Free Access ISACA.CRISC.v2022-05-05.q821 Practice Test (Page 64)

Question 311

A program manager has completed an unsuccessful disaster recovery test. Which of the following should the risk practitioner recommend as the NEXT course of action?

A.Prioritize issues noted during the testing window

B.Identify what additional controls are needed

C.Communicate test results to management

D.Update the business impact analysis (BIA)

Question 312

Which of the following is the MOST critical security consideration when an enterprise outsource its major part of IT department to a third party whose servers are in foreign company?

A.A security breach notification may get delayed due to time difference

B.The enterprise could not be able to monitor the compliance with its internal security and privacy guidelines

C.Laws and regulations of the country of origin may not be enforceable in foreign country

D.Additional network intrusion detection sensors should be installed, resulting in additional cost

Question 313

Malicious code protection is which type control?

A.Configuration management control

B.System and information integrity control

C.Media protection control

D.Personal security control

E.Explanation:
Malware, short for malicious software, is software designed to disrupt computer operation, gather
sensitive information, or gain unauthorized access to computer systems. As malicious code
protection lists steps to protect against malware, it preserves the information integrity of the
enterprise.
Hence Malicious code protection is System and information integrity control. This family of controls
provides information to maintain the integrity of systems and data.

F.is incorrect. Malicious code protection is not a Personal security control.
The Personal security control is a family of controls including aspects of personnel security. It
includes personnel screening, termination, and transfer.

G.is incorrect. Malicious code protection is not a Configuration management control.
Configuration management control is the family of controls that addresses both configuration
management and change management. Change control practices prevent unauthorized changes.

Question 314

An organization is making significant changes to an application. At what point should the application risk profile be updated?

A.When reviewing functional requirements

B.During backlog scheduling

C.Upon release to production

D.After user acceptance testing (UAT)

Question 315

After the implementation of internal of Things (IoT) devices, new risk scenarios were identified. What is the PRIMARY reason to report this information to risk owners?

A.To reevaluate continued use to IoT devices

B.The add new controls to mitigate the risk

C.To confirm the impact to the risk profile

D.The recommend changes to the IoT policy

Other Version: 3513ISACA.CRISC.v2025-07-19.q999; 6582ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12586ISACA.CRISC.v2022-08-23.q834; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 108Oracle.1z0-1196-25.v2025-09-12.q18; 109NetworkAppliance.NS0-162.v2025-09-12.q86; 150OCEG.GRCP.v2025-09-11.q211; 110HP.HPE0-V27.v2025-09-11.q78; 125Oracle.1Z0-1057-23.v2025-09-10.q47; 167Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 140SAP.C-S4EWM-2023.v2025-09-08.q83; 184TheSecOpsGroup.CNSP.v2025-09-08.q20; 278CFAInstitute.ESG-Investing.v2025-09-08.q173; 261PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 311

Question 312

Question 313

Question 314

Question 315

Download PDF File