Isaca's CRISC A program manager has completed an unsuccessful disaster recovery test. Which of the following should the risk practitioner recommend as the NEXT course of action?
#211
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the MOST important consideration when determining controls necessary for a highly critical information system?
#212
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC When defining thresholds for control key performance indicators (KPIs), it is MOST helpful to align:
#213
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important to understand when determining an appropriate risk assessment approach?
#214
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC A PRIMARY advantage of involving business management in evaluating and managing risk is that management:
#215
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The number of tickets to rework application code has significantly exceeded the established threshold. Which of the following would be the risk practitioner's BEST recommendation?
#216
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important consideration when selecting key risk indicators (KRIs) to monitor risk trends over time?
#217
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization has raised the risk appetite for technology risk. The MOST likely result would be:
#218
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides an organization with the MOST insight with regard to operational readiness associated with risk?
#219
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC To help ensure all applicable risk scenarios are incorporated into the risk register, it is MOST important to review the:
#220
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The BEST control to mitigate the risk associated with project scope creep is to:
#221
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC As part of an overall IT risk management plan, an IT risk register BEST helps management:
#222
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would be the BEST way to help ensure the effectiveness of a data loss prevention (DLP) control that has been implemented to prevent the loss of credit card data?
#223
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An IT department has organized training sessions to improve user awareness of organizational information security policies. Which of the following is the BEST key performance indicator (KPI) to reflect effectiveness of the training?
#224
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is a PRIMARY benefit of engaging the risk owner during the risk assessment process?
#225
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization has been notified that a disgruntled, terminated IT administrator has tried to break into the corporate network. Which of the following discoveries should be of GREATEST concern to the organization?
#226
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC When preparing a risk status report for periodic review by senior management, it is MOST important to ensure the report includes:
#227
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The PRIMARY objective of testing the effectiveness of a new control before implementation is to:
#228
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?
#229
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization has recently hired a large number of part-time employees. During the annual audit, it was discovered that many user IDs and passwords were documented in procedure manuals for use by the part-time employees. Which of the following BEST describes this situation?
#230
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The PRIMARY advantage of implementing an IT risk management framework is the:
#231
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC It is MOST important for a risk practitioner to have an awareness of an organization's processes in order to:
#232
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The MAIN purpose of conducting a control self-assessment (CSA) is to:
#233
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would present the GREATEST challenge when assigning accountability for control ownership?
#234
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC If preventive controls cannot be implemented due to technology limitations, which of the following should be done FIRST to reduce risk?
#235
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way to identify changes in the risk profile of an organization?
#236
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The PRIMARY benefit of conducting continuous monitoring of access controls is the ability to identify.
#237
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important for successful incident response?
#238
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Effective risk communication BEST benefits an organization by:
#239
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC The PRIMARY reason, a risk practitioner would be interested in an internal audit report is to: