ISACA-CRISC

Isaca's CRISC Which of the following is MOST important to include in regulatory and risk updates when a new legal requirement affects the organization?

Isaca's CRISC Who should be accountable for monitoring the control environment to ensure controls are effective?

Isaca's CRISC Who is accountable for risk treatment?

Isaca's CRISC Which of the following BEST enables the risk profile to serve as an effective resource to support business objectives?

Isaca's CRISC The risk associated with a high-risk vulnerability in an application is owned by the:

Isaca's CRISC Which of the following IT key risk indicators (KRIs) provides management with the BEST feedback on IT capacity?

Isaca's CRISC The PRIMARY goal of a risk management program is to:

Isaca's CRISC An organization's chief technology officer (CTO) has decided to accept the risk associated with the potential loss from a denial-of-service (DoS) attack. In this situation, the risk practitioner's BEST course of action is to:

Isaca's CRISC The BEST metric to monitor the risk associated with changes deployed to production is the percentage of:

Isaca's CRISC A global organization is planning to collect customer behavior data through social media advertising. Which of the following is the MOST important business risk to be considered?

Isaca's CRISC Which of the following should be the PRIMARY objective of a risk awareness training program?

Isaca's CRISC Which of the following is MOST important for evaluating the operational effectiveness of a newly implemented control?

Isaca's CRISC An organization must implement changes as the result of new regulations. Which of the following should the risk practitioner do FIRST to prepare for these changes?

Isaca's CRISC What should a risk practitioner do NEXT if an ineffective key control is identified on a critical system?

Isaca's CRISC Performing a background check on a new employee candidate before hiring is an example of what type of control?

Isaca's CRISC An organization has introduced risk ownership to establish clear accountability for each process. To ensure effective risk ownership, it is MOST important that:

Isaca's CRISC Which of the following would MOST likely require a risk practitioner to update the risk register?

Isaca's CRISC A peer review of a risk assessment finds that a relevant threat community was not included. Mitigation of the risk will require substantial changes to a software application. Which of the following is the BEST course of action?

Isaca's CRISC Which of the following is MOST important when developing key risk indicators (KRIs)?

Isaca's CRISC Which of the following provides the MOST up-to-date information about the effectiveness of an organization's overall IT control environment?

Isaca's CRISC Which of the following MUST be assessed before considering risk treatment options for a scenario with significant impact?

Isaca's CRISC Which of the following would be a risk practitioner's GREATEST concern related to the monitoring of key risk indicators (KRIs)?

Isaca's CRISC The BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability remediation program is the number of:

Isaca's CRISC Which of the following is the PRIMARY purpose of analyzing log data collected from systems?

Isaca's CRISC Which of the following BEST indicates the condition of a risk management program?

Isaca's CRISC A risk practitioner has become aware of production data being used in a test environment. Which of the following should be the practitioner's PRIMARY concern?

Isaca's CRISC An internal audit report reveals that not all IT application databases have encryption in place. Which of the following information would be MOST important for assessing the risk impact?

Isaca's CRISC The PRIMARY purpose of IT control status reporting is to:

Isaca's CRISC Which of the following is MOST important to ensure when continuously monitoring the performance of a client-facing application?

Isaca's CRISC An organization has four different projects competing for funding to reduce overall IT risk. Which project should management defer?