Isaca's CRISC Which of the following is the BEST way to confirm whether appropriate automated controls are in place within a recently implemented system?
#271
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization has outsourced its lease payment process to a service provider who lacks evidence of compliance with a necessary regulatory standard. Which risk treatment was adopted by the organization?
#272
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST method to maintain a common view of IT risk within an organization?
#273
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The FIRST step for a startup company when developing a disaster recovery plan should be to identify:
#274
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An organization has outsourced an application to a Software as a Service (SaaS) provider. The risk associated with the use of this service should be owned by the:
#275
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be done FIRST when a new risk scenario has been identified?
#276
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important to update when an organization's risk appetite changes?
#277
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way to validate whether controls have been implemented according to the risk mitigation action plan?
#278
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following controls would BEST decrease exposure if a password is compromised?
#279
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Who should be responsible for implementing and maintaining security controls?
#280
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?
#281
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure the ability to deliver uninterrupted IT services?
#282
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization has engaged a third party to provide an Internet gateway encryption service that protects sensitive data uploaded to a cloud service. This is an example of risk:
#283
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC After mapping generic risk scenarios to organizational security policies, the NEXT course of action should be to:
#284
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner has observed that risk owners have approved a high number of exceptions to the information security policy. Which of the following should be the risk practitioner's GREATEST concern?
#285
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST helpful to ensure effective security controls for a cloud service provider?
#286
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?
#287
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is a detective control?
#288
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner has determined that a key control does not meet design expectations. Which of the following should be done NEXT?
#289
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would be MOST helpful when estimating the likelihood of negative events?
#290
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Improvements in the design and implementation of a control will MOST likely result in an update to:
#291
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner is preparing a report to communicate changes in the risk and control environment. The BEST way to engage stakeholder attention is to:
#292
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization's internal auditors have identified a new IT control deficiency in the organization's identity and access management (IAM) system. It is most important for the risk practitioner to:
#293
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC The MOST effective way to increase the likelihood that risk responses will be implemented is to:
#294
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The BEST method to align an organization's business continuity plan (BCP) and disaster recovery plan (DRP) with core business needs to:
#295
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST method to identify unnecessary controls?
#296
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The best way to test the operational effectiveness of a data backup procedure is to:
#297
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC During a control review, the control owner states that an existing control has deteriorated over time. What is the BEST recommendation to the control owner?
#298
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following approaches to bring your own device (BYOD) service delivery provides the BEST protection from data loss?
#299
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST effective way to incorporate stakeholder concerns when developing risk scenarios?