ISACA-CRISC

Isaca's CRISC Which of the following should be of GREATEST concern when reviewing the results of an independent control assessment to determine the effectiveness of a vendor's control environment?

Isaca's CRISC What should be the PRIMARY objective for a risk practitioner performing a post-implementation review of an IT risk mitigation project?

Isaca's CRISC A multinational organization is developing a risk awareness program to promote a unified risk culture across all regions. Which of the following will BEST enable the achievement of this objective?

Isaca's CRISC Which of the following will BEST help to ensure key risk indicators (KRIs) provide value to risk owners?

Isaca's CRISC Which of the following is the MOST relevant information to include in a risk management strategy?

Isaca's CRISC A risk practitioner has been hired to establish risk management practices to be embedded across an organization. Which of the following should be the FIRST course of action?

Isaca's CRISC An IT risk profile should be reviewed and updated when a new:

Isaca's CRISC Which of the following is the GREATEST benefit of using key control indicators (KCIs)?

Isaca's CRISC An organization recently restructured its leadership team and implemented emerging technologies. Which of the following MUST be validated to ensure risk is managed to an acceptable level?

Isaca's CRISC The objective of aligning mitigating controls to risk appetite is to ensure that:

Isaca's CRISC Which of the following is MOST important for a risk practitioner to include in a report for senior management on the risk related to the adoption of cloud computing?

Isaca's CRISC Which of the following is the PRIMARY risk management responsibility of the third line of defense?

Isaca's CRISC Which of the following should be the PRIMARY concern when changes to firewall rules do not follow change management requirements?

Isaca's CRISC Which of the following will provide the BEST measure of compliance with IT policies?

Isaca's CRISC A risk assessment has identified concerns about vulnerabilities associated with an Internet-facing application. Which of the following is the risk practitioner's BEST recommendation?

Isaca's CRISC Which of the following is the PRIMARY objective of engaging key stakeholders in the IT risk assessment process?

Isaca's CRISC Which of the following would be of GREATEST concern to a risk practitioner following an annual review of the risk monitoring process?

Isaca's CRISC An organization wants to launch a campaign to advertise a new product. Using data analytics, the campaign can be targeted to reach potential customers. Which of the following should be of GREATEST concern to the risk practitioner?

Isaca's CRISC What is the BEST information to present to business risk owners when justifying costs related to controls?

Isaca's CRISC An organization has outsourced a critical process involving highly regulated data to a third party with servers located in a foreign country. Who is accountable for the confidentiality of this data?

Isaca's CRISC Which of the following is a risk practitioner's BEST course of action if a risk assessment identifies a risk that is extremely unlikely but would have a severe impact should it occur?

Isaca's CRISC Which of the following is MOST important for senior management to review during an acquisition?

Isaca's CRISC Which of the following is MOST likely to be impacted when a global organization is required by law to implement a new data protection regulation across its operations?

Isaca's CRISC Which of the following is the PRIMARY reason to conduct risk assessments at periodic intervals?

Isaca's CRISC A risk practitioner is utilizing a risk heat map during a risk assessment. Risk events that are coded with the same color will have a similar:

Isaca's CRISC Which of the following is the BEST way to ensure controls are maintained consistently across the environment?

Isaca's CRISC Which of the following is MOST important to promoting a risk-aware culture?

Isaca's CRISC When a risk practitioner is determining a system's criticality, it is MOST helpful to review the associated:

Isaca's CRISC Which of the following would be a risk practitioner's GREATEST concern with the use of a vulnerability scanning tool?

Isaca's CRISC Which of the following is the MOST important key performance indicator (KPI) to monitor the effectiveness of disaster recovery processes?