ISACA-CRISC

Isaca's CRISC Which of the following is the MOST effective way to validate organizational awareness of cybersecurity risk?

Isaca's CRISC Which of the following is MOST likely to result in a major change to the overall risk profile of the organization?

Isaca's CRISC Which of the following is the ULTIMATE objective of utilizing key control indicators (KCIs) in the risk management process?

Isaca's CRISC An organization requires a third-party attestation report annually from all service providers. One service provider is unable to provide the required report due to recent changes in ownership. Which of the following is the BEST course of action for the risk practitioner?

Isaca's CRISC Which of the following processes BEST enables a risk practitioner to gather evidence about the threat environment for further analysis?

Isaca's CRISC Which of the following BEST enables a risk practitioner to determine the appropriate risk treatment for a materialized event?

Isaca's CRISC To drive effective risk management, it is MOST important that an organization’s policy framework is:

Isaca's CRISC Which of the following is the MOST important risk management activity during project initiation?

Isaca's CRISC Which of the following provides a risk practitioner with the MOST reliable evidence of a third-party’s ability to protect the confidentiality of sensitive corporate information?

Isaca's CRISC An insurance company handling sensitive and personal information from its customers receives a large volume of telephone requests and electronic communications daily. Which of the following is MOST important to include in a risk awareness training session for the customer service department?

Isaca's CRISC Which of the following is the BEST approach to resolve a disagreement between stakeholders regarding the impact of a potential risk scenario?

Isaca's CRISC Which of the following is the BEST indication of a potential threat?

Isaca's CRISC Which of the following is the MOST effective in mitigating the risk of rogue Internet of Things (IoT) devices in an organization’s network?

Isaca's CRISC An organization is outsourcing data processing to a third-party data center facility to reduce costs. Who is responsible for the performance of data retention controls?

Isaca's CRISC An organization has recently corrected its machine-learning model that had been producing automated decisions that had adverse impact on its customers. Which of the following is the BEST course of action?

Isaca's CRISC Which of the following is the MOST effective way to help ensure senior management is informed about the organization's risk environment?

Isaca's CRISC Which of the following presents the GREATEST risk to an organization with a large number of Internet of Things (IoT) devices within its network?

Isaca's CRISC An organization's IT department wants to complete a proof of concept (POC) for a security tool. The project lead has asked for approval to use the production data for testing purposes as it will yield the best results. Which of the following is the risk practitioner's BEST recommendation?

Isaca's CRISC An organization has purchased insurance coverage against potential unauthorized disclosure of personal data. What should be expected as a result of this risk response?

Isaca's CRISC Who is ULTIMATELY accountable for the confidentiality of data in the event of a data breach within a Software as a Service (SaaS) environment?

Isaca's CRISC Which of the following is the GREATEST benefit of a risk-aware culture?

Isaca's CRISC An organization has outsourced its backup and recovery procedures to a cloud service provider. The provider's controls are inadequate for the organization's level of risk tolerance. As a result, the organization has internally implemented additional backup and recovery controls. Which risk response has been adopted?

Isaca's CRISC Which of the following presents the GREATEST risk associated with the use of emerging technologies?

Isaca's CRISC Which of the following would be MOST helpful to review when prioritizing the implementation of multiple IT-related initiatives?

Isaca's CRISC Which of the following attributes of data provided to an automated log analysis tool is MOST important for effective risk monitoring?

Isaca's CRISC A control owner has decided to implement a compensating control instead of the control selected in the risk action plan. Which of the following is the risk practitioner's MOST important action after reassessing the risk?

Isaca's CRISC Which of the following is a PRIMARY benefit to an organization adopting a three lines of defense model?

Isaca's CRISC Which of the following would be the MOST effective mitigating control when a legacy application does not have the capability to appropriately enforce separation of duties?

Isaca's CRISC Risk mitigation is MOST effective when which of the following is optimized?

Isaca's CRISC Which of the following is the BEST way to assess the effectiveness of an access management process?