Isaca's CRISC Which of the following BEST facilitates the identification of appropriate key performance indicators (KPIs) for a risk management program?
#1081
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization plans to implement a new Software as a Service (SaaS) speech-to-text solution. Which of the following is MOST important to mitigate risk associated with data privacy?
#1082
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC The MAIN purpose of selecting a risk response is to:
#1083
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization is adopting blockchain for a new financial system: Which of the following should be the GREATEST concern for a risk practitioner evaluating the system’s production readiness?
#1084
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way to ensure data is properly sanitized while in cloud storage?
#1085
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the GREATEST benefit of a three lines of defense structure?
#1086
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC What should be the PRIMARY consideration related to data privacy protection when there are plans for a business initiative to make use of personal information?
#1087
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST approach for an organization in a heavily regulated industry to comprehensively test application functionality?
#1088
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the MOST useful information to assess the magnitude of identified deficiencies in the IT control environment?
#1089
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY purpose of creating and documenting control procedures?
#1090
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Of the following, who should be PRIMARILY responsible for performing user entitlement reviews?
#1091
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC The MAJOR reason to classify information assets is to:
#1092
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important to consider before determining a response to a vulnerability?
#1093
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the GREATEST benefit of centralizing IT systems?
#1094
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Senior management is deciding whether to share confidential data with the organization’s business partners. The BEST course of action for a risk practitioner would be to submit a report to senior management containing the:
#1095
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would be of GREATEST concern regarding an organization’s asset management?
#1096
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY objective of risk management?
#1097
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC When developing a response plan to address security incidents regarding sensitive data loss; it is MOST important to:
#1098
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be used as the PRIMARY basis for evaluating the state of an organization’s cloud computing environment against leading practices?
#1099
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the PRIMARY basis for prioritizing risk responses?
#1100
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Of the following, who is responsible for approval when a change in an application system is ready for release to production?
#1101
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization’ s recovery team is attempting to recover critical data backups following a major flood in its data center. However, key team members do not know exactly what steps should be taken to address this crisis. Which of the following is the MOST likely cause of this situation?
#1102
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The MAIN reason for prioritizing IT risk responses is to enable an organization to:
#1103
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following presents the GREATEST challenge to managing an organization’s end-user devices?
#1104
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner has established that a particular control is working as desired, but the annual cost of maintenance has increased and now exceeds the expected annual loss exposure. The result is that the control is:
#1105
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important when determining risk appetite?
#1106
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST effective way to help ensure accountability for managing risk?
#1107
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC What is senior management’s role in the RACI model when tasked with reviewing monthly status reports provided by risk owners?
#1108
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC An organization uses one centralized single sign-on (SSO) control to cover many applications. Which of the following is the BEST course of action when a new application is added to the environment after testing of the SSO control has been completed?
#1109
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following observations from a third-party service provider review would be of GREATEST concern to a risk practitioner?