ISACA-CRISC

Isaca's CRISC Which of the following facilitates a completely independent review of test results for evaluating control effectiveness?

Isaca's CRISC Which of the following is a KEY consideration for a risk practitioner to communicate to senior management evaluating the introduction of artificial intelligence (AI) solutions into the organization?

Isaca's CRISC An organization has decided to postpone the assessment and treatment of several risk scenarios because stakeholders are unavailable. As a result of this decision, the risk associated with these new entries has been:

Isaca's CRISC To communicate the risk associated with IT in business terms, which of the following MUST be defined?

Isaca's CRISC An organization learns of a new ransomware attack affecting organizations worldwide. Which of the following should be done FIRST to reduce the likelihood of infection from the attack?

Isaca's CRISC Which of the following is MOST important to the successful development of IT risk scenarios?

Isaca's CRISC While reviewing an organization's monthly change management metrics, a risk practitioner notes that the number of emergency changes has increased substantially. Which of the following would be the BEST approach for the risk practitioner to take?

Isaca's CRISC Which of the following MUST be updated to maintain an IT risk register?

Isaca's CRISC Which of the following is the BEST method for assessing control effectiveness against technical vulnerabilities that could be exploited to compromise an information system?

Isaca's CRISC Which of the following is the MOST effective control to ensure user access is maintained on a least-privilege basis?

Isaca's CRISC Which of the following is MOST important when considering risk in an enterprise risk management (ERM) process?

Isaca's CRISC Which of the following is MOST important when developing risk scenarios?

Isaca's CRISC Which of the following BEST protects an organization against breaches when using a software as a service (SaaS) application?

Isaca's CRISC Which of the following is the GREATEST risk associated with the misclassification of data?

Isaca's CRISC Which of the following would BEST mitigate the risk associated with reputational damage from inappropriate use of social media sites by employees?

Isaca's CRISC Which of the following should be the FIRST step when a company is made aware of new regulatory requirements impacting IT?

Isaca's CRISC The design of procedures to prevent fraudulent transactions within an enterprise resource planning (ERP) system should be based on:

Isaca's CRISC A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross-site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?

Isaca's CRISC Which of the following represents a vulnerability?

Isaca's CRISC An organization has detected unauthorized logins to its client database servers. Which of the following should be of GREATEST concern?

Isaca's CRISC The PRIMARY benefit of using a maturity model is that it helps to evaluate the:

Isaca's CRISC Which of the following would be a risk practitioner's BEST recommendation upon learning of an updated cybersecurity regulation that could impact the organization?

Isaca's CRISC Which of the following practices would be MOST effective in protecting personally identifiable information (PII) from unauthorized access in a cloud environment?

Isaca's CRISC Which of the following is the BEST way for an organization to enable risk treatment decisions?

Isaca's CRISC Which of the following is the BEST method of creating risk awareness in an organization?

Isaca's CRISC Which of the following will be the GREATEST concern when assessing the risk profile of an organization?

Isaca's CRISC Which of the following is the PRIMARY benefit of stakeholder involvement in risk scenario development?

Isaca's CRISC Which of the following is the BEST metric to demonstrate the effectiveness of an organization's software testing program?

Isaca's CRISC Which of the following should be management's PRIMARY focus when key risk indicators (KRIs) begin to rapidly approach defined thresholds?

Isaca's CRISC Which of the following is a risk practitioner's MOST important responsibility in managing risk acceptance that exceeds risk tolerance?