Isaca's CRISC Which of the following would be the BEST justification to invest in the development of a governance, risk, and compliance (GRC) solution?
#631
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important consideration when identifying stakeholders to review risk scenarios developed by a risk analyst? The reviewers are:
#632
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important technology control to reduce the likelihood of fraudulent payments committed internally?
#633
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following tasks should be completed prior to creating a disaster recovery plan (DRP)?
#634
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the FIRSTconsideration when a business unit wants to use personal information for a purpose other than for which it was originally collected?
#635
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY reason to use key control indicators (KCIs) to evaluate control operating effectiveness?
#636
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST indicates whether security awareness training is effective?
#637
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC A service provider is managing a client's servers. During an audit of the service, a noncompliant control is discovered that will not be resolved before the next audit because the client cannot afford the downtime required to correct the issue. The service provider's MOST appropriate action would be to:
#638
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be done FIRSTwhen developing a data protection management plan?
#639
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An organization recently received an independent security audit report of its cloud service provider that indicates significant control weaknesses. What should be done NEXT in response to this report?
#640
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC The MOST important reason for implementing change control procedures is to ensure:
#641
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An organization planning to transfer and store its customer data with an offshore cloud service provider should be PRIMARILY concerned with:
#642
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST measures the impact of business interruptions caused by an IT service outage?
#643
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An organization automatically approves exceptions to security policies on a recurring basis. This practice is MOST likely the result of:
#644
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST reason to use qualitative measures to express residual risk levels related to emerging threats?
#645
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC When reporting on the performance of an organization's control environment, including which of the following would BEST inform stakeholders' risk decision- making?
#646
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the MOST important consideration for senior management when developing a risk response strategy?
#647
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the GREATEST benefit when enterprise risk management (ERM) provides oversight of IT risk management?
#648
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST effective control to maintain the integrity of system configuration files?
#649
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An IT risk practitioner has been asked to regularly report on the overall status and effectiveness of the IT risk management program. Which of the following isMOST useful for this purpose?
#650
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the STRONGEST indication an organization has ethics management issues?
#651
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The BEST way to obtain senior management support for investment in a control implementation would be to articulate the reduction in:
#652
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way to manage the risk associated with malicious activities performed by database administrators (DBAs)?
#653
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be implemented to BEST mitigate the risk associated with infrastructure updates?
#654
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following methods is an example of risk mitigation?
#655
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important objective of establishing an enterprise risk management (ERM) function within an organization?
#656
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Several newly identified risk scenarios are being integrated into an organization's risk register. The MOST appropriate risk owner would be the individual who:
#657
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization practices the principle of least privilege. To ensure access remains appropriate, application owners should be required to review user access rights on a regular basis by obtaining:
#658
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY reason for monitoring activities performed in a production database environment?
#659
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important to the integrity of a security log?