B. Review risk related to standards and regulations.
  • C. Conduct a risk assessment with stakeholders.
  • D. Conduct third-party resilience tests.
Mark Question:
Answer:

C

User Votes:
A 1 votes
50%
B 2 votes
50%
C 4 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11 Topic 4

Topic 4
The PRIMARY reason for prioritizing risk scenarios is to:

  • A. facilitate risk response decisions.
  • B. support risk response tracking.
  • C. assign risk ownership.
  • D. provide an enterprise-wide view of risk.
Mark Question:
Answer:

A

User Votes:
A 4 votes
50%
B
50%
C 3 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12 Topic 4

Topic 4
A third-party vendor has offered to perform user access provisioning and termination. Which of the following control
accountabilities is BEST retained within the organization?

  • A. Reviewing access control lists
  • B. Performing user access recertification
  • C. Authorizing user access requests
  • D. Terminating inactive user access
Mark Question:
Answer:

C

User Votes:
A 2 votes
50%
B 2 votes
50%
C 5 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13 Topic 4

Topic 4
In order to determine if a risk is under-controlled, the risk practitioner will need to:

  • A. determine the sufficiency of the IT risk budget
  • B. monitor and evaluate IT performance
  • C. identify risk management best practices
  • D. understand the risk tolerance
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D 8 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14 Topic 4

Topic 4
Which of the following is the BEST way to quantify the likelihood of risk materialization?

  • A. Balanced scorecard
  • B. Business impact analysis (BIA)
  • C. Threat and vulnerability assessment
  • D. Compliance assessments
Mark Question:
Answer:

C

User Votes:
A 1 votes
50%
B 1 votes
50%
C 7 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 4

Topic 4
Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?

  • A. Ensuring that risk and control assessments consider fraud
  • B. Implementing processes to detect and deter fraud
  • C. Providing oversight of risk management processes
  • D. Monitoring the results of actions taken to mitigate fraud
Mark Question:
Answer:

B

User Votes:
A 2 votes
50%
B 6 votes
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2