ISACA-CRISC

Isaca's CRISC Which of the following provides the MOST useful information to determine risk exposure following control implementations?

Isaca's CRISC Reviewing historical risk events is MOST useful for which of the following processes within the risk management life cycle?

Isaca's CRISC Which of the following is the BEST key control indicator (KCI) for a vulnerability management program?

Isaca's CRISC Which of the following is the BESTapproach when a risk practitioner has been asked by a business unit manager for special consideration during a risk assessment of a system?

Isaca's CRISC Upon learning that the number of failed back-up attempts continually exceeds the current risk threshold, the risk practitioner should:

Isaca's CRISC A highly regulated organization acquired a medical technology startup company that processes sensitive personal information with weak data protection controls.Which of the following is the BEST way for the acquiring company to reduce its risk while still enabling the flexibility needed by the startup company?

Isaca's CRISC An organization has outsourced its billing function to an external service provider. Who should own the risk of customer data leakage caused by the service provider?

Isaca's CRISC Which of the following is the MOST important component in a risk treatment plan?

Isaca's CRISC Which of the following is the BEST course of action to help reduce the probability of an incident recurring?

Isaca's CRISC An organization is preparing to transfer a large number of customer service representatives to the sales department. Of the following, who is responsible for mitigating the risk associated with residual system access?

Isaca's CRISC Which of the following would BEST assist in reconstructing the sequence of events following a security incident across multiple IT systems in the organization's network?

Isaca's CRISC Which of the following should be done FIRST when information is no longer required to support business objectives?

Isaca's CRISC A deficient control has been identified which could result in great harm to an organization should a low frequency threat event occur. When communicating the associated risk to senior management, the risk practitioner should explain:

Isaca's CRISC Which of the following is the MOST important reason to link an effective key control indicator (KCI) to relevant key risk indicators (KRIs)?

Isaca's CRISC Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?

Isaca's CRISC The MOST important objective of information security controls is to:

Isaca's CRISC Which of the following controls BEST enables an organization to ensure a complete and accurate IT asset inventory?

Isaca's CRISC Which of the following scenarios represents a threat?

Isaca's CRISC Which of the following is the GREATEST risk associated with an environment that lacks documentation of the architecture?

Isaca's CRISC Which of the following will be MOST effective in uniquely identifying the originator of electronic transactions?

Isaca's CRISC Which of the following BEST assists in justifying an investment in automated controls?

Isaca's CRISC Which of the following statements BEST illustrates the relationship between key performance indicators (KPIs) and key control indicators (KCIs)?

Isaca's CRISC Which of the following is necessary to enable an IT risk register to be consolidated with the rest of the organization's risk register?

Isaca's CRISC The GREATEST benefit of including low-probability, high-impact events in a risk assessment is the ability to:

Isaca's CRISC Which of the following will BEST help in communicating strategic risk priorities?

Isaca's CRISC What is the PRIMARY purpose of a business impact analysis (BIA)?

Isaca's CRISC Which of the following is the BEST way to determine whether new controls mitigate security gaps in a business system?

Isaca's CRISC Which of the following criteria associated with key risk indicators (KRIs) BEST enables effective risk monitoring?

Isaca's CRISC Which of the following is the BEST indication of a mature organizational risk culture?

Isaca's CRISC The BEST key performance indicator (KPI) for monitoring adherence to an organization's user accounts provisioning practices is the percentage of: