ISACA-CRISC

Isaca's CRISC Which of the following BEST enables an organization to develop a comprehensive key performance indicator (KPI) strategy to measure all key controls?

Isaca's CRISC An organization has outsourced its accounts payable function to an external service provider that does not have an effective business continuity pian (BCP) in place. Who owns the associated risk?

Isaca's CRISC Which of the following would BEST enable senior management to make informed decisions about the effectiveness of existing controls to mitigate risk?

Isaca's CRISC During a risk assessment, a risk practitioner learns that an IT risk factor is adequately mitigated by compensating controls in an associated business process.Which of the following would enable the MOST effective management of the residual risk?

Isaca's CRISC What should be the PRIMARY objective of updating a risk awareness program in response to a steady rise in cybersecurity threats across the industry?

Isaca's CRISC Which of the following is the MOST important reason for a risk practitioner to identify stakeholders for each IT risk scenario?

Isaca's CRISC What is the PRIMARY role of the application owner when changes are being introduced into an existing environment?

Isaca's CRISC Which of the following is the BEST way to evaluate the risk awareness of control owners?

Isaca's CRISC Which of the following is the MOST effective key risk indicator (KRI) for monitoring problem management?

Isaca's CRISC From a risk management perspective, which of the following is the PRIMARY purpose of conducting a root cause analysis following an incident?

Isaca's CRISC Which of the following is MOST critical for a risk practitioner to continuously monitor to support senior management's risk-related decision making?

Isaca's CRISC Risk avoidance is the BEST risk treatment strategy when:

Isaca's CRISC Which of the following is the MOST important objective from a cost perspective for considering aggregated risk responses in an organization?

Isaca's CRISC Which of the following provides the MOST useful information for regular reporting to senior management on the control environment's effectiveness?

Isaca's CRISC The IT risk profile is PRIMARILY a communication tool for:

Isaca's CRISC Which of the following BEST promotes alignment between IT risk management and enterprise risk management?

Isaca's CRISC Which of the following is MOST important for an IT risk practitioner to update once risk mitigation action plans have been verified as completed?

Isaca's CRISC To obtain support from senior management for an increase in the risk mitigation budget, it is BEST to prioritize risk scenarios in the risk register based on:

Isaca's CRISC Which of the following is the PRIMARY reason to perform periodic vendor risk assessments?

Isaca's CRISC Using key risk indicators (KRIs) to illustrate changes in the risk profile PRIMARILY helps to:

Isaca's CRISC An organization's chief information officer (CIO) has proposed investing in a new, untested technology to take advantage of being first to market. Senior management has concerns about the success of the project and has set a limit for expenditures before final approval. This conditional approval indicates the organization's risk:

Isaca's CRISC A hospital's Internet of Things (IoT) bio-medical devices were recently hacked. Which of the following methods would BEST assist in identifying the control deficiencies?

Isaca's CRISC A financial organization is considering a project to implement the use of blockchain technology. To help ensure the organization's management team can make informed decisions on the project, which of the following should the risk practitioner reassess?

Isaca's CRISC Which of the following should be a risk practitioner's NEXT step after learning of an incident that has affected a competitor?

Isaca's CRISC Which of the following is the PRIMARY responsibility of a risk owner?

Isaca's CRISC Which of the following is the BEST way for a risk practitioner to present an annual risk management update to the board?

Isaca's CRISC A risk assessment has determined that an organization is highly susceptible to a vulnerability in its IT infrastructure. Which of the following is MOST important to communicate to the board?

Isaca's CRISC External auditors have found that management has not effectively monitored key security technologies that support regulatory objectives. Which type of indicator would BEST enable the organization to identify and correct this situation?

Isaca's CRISC An organization has outsourced its customer management database to an external service provider. Of the following, who should be accountable for ensuring customer data privacy?

Isaca's CRISC Due to budget constraints, an organization cannot implement encryption to all databases. Which of the following is the MOST useful information to identify high- risk databases where encryption should be applied?