Online Access Free ISACA.CRISC.v2025-01-04.q999 Practice Test (Page 76)

CRISC Exam Question 371

After a high-profile systems breach at an organization's key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:

Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

A.Regulatory examination

B.Vendor performance scorecard

C.Internal audit

D.External audit

CRISC Exam Question 372

Which of the following is the PRIMARY reason to update a risk register with risk assessment results?

A.To communicate the level and priority of assessed risk to management

B.To provide a comprehensive inventory of risk across the organization

C.To assign a risk owner to manage the risk

D.To enable the creation of action plans to address nsk

CRISC Exam Question 373

A department has been granted an exception to bypass the existing approval process for purchase orders. The risk practitioner should verify the exception has been approved by which of the following?

A.Internal audit

B.Risk manager

C.Senior management

D.Control owner

CRISC Exam Question 374

To effectively support business decisions, an IT risk register MUST:

A.reflect the results of risk assessments.

B.effectively support a business maturity model.

C.be available to operational risk groups.

D.be reviewed by the IT steering committee.

CRISC Exam Question 375

Which of the following is the MOST cost-effective way to test a business continuity plan?

A.Conduct interviews with key stakeholders.

B.Conduct a tabletop exercise.

C.Conduct a disaster recovery exercise.

D.Conduct a full functional exercise.

Correct Answer: B

* A business continuity plan (BCP) is a document that describes the procedures and actions that an organization will take to ensure the continuity of its critical functions and operations in the event of a disruption or disaster12.
* Testing a business continuity plan is a method of evaluating the effectiveness and readiness of the BCP, and identifying and addressing any gaps or weaknesses in the plan34.
* The most cost-effective way to test a business continuity plan is to conduct a tabletop exercise, which is a type of simulation that involves gathering the key stakeholders and participants of the BCP, and discussing and reviewing the roles, responsibilities, and actions that they will take in response to a hypothetical scenario of a disruption or disaster56.
* A tabletop exercise is the most cost-effective way because it requires minimal resources and time, and can be conducted in a regular meeting room or online platform56.
* A tabletop exercise is also the most cost-effective way because it provides a high-level overview and assessment of the BCP, and can identify and address the major issues or challenges that may arise in the implementation of the plan56.
* The other options are not the most cost-effective ways, but rather possible alternatives or supplements that may have different levels of complexity or cost. For example:
* Conducting interviews with key stakeholders is a way of testing a business continuity plan that involves asking and answering questions about the BCP, and collecting feedback and suggestions from the people who are involved or affected by the plan78. However, this way is not the most cost-effective because it may not cover all the aspects or scenarios of the BCP, and may not facilitate the interaction or collaboration among the stakeholders78.
* Conducting a disaster recovery exercise is a way of testing a business continuity plan that involves activating and executing the BCP in a realistic and controlled environment, and measuring the outcomes and impacts of the plan . However, this way is not the most cost-effective because it requires a lot of resources and time, and may disrupt or interfere with the normal operations of the organization .
* Conducting a full functional exercise is a way of testing a business continuity plan that involves simulating and testing the BCP in a live and dynamic environment, and involving the external entities and stakeholders that are part of the plan . However, this way is not the most cost-effective because it requires the most resources and time, and may pose the highest risk or challenge to the organization . References =
* 1: Business Continuity Plan (BCP) Definition1
* 2: Business Continuity Planning - Ready.gov2
* 3: Testing, testing: how to test your business continuity plan4
* 4: Comprehensive Guide to Business Continuity Testing | Agility5
* 5: How to Conduct a Tabletop Exercise for Business Continuity3
* 6: Tabletop Exercises: A Guide to Success6
* 7: How to Conduct Testing of a Business Continuity Plan7
* 8: Business Continuity Plan Testing: Interviewing Techniques8
* : Disaster Recovery Testing: A Step-by-Step Guide
* : Disaster Recovery Testing Scenarios: A Guide to Success
* : Functional Exercises: A Guide to Success
* : Functional Exercise Toolkit

Other Version: 1123ISACA.CRISC.v2025-08-27.q675; 1506ISACA.CRISC.v2024-06-13.q683; 2212ISACA.CRISC.v2024-04-02.q999; 2752ISACA.CRISC.v2023-07-10.q544; 5436ISACA.CRISC.v2022-05-25.q338; 76ISACA.Actual4dump.CRISC.v2022-04-12.by.newman.349q.pdf; 5245ISACA.CRISC.v2022-02-22.q349; 5071ISACA.CRISC.v2021-10-27.q295; 42ISACA.Updatedumps.CRISC.v2021-09-05.by.bonnie.114q.pdf

Latest Upload: 170Microsoft.SC-400.v2025-09-20.q290; 399ISACA.CGEIT.v2025-09-19.q537; 160Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 161Scrum.SAFe-Practitioner.v2025-09-18.q63; 155Workday.Workday-Prism-Analytics.v2025-09-17.q17; 138Oracle.1Z0-1055-24.v2025-09-17.q28; 132Oracle.1Z1-182.v2025-09-17.q32; 266Nutanix.NCP-US-6.5.v2025-09-16.q73; 284Oracle.1z0-071.v2025-09-16.q232; 208Oracle.1Z1-922.v2025-09-16.q125

CRISC Exam Question 371

CRISC Exam Question 372

CRISC Exam Question 373

CRISC Exam Question 374

CRISC Exam Question 375

Download PDF File