ISACA-CRISC

Isaca's CRISC Which of the following is the PRIMARY purpose of developing a risk register?

Isaca's CRISC A data center has recently been migrated to a jurisdiction where heavy fines will be imposed should leakage of customer personal data occur. Assuming no other changes to the operating environment, which factor should be updated to reflect this situation as an input to scenario development for this particular risk event?

Isaca's CRISC Which of the following would be the BEST input when evaluating the risk associated with a proposed adoption of robotic process automation (RPA) of a business service?

Isaca's CRISC Which of the following provides the MOST reliable information to evaluate the current state of control effectiveness?

Isaca's CRISC Which of the following is an example of risk sharing?

Isaca's CRISC Which of the following is MOST important to identify when developing top-down risk scenarios?

Isaca's CRISC Which of the following is the MOST effective way to help ensure a risk treatment plan remains on track?

Isaca's CRISC Which of the following is the MOST important reason to communicate control effectiveness to senior management?

Isaca's CRISC What is the MOST important consideration when selecting key performance indicators (KPIs) for control monitoring?

Isaca's CRISC An organization is considering an Internet of Things (IoT) technology solution to manage its supply chain. Which of the following presents the GREATEST risk to the organization in this situation?

Isaca's CRISC An organization is in the process of reviewing its risk appetite statement and re-defining the risk tolerance threshold. Which of the following elements of the risk register is MOST likely to change as a result of this review?

Isaca's CRISC A large organization recently restructured the IT department and has decided to outsource certain functions. What action should the control owners in the IT department take?

Isaca's CRISC Which of the following is a PRIMARY benefit of using facilitated workshops to develop IT risk scenarios?

Isaca's CRISC Information that is no longer required to support business objectives should be:

Isaca's CRISC Which of the following would be MOST helpful in assessing the risk associated with data loss due to human vulnerabilities?

Isaca's CRISC What should be the immediate action upon discovery that users of a critical finance application have potentially excessive privileges?

Isaca's CRISC A risk practitioner learns that a risk owner has been accepting gifts from a supplier of IT products. Some of these IT products are used to implement controls and to mitigate risk to acceptable levels. Which of the following should the risk practitioner do FIRST?

Isaca's CRISC Which of the following is MOST critical to the successful adoption of an enterprise architecture (EA) program?

Isaca's CRISC Management has implemented additional administrative and technical controls to reduce the likelihood of a high-impact risk in a key information system. What is the BEST way to validate the effectiveness of the control implementation?

Isaca's CRISC The MAIN reason to use the risk register to monitor aggregated risk is to provide:

Isaca's CRISC When outsourcing a business process to a cloud service provider, it is MOST important to understand that:

Isaca's CRISC Which of the following situations would cause the GREATEST concern around the integrity of application logs?

Isaca's CRISC Which of the following is the MOST significant risk factor associated with the use of blockchain in legacy systems?

Isaca's CRISC Which of the following should be the starting point when performing a risk analysis for an asset?

Isaca's CRISC Who should be accountable for authorizing information system access to internal users?

Isaca's CRISC A user has contacted the risk practitioner regarding malware spreading laterally across the organization's corporate network. Which of the following is the risk practitioner's BEST course of action?

Isaca's CRISC A risk practitioner has reviewed new international regulations and realizes the new regulations will affect the organization. Which of the following should be the risk practitioner's NEXT course of action?

Isaca's CRISC An organization operates in an environment where the impact of ransomware attacks is high, with a low likelihood. After quantifying the impact of the risk associated with ransomware attacks exceeds the organization's risk appetite and tolerance, which of the following is the risk practitioner's BEST recommendation?

Isaca's CRISC An organization wants to improve its logical access controls to address the results of the annual risk assessment. Which of the following should be done FIRST to facilitate this initiative?

Isaca's CRISC Which of the following is the MOST important outcome of monitoring key risk indicators (KRIs)?