ISACA-CRISC

Isaca's CRISC IT risk assessments can BEST be used by management:

Isaca's CRISC Which of the following risk management practices BEST facilitates the incorporation of IT risk scenarios into the enterprise-wide risk register?

Isaca's CRISC Which of the following would be the BESTrecommendation if the level of risk in the IT risk profile has decreased and is now below management's risk appetite?

Isaca's CRISC Which of the following is the MOST important key performance indicator (KPI) to establish in the service agreement (SLA) for an outsourced data center?

Isaca's CRISC A trusted third party service provider has determined that the risk of a client's systems being hacked is low. Which of the following would be the client's BEST course of action?

Isaca's CRISC From a business perspective, which of the following is the MOST important objective of a disaster recovery test?

Isaca's CRISC In an organization with a mature risk management program, which of the following would provide the BEST evidence that the IT risk profile is up to date?

Isaca's CRISC Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

Isaca's CRISC Which of the following BEST -describes the role of the IT risk profile in strategic IT-related decisions?

Isaca's CRISC Which of the following roles would provide the MOST important input when identifying IT risk scenarios?

Isaca's CRISC Accountability for a particular risk is BEST represented in a:

Isaca's CRISC Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?

Isaca's CRISC In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?

Isaca's CRISC Which of the following should be included in a risk scenario to be used for risk analysis?

Isaca's CRISC The PRIMARY objective for selecting risk response options is to:

Isaca's CRISC A PRIMARY function of the risk register is to provide supporting information for the development of an organization's risk:

Isaca's CRISC A data processing center operates in a jurisdiction where new regulations have significantly increased penalties for data breaches. Which of the following elements of the risk register is MOST important to update to reflect this change?

Isaca's CRISC Which of the following would BEST help identify the owner for each risk scenario in a risk register?

Isaca's CRISC To effectively support business decisions, an IT risk register MUST:

Isaca's CRISC Which of the following is the STRONGEST indication that controls implemented as part of a risk action plan are not effective?

Isaca's CRISC Which of the following issues regarding an organization's IT incident response plan would be the GREATEST concern?

Isaca's CRISC Prudent business practice requires that risk appetite not exceed:

Isaca's CRISC Which of the following BEST illustrates the relationship of actual risk exposure to appetite?

Isaca's CRISC Which of the following is MOST important to include when identifying risk scenarios for inclusion in a risk review of a third-party service provider?

Isaca's CRISC The purpose of requiring source code escrow in a contractual agreement is to:

Isaca's CRISC Which of the following will BEST help an organization evaluate the control environment of several third-party vendors?

Isaca's CRISC Which of the following should an organization perform to forecast the effects of a disaster?

Isaca's CRISC Implementing which of the following will BEST help ensure that systems comply with an established baseline before deployment?

Isaca's CRISC Which of the following is an example of the second line in the three lines of defense model?

Isaca's CRISC A risk practitioner is reviewing the status of an action plan to mitigate an emerging IT risk and finds the risk level has increased. The BEST course of action would be to: