Free Access ISACA.CRISC.v2022-08-23.q834 Practice Test (Page 17)

Question 76

Which of the following would provide the BEST evidence of an effective internal control environment/?

A.Adherence to governing policies

B.Regular stakeholder briefings

C.Independent audit results

D.Risk assessment results

Question 77

An organization discovers significant vulnerabilities in a recently purchased commercial off-the-shelf software product which will not be corrected until the next release. Which of the following is the risk manager's BEST course of action?

A.Require the vendor to correct significant vulnerabilities prior to installation.

B.Review software license to determine the vendor's responsibility regarding vulnerabilities.

C.Review the risk of implementing versus postponing with stakeholders.

D.Run vulnerability testing tools to independently verify the vulnerabilities.

Question 78

An organization has outsourced its IT security management function to an external service provider. The BEST party to own the IT security controls under this arrangement is the:

A.organization's risk function

B.service provider's audit function

C.organization's IT management

D.service provider's IT security function

Question 79

If one says that the particular control or monitoring tool is sustainable, then it refers to what ability?

A.The ability to adapt as new elements are added to the environment

B.The ability to ensure the control remains in place when it fails

C.The ability to protect itself from exploitation or attack

D.The ability to be applied in same manner throughout the organization

E.Explanation:
Sustainability of the controls or monitoring tools refers to its ability to function as expected over
time or when changes are made to the environment.

F.is incorrect. This is not valid definition for defining sustainability of al tool.

G.is incorrect. Sustainability ensures that controls changes with the conditions, so as not
to fail in any circumstances. Hence this in not valid answer.

Question 80

Which of the following roles would be MOST helpful in providing a high-level view of risk related to customer data loss?

A.Customer database manager

B.Audit committee

C.Data privacy officer

D.Customer data custodian

Other Version: 3320ISACA.CRISC.v2025-07-19.q999; 6458ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 15309ISACA.CRISC.v2022-05-05.q821; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 162TheSecOpsGroup.CNSP.v2025-09-08.q20; 221CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 184Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 76

Question 77

Question 78

Question 79

Question 80

Download PDF File