ISACA-CRISC

Isaca's CRISC Which of the following is MOST important to include in a report for senior management after resolving a significant IT incident?

Isaca's CRISC Which of the following is the MOST likely reason for a significant year-over-year increase in inherent risk?

Isaca's CRISC Which of the following is the MOST effective way to manage risk scenarios identified in the risk register?

Isaca's CRISC Which of the following is the MOST important concern when assigning multiple risk owners for an identified risk?

Isaca's CRISC Management has implemented two new preventative controls to address a risk found in an audit. Following closure of the issue, which of the following is MOST important to update in the risk register?

Isaca's CRISC A risk practitioner has collaborated with subject matter experts from the IT department to develop a large list of potential key risk indicators (KRIs) for all IT operations within the organization. Of the following, who should review the completed list and select the appropriate KRIs for implementation?

Isaca's CRISC Which of the following BEST supports the effective adoption of risk management across the enterprise?

Isaca's CRISC A risk practitioner is working with the incident management team to prioritize activities. Which of the following should be the FIRST priority of the incident response plan?

Isaca's CRISC An organization is required to comply with updates to an existing data protection regulation. Which of the following should the risk practitioner recommend be doneFIRST?

Isaca's CRISC Which of the following is MOST important when conducting a post-implementation review as part of the system development life cycle (SDLC)?

Isaca's CRISC A recent change in accounting policy has the potential to impact a known risk related to an organization's financial software. Which of the following should the risk practitioner do FIRST?

Isaca's CRISC Which of the following is BEST determined by analysis of incident reports?

Isaca's CRISC An organization is implementing robotic process automation (RPA) to streamline business processes. Given that implementation of this technology is expected to impact existing controls, which of the following is the risk practitioner’s BEST course of action?

Isaca's CRISC Which of the following is MOST likely to cause a key risk indicator (KRI) to exceed thresholds?

Isaca's CRISC Which of the following BEST represents the desired risk posture for an organization?

Isaca's CRISC A failed IT system upgrade project has resulted in the corruption of an organization’s asset inventory database. Which of the following controls BEST mitigates the impact of this incident?

Isaca's CRISC When creating a separate IT risk register for a large organization, which of the following is MOST important to consider with regard to the existing corporate risk register?

Isaca's CRISC Which of the following resources is MOST helpful to a risk practitioner when updating the likelihood rating in the risk register?

Isaca's CRISC Which of the following is MOST helpful in identifying loss magnitude during risk analysis of a new system?

Isaca's CRISC Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?

Isaca's CRISC Which of the following is the PRIMARY reason for sharing risk assessment reports with senior stakeholders?

Isaca's CRISC An organization has decided to implement a new Internet of Things (IoT) solution. Which of the following should be done FIRST when addressing security concerns associated with this new technology?

Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure how effectively risk management practices are embedded in the project management office (PMO)?

Isaca's CRISC To define the risk management strategy, which of the following MUST be set by the board of directors?

Isaca's CRISC Which of the following is MOST important to ensure when reviewing an organization's risk register?

Isaca's CRISC Which of the following key control indicators (KCIs) BEST indicates whether security requirements are identified and managed throughout a project life cycle?

Isaca's CRISC Which of the following will BEST ensure that controls adequately support business goals and objectives?

Isaca's CRISC Which of the following is MOST helpful in providing a high-level overview of current IT risk severity?

Isaca's CRISC A legacy application used for a critical business function relies on software that has reached the end of extended support. Which of the following is the MOST effective control to manage this application?

Isaca's CRISC A segregation of duties control was found to be ineffective because it did not account for all applicable functions when evaluating access. Who is responsible for ensuring the control is designed to effectively address risk?