Isaca's CRISC The cost of maintaining a control has grown to exceed the potential loss. Which of the following BEST describes this situation?
#1021
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC When implementing an IT risk management program, which of the following is the BEST time to evaluate current control effectiveness?
#1022
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following key performance indicators (KPIs) would BEST measure the risk of a service outage when using a Software as a Service (SaaS) vendor?
#1023
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An organization has asked an IT risk practitioner to conduct an operational risk assessment on an initiative to outsource the organization’s customer service operations overseas. Which of the following would MOST significantly impact management’s decision?
#1024
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the GREATEST concern to a risk practitioner when process documentation is incomplete?
#1025
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC After entering a large number of low-risk scenarios into the risk register, it is MOST important for the risk practitioner to:
#1026
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC When classifying and prioritizing risk responses, the areas to address FIRST are those with:
#1027
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following controls will BEST mitigate risk associated with excessive access privileges?
#1028
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the MOST comprehensive information when developing a risk profile for a system?
#1029
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization retains footage from its data center security camera for 30 days when the policy requires 90-day retention. The business owner challenges whether the situation is worth remediating. Which of the following is the risk manager’s BEST response?
#1030
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be accountable for ensuring that media containing financial information are adequately destroyed per an organization’s data disposal policy?
#1031
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The MOST important measure of the effectiveness of risk management in project implementation is the percentage of projects:
#1032
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC A zero-day vulnerability has been discovered in a globally used brand of hardware server that allows hackers to gain access to affected IT systems. Which of the following is MOST likely to change as a result of this situation?
#1033
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would provide the MOST helpful input to develop risk scenarios associated with hosting an organization’s key IT applications in a cloud environment?
#1034
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would present the GREATEST challenge for a risk practitioner during a merger of two organizations?
#1035
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY accountability for a control owner?
#1036
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Risk appetite should be PRIMARILY driven by which of the following?
#1037
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important outcome of a business impact analysis (BIA)?
#1038
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which component of a software inventory BEST enables the identification and mitigation of known vulnerabilities?
#1039
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST reduces the risk associated with the theft of a laptop containing sensitive information?
#1040
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The operational risk associated with attacks on a web application should be owned by the individual in charge of:
#1041
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important benefit of reporting risk assessment results to senior management?
#1042
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the GREATEST benefit of implementing an enterprise risk management (ERM) program?
#1043
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC When confirming whether implemented controls are operating effectively, which of the following is MOST important to review?
#1044
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY reason for a risk practitioner to review an organization’s IT asset inventory?
#1045
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC When performing a risk assessment of a new service to support a core business process, which of the following should be done FIRST to ensure continuity of operations?
#1046
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important information to cover in a business continuity awareness training program for all employees of the organization?
#1047
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST effective way for a large and diversified organization to minimize risk associated with unauthorized software on company devices?
#1048
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization is implementing a project to automate the purchasing process, including the modification of approval controls. Which of the following tasks is the responsibility of the risk practitioner?
#1049
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following situations presents the GREATEST challenge to creating a comprehensive IT risk profile of an organization?