ISACA-CRISC

Isaca's CRISC Which of the following BEST balances the costs and benefits of managing IT risk?

Isaca's CRISC Which of the following would provide the MOST useful input when evaluating the appropriateness of risk responses?

Isaca's CRISC Which of the following BEST enables effective IT control implementation?

Isaca's CRISC An organization recently acquired a new business division. Which of the following is MOST likely to be affected?

Isaca's CRISC One of an organization’s key IT systems cannot be patched because the patches interfere with critical business application functionalities. Which of the following would be the risk practitioner’s BEST recommendation?

Isaca's CRISC Which of the following is the MAIN benefit to an organization using key risk indicators (KRIs)?

Isaca's CRISC An organization has agreed to a 99% availability for its online services and will not accept availability that falls below 98.5%. This is an example of:

Isaca's CRISC Which of the following would MOST likely cause management to unknowingly accept excessive risk?

Isaca's CRISC Which of the following is the MOST useful information for a risk practitioner when planning response activities after risk identification?

Isaca's CRISC What is the BEST recommendation to reduce the risk associated with potential system compromise when a vendor stops releasing security patches and updates for a business-critical legacy system?

Isaca's CRISC Which of the following would provide the MOST reliable evidence of the effectiveness of security controls implemented for a web application?

Isaca's CRISC A recent regulatory requirement has the potential to affect an organization’s use of a third party to supply outsourced business services. Which of the following is the BEST course of action?

Isaca's CRISC A risk practitioner has identified that the agreed recovery time objective (RTO) with a Software as a Service (SaaS) provider is longer than the business expectation. Which of the following is the risk practitioner’s BEST course of action?

Isaca's CRISC Which of the following BEST enables a risk practitioner to understand management's approach to organizational risk?

Isaca's CRISC An organization has been experiencing an increasing number of spear phishing attacks. Which of the following would be the MOST effective way to mitigate the risk associated with these attacks?

Isaca's CRISC A poster has been displayed in a data center that reads, “Anyone caught taking photographs in the data center may be subject to disciplinary action.” Which of the following control types has been implemented?

Isaca's CRISC Which of the following is the MOST important characteristic of a key risk indicator (KRI) to enable decision-making?

Isaca's CRISC Which of the following is the BEST method to mitigate the risk of an unauthorized employee viewing confidential data in a database?

Isaca's CRISC Which of the following is the ULTIMATE goal of conducting a privacy impact analysis (PIA)?

Isaca's CRISC Which of the following provides the BEST assurance of the effectiveness of vendor security controls?

Isaca's CRISC A risk practitioner recently discovered that personal information from the production environment is required for testing purposes in non-production environments. Which of the following is the BEST recommendation to address this situation?

Isaca's CRISC Who should be responsible for determining which stakeholders need to be involved in the development of a risk scenario?

Isaca's CRISC An organization recently implemented a machine learning-based solution to monitor IT usage and analyze user behavior in an effort to detect internal fraud. Which of the following is MOST likely to be reassessed as a result of this initiative?

Isaca's CRISC Which of the following provides the MOST useful information for developing key risk indicators (KRIs)?

Isaca's CRISC Which of the following is the GREATEST benefit of using IT risk scenarios?

Isaca's CRISC Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?

Isaca's CRISC Which of the following is the BEST evidence of the effectiveness of a security awareness program?

Isaca's CRISC Which of the following findings of a security awareness program assessment would cause the GREATEST concern to a risk practitioner?

Isaca's CRISC Which of the following is the MOST effective way to reduce potential losses due to ongoing expense fraud?

Isaca's CRISC Which of the following potential scenarios associated with the implementation of a new database technology presents the GREATEST risk to an organization?