Free Access ISACA.CRISC.v2022-05-05.q821 Practice Test (Page 74)

Question 361

An organization's HR department has implemented a policy requiring staff members to take a minimum of five consecutive days leave per year to mitigate the risk of malicious insider activities. Which of the following is the BEST key performance indicator (KPI) of the effectiveness of this policy?

A.Percentage of staff members seeking exception to the policy

B.Number of malicious activities occurring during staff members leave

C.Percentage of staff members taking leave according to the policy

D.Financial loss incurred due to malicious activities during staff members' leave

Question 362

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

A.Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.

B.Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.

C.Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

D.Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.

E.Explanation:
Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on
overall project objectives. It is performed on risk that have been prioritized through the qualitative
risk analysis process.

F.is incorrect. This is actually the definition of qualitative risk analysis.

G.is incorrect. While somewhat true, this statement does not completely define the
quantitative risk analysis process.

Question 363

An organization wants to assess the maturity of its internal control environment. The FIRST step should be to:

A.identify key process owners.

B.determine if controls are effective.

C.validate control process execution.

D.conduct a baseline assessment.

Question 364

Which of the following is a risk practitioner's BEST recommendation to address an organization's need to secure multiple systems with limited IT resources?

A.Apply available security patches.

B.Conduct a business impact analysis (BIA)

C.Schedule a penetration test.

D.Perform a vulnerability analysis.

Question 365

Which of the following is the MOST critical security consideration when an enterprise outsource its major part of IT department to a third party whose servers are in foreign company?

A.A security breach notification may get delayed due to time difference

B.The enterprise could not be able to monitor the compliance with its internal security and privacy guidelines

C.Laws and regulations of the country of origin may not be enforceable in foreign country

D.Additional network intrusion detection sensors should be installed, resulting in additional cost

E.Explanation:
Laws and regulations of the country of origin may not be enforceable in foreign country and conversely, it is also true that laws and regulations of the foreign outsourcer may also impact the enterprise. Hence violation of applicable laws may not be recognized or rectified due to lack of knowledge of the local laws.

Other Version: 3533ISACA.CRISC.v2025-07-19.q999; 6596ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12586ISACA.CRISC.v2022-08-23.q834; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 111Oracle.1z0-1196-25.v2025-09-12.q18; 110NetworkAppliance.NS0-162.v2025-09-12.q86; 151OCEG.GRCP.v2025-09-11.q211; 110HP.HPE0-V27.v2025-09-11.q78; 126Oracle.1Z0-1057-23.v2025-09-10.q47; 169Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 140SAP.C-S4EWM-2023.v2025-09-08.q83; 186TheSecOpsGroup.CNSP.v2025-09-08.q20; 283CFAInstitute.ESG-Investing.v2025-09-08.q173; 276PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 361

Question 362

Question 363

Question 364

Question 365

Download PDF File