ISACA-CRISC

Isaca's CRISC Which of the following roles should be assigned accountability for monitoring risk levels?

Isaca's CRISC A MAJOR advantage of using key risk indicators (KRIs) is that they:

Isaca's CRISC Which of the following is a risk practitioner’s BEST recommendation upon learning that an employee inadvertently disclosed sensitive data to a vendor?

Isaca's CRISC An employee lost a personal mobile device that may contain sensitive corporate information. What should be the risk practitioner’s recommendation?

Isaca's CRISC Who is the BEST person to authorize access privileges to database tables for an application system used to process employee personal data?

Isaca's CRISC Which of the following is the MOST important reason to validate that risk responses have been executed as outlined in the risk response plan?

Isaca's CRISC A control process has been implemented in response to a new regulatory requirement, but has significantly reduced productivity. Which of the following is the BEST way to resolve this concern?

Isaca's CRISC A risk practitioner implemented a process to notify management of emergency changes that may not be approved. Which of the following is the BEST way to provide this information to management?

Isaca's CRISC Which of the following is performed after a risk assessment is completed?

Isaca's CRISC A risk owner has identified a risk with high impact and very low likelihood. The potential loss is covered by insurance. Which of the following should the risk practitioner do NEXT?

Isaca's CRISC Which of the following is the MOST comprehensive input to the risk assessment process specific to the effects of system downtime?

Isaca's CRISC Which of the following would provide the BEST evidence of an effective internal control environment?

Isaca's CRISC Which of the following has the GREATEST influence on an organization’s risk appetite?

Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery test of critical business processes?

Isaca's CRISC Which of the following is the PRIMARY objective of establishing an organization’s risk tolerance and appetite?

Isaca's CRISC Which of the following is the MOST effective way to identify an application backdoor prior to implementation?

Isaca's CRISC Which of the following is MOST likely to introduce risk for financial institutions that use blockchain?

Isaca's CRISC After an annual risk assessment is completed, which of the following would be MOST important to communicate to stakeholders?

Isaca's CRISC Which of the following is the PRIMARY reason for an organization to include an acceptable use banner when users log in?

Isaca's CRISC The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

Isaca's CRISC Which of the following is the PRIMARY objective of maintaining an information asset inventory?

Isaca's CRISC Which of the following would be of MOST concern to a risk practitioner reviewing risk action plans for documented IT risk scenarios?

Isaca's CRISC Which of the following is MOST likely to deter an employee from engaging in inappropriate use of company-owned IT systems?

Isaca's CRISC Which of the following is MOST important to include when reporting the effectiveness of risk management to senior management?

Isaca's CRISC The PRIMARY objective of testing the effectiveness of a new control before implementation is to:

Isaca's CRISC Which of the following is the BEST approach for selecting controls to minimize risk?

Isaca's CRISC Which of the following provides the MOST reliable evidence of a control’s effectiveness?

Isaca's CRISC An incentive program is MOST likely implemented to manage the risk associated with loss of which organizational asset?

Isaca's CRISC An organization has experienced a cyber attack that exposed customer personally identifiable information (PII) and caused extended outages of network services. Which of the following stakeholders are MOST important to include in the cyber response team to determine response actions?

Isaca's CRISC Who is MOST important to include in the assessment of existing IT risk scenarios?