Free ISACA CRISC Übungsprüfungen - Seite 43 von 65

Question #421

Which of the following BEST indicates the effective implementation of a risk treatment plan?

A . Inherent risk is managed within an acceptable level.
B . Residual risk is managed within appetite and tolerance.
C . Risk treatments are aligned with industry peers.
D . Key controls are identified and documented.

Lösung einblenden Lösung ausblenden

Question #422

Which of the following is MOST helpful in preventing risk events from materializing?

A . Prioritizing and tracking issues
B . Establishing key risk indicators (KRIs)
C . Reviewing and analyzing security incidents
D . Maintaining the risk register

Lösung einblenden Lösung ausblenden

Question #423

Who is the BEST person to the employee personal data?

A . Human resources (HR) manager
B . System administrator
C . Data privacy manager
D . Compliance manager

Lösung einblenden Lösung ausblenden

Question #424

A recent vulnerability assessment of a web-facing application revealed several weaknesses.

Which of the following should be done NEXT to determine the risk exposure?

A . Code review
B . Penetration test
C . Gap assessment
D . Business impact analysis (BIA)

Lösung einblenden Lösung ausblenden

Question #425

In order to determining a risk is under-controlled the risk practitioner will need to

A . understand the risk tolerance
B . monitor and evaluate IT performance
C . identify risk management best practices
D . determine the sufficiency of the IT risk budget

Lösung einblenden Lösung ausblenden

Question #426

Which of the following is the MOST reliable validation of a new control?

A . Approval of the control by senior management
B . Complete and accurate documentation of control objectives
C . Control owner attestation of control effectiveness
D . Internal audit review of control design

Lösung einblenden Lösung ausblenden

Question #427

Which of the following is the MOST important consideration when identifying stakeholders to review risk scenarios developed by a risk analyst? The reviewers are:

A . accountable for the affected processes.
B . members of senior management.
C . authorized to select risk mitigation options.
D . independent from the business operations.

Lösung einblenden Lösung ausblenden

Richtige Antwort: A
A

Explanation:

The most important consideration when identifying stakeholders to review risk scenarios developed by a risk analyst is that the reviewers are accountable for the affected processes. This is because the reviewers need to have a clear understanding of the business processes that are exposed to the risks, and the potential impact and consequences of the risk scenarios. The reviewers also need to have the authority and responsibility to implement the risk responses and monitor the risk performance. By involving the stakeholders who are accountable for the affected processes, the risk analyst can ensure that the risk scenarios are realistic, relevant, and comprehensive, and that the risk management process is aligned with the business objectives and expectations. The other options are not as important as the accountability for the affected processes, because they do not guarantee that the reviewers have the necessary knowledge, experience, and involvement in the risk management process, as explained below:

B. Members of senior management are not the most important consideration, because they may not have the detailed or operational knowledge of the business processes that are exposed to the risks, or the technical or practical aspects of the risk scenarios. Senior management may also have different or conflicting priorities or perspectives on the risk management process, which may affect the quality and validity of the review.

C. Authorized to select risk mitigation options are not the most important consideration, because they may not have the direct or regular involvement in the business processes that are exposed to the risks, or the specific or contextual understanding of the risk scenarios. The authority to select risk mitigation options may also depend on other factors, such as the risk appetite, the budget, or the organizational structure, which may limit or influence the review.

D. Independent from the business operations are not the most important consideration, because they may not have the sufficient or relevant knowledge of the business processes that are exposed to the risks, or the potential or actual impact and consequences of the risk scenarios. The independence from the business operations may also create a gap or disconnect between the risk management process and the business objectives and expectations, which may affect the effectiveness and efficiency of the review.

Reference: = Risk and Information Systems Control Study Manual, Chapter 2, Section 2.3.1, page 45. A Stakeholder Approach to Risk Management, Module 2. Project risk management: stakeholders’ risks and the project manager’s role, What Is Risk Management Scenario Analysis?

Question #428

An organization recently received an independent security audit report of its cloud service provider that indicates significant control weaknesses.

What should be done NEXT in response to this report?

A . Migrate all data to another compliant service provider.
B . Analyze the impact of the provider’s control weaknesses to the business.
C . Conduct a follow-up audit to verify the provider’s control weaknesses.
D . Review the contract to determine if penalties should be levied against the provider.

Lösung einblenden Lösung ausblenden

Question #429

Which of the following is the MOST useful information for a risk practitioner when planning response activities after risk identification?

A . Risk register
B . Risk appetite
C . Risk priorities
D . Risk heat maps

Lösung einblenden Lösung ausblenden

Question #430

Which of the following activities BEST facilitates effective risk management throughout the organization?

A . Reviewing risk-related process documentation
B . Conducting periodic risk assessments
C . Performing a business impact analysis (BIA)
D . Performing frequent audits

Lösung einblenden Lösung ausblenden