Isaca's CRISC Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure?
#391
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following controls will BEST detect unauthorized modification of data by a database administrator?
#392
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?
#393
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following risk register updates is MOST important for senior management to review?
#394
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY reason for a risk practitioner to use global standards related to risk management?
#395
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner is assisting with the preparation of a report on the organization's disaster recovery (DR) capabilities. Which information would have the MOST impact on the overall recovery profile?
#396
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:
#397
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?
#398
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?
#399
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would BEST ensure that identified risk scenarios are addressed?
#400
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The MOST effective approach to prioritize risk scenarios is by:
#401
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MAIN reason to continuously monitor IT-related risk?
#402
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?
#403
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important consideration when sharing risk management updates with executive management?
#404
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?
#405
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An organization operates in an environment where reduced time-to-market for new software products is a top business priority. Which of the following should be the risk practitioner's GREATEST concern?
#406
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST effective in continuous risk management process improvement?
#407
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC While reviewing a contract of a cloud services vendor, it was discovered that the vendor refuses to accept liability for a sensitive data breach. Which of the following controls will BEST reduce the risk associated with such a data breach?
#408
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC When reviewing a risk response strategy, senior management's PRIMARY focus should be placed on the:
#409
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC After the review of a risk record, internal audit questioned why the risk was lowered from medium to low. Which of the following is the BEST course of action in responding to this inquiry?
#410
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is of GREATEST concern when uncontrolled changes are made to the control environment?
#411
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following key risk indicators (KRIs) is MOST effective for monitoring risk related to a bring your own device (BYOD) program?
#412
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The PRIMARY benefit of maintaining an up-to-date risk register is that it helps to:
#413
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST relevant input to an organization's risk profile?
#414
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC The annualized loss expectancy (ALE) method of risk analysis:
#415
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An organization delegates its data processing to the internal IT team to manage information through its applications. Which of the following is the role of the internal IT team in this situation?
#416
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization is planning to engage a cloud-based service provider for some of its data-intensive business processes. Which of the following is MOST important to help define the IT risk associated with this outsourcing activity?
#417
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An application owner has specified the acceptable downtime in the event of an incident to be much lower than the actual time required for the response team to recover the application. Which of the following should be the NEXT course of action?
#418
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would BEST help to ensure that identified risk is efficiently managed?
#419
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC After identifying new risk events during a project, the project manager's NEXT step should be to: