Free Access ISACA.CRISC.v2022-05-05.q821 Practice Test (Page 40)

Question 191

Upon learning that the number of failed back-up attempts continually exceeds the current risk threshold, the risk practitioner should:

A.keep monitoring the situation as there is evidence that this is normal

B.adjust the risk threshold to better reflect actual performance

C.initiate corrective action to address the known deficiency

D.inquire about the status of any planned corrective actions

Question 192

Which of the following should be PRIMARILY considered while designing information systems controls?

A.The IT strategic plan

B.The existing IT environment

C.The organizational strategic plan

D.The present IT budget

E.Explanation:
Review of the enterprise's strategic plan is the first step in designing effective IS controls that
would fit the enterprise's long-term plans.

F.is incorrect. Review of the existing IT environment is also useful and necessary but is
not the first step that needs to be undertaken.

Question 193

While considering entity-based risks, which dimension of the COSO ERM framework is being referred?

A.Organizational levels

B.Risk components

C.Strategic objectives

D.Risk objectives

Question 194

An organization's risk tolerance should be defined and approved by which of the following?

A.The board of directors

B.The chief executive officer (CEO)

C.The chief risk officer (CRO)

D.The chief information officer (CIO)

Question 195

Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

A.Gather scenarios from senior management

B.Derive scenarios from IT risk policies and standards

C.Benchmark scenarios against industry peers

D.Map scenarios to a recognized risk management framework

Other Version: 3455ISACA.CRISC.v2025-07-19.q999; 6539ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12578ISACA.CRISC.v2022-08-23.q834; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 240CFAInstitute.ESG-Investing.v2025-09-08.q173; 235PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 159Salesforce.Data-Architect.v2025-09-05.q216; 153Adobe.AD0-E605.v2025-09-05.q50

Question 191

Question 192

Question 193

Question 194

Question 195

Download PDF File