Free Access ISACA.CRISC.v2025-07-19.q999 Practice Test (Page 178)

Question 881

An organization practices the principle of least privilege. To ensure access remains appropriate, application owners should be required to review user access rights on a regular basis by obtaining:

A.business purpose documentation and software license counts

B.an access control matrix and approval from the user's manager

C.documentation indicating the intended users of the application

D.security logs to determine the cause of invalid login attempts

Question 882

A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner's BEST course of action when a compensating control needs to be applied?

A.Record the risk as accepted in the risk register.

B.Obtain the risk owner's approval.

C.Inform senior management.

D.Update the risk response plan.

Question 883

Which of the following statements is true for risk analysis?

A.Risk analysis should assume an equal degree of protection for all assets.

B.Risk analysis should give more weight to the likelihood than the size of loss.

C.Risk analysis should limit the scope to a benchmark of similar companies

D.Risk analysis should address the potential size and likelihood of loss.

E.Explanation:
A risk analysis deals with the potential size and likelihood of loss. A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of
the organization to these threats. A risk from an organizational perspective consists of:
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks :
Identify threats and vulnerabilities to the enterprise and its information system.
Provide information for evaluation of controls in audit planning.
Aids in determining audit objectives.
Supporting decision based on risks.

F.is incorrect. Since the likelihood determines the size of the loss, hence both elements
must be considered in the calculation.

G.is incorrect. A risk analysis would not normally consider the benchmark of similar
companies as providing relevant information other than for comparison purposes.

Question 884

Which of the following tasks should be completed prior to creating a disaster recovery plan (DRP)?

A.Assigning sensitivity levels to data

B.Conducting a business impact analysis (BIA)

C.Procuring a recovery site

D.Identifying the recovery response team

Question 885

What is the MOST important consideration when selecting key performance indicators (KPIs) for control monitoring?

A.Source information is acquired at stable cost.

B.Source information is tailored by removing outliers.

C.Source information is readily quantifiable.

D.Source information is consistently available.

Other Version: 6480ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12557ISACA.CRISC.v2022-08-23.q834; 15331ISACA.CRISC.v2022-05-05.q821; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 151Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 172PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 151Salesforce.Data-Architect.v2025-09-05.q216; 145Adobe.AD0-E605.v2025-09-05.q50

Question 881

Question 882

Question 883

Question 884

Question 885

Download PDF File