Free ISACA CRISC Übungsprüfungen - Seite 32 von 65

Question #311

Which of the following should a risk practitioner do FIRST to support the implementation of governance around organizational assets within an enterprise risk management (ERM) program?

A . Develop a detailed risk profile.
B . Hire experienced and knowledgeable resources.
C . Schedule internal audits across the business.
D . Conduct risk assessments across the business.

Lösung einblenden Lösung ausblenden

Question #312

Which of the following is the MOST important reason to validate that risk responses have been executed as outlined in the risk response plan“

A . To ensure completion of the risk assessment cycle
B . To ensure controls arc operating effectively
C . To ensure residual risk Is at an acceptable level
D . To ensure control costs do not exceed benefits

Lösung einblenden Lösung ausblenden

Question #313

An organization has implemented a policy requiring staff members to take a minimum of five consecutive days‘ leave per year to mitigate the risk of malicious insider activities.

Which of the following is the BEST key performance indicator (KPI) of the effectiveness of this policy?

A . Financial loss incurred due to malicious activities since policy implementation
B . Average number of consecutive days of leave per staff member
C . Number of suspected malicious activities reported since policy implementation
D . Percentage of staff turnover following five consecutive days of leave

Lösung einblenden Lösung ausblenden

Question #314

Which of the following is the BEST approach for selecting controls to minimize risk?

A . Industry best practice review
B . Risk assessment
C . Cost-benefit analysis
D . Control-effectiveness evaluation

Lösung einblenden Lösung ausblenden

Question #315

Which of the following BEST protects organizational data within a production cloud environment?

A . Data encryption
B . Continuous log monitoring
C . Right to audit
D . Data obfuscation

Lösung einblenden Lösung ausblenden

Question #316

Which of the following would MOST likely result in updates to an IT risk appetite statement?

A . External audit findings
B . Feedback from focus groups
C . Self-assessment reports
D . Changes in senior management

Lösung einblenden Lösung ausblenden

Question #317

The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:

A . resources to monitor backups
B . restoration monitoring reports
C . backup recovery requests
D . recurring restore failures

Lösung einblenden Lösung ausblenden

Richtige Antwort: D
D

Explanation:

The number of recurring restore failures is the best key performance indicator (KPI) to measure the effectiveness of a backup process, as it helps to evaluate the reliability and quality of the backup data and the backup system. A backup process is a process of creating and storing copies of data or systems to enable recovery in case of data loss, corruption, or disaster. A restore process is a process of retrieving and restoring the backup data or systems to the original or alternative location or state. A restore failure is an event that occurs when the restore process fails to complete successfully or correctly, due to various reasons, such as corrupted or missing backup data, incompatible or outdated backup system, or insufficient or unavailable resources. A recurring restore failure is a restore failure that happens repeatedly or frequently, indicating a persistent or systemic problem with the backup process.

The number of recurring restore failures helps to measure the effectiveness of the backup process by providing the following benefits:

It indicates the extent and magnitude of the backup process performance and quality issues, and the impact and severity of the backup process failures on the data or system availability and integrity.

It identifies and analyzes the root causes and contributing factors of the backup process failures, and the gaps or weaknesses in the backup process design, implementation, operation, or monitoring.

It provides feedback and learning opportunities for the backup process improvement and enhancement, and guides the development and implementation of corrective or preventive actions. It communicates and reports the backup process status and results to the relevant stakeholders, and supports the alignment of the backup process with the organizational strategy and objectives.

The other options are not the best key performance indicators (KPIs) to measure the effectiveness of a backup process. The number of resources to monitor backups is a measure of the inputs or costs of the backup process, but it does not indicate the outputs or benefits of the backup process. The number of restoration monitoring reports is a measure of the documentation or communication of the backup process, but it does not reflect the actual or potential performance or quality of the backup process. The number of backup recovery requests is a measure of the demand or frequency of the backup process, but it does not evaluate the reliability or quality of the backup process.

Reference: = 12 Process KPIs to Monitor Process Performance in 2024 – AIMultiple, IT Risk

Resources | ISACA, Mastering RTO and RPO in Backup Strategies: A Key to Data Recovery Success

Question #318

Which of the following would be considered a vulnerability?

A . Delayed removal of employee access
B . Authorized administrative access to HR files
C . Corruption of files due to malware
D . Server downtime due to a denial of service (DoS) attack

Lösung einblenden Lösung ausblenden

Question #319

Which of the following will BEST help an organization select a recovery strategy for critical systems?

A . Review the business impact analysis.
B . Create a business continuity plan.
C . Analyze previous disaster recovery reports.
D . Conduct a root cause analysis.

Lösung einblenden Lösung ausblenden

Question #320

It is MOST appropriate for changes to be promoted to production after they are:

A . communicated to business management
B . tested by business owners.
C . approved by the business owner.
D . initiated by business users.

Lösung einblenden Lösung ausblenden

Richtige Antwort: C
C

Explanation:

The most appropriate time for changes to be promoted to production is after they are approved by the business owner, who is the individual or group that is accountable and responsible for the business objectives and requirements that are supported or affected by the changes. The approval by the business owner ensures that the changes are aligned and compatible with the business objectives and requirements, and that they provide the expected or desired outcomes or benefits for the business.

The other options are not the most appropriate times for changes to be promoted to production, because they do not ensure that the changes are aligned and compatible with the business objectives and requirements, and that they provide the expected or desired outcomes or benefits for the business.

Communicating the changes to business management means informing or reporting the changes to the senior management or executives that oversee or direct the business activities or functions. Communicating the changes to business management is important for ensuring the awareness and support of the business management, but it is not the most appropriate time for changes to be promoted to production, because it does not indicate whether the changes are approved or authorized by the business owner, who is accountable and responsible for the business objectives and requirements.

Testing the changes by business owners means verifying and validating the functionality and usability of the changes, using the input and feedback from the business owners. Testing the changes by business owners is important for ensuring the quality and performance of the changes, but it is not the most appropriate time for changes to be promoted to production, because it does not indicate whether the changes are approved or authorized by the business owner, who is accountable and responsible for the business objectives and requirements.

Initiating the changes by business users means requesting or proposing the changes by the end users or customers that interact with the information systems and resources that are affected by the changes. Initiating the changes by business users is important for ensuring the relevance and appropriateness of the changes, but it is not the most appropriate time for changes to be promoted to production, because it does not indicate whether the changes are approved or authorized by the business owner, who is accountable and responsible for the business objectives and requirements.

Reference: = ISACA, CRISC Review Manual, 7th Edition, 2022, pp. 40-41, 47-48, 54-55, 58-59, 62-63 ISACA, CRISC Review Questions, Answers & Explanations Database, 2022, QID 194 CRISC Practice Quiz and Exam Prep