Isaca's CRISC An operations manager has requested risk acceptance after the execution of a mitigation plan has failed. Which of the following is the risk practitioner's BEST response?
#1351
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would be MOST helpful when selecting appropriate protection for data?
#1352
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST appropriate key performance indicator (KPI) to measure change management performance?
#1353
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization has been made aware of a newly discovered critical vulnerability in a regulatory reporting system. Which of the following is the risk practitioner's BEST course of action?
#1354
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the PRIMARY driver for an organization on a multi-year cloud implementation to publish a cloud security policy?
#1355
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC An organization's IT team has proposed the adoption of cloud computing as a cost-saving measure for the business. Which of the following should be of GREATEST concern to the risk practitioner?
#1356
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following provides the MOST useful information to trace the impact of aggregated risk across an organization's technical environment?
#1357
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC An organization allows programmers to change production systems in emergency situations. Which of the following is the BEST control?
#1358
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST recommendation when a key risk indicator (KRI) is generating an excessive volume of events?
#1359
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST protects organizational data within a production cloud environment?
#1360
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important responsibility of a business process owner to enable effective IT risk management?
#1361
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the MOST important course of action to foster an ethical, risk-aware culture?
#1362
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC After automated controls have been implemented and tested, which of the following is MOST useful to perform?
#1363
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The software version of an enterprise's critical business application has reached end-of-life and is no longer supported by the vendor. IT has decided to develop an in-house replacement application. Which of the following should be the PRIMARY concern?
#1364
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following BEST enables the accurate assessment of potential impact to a particular business area?
#1365
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST key performance indicator (KPI) to measure the ability to deliver uninterrupted IT services?
#1366
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Before selecting a final risk response option for a given risk scenario, management should FIRST:
#1367
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the PRIMARY benefit of consistently recording risk assessment results in the risk register?
#1368
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC The PRIMARY focus of an ongoing risk awareness program should be to:
#1369
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following deficiencies identified during a review of an organization’s cybersecurity policy should be of MOST concern?
#1370
Answer: D✅ Correct❌ Incorrect
Isaca's CRISC Which of the following is the BEST way to help ensure risk will be managed properly after a business process has been re-engineered?
#1371
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Of the following, who should be responsible for determining the inherent risk rating of an application?
#1372
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be of GREATEST concern to a risk practitioner reviewing the implementation of an emerging technology?
#1373
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which process is MOST effective to determine relevance of threats for risk scenarios?
#1374
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be of GREATEST concern to a risk practitioner reviewing an organization’s disaster recovery plan (DRP)?
#1375
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC It was discovered that a service provider's administrator was accessing sensitive information without the approval of the customer in an Infrastructure as a Service (IaaS) model. Which of the following would BEST protect against a future recurrence?
#1376
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following metrics would be MOST helpful to management in understanding the effectiveness of the organization’s security awareness controls?
#1377
Answer: B✅ Correct❌ Incorrect
Isaca's CRISC Which of the following sources is MOST relevant to reference when updating security awareness training materials?
#1378
Answer: C✅ Correct❌ Incorrect
Isaca's CRISC Which of the following would BEST indicate to senior management that IT processes are improving?
#1379
Answer: A✅ Correct❌ Incorrect
Isaca's CRISC Which of the following should be the PRIMARY consideration when identifying and assigning ownership of IT-related risk?