Isaca's CRISC An organization's business process requires the verbal verification of personal information in an environment where other customers may overhear this information. Which of the following is the MOST significant risk?
#781
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization has initiated a project to launch an IT-based service to customers and take advantage of being the first to market. Which of the following should be of GREATEST concern to senior management?
#782
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important objective of embedding risk management practices into the initiation phase of the project management life cycle?
#783
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST significant indicator of the need to perform a penetration test?
#784
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the MOST reliable information to ensure a newly acquired company has appropriate IT controls in place?
#785
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Print jobs containing confidential information are sent to a shared network printer located in a secure room. Which of the following is the BEST control to prevent the inappropriate disclosure of confidential information?
#786
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would be MOST helpful when communicating roles associated with the IT risk management process?
#787
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC The PRIMARY benefit of conducting a risk workshop using a top-down approach instead of a bottom-up approach is the ability to:
#788
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC A bank recently incorporated blockchain technology with the potential to impact known risk within the organization. Which of the following is the risk practitioner'sBEST course of action?
#789
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Of the following, who is BEST suited to assist a risk practitioner in developing a relevant set of risk scenarios?
#790
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC The risk associated with an asset after controls are applied can be expressed as:
#791
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner notices a trend of noncompliance with an IT-related control. Which of the following would BEST assist in making a recommendation to management?
#792
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which key performance indicator (KPI) BEST measures the effectiveness of an organization's disaster recovery program?
#793
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC The PRIMARY advantage of involving end users in continuity planning is that they:
#794
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY risk management responsibility of the second line of defense?
#795
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way to ensure ongoing control effectiveness?
#796
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Who should have the authority to approve an exception to a control?
#797
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is a responsibility of the second line of defense in the three lines of defense model?
#798
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC To mitigate the risk of using a spreadsheet to analyze financial data, IT has engaged a third-party vendor to deploy a standard application to automate the process. Which of the following parties should own the risk associated with calculation errors?
#799
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the BEST evidence that risk responses are effective?
#800
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner has just learned about new malware that has severely impacted industry peers worldwide. Which of the following should be done FIRST?
#801
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MAIN purpose of monitoring risk?
#802
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC What is the PRIMARY benefit of risk monitoring?
#803
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An organization's control environment is MOST effective when:
#804
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC When reviewing the business continuity plan (BCP) of an online sales order system, a risk practitioner notices that the recovery time objective (RTO) has a shorter time than what is defined in the disaster recovery plan (DRP). Which of the following is the BEST way for the risk practitioner to address this concern?
#805
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the PRIMARY consideration when assessing the risk of using Internet of Things (IoT) devices to collect and process personally identifiable information (PII)?
#806
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC During a risk assessment of a financial institution, a risk practitioner discovers that tellers can initiate and approve transactions of significant value. This team is also responsible for ensuring transactions are recorded and balances are reconciled by the end of the day. Which of the following is the risk practitioner's BEST recommendation to mitigate the associated risk?
#807
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Due to a change in business processes, an identified risk scenario no longer requires mitigation. Which of the following is the MOST important reason the risk should remain in the risk register?
#808
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Reviewing which of the following provides the BEST indication of an organization's risk tolerance?
#809
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST helpful in defining an early-warning threshold associated with insufficient network bandwidth?