Free Access ISACA.CRISC.v2025-07-19.q999 Practice Test (Page 172)

Question 851

To minimize the risk of a potential acquisition being exposed externally, an organization has selected a few key employees to be engaged in the due diligence process. A member of the due diligence team realizes a close acquaintance is a high-ranking IT professional at a subsidiary of the company about to be acquired. What is the BEST course of action for this team member?

A.Delegate responsibilities involving the acquaintance.

B.Enforce segregation of duties.

C.Notify the subsidiary's legal team.

D.Disclose potential conflicts of interest.

Question 852

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

A.Risk transfer

B.Risk acceptance

C.Risk avoidance

D.Risk mitigation

Question 853

The acceptance of control costs that exceed risk exposure is MOST likely an example of:

A.corporate culture alignment.

B.low risk tolerance.

C.corporate culture misalignment.

D.high risk tolerance

Question 854

Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

A.Control owner

B.Risk owner

C.Data owner

D.System owner

Question 855

You are the project manager of the GHT project. You are accessing data for further analysis. You have chosen such a data extraction method in which management monitors its own controls. Which of the following data extraction methods you are using here?

A.Extracting data directly from the source systems after system owner approval

B.Extracting data from the system custodian (IT) after system owner approval

C.Extracting data from risk register

D.Extracting data from lesson learned register

E.Explanation:
Direct extraction from the source system involves management monitoring its own controls,
instead of auditors/third parties monitoring management's controls. It is preferable over extraction
from the system custodian.

F.and D are incorrect. These are not data extraction methods.

Other Version: 6512ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12570ISACA.CRISC.v2022-08-23.q834; 15360ISACA.CRISC.v2022-05-05.q821; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 105HP.HPE0-V27.v2025-09-11.q78; 120Oracle.1Z0-1057-23.v2025-09-10.q47; 156Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 169TheSecOpsGroup.CNSP.v2025-09-08.q20; 237CFAInstitute.ESG-Investing.v2025-09-08.q173; 218PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 154Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 851

Question 852

Question 853

Question 854

Question 855

Download PDF File