Isaca's CRISC Static code analysis has been consistently finding a significant number of critical security issues throughout an organization's internally developed applications. The risk practitioner’s BEST recommendation would be to:
#1291
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way to maintain a current list of organizational risk scenarios?
#1292
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY objective of the risk identification process?
#1293
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC When developing a risk awareness training program, which of the following is the BEST way to promote a risk-aware culture?
#1294
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY reason to periodically assess risk management capabilities?
#1295
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC During an after-hours compliance review, a risk practitioner discovers sensitive documents on an employee’s desk in violation of company policy. Which of the following should the risk practitioner’s do NEXT?
#1296
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST reduces the likelihood of employees unintentionally disclosing sensitive information to outside parties?
#1297
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY purpose of periodically updating an organization's risk profile?
#1298
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Continuous monitoring of key risk indicators (KRIs) will:
#1299
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way to ensure key risk indicators (KRIs) continue to help management make informed decisions?
#1300
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following aspects of risk can be transferred to a third party?
#1301
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following has the GREATEST impact on backup policies for a system supporting a critical process?
#1302
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the BEST indication that existing controls are effective?
#1303
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An organization has engaged an external consultant to assess its cybersecurity program. Which of the following findings would be MOST important to address?
#1304
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC To enable effective integration of IT risk scenarios and enterprise risk management (ERM), it is MOST important to have a consistent approach to reporting:
#1305
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC The results of a risk assessment reveal risk scenarios with high impact and low likelihood of occurrence. Which of the following would be the BEST action to address these scenarios?
#1306
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST helpful in identifying appropriate business stakeholders to construct and assess IT risk scenarios?
#1307
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following scenarios is MOST important to communicate to senior management?
#1308
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC A risk practitioner has observed an increasing trend of phishing attempts directed at employees. Which of the following is the MOST important action to help mitigate the situation?
#1309
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the BEST assurance of the effectiveness of internal controls?
#1310
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important attribute of a risk owner?
#1311
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC As part of its risk strategy, an organization decided to transition its financial system from a cloud-based provider to an internally managed system. Which of the following should the risk practitioner do FIRST?
#1312
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would BEST support the integrity of online financial transactions?
#1313
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is MOST important to ensure before using risk reports in decision making?
#1314
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would present the GREATEST risk when outsourcing the data processing of personally identifiable information (PII) to a vendor with subcontractors?
#1315
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST facilitates the development of effective IT risk scenarios?
#1316
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important benefit of implementing a data classification program?
#1317
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST indicates that risk management is embedded into the responsibilities of all employees?
#1318
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following information in a risk monitoring report will provide the MOST insight to stakeholders regarding risk status?
#1319
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC An organization moved one of its applications to a public cloud, but after migration decided to move it back on-premise after an issue caused the application to be down for one day. What does this scenario indicate?