لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following statements BEST describes risk appetite? Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?
A. To allow for proper review of risk tolerance
B. To enable consistent data on risk to be obtained,
C. To provide consistent and clear terminology
D. To identify dependencies for reporting risk
عرض الإجابة
اجابة صحيحة: A

View The Updated CRISC Exam Questions

SPOTO Provides 100% Real CRISC Exam Questions for You to Pass Your CRISC Exam!

Get CRISC Practice Test
السؤال #2
When reviewing a risk response strategy, senior management's PRIMARY focus should be placed on the:
A. alignment with risk appetite
B. investment portfolio
C.
D. Chief information officer
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Which of the following would present the greatest the greatest challenge when assigning accord ability for control ownership?
A. Unclear reporting relationships
B. weak governance structures
C. complex regulatory environment
D. Senior management scrutiny
عرض الإجابة
اجابة صحيحة: A
السؤال #4
the PRIMARV benefit associated with key risk indicators (KRIs) is that they:
A. enable on going monitoring of emerging risk
B. benchmark the organization's risk profile
C. identify trends in the organization's vulnerabilities
D. help an organization identify emerging threats
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?
A. Implementation costs might increase
B. Inherent risk might not be considered
C. Risk factors might not be relevant to the organization,
D. Quantitative analysis might not be possible
عرض الإجابة
اجابة صحيحة: C
السؤال #6
The PRIMARY purpose of IT control status reporting is to:
A. facilitate the comparison of the current and desired states
B. ensure compliance with IT governance strategy
C. benchmark IT controls with industry standards
D. assist internal audit in evaluating and initiating remediation efforts
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Who should be accountable for monitoring the control environment to ensure controls are effective?
A. Risk owner
B. Security monitoring operations
C. Impacted data owner
D. System owner
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Which of the following approaches will best help to ensure the effectiveness of risk machine training?
A. migration with focus group
B. greeting modules for targeted audiences
C. Reviewing content with senior management
D. Listing reputable third-party trailing programs
عرض الإجابة
اجابة صحيحة: B
السؤال #9
The GREATEST concern when maintaining a risk register is that:
A. impacts are recorded in qualitative terms
B. IT risk is not linked with T assets
C. significant changes in risk factors are excluded
D. executive management does not perform periodic reviews
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Which of the following is MOST important for an organization that wants to reduce IT operational risk?
A. Minimizing complexity of IT infrastructure
B. Increasing the frequency of data backups
C. increasing senior management's understanding of IT operations
D. Decentralizing IT infrastructure
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Which of the following is MOST important to have in place to ensure the effectiveness of risk and security metrics reporting?
A. Organizational reporting process
B. Incident reporting procedures
C. Regularly scheduled audits
D. Incident management policy
عرض الإجابة
اجابة صحيحة: A
السؤال #12
during an IT development reorganization, the management of a risk mitigation action plan replace. the review management has begun implementing a new control after identifying a more effective option. watch of the following is the risk practitioner's best course of action?
A. seek approval from the previous action plan manager
B. Modify the action plan in the risk register
C. identify an owner for the new control
D. communicate the decision to the risk owner for approval
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Controls should be defined during the design phase of system development because;
A. A structured programming techniques require that controls be designed before coding begins
B. technical specifications are defined during this phases
C. it is more cost-effective to determine controls in the early design phase
D. structured analysis techniques exclude identification of controls
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Which of the following is the BEST way to promote adherence to the risk tolerance level set by management?
A. Avoiding risks that could materialize into substantial losses
B. Communicating external audit results
C. Defining expectations in the enterprise risk policy
D. Increasing organizational resources to mitigate risks
عرض الإجابة
اجابة صحيحة: C
السؤال #15
The PRIMARY goal of a risk management program is to:
A. help prevent operational losses
B. help ensure objectives are met
C. safeguard corporate assets
D. facilitate resource availability
عرض الإجابة
اجابة صحيحة: A
السؤال #16
An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?
A. Volume of data
B. Remote management capabilities
C. Classification of the data
D. Type of device
عرض الإجابة
اجابة صحيحة: A
السؤال #17
a risk practitioner is reviewing the status of an action plan to mitigate an emerging IT risk and finds the risk level has, increased. the best course of action would be to:
A. revise the action plan to include additional originating controls
B. Implement the planned controls and accept the remaining risk
C. suspend the current action plan in order to reassessth8rlsk
D. evaluate whether selected controls are still appropriate
عرض الإجابة
اجابة صحيحة: D
السؤال #18
which of the following will BEST ensure that information security risk factors are mitigated when developing in-house applications?
A. Identify information security controls in the requirements analysis
B. Identify key risk indicators (KRIS) as process output
C. Include information security control specifications in business cases
D. Design key performance indicators (KPIs) for security in system specifications
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Which of the following will BEST support management reporting on risk?
A. Risk policy requirements
B. A risk register
C. control self-assessment
D. Key performance indicators
عرض الإجابة
اجابة صحيحة: B
السؤال #20
The BEST metric to monitor the risk associated with changes deployed to production is the percentage of:
A. changes not requiring user acceptance testing
B. personnel that have rights to make changes in production
C. changes due to emergencies
D. changes that cause incidents
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Implementing which of the following controls would best reduce the impact of vulnerability that has been exported?
A. etergent control
B.
C. Preventive control
D. Detective control
عرض الإجابة
اجابة صحيحة: B
السؤال #22
which of the following is the best indicator of the effectiveness of IT risk management processes?
A. number of key risk indicators (KPIs) defined
B. Percentage of high-risk scenarios for which risk action plans have been developed
C. Percentage of business users completing risk training
D. Time between when lT risk scenarios are identified and the enterprise's response
عرض الإجابة
اجابة صحيحة: B
السؤال #23
All business units within an organization have the same risk response plan for creating local disaster recovery plans. In an effort to achieve cost effectiveness, the BEST course of action would be to:
A. evaluate opportunities to combine disaster recovery plans (DRPs)
B. centralize the risk response function at the enterprise level
C. outsource disaster recovery to an external provider
D. select a provider to standardize the disaster recovery plans (DRPs)
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Which of the following is MOST helpful in aligning IT risk with business objectives?
A. Introducing an approved IT governance framework
B. Performing a business impact analysis (BIA)
C. Implementing a risk classification system
D. Integrating the results of top-down risk scenario analyses
عرض الإجابة
اجابة صحيحة: B
السؤال #25
Which of the following is the MOST appropriate key risk indicator (KRI) for backup media that is recycled monthly?
A. Change in size of data backed up
B. Time required for backup restoration testing
C. Percentage of failed restore tests
D. Successful completion of backup operations
عرض الإجابة
اجابة صحيحة: C
السؤال #26
a global organization is planning to collect customer behavior data through social media advertising. which of the following is the most important business risk to be considered?
A. regulatory requirements may differ in each country
B. the data analysis may be ineffective in achieving objective
C. Data sampling may be impacted by various industry restrictions
D. Business advertising will need to be tailored by country
عرض الإجابة
اجابة صحيحة: A
السؤال #27
An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?
A. Enforce criminal background checks
B. Restrict access to customer data on a " need to know basis
C. Require vendor to sign a confidentiality agreement
D. Mask customer data fields
عرض الإجابة
اجابة صحيحة: B
السؤال #28
Which of the following BEST indicates the efficiency of a process for granting access privileges?
A. Average time to grant access privileges
B. Average number of access privilege exceptions
C. Number and type of locked obsolete accounts
D. Number of changes in access granted to users
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Prudent business practice requires that risk appetite not exceed:
A. risk tolerance
B. inherent risk
C. risk capacity
D. residual risk
عرض الإجابة
اجابة صحيحة: C
السؤال #30
which of the following the most important topic to cover in a risk awareness training program for a answer?
A. the organization is information security risk profile
B. policy compliance requirements and exceptions process
C. Internal and external information security incidents
D. The risk department's roles and responsibilities
عرض الإجابة
اجابة صحيحة: B
السؤال #31
which of the following approaches would best help to identify relevant risk scenarios?
A. engage line management in risk assessment workshops
B. escalate the situation to risk leadership
C. engage internal audit for risk assessment workshops
D. review system and process documentation
عرض الإجابة
اجابة صحيحة: A
السؤال #32
From a risk management perspective, the PRIMARY objective of using maturity models is to enable;
A. resource utilization
B. strategic alignment
C. solution delivery
D. performance evaluation
عرض الإجابة
اجابة صحيحة: B
السؤال #33
An internal audit report reveals that not all IT application databases have encryption in place, Which of the following information would be MOST important for assessing the risk impact?
A. The reason some databases have not been encrypted
B. The number of users who can access sensitive data
C. The cost required to enforce encryption
D. A list of unencrypted databases which contain sensitive data
عرض الإجابة
اجابة صحيحة: D
السؤال #34
Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability management process?
A. Percentage of vulnerabilities remediated within the agreed service level
B. Number of vulnerabilities identified during the period
C. Number of vulnerabilities re-opened during the period
D. Percentage of vulnerabilities escalated to senior management
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Which of the following is the most important topic to cover in risk awareness treating program for a staff?
A. the organization's information security risk profiles
B. policy compliance requirements and exceptions process
C. internal and external information security incidents
D. The risk department's roles and responsibilities
عرض الإجابة
اجابة صحيحة: B
السؤال #36
which of the following approaches would best help to identify relevant risk scenarios?
A. engage line management in risk assessment workshops
B. Escalate the situation to risk leadership
C. Engage internal audit for risk assessment workshops
D. Review system and process documentation
عرض الإجابة
اجابة صحيحة: A

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

Get ISACA Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.