Free Access ISACA.CRISC.v2024-09-11.q999 Practice Test (Page 188)

Question 931

Which of the following describes the relationship between Key risk indicators (KRIs) and key control indicators (KCIS)?

A.KCIs are independent from KRIs KRIs.

B.KCIs and KRIs help in determining risk appetite.

C.KCIs are defined using data from KRIs.

D.KCIs provide input for KRIs

Question 932

Which of the following is MOST important to include in a Software as a Service (SaaS) vendor agreement?

A.A requirement to adopt an established risk management framework

B.An annual contract review

C.A requirement to provide an independent audit report

D.A service level agreement (SLA)

Question 933

You are the project manager of GHT project. You have implemented an automated tool to analyze and report on access control logs based on severity. This tool generates excessively large amounts of results.
You perform a risk assessment and decide to configure the monitoring tool to report only when the alerts are marked "critical". What you should do in order to fulfill that?

A.Apply risk response

B.Optimize Key Risk Indicator

C.Update risk register

D.Perform quantitative risk analysis

Question 934

Which of the following actions assures management that the organization's objectives are protected from the occurrence of risk events?

A.Internal control

B.Risk management

C.Hedging

D.Risk assessment

E.Explanation:
Internal controls are the actions taken by the organization to help to assure management that the organization's objectives are protected from the occurrence of risk events. Internal control objectives are applicable to all manual or automated areas. Internal control objectives include: Internal accounting controls- They control accounting operations, including safeguarding assets and financial records. Operational controls- They focus on day-to-day operations, functions, and activities. They ensure that all the organization's objectives are being accomplished. Administrative controls- They focus on operational efficiency in a functional area and stick to management policies.

F.is incorrect. Risk assessment is a process of analyzing the identified risk, both quantitatively and qualitatively. Quantitative risk assessment requires calculations of two components of risk, the magnitude of the potential loss, and the probability that the loss will occur. While qualitatively risk assessment checks the severity of risk. The assessment attempts to determine the likelihood of the risk being realized and the impact of the risk on the operation. This provides several conclusions: Probability-establishing the likelihood of occurrence and reoccurrence of specific risks,
independently and combined.
Interdependencies-the relationship between different types of risk. For instance, one risk may
have greater potential of occurring if another risk has occurred. Or probability or impact of a
situation may increase with combined risk.

G.is incorrect. Risk management is the identification, assessment, and prioritization of
risks followed by coordinated and economical application of resources. It is done tominimize,
monitor, and control the probability and impact of unfortunate events or to maximize the realization
of opportunities.

Question 935

An organization's risk practitioner learns a new third-party system on the corporate network has introduced vulnerabilities that could compromise corporate IT systems. What should the risk practitioner do FIRST?

A.Identify procedures to mitigate the vulnerabilities.

B.Confirm the vulnerabilities with the third party

C.Notify information security management.

D.Request IT to remove the system from the network.

Other Version: 3354ISACA.CRISC.v2025-07-19.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12549ISACA.CRISC.v2022-08-23.q834; 15326ISACA.CRISC.v2022-05-05.q821; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 149Salesforce.Data-Architect.v2025-09-05.q216; 144Adobe.AD0-E605.v2025-09-05.q50

Question 931

Question 932

Question 933

Question 934

Question 935

Download PDF File