ISACA-CRISC

Isaca's CRISC Which of the following should be given the HIGHEST priority when developing a response plan for risk assessment results?

Isaca's CRISC Which of the following is the MOST important consideration for a risk owner when deciding whether to accept IT-related risk?

Isaca's CRISC Which of the following is the GREATEST concern if the recovery time objective (RTO) is not achieved during a disaster recovery test?

Isaca's CRISC Which of the following is the MOST important action for a risk practitioner when a recovery test indicates control gaps?

Isaca's CRISC Which of the following would be the GREATEST risk associated with conducting a parallel run during the replacement of a legacy system?

Isaca's CRISC Which of the following should be a risk practitioner’s GREATEST concern upon learning of failures in a data migration activity?

Isaca's CRISC Which of the following would be MOST helpful when determining the resources needed to mitigate risk identified as a result of a risk assessment?

Isaca's CRISC A risk practitioner notes that the number of unauthorized disclosures of confidential data has been increasing. Which of the following is MOST important to examine for determining the root cause?

Isaca's CRISC An organization has established workflows in its service desk to support employee reports of security-related concerns. Which of the following is the MOST efficient approach to analyze these concerns?

Isaca's CRISC Which of the following is MOST important for a risk practitioner to review during an IT risk assessment?

Isaca's CRISC An organization’s Internet-facing server was successfully attacked because the server did not have the latest security patches. The risk associated with poor patch management had been documented in the risk register and accepted. Who should be accountable for any related losses to the organization?

Isaca's CRISC A risk practitioner has been asked to evaluate a new cloud-based service to enhance an organization’s access management capabilities. When is the BEST time for the risk practitioner to provide opinions on control strength?

Isaca's CRISC A significant issue has occurred while moving an upgraded core business application to the production environment. The specific cause is unknown, and the outage window is about to expire. Which of the following is the risk practitioner's BEST recommendation to the business owner?

Isaca's CRISC A risk practitioner identifies several servers that have not been updated with patches in over a year because the operating systems are no longer supported. Given these servers still run mission-critical applications, which of the following should be done FIRST?

Isaca's CRISC Which of the following provides the MOST reliable evidence to support conclusions after completing an information systems controls assessment?

Isaca's CRISC Which of the following is the MOST important outcome of a business impact analysis (BIA)?

Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of IT policies? The number of:

Isaca's CRISC Which of the following is the BEST reason to incorporate risk scenarios associated with a bring your own device (BYOD) policy into the enterprise-wide risk profile?

Isaca's CRISC The MOST important reason to periodically review key risk indicators (KRIs) is to:

Isaca's CRISC A risk practitioner has observed that risk owners have approved a high number of exceptions to the information security policy. Which of the following should be the risk practitioner’s GREATEST concern?

Isaca's CRISC An organization is concerned with the use of personally identifiable information (PII) in a test database. Which of the following would BEST address this concern?

Isaca's CRISC An online retailer has decided to store its customer database with a cloud provider in an Infrastructure as a Service (IaaS) configuration. During an initial review of preliminary risk scenarios, a risk practitioner identifies instances where sensitive customer information is stored unencrypted. Who is accountable for ensuring this encryption?

Isaca's CRISC Which of the following BEST mitigates the risk associated with sensitive data loss due to theft of an organization's removable media?

Isaca's CRISC Which of the following is MOST important for a risk practitioner to confirm when reviewing the disaster recovery plan (DRP)?

Isaca's CRISC The implementation of automated controls is taking longer than expected. The risk owner is concerned about the materialization of risk before full implementation of the automated controls. As a result, the risk owner has established interim manual controls. Which of the following actions is MOST important for the risk practitioner to perform?

Isaca's CRISC Which of the following is MOST important when creating a program to reduce ethical risk?

Isaca's CRISC An organization recently implemented an extensive risk awareness program after a cybersecurity incident. Which of the following is MOST likely to be affected by the implementation of the program?

Isaca's CRISC Which of the following should be of GREATEST concern to an organization planning to migrate its customer data warehouse to an offshore operation?

Isaca's CRISC Which of the following should be the PRIMARY consideration when quantifying the risk associated with regulatory noncompliance?

Isaca's CRISC Which of the following is the MOST valuable data source to support the optimization of an existing key risk indicator (KRI)?