ISACA-CRISC

Isaca's CRISC A new regulatory requirement imposes severe fines for data leakage involving customers' personally identifiable information (PII). The risk practitioner has recommended avoiding the risk. Which of the following actions would BEST align with this recommendation?

Isaca's CRISC As part of business continuity planning, which of the following is MOST important to include in a business impact analysis (BIA)?

Isaca's CRISC When documenting a risk response, which of the following provides the STRONGEST evidence to support the decision?

Isaca's CRISC Which of the following is the MOST important activity when identifying relevant risk data?

Isaca's CRISC An organization has made a decision to purchase a new IT system. During which phase of the system development life cycle (SDLC) will identified risk MOST likely lead to architecture and design trade-offs?

Isaca's CRISC From a risk management perspective, which of the following is the PRIMARY benefit of using automated system configuration validation tools?

Isaca's CRISC Which of the following is the BEST approach to mitigate the risk associated with a control deficiency?

Isaca's CRISC Who should be responsible for strategic decisions on risk management?

Isaca's CRISC Which of the following would be the GREATEST concern for an IT risk practitioner when an employee has transferred to another department?

Isaca's CRISC An organization is planning to implement a guest wireless network granting internet access only. Which of the following is the MOST important consideration to effectively mitigate the risk of guests gaining access to the organization's internal network?

Isaca's CRISC Which of the following should be determined FIRST when a new security vulnerability is made public?

Isaca's CRISC When should be a risk practitioner's PRIMARY focus when evaluating a proposed robotic process automation of a business service?

Isaca's CRISC Which of the following stakeholders are typically included as part of a line of defense within the three lines of defense model?

Isaca's CRISC Which of the following is the MOST important data attribute of key risk indicators (KRIs)?

Isaca's CRISC What should a risk practitioner do FIRST when a shadow IT application is identified in a business owner's business impact analysis (BIA)?

Isaca's CRISC An organization is planning to move its application infrastructure from on-premise to the cloud. Which of the following is the BEST course of action to address the risk associated with data transfer if the relationship is terminated with the vendor?

Isaca's CRISC Which of the following would BEST mitigate an identified risk scenario?

Isaca's CRISC Which of the following is MOST important for mitigating ethical risk when establishing accountability for control ownership?

Isaca's CRISC Which of the following is the MOST appropriate action when a tolerance threshold is exceeded?

Isaca's CRISC A risk practitioner has been asked to recommend a key performance indicator (KPI) to assess the effectiveness of a manual process to terminate user access.Which of the following is the BEST KPI to recommend?

Isaca's CRISC Which of the following would BEST help to address the risk associated with malicious outsiders modifying application data?

Isaca's CRISC Which of the following issues found during the review of a newly created disaster recovery plan (DRP) should be of MOST concern?

Isaca's CRISC A key risk indicator (KRI) flags an exception for exceeding a threshold but remains within risk appetite. Which of the following should be done NEXT?

Isaca's CRISC An organization's capability to implement a risk management framework is PRIMARILY influenced by the:

Isaca's CRISC An organization is concerned that its employees may be unintentionally disclosing data through the use of social media sites. Which of the following will MOST effectively mitigate this risk?

Isaca's CRISC Which of the following contributes MOST to the effective implementation of risk responses?

Isaca's CRISC Which of the following BEST indicates the risk appetite and tolerance level for the risk associated with business interruption caused by IT system failures?

Isaca's CRISC Which of the following is the MOST important consideration when developing risk strategies?

Isaca's CRISC Which of the following would BEST facilitate the implementation of data classification requirements?

Isaca's CRISC An organization has used generic risk scenarios to populate its risk register. Which of the following presents the GREATEST challenge to assigning ownership of the associated risk entries?