CRISC Practice Test Questions Answers Updated 1196 Questions [Q475-Q499]

NEW QUESTION 475
Which of the following BEST enables the identification of trends in risk levels?

Correlation between risk levels and key risk indicators (KRIs) is positive.

Measurements for key risk indicators (KRIs) are repeatable

Quantitative measurements are used for key risk indicators (KRIs).

Qualitative definitions for key risk indicators (KRIs) are used.

NEW QUESTION 476
Which of the following is MOST important to consider before determining a response to a vulnerability?

The likelihood and impact of threat events

The cost to implement the risk response

Lack of data to measure threat events

Monetary value of the asset

NEW QUESTION 477
What are the functions of audit and accountability control?
Each correct answer represents a complete solution. (Choose three.)

Provides details on how to protect the audit logs

Implement effective access control

Implement an effective audit program

Provides details on how to determine what to audit

NEW QUESTION 478
Which of the following would BEST facilitate the implementation of data classification requirements?

Implementing a data toss prevention (DLP) solution

Assigning a data owner

Scheduling periodic audits

Implementing technical controls over the assets

NEW QUESTION 479
Which of the following is the MAIN benefit of involving stakeholders in the selection of key risk indicators (KRIs)?

Leveraging existing metrics

Optimizing risk treatment decisions

Obtaining buy-in from risk owners

Improving risk awareness

NEW QUESTION 480
A risk practitioner has received an updated enterprise risk management (ERM) report showing that residual risk is now within the organization’s defined appetite and tolerance levels. Which of the following is the risk practitioner’s BEST course of action?

Identify new risk entries to include in ERM.

Remove the risk entries from the ERM register.

Re-perform the risk assessment to confirm results.

Verify the adequacy of risk monitoring plans.

NEW QUESTION 481
Which of the following techniques examines the degree to which organizational strengths offset
threats and opportunities that may serve to overcome weaknesses?

SWOT Analysis

Delphi

Brainstorming

Expert Judgment

Explanation:
SWOT analysis is a strategic planning method used to evaluate the Strengths, Weaknesses, Opportunities, and Threats involved in a project or in a business venture. It involves specifying the objective of the business venture or project and identifying the internal and external factors that are favorable and unfavorable to achieving that objective.

NEW QUESTION 482
A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner’s BEST course of action when a compensating control needs to be applied?

Obtain the risk owner’s approval.

Record the risk as accepted m the risk register.

Inform senior management.

update the risk response plan.

NEW QUESTION 483
An organization is considering outsourcing user administration controls for a critical system. The potential vendor has offered to perform quarterly self-audits of its controls instead of having annual independent audits. Which of the following should be of GREATEST concern to the risk practitioner?

The vendor will not achieve best practices

The vendor will not ensure against control failure

The controls may not be properly tested

Lack of a risk-based approach to access control

NEW QUESTION 484
An organization has been experiencing an increasing number of spear phishing attacks Which of the following would be the MOST effective way to mitigate the risk associated with these attacks?

Update firewall configuration

Require strong password complexity

implement a security awareness program

Implement two-factor authentication

NEW QUESTION 485
Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails. Which of the following can BEST alleviate this issue while not sacrificing security?

Establishing e-discovery and data loss prevention (DLP)

Sending notifications when near storage quota

Implementing record retention tools and techniques

Implementing a bring your own device (BYOD) policy

NEW QUESTION 486
When performing a risk assessment of a new service to support a ewe Business process. which of the following should be done FRST10 ensure continuity of operations?

a identity conditions that may cause disruptions

Review incident response procedures

Evaluate the probability of risk events

Define metrics for restoring availability

NEW QUESTION 487
Which of the following risks is associated with not receiving the right information to the right people at the right time to allow the right action to be taken?

Relevance risk

Integrity risk

Availability risk

Access risk

Explanation:
Relevance risk is the risk associated with not receiving the right information to the right people (or
process or systems) at the right time to allow the right action to be taken.

is incorrect. The risk that confidential or private information may be disclosed or made
available to those without appropriate authority is termed as access or security risk. An aspect of
this risk is non-compliance with local, national and international laws related to privacy and
protection of personal information.

is incorrect. The risk that data cannot be relied on because they are unauthorized,
incomplete or inaccurate is termed as integrity risk.

NEW QUESTION 488
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?

Recommend the formation of an executive risk council to oversee IT risk

Provide an estimate of IT system downtime if IT risk materializes

Describe IT risk scenarios in terms of business risk

Educate business executives on IT risk concepts

NEW QUESTION 489
A large organization needs to report risk at all levels for a new centralized virtualization project to reduce cost and improve performance. Which of the following would MOST effectively represent the overall risk of the project to senior management?

Risk heat map

Centralized risk register

Aggregated key performance indicators (KPls)

Key risk indicators (KRIs)

NEW QUESTION 490
Which of the following will BEST help in communicating strategic risk priorities?

Heat map

Business impact analysis (BIA)

Balanced Scorecard

Risk register

NEW QUESTION 491
Which of the following is the MOST effective way to incorporate stakeholder concerns when developing risk scenarios?

Evaluating risk impact

Establishing key performance indicators (KPIs)

Conducting internal audits

Creating quarterly risk reports

NEW QUESTION 492
A risk practitioner observes that hardware failure incidents have been increasing over the last few months.
However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:

a root cause analysis is required

controls are effective for ensuring continuity

hardware needs to be upgraded

no action is required as there was no impact

NEW QUESTION 493
Which of the following operational risks ensures that the provision of a quality product is not overshadowed by the production costs of that product?

Information security risks

Contract and product liability risks

Project activity risks

Profitability operational risks

NEW QUESTION 494
Which of the following controls is an example of non-technical controls?

Access control

Physical security

Intrusion detection system

Encryption

NEW QUESTION 495
When preparing a risk status report for periodic review by senior management, it is MOST important to ensure the report includes:

recommendations by an independent risk assessor

a summary of incidents that have impacted the organization

a detailed view of individual risk exposures

risk exposure in business terms

NEW QUESTION 496
Which of the following BEST measures the efficiency of an incident response process?

Number of incidents escalated to management

Average time between changes and updating of escalation matrix

Average gap between actual and agreed response times

Number of incidents lacking responses

NEW QUESTION 497
WhichT5f the following is the MOST effective way to promote organization-wide awareness of data security in response to an increase in regulatory penalties for data leakage?

Enforce sanctions for noncompliance with security procedures.

Conduct organization-w>de phishing simulations.

Require training on the data handling policy.

Require regular testing of the data breach response plan.

NEW QUESTION 498
The MAIN purpose of reviewing a control after implementation is to validate that the control:

operates as intended.

is being monitored.

meets regulatory requirements.

operates efficiently.

NEW QUESTION 499
You are the project manager of your enterprise. While performing risk management, you are given a task to identify where your enterprise stand in certain practice and also to suggest the priorities for improvements. Which of the following models would you use to accomplish this task?

Capability maturity model

Decision tree model

Fishbone model

Simulation tree model

Explanation:
Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level (having nonexistent or unstructured processes) to the most mature (having adopted and optimized the use of good practices). The levels within a capability maturity model are designed to allow an enterprise to identify descriptions of its current and possible future states. In general, the purpose is to: Identify, where enterprises are in relation to certain activities or practices. Suggest how to set priorities for improvements

CRISC Practice Test Questions Answers Updated 1196 Questions [Q475-Q499]

Leave a Reply Cancel reply

CRISC Practice Tests

Related Certifications

Recent Posts

Categories

Archives