ISACA-CRISC

Isaca's CRISC An unauthorized individual has socially engineered entry into an organization's secured physical premises. Which of the following is the BEST way to prevent future occurrences?

Isaca's CRISC A risk owner should be the person accountable for:

Isaca's CRISC Which of the following is the MOST effective key performance indicator (KPI) for change management?

Isaca's CRISC Which of the following is the BEST way to identify changes to the risk landscape?

Isaca's CRISC Which of the following is the BEST evidence that a user account has been properly authorized?

Isaca's CRISC Which of the following elements of a risk register is MOST likely to change as a result of change in management's risk appetite?

Isaca's CRISC Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

Isaca's CRISC Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

Isaca's CRISC Which of the following BEST measures the efficiency of an incident response process?

Isaca's CRISC Which of the following is the MOST common concern associated with outsourcing to a service provider?

Isaca's CRISC An effective control environment is BEST indicated by controls that:

Isaca's CRISC Which of the following attributes of a key risk indicator (KRI) is MOST important?

Isaca's CRISC An organization has determined a risk scenario is outside the defined risk tolerance level. What should be the NEXT course of action?

Isaca's CRISC Which of the following statements BEST describes risk appetite?

Isaca's CRISC A contract associated with a cloud service provider MUST include:

Isaca's CRISC Which of the following is MOST helpful in aligning IT risk with business objectives?

Isaca's CRISC Establishing an organizational code of conduct is an example of which type of control?

Isaca's CRISC Which of the following is the BEST indication of an improved risk-aware culture following the implementation of a security awareness training program for all employees?

Isaca's CRISC Which of the following is the BEST way to validate the results of a vulnerability assessment?

Isaca's CRISC Which of the following is the MOST important data source for monitoring key risk indicators (KRIs)?

Isaca's CRISC Which of the following is a risk practitioner's BEST recommendation to help ensure cyber risk is assessed and reflected in the enterprise-level risk profile?

Isaca's CRISC Which of the following roles is BEST suited to help a risk practitioner understand the impact of IT-related events on business objectives?

Isaca's CRISC It is MOST appropriate for changes to be promoted to production after they are:

Isaca's CRISC Which of the following BEST enables the identification of trends in risk levels?

Isaca's CRISC To implement the MOST effective monitoring of key risk indicators (KRIs), which of the following needs to be in place?

Isaca's CRISC Which of the following would MOST likely result in updates to an IT risk appetite statement?

Isaca's CRISC Which of the following would be MOST helpful to understand the impact of a new technology system on an organization's current risk profile?

Isaca's CRISC Which of the following is the PRIMARY factor in determining a recovery time objective (RTO)?

Isaca's CRISC A review of an organization's controls has determined its data loss prevention (DLP) system is currently failing to detect outgoing emails containing credit card data.Which of the following would be MOST impacted?

Isaca's CRISC During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?