Online Access Free ISACA.CRISC.v2024-06-13.q683 Practice Test (Page 105)

CRISC Exam Question 516

An organization maintains independent departmental risk registers that are not automatically aggregated.
Which of the following is the GREATEST concern?

A.Resources may be inefficiency allocated

B.Management may be unable to accurately evaluate the risk profile

C.Multiple risk treatment efforts may be initiated to treat a given risk

D.The same risk factor may be identified in multiple areas

CRISC Exam Question 517

You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?

A.Detective

B.Corrective

C.Preventative

D.Recovery

E.Explanation:
An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPS for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. As IDS detects and gives warning when the violation of security policies of the enterprise occurs, it is a detective control.

F.is incorrect. As IDS only detects the problem when it occurs and not prior of its occurrence, it is not preventive control. Answer: B is incorrect. These controls make effort to reduce the impact of a threat from problems discovered by detective controls.
As IDS only detects but nt reduce the impact, hence it is not a corrective control.

CRISC Exam Question 518

Which of the following is the PRIMARY consideration when establishing an organization's risk management methodology?

A.Risk tolerance level

B.Benchmarking information

C.Resource requirements

D.Business context

CRISC Exam Question 519

For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"

A.Level 3

B.Level 0

C.Level 5

D.Level 2

E.Explanation:
An enterprise's risk management capability maturity level is 5 when real-time monitoring of risk events and control exceptions exists, as does automation of policy management.

F.is incorrect. In level 0 of risk management capability maturity model, enterprise does
not recognize the importance of considering the risk management or the business impact from IT
risk.

CRISC Exam Question 520

You are the project manager for BlueWell Inc. You have noticed that the risk level in your project increases above the risk tolerance level of your enterprise. You have applied several risk responses. Now you have to update the risk register in accordance to risk response process. All of the following are included in the risk register except for which item?

A.Risk triggers

B.Agreed-upon response strategies

C.Network diagram analysis of critical path activities

D.Risk owners and their responsibility

Other Version: 1030ISACA.CRISC.v2025-08-27.q675; 3129ISACA.CRISC.v2025-01-04.q999; 2114ISACA.CRISC.v2024-04-02.q999; 2709ISACA.CRISC.v2023-07-10.q544; 5435ISACA.CRISC.v2022-05-25.q338; 76ISACA.Actual4dump.CRISC.v2022-04-12.by.newman.349q.pdf; 5243ISACA.CRISC.v2022-02-22.q349; 5070ISACA.CRISC.v2021-10-27.q295; 42ISACA.Updatedumps.CRISC.v2021-09-05.by.bonnie.114q.pdf

Latest Upload: 323ISACA.CGEIT.v2025-09-19.q537; 155Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 156Scrum.SAFe-Practitioner.v2025-09-18.q63; 146Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 129Oracle.1Z1-182.v2025-09-17.q32; 247Nutanix.NCP-US-6.5.v2025-09-16.q73; 266Oracle.1z0-071.v2025-09-16.q232; 204Oracle.1Z1-922.v2025-09-16.q125; 327CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CRISC Exam Question 516

CRISC Exam Question 517

CRISC Exam Question 518

CRISC Exam Question 519

CRISC Exam Question 520

Download PDF File