Crisc review questions - Study guides, Class notes & Summaries

CRISC TOPIC 1 EXAM QUESTIONS AND ANSWERS 2023 Question #:6 - (Exam Topic 1) A risk practitioner is assisting with the preparation of a report on the organization s disaster recovery (DR) capabilities. Which information would have the MOST impact on the overall recovery profile? A. The percentage of systems meeting recovery target times has increased. B. The number of systems tested in the last year has increased. C. The number of systems requiring a recovery plan has increased. D. The pe...

CRISC IS QUESTIONS AND ANSWERS 2023 Handbook may violate local laws/regulations An enterprise expanded its operations into Europe, Asia, Latin America. Enterprise has employee handbook that was updated 3 years ago. What is the biggest concern? It is the utmost importance to assign risk to individual owners to maximize accountability Which of the following is the most important for effective risk management. Validating the companies policies to providers contract When requesting...

CRISC EXAM TOPIC 2 LONG Questions and Answers 2023 Question #:2 - (Exam Topic 2) A recent audit identified high-risk issues in a business unit though a previous control self-assessment (CSA) had good results. Which of the following is the MOST likely reason for the difference? A. The audit had a broader scope than the CSA. B. The CSA was not sample-based. C. The CSA did not test control effectiveness. D. The CSA was compliance-based, while the audit was risk-based. D. The CSA was compli...

CRISC 51-100 topic3 Questions and Answers 2023 Question #:51 - (Exam Topic 3) During a risk treatment plan review, a risk practitioner finds the approved risk action plan has not been completed However, there were other risk mitigation actions implemented. Which of the fallowing is the BEST course of action? A. Review the cost-benefit of mitigating controls. B. Mark the risk status as unresolved within the risk register. C. Verify the sufficiency of mitigating controls with the risk owner. ...

CRISC Q&A Domain 2 Questions and Answers 2023 Which of the following uses risk scenarios when estimating the likelihood and impact of significant risk to the organization? A. An IT audit B. A security gap analysis C. A threat and vulnerability assessment D. An IT security assessment C is the correct answer. Justification: A. An IT audit typically uses technical evaluation tools or assessment methodologies to enumerate risk. B. A security gap analysis typically uses technical evaluat...

CRISC 351-400 topic3 Questions and Answers 2023 Question #:351 - (Exam Topic 3) When is the BEST to identify risk associated with major project to determine a mitigation plan? A. Project execution phase B. Project initiation phase C. Project closing phase D. Project planning phase D. Project planning phase Question #:352 - (Exam Topic 3) Of the following, who is BEST suited to assist a risk practitioner in developing a relevant set of risk scenarios? A. Internal auditor B. Asset...

CRISC Exam Guide - Chapter 2- Threats and Vulnerabilities Questions and Answers 2023 Threat assessment Develops a comprehensive list of all the possible threats to an asset, organization, or business process. Vulnerability assessment Looks at asset, processes, or other element in an organization and determines its weaknesses. For a negative event or action to materialize and cause risk to an organization or system, what other factor must be present? Vulnerability Which o...

CRISC Questions and Answerers 2023 RISK MANAGEMENT is... the coordinated activities to direct and control an enterprise with regard to risk Risk Management starts with Understanding the organization which serves the environment or context in which it operates. Assessing an organization's context (environment) includes Evaluating the intent and capability of threats The relative value of, and trust required in, assets (or resources) The respective relationship of vulnerabilit...

Class 10 Information Systems Auditing Exam 31 Questions with Verified Answers ISACA - CORRECT ANSWER - Information Systems Audit and Control Association •Founded 1969. •An independent, nonprofit, global association that engages in the development, adoption and use of globally accepted, industry leading knowledge and practices for information systems •Provides practical guidance, benchmarks and tools for enterprises that use information systems •It defines the role of governance, s...

CRISC Test Bank 1 240 Questions and Answers 2023 Q1 Which section of the Sarbanes-Oxley Act specifies "Periodic financial reports must be certified by CEO and CFO"? A. Section 302 B. Section 404 C. Section 203 D. Section 409 Correct Answer: A Section: Volume A Explanation Section 302 of the Sarbanes-Oxley Act requires corporate responsibility for financial reports to be certified by CEO, CFO, or designated representative. Incorrect Answers: B: Section 404 of the Sarba...