Isaca's CRISC Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?
#481
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC After a risk has been identified, who is in the BESTposition to select the appropriate risk treatment option?
#482
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important requirement for monitoring key risk indicators (KRIs) using log analysis?
#483
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Who is the MOST appropriate owner for newly identified IT risk?
#484
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner is organizing risk awareness training for senior management. Which of the following is the MOST important topic to cover in the training session?
#485
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An IT license audit has revealed that there are several unlicensed copies of commercial applications installed on company laptops. The risk practitioner's BEST course of action would be to:
#486
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following roles would be MOST helpful in providing a high-level view of risk related to customer data loss?
#487
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST indicates effective information security incident management?
#488
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery plan (DRP)?
#489
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?
#490
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Whose risk tolerance matters MOST when making a risk decision?
#491
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST effective way to mitigate identified risk scenarios?
#492
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Management has required information security awareness training to reduce the risk associated with credential compromise. What is the BEST way to assess the effectiveness of the training?
#493
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important outcome of reviewing the risk management process?
#494
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important characteristic of an effective risk management program?
#495
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC The BEST key performance indicator (KPI) to measure the effectiveness of a backup process would be the number of:
#496
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC When prioritizing risk response, management should FIRST:
#497
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY reason to perform ongoing risk assessments?
#498
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?
#499
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An organization has implemented a preventive control to lock user accounts after three unsuccessful login attempts. This practice has been proven to be unproductive, and a change in the control threshold value has been recommended. Who should authorize changing this threshold?
#500
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A rule-based data loss prevention (DLP) tool has recently been implemented to reduce the risk of sensitive data leakage. Which of the following is MOST likely to change as a result of this implementation?
#501
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An organization has completed a project to implement encryption on all databases that host customer data. Which of the following elements of the risk register should be updated to reflect this change?
#502
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC A business unit is updating a risk register with assessment results for a key project. Which of the following is MOST important to capture in the register?
#503
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST critical element to maximize the potential for a successful security implementation?
#504
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Senior management has asked a risk practitioner to develop technical risk scenarios related to a recently developed enterprise resource planning (ERP) system.These scenarios will be owned by the system manager. Which of the following would be the BEST method to use when developing the scenarios?
#505
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MAIN reason for documenting the performance of controls?
#506
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important element of a successful risk awareness training program?
#507
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Whether the results of risk analysis should be presented in quantitative or qualitative terms should be based PRIMARILY on the:
#508
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way for a risk practitioner to help management prioritize risk response?
#509
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following will BEST quantify the risk associated with malicious users in an organization?