ISACA-CRISC

Isaca's CRISC A risk practitioner discovers that a data center's air conditioning system cannot provide sufficient cooling. What else is MOST important to consider when predicting the probability of adverse business impact from this issue?

Isaca's CRISC A risk practitioner observes that the network team responsible for maintaining the network infrastructure is severely understaffed, which could lead to operational losses. Which of the following is MOST directly affected by the risk practitioner's observation?

Isaca's CRISC Which of the following BEST enables the development of a successful IT strategy focused on business risk mitigation?

Isaca's CRISC Which of the following should be the PRIMARY role of the data owner in a risk management program?

Isaca's CRISC Which of the following is the PRIMARY advantage of aligning generic risk scenarios with business objectives?

Isaca's CRISC Which of the following is a risk factor associated with migrating to an Infrastructure as a Service (IaaS) public cloud service provider?

Isaca's CRISC An organizational code of ethics is MOST useful as a:

Isaca's CRISC An organization has modified its disaster recovery plan (DRP) to reflect recent changes in its IT environment. Which of the following is the PRIMARY reason to test the new plan?

Isaca's CRISC Which of the following should be the MOST important consideration for prioritizing the development of risk scenarios?

Isaca's CRISC An organization has sustained significant losses from a series of cyber events. Which of the following control types would MOST likely help reduce further losses?

Isaca's CRISC What is the MOST important information provided by key performance indicators (KPIs) in a risk management program?

Isaca's CRISC A large organization plans to take advantage of cloud computing to reduce costs; however, there are data-use restrictions that require certain data to remain on premise. Which cloud model should the risk practitioner recommend for this deployment?

Isaca's CRISC Which of the following provides the BEST assurance that an organization will be able to defend against cyber attacks?

Isaca's CRISC While participating in a scenario analysis exercise, a risk practitioner was asked to determine the reputational impact of a system outage. Which of the following would be the BEST approach?

Isaca's CRISC Which of the following should be a risk practitioner's PRIMARY consideration when evaluating the possible impact of an adverse event affecting corporate information assets?

Isaca's CRISC Which of the following BEST enables an organization to increase the likelihood of identifying risk associated with unethical employee behavior?

Isaca's CRISC Which of the following is MOST important to include in an IT risk management policy?

Isaca's CRISC An organization recently completed a major restructuring project to reduce overhead costs by streamlining the approval hierarchy. Which of the following should be done FIRST by the control owner?

Isaca's CRISC A risk practitioner wants to identify potential risk events that affect the continuity of a critical business process. Which of the following should the risk practitioner do FIRST?

Isaca's CRISC Which of the following is the MOST important information for determining inherent risk?

Isaca's CRISC Which of the following activities should only be performed by the third line of defense?

Isaca's CRISC Which of the following is MOST helpful in reducing the likelihood of inaccurate risk assessment results?

Isaca's CRISC Which of the following is a risk practitioner's BEST recommendation to management when testing results indicate the organization's recovery time objective (RTO) cannot be met?

Isaca's CRISC Which of the following is the GREATEST benefit of establishing a program to design, report, and monitor key control indicators (KCIs) as part of the risk management process?

Isaca's CRISC Which of the following is the PRIMARY focus of enterprise architecture (EA)?

Isaca's CRISC From an IT risk perspective, which of the following has the GREATEST impact on organizational strategy?

Isaca's CRISC An organization recently experienced multiple breaches that were detected months later. Which of the following would be MOST useful for timely monitoring and analysis going forward?

Isaca's CRISC Which of the following scenarios is MOST likely to cause a risk practitioner to request a formal risk acceptance sign-off?

Isaca's CRISC Which of the following should be done FIRST when developing a business continuity plan (BCP)?

Isaca's CRISC An organization expects to continually deal with severe distributed denial of service (DDoS) attacks from hacktivist groups. Which of the following is the BEST recommendation to help address this threat?