Free Access ISACA.CRISC.v2022-05-05.q821 Practice Test (Page 138)

Question 681

Which of the following is MOST appropriate method to evaluate the potential impact of legal, regulatory, and contractual requirements on business objectives?

A.Communication with business process stakeholders

B.Compliance-oriented business impact analysis

C.Compliance-oriented gap analysis

D.Mapping of compliance requirements to policies and procedures

E.Explanation:
A compliance-oriented BIA will identify all the compliance requirements to which the enterprise has
to align and their impacts on business objectives and activities. It is a discovery process meant to
uncover the inner workings of any process. Hence it will also evaluate the potential impact of legal,
regulatory, and contractual requirements on business objectives.

F.is incorrect. Mapping of compliance requirements to policies and procedures will
identify only the way the compliance is achieved but not the business impact.

G.is incorrect. Communication with business process stakeholders is done so as to
identify the business objectives, but it does not help in identifying impacts.

Question 682

An organization is unable to implement a multi-factor authentication requirement until the next fiscal year due to budget constraints. Consequently, a policy exception must be submitted. Which of the following is MOST important to include in the analysis of the exception?

A.Industry best practices with respect to implementation of the proposed control

B.Budget justification to implement the new requirement during the current year

C.Risk associated with the inability to implement the requirement

D.Sections of the policy that may justify not implementing the requirement

Question 683

Mitigating technology risk to acceptable levels should be based PRIMARILY upon:

A.business process requirements.

B.organizational risk appetite.

C.business sector best practices.

D.availability of automated solutions.

Question 684

Harry is the project manager of HDW project. He has identified a risk that could injure project team members.
He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?

A.Transference

B.Mitigation

C.Acceptance

D.Avoidance

Question 685

What is the PRIMARY purpose of a business impact analysis (BIA)?

A.To determine the likelihood and impact of threats to business operations

B.To identify important business processes in the organization

C.To estimate resource requirements for related business processes

D.To evaluate the priority of business operations in case of disruption

Other Version: 3403ISACA.CRISC.v2025-07-19.q999; 6510ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12566ISACA.CRISC.v2022-08-23.q834; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 105HP.HPE0-V27.v2025-09-11.q78; 119Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 133SAP.C-S4EWM-2023.v2025-09-08.q83; 168TheSecOpsGroup.CNSP.v2025-09-08.q20; 235CFAInstitute.ESG-Investing.v2025-09-08.q173; 216PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 154Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 681

Question 682

Question 683

Question 684

Question 685

Download PDF File