ISACA-CRISC

Isaca's CRISC A global organization has implemented an application that does not address all privacy requirements across multiple jurisdictions. Which of the following risk responses has the organization adopted with regard to privacy requirements?

Isaca's CRISC An information security audit identified a risk resulting from the failure of an automated control. Who is responsible for ensuring the risk register is updated accordingly?

Isaca's CRISC An internal audit report reveals that a legacy system is no longer supported. Which of the following is the risk practitioner’s MOST important action before recommending a risk response?

Isaca's CRISC Which of the following proposed benefits is MOST likely to influence senior management approval to reallocate budget for a new security initiative?

Isaca's CRISC Reviewing which of the following BEST helps an organization gain insight into its overall risk profile?

Isaca's CRISC Which of the following is the MOST effective way to promote organization-wide awareness of data security in response to an increase in regulatory penalties for data leakage?

Isaca's CRISC An organization is planning to outsource its payroll function to an external service provider. Which of the following should be the MOST important consideration when selecting the provider?

Isaca's CRISC Which of the following is the BEST way to protect sensitive data from administrators within a public cloud?

Isaca's CRISC Which of the following should be the FIRST consideration when establishing a new risk governance program?

Isaca's CRISC A risk practitioner is reviewing accountability assignments for data risk in the risk register. Which of the following would pose the GREATEST concern?

Isaca's CRISC Which of the following is a risk practitioner’s BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?

Isaca's CRISC Which of the following should be the PRIMARY input to determine risk tolerance?

Isaca's CRISC Which of the following should be considered FIRST when creating a comprehensive IT risk register?

Isaca's CRISC Which of the following is the PRIMARY reason to engage business unit managers in risk management processes?

Isaca's CRISC Which of the following would be the BEST way for a risk practitioner to validate the effectiveness of a patching program?

Isaca's CRISC An organization has allowed several employees to retire early in order to avoid layoffs. Many of these employees have been subject matter experts for critical assets. Which type of risk is MOST likely to materialize?

Isaca's CRISC Which of the following is the result of a realized risk scenario?

Isaca's CRISC Which of the following is the GREATEST concern when establishing key risk indicators (KRIs)?

Isaca's CRISC A penetration test reveals several vulnerabilities in a web-facing application. Which of the following should be the FIRST step in selecting a risk response?

Isaca's CRISC Which of the following is the MOST important consideration for effectively maintaining a risk register?

Isaca's CRISC Which risk response strategy could management apply to both positive and negative risk that has been identified?

Isaca's CRISC Which of the following is MOST important to determine as a result of a risk assessment?

Isaca's CRISC Which of the following is the BEST recommendation to address recent IT risk trends that indicate social engineering attempts are increasing in the organization?

Isaca's CRISC Which of the following is MOST important for an organization to consider when developing its IT strategy?

Isaca's CRISC Which of the following is the MOST important course of action for a risk practitioner when reviewing the results of control performance monitoring?

Isaca's CRISC Which stakeholder is MOST important to include when defining a risk profile during the selection process for a new third-party application?

Isaca's CRISC Who is MOST appropriate to be assigned ownership of a control?

Isaca's CRISC The BEST indicator of the risk appetite of an organization is the:

Isaca's CRISC An organization’s business gap analysis reveals the need for a robust IT risk strategy. Which of the following should be the risk practitioner’s PRIMARY consideration when participating in development of the new strategy?

Isaca's CRISC An organization has operations in a location that regularly experiences severe weather events. Which of the following would BEST help to mitigate the risk to operations?