Free Access to ISACA.CRISC.v2024-01-06.q281 with Valid Practice Test (Page 3)

Question 6

A change management process has recently been updated with new testing procedures. The NEXT course of action is to:

A.communicate to those who test and promote changes
B.assess the maturity of the change management process
C.conduct a cost-benefit analysis to justify the cost of the control
D.monitor processes to ensure recent updates are being followed

Question 7

A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross-site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?

A.Monitor the databases for abnormal activity
B.Require the software vendor to remediate the vulnerabilities
C.Approve exception to allow the software to continue operating
D.Accept the risk and let the vendor run the software as is

Question 8

Winch of the following is the BEST evidence of an effective risk treatment plan?

A.Remediation is completed within the asset recovery time objective (RTO)
B.The inherent risk is below the asset residual risk.
C.The risk tolerance threshold s above the asset residual
D.Remediation cost is below the asset business value

Question 9

Tom works as a project manager for BlueWell Inc. He is determining which risks can affect the project.
Which of the following inputs of the identify risks process is useful in identifying risks, and provides a quantitative assessment of the likely cost to complete the scheduled activities?

A.Activity duration estimates
B.Risk management plan
C.Cost management plan
D.Activity cost estimates

Question 10

Which of the following is the BEST indicator of an effective IT security awareness program?

A.Decreased success rate of internal phishing tests
B.Number of employees that complete security training
C.Number of disciplinary actions issued for security violations
D.Decreased number of reported security incidents

Question 6

Question 7

Question 8

Question 9

Question 10

Download PDF File