ISACA-CRISC

Isaca's CRISC In the three lines of defense model, which of the following activities would be completed by the FIRST line of defense?

Isaca's CRISC Which of these documents is MOST important to request from a cloud service provider during a vendor risk assessment?

Isaca's CRISC A new risk practitioner finds that decisions for implementing risk response plans are not being made. Which of the following would MOST likely explain this situation?

Isaca's CRISC Which of the following is the BEST indicator of executive management's support for IT risk mitigation efforts?

Isaca's CRISC The BEST metric to demonstrate that servers are configured securely is the total number of servers:

Isaca's CRISC Which of the following is the MOST important goal of a security awareness program?

Isaca's CRISC A recent big data project has resulted in the creation of an application used to support important investment decisions. Which of the following should be ofGREATEST concern to the risk practitioner?

Isaca's CRISC An organization has initiated quarterly briefings for executive management with a focus on increasing risk awareness. Which of the following is MOST relevant to include in this briefing?

Isaca's CRISC During a risk assessment, a key external technology supplier refuses to provide control design and effectiveness information, citing confidentiality concerns. What should the risk practitioner do NEXT?

Isaca's CRISC When implementing a key performance indicator (KPI) for control performance monitoring, it is MOST important to:

Isaca's CRISC The PRIMARY reason for defining risk ownership in an organization is to ensure:

Isaca's CRISC Which of the following is the MOST important step to ensure regulatory requirements are adequately addressed within an organization?

Isaca's CRISC A large organization is replacing its enterprise resource planning (ERP) system and has decided not to deploy the payroll module of the new system. Instead, the current payroll system will continue to be used. Of the following, who should own the risk if the ERP and payroll systems fail to operate as expected?

Isaca's CRISC Which of the following BEST enables risk-based decision making in support of a business continuity plan (BCP)?

Isaca's CRISC A process maturity model is MOST useful to the risk management process because it helps:

Isaca's CRISC When evaluating a number of potential controls for treating risk, it is MOST important to consider:

Isaca's CRISC A recent vulnerability assessment of a web-facing application revealed several weaknesses. Which of the following should be done NEXT to determine the risk exposure?

Isaca's CRISC Which of the following is MOST useful when performing a quantitative risk assessment?

Isaca's CRISC Following an acquisition, the acquiring company's risk practitioner has been asked to update the organization's IT risk profile. What is the MOST important information to review from the acquired company to facilitate this task?

Isaca's CRISC Which of the following provides the MOST mitigation value for an organization implementing new Internet of Things (IoT) devices?

Isaca's CRISC Which of the following is the BEST control to minimize the risk associated with scope creep in software development?

Isaca's CRISC An organization is reviewing a contract for a Software as a Service (SaaS) sales application with a 99.9% uptime service level agreement (SLA). Which of the following BEST describes ownership of availability risk?

Isaca's CRISC During an acquisition, which of the following would provide the MOST useful input to the parent company's risk practitioner when developing risk scenarios for the post-acquisition phase?

Isaca's CRISC Which of the following should a risk practitioner recommend be done prior to disposal of server hardware containing confidential data?

Isaca's CRISC A vendor's planned maintenance schedule will cause a critical application to temporarily lose failover capabilities. Of the following, who should approve this proposed schedule?

Isaca's CRISC An organization is measuring the effectiveness of its change management program to reduce the number of unplanned production changes. Which of the following would be the BEST metric to determine if the program is performing as expected?

Isaca's CRISC An organization recently implemented a cybersecurity awareness program that includes anti-phishing exercises for all employees. What type of control is being utilized?

Isaca's CRISC A recently purchased IT application does not meet project requirements. Of the following, who is accountable for the potential impact?

Isaca's CRISC Which of the following is the MOST effective approach for an organization to establish and promote a strong risk culture?

Isaca's CRISC Which of the following is the MOST important responsibility of an IT risk committee charged with overseeing IT risk management?