Isaca's CRISC An organization is considering outsourcing user administration controls for a critical system. The potential vendor has offered to perform quarterly self-audits of its controls instead of having annual independent audits. Which of the following should be of GREATEST concern to the risk practitioner?
#181
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?
#182
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following activities would BEST facilitate effective risk management throughout the organization?
#183
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following data would be used when performing a business impact analysis (BIA)?
#184
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?
#185
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important factor affecting risk management in an organization?
#186
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the BEST measurement of an organization's risk management maturity level?
#187
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?
#188
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The BEST way to determine the likelihood of a system availability risk scenario is by assessing the:
#189
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC When an organization's disaster recovery plan has a reciprocal agreement, which of the following risk treatment options is being applied?
#190
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The BEST reason to classify IT assets during a risk assessment is to determine the:
#191
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would BEST help to ensure that suspicious network activity is identified?
#192
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
#193
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner is developing a set of bottom-up IT risk scenarios. The MOST important time to involve business stakeholders is when:
#194
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important to the effectiveness of key performance indicators (KPIs)?
#195
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC What should be PRIMARILY responsible for establishing an organization's IT risk culture?
#196
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the GREATEST benefit to an organization when updates to the risk register are made promptly after the completion of a risk assessment?
#197
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC After a high-profile systems breach at an organization's key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?
#198
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC A change management process has recently been updated with new testing procedures. The NEXT course of action is to:
#199
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC For a large software development project, risk assessments are MOST effective when performed:
#200
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC All business units within an organization have the same risk response plan for creating local disaster recovery plans. In an effort to achieve cost effectiveness., theBEST course of action would be to:
#201
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following approaches would BEST help to identify relevant risk scenarios?
#202
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC When developing IT risk scenarios, it is CRITICAL to involve:
#203
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Before implementing instant messaging within an organization using a public solution, which of the following should be in place to mitigate data leakage risk?
#204
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would be an IT business owner's BEST course of action following an unexpected increase in emergency changes?
#205
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would require updates to an organization's IT risk register?
#206
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:
#207
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC To help ensure the success of a major IT project, it is MOST important to:
#208
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:
#209
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC When determining which control deficiencies are most significant, which of the following would provide the MOST useful information?