Free Access ISACA.CRISC.v2022-05-05.q821 Practice Test (Page 44)

Question 211

A risk practitioner has been asked to advise management on developing a log collection and correlation strategy. Which of the following should be the MOST important consideration when developing this strategy?

A.Ensuring the inclusion of all computing resources as log sources.

B.Ensuring time synchronization of log sources.

C.Ensuring the inclusion of external threat intelligence log sources.

D.Ensuring read-write access to all log sources

Question 212

Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?

A.Audit trails for updates and deletions

B.Encrypted storage of data

C.Links to source data

D.Check totals on data records and data fields

Question 213

Henry is the project sponsor of the JQ Project and Nancy is the project manager. Henry has asked Nancy to start the risk identification process for the project, but Nancy insists that the project team be involved in the process. Why should the project team be involved in the risk identification?

A.So that the project team can develop a sense of ownership for the risks and associated risk responsibilities.

B.So that the project manager can identify the risk owners for the risks within the project and the needed risk responses.

C.So that the project manager isn't the only person identifying the risk events within the project.

D.So that the project team and the project manager can work together to assign risk ownership.

E.Explanation:
The best answer to include the project team members is that they'll need to develop a sense of ownership for the risks and associated risk responsibilities.

F.is incorrect. While the project manager shouldn't be the only person to identify the risk events, this isn't the best answer. Answer:D is incorrect. The reason to include the project team is that the project team needs to develop a sense of ownership for the risks and associated risk responsibilities, not to assign risk ownership.

Question 214

You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re-architecture of the existing system and purchase of new integrated system. In which of the following risk
prioritization options would this case be categorized?

A.Deferrals

B.Quick win

C.Business case to be made

D.Contagious risk

E.Explanation:
This is categorized as a Business case to be made because the project cost is very large. The response to be implemented requires quite large investment. Therefore it comes under business case to be made.

Question 215

Which of the following is the way to verify control effectiveness?

A.The capability of providing notification of failure.

B.Whether it is preventive or detective.

C.Its reliability.

D.The test results of intended objectives.

Other Version: 3466ISACA.CRISC.v2025-07-19.q999; 6550ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12581ISACA.CRISC.v2022-08-23.q834; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 103Oracle.1z0-1196-25.v2025-09-12.q18; 103NetworkAppliance.NS0-162.v2025-09-12.q86; 144OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 180TheSecOpsGroup.CNSP.v2025-09-08.q20; 254CFAInstitute.ESG-Investing.v2025-09-08.q173; 238PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 211

Question 212

Question 213

Question 214

Question 215

Download PDF File