Isaca's CRISC A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?
#361
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Following a significant change to a business process, a risk practitioner believes the associated risk has been reduced. The risk practitioner should advise the risk owner to FIRST:
#362
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would be considered a vulnerability?
#363
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following tools is MOST effective in identifying trends in the IT risk profile?
#364
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC After undertaking a risk assessment of a production system, the MOST appropriate action is for the risk manager to:
#365
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC A newly hired risk practitioner finds that the risk register has not been updated in the past year. What is the risk practitioner's BEST course of action?
#366
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Reviewing results from which of the following is the BEST way to identify information systems control deficiencies?
#367
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would prompt changes in key risk indicator (KRI) thresholds?
#368
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?
#369
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the BEST evidence of the effectiveness of an organization's account provisioning process?
#370
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:
#371
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner has been asked to advise management on developing a log collection and correlation strategy. Which of the following should be the MOST important consideration when developing this strategy?
#372
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC The BEST way to justify the risk mitigation actions recommended in a risk assessment would be to:
#373
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST cost-effective way to test a business continuity plan?
#374
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important consideration when developing an organization's risk taxonomy?
#375
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Who should be accountable for ensuring effective cybersecurity controls are established?
#376
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following can be interpreted from a single data point on a risk heat map?
#377
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:
#378
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST helpful in identifying new risk exposures due to changes in the business environment?
#379
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?
#380
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization.Which of the following components of this review would provide the MOST useful information?
#381
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following helps ensure compliance with a non-repudiation policy requirement for electronic transactions?
#382
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner observes that hardware failure incidents have been increasing over the last few months. However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:
#383
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?
#384
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would provide executive management with the BEST information to make risk decisions as a result of a risk assessment?
#385
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A business unit has decided to accept the risk of implementing an off-the-shelf, commercial software package that uses weak password controls. The BEST course of action would be to:
#386
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?
#387
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of an anti-virus program?
#388
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A risk manager has determined there is excessive risk with a particular technology. Who is the BEST person to own the unmitigated risk of the technology?
#389
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST provides an early warning that network access of terminated employees is not being revoked in accordance with the service level agreement (SLA)?