ISACA-CRISC

Isaca's CRISC Controls should be defined during the design phase of system development because:

Isaca's CRISC Which of the following will BEST support management reporting on risk?

Isaca's CRISC Which of the following provides the BEST evidence that a selected risk treatment plan is effective?

Isaca's CRISC Which of the following conditions presents the GREATEST risk to an application?

Isaca's CRISC To reduce costs, an organization is combining the second and third lines of defense in a new department that reports to a recently appointed C-level executive.Which of the following is the GREATEST concern with this situation?

Isaca's CRISC Which of the following is the BEST way for a risk practitioner to verify that management has addressed control issues identified during a previous external audit?

Isaca's CRISC Which of the following is MOST important to have in place to ensure the effectiveness of risk and security metrics reporting?

Isaca's CRISC Which of the following is the MOST appropriate key risk indicator (KRI) for backup media that is recycled monthly?

Isaca's CRISC Which of the following BEST indicates the efficiency of a process for granting access privileges?

Isaca's CRISC Which of the following BEST indicates the effectiveness of anti-malware software?

Isaca's CRISC When establishing an enterprise IT risk management program, it is MOST important to:

Isaca's CRISC Which of the following is the BEST way to determine software license compliance?

Isaca's CRISC Which of the following is the GREATEST benefit of updating the risk register to include outcomes from a risk assessment?

Isaca's CRISC A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration when establishing a contingency plan and an alternate processing site?

Isaca's CRISC Which of the following provides the MOST important information to facilitate a risk response decision?

Isaca's CRISC Which of the following BEST contributes to the implementation of an effective risk response action plan?

Isaca's CRISC Implementing which of the following controls would BEST reduce the impact of a vulnerability that has been exploited?

Isaca's CRISC Which of the following is the MOST important reason to test new controls?

Isaca's CRISC A new international data privacy regulation requires personal data to be disposed after the specified retention period, which is different from the local regulatory requirement. Which of the following is the risk practitioner's BEST recommendation to resolve the disparity?

Isaca's CRISC Which of the following should be the MAIN consideration when validating an organization's risk appetite?

Isaca's CRISC Which of the following would MOST likely result in updates to an IT risk profile?

Isaca's CRISC A risk practitioner notices a risk scenario associated with data loss at the organization's cloud provider is assigned to the provider. Who should the risk scenario be reassigned to?

Isaca's CRISC Who is MOST likely to be responsible for the coordination between the IT risk strategy and the business risk strategy?

Isaca's CRISC Which of the following is MOST important for an organization that wants to reduce IT operational risk?

Isaca's CRISC The MAIN goal of the risk analysis process is to determine the:

Isaca's CRISC An IT organization is replacing the customer relationship management (CRM) system. Who should own the risk associated with customer data leakage caused by insufficient IT security controls for the new system?

Isaca's CRISC An organization has identified that terminated employee accounts are not disabled or deleted within the time required by corporate policy. Unsure of the reason, the organization has decided to monitor the situation for three months to obtain more information. As a result of this decision, the risk has been:

Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) for determining how well an IT policy is aligned to business requirements?

Isaca's CRISC The PRIMARY purpose of a maturity model is to compare the:

Isaca's CRISC Which of the following is the MAIN reason for analyzing risk scenarios?