ISACA-CRISC

Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?

Risk management strategies are PRIMARILY adopted to:

Which of the following is the BEST way to mitigate the risk associated with fraudulent use of an enterprise's brand on Internet sites?

Which of the following is the GREATEST risk associated with using unmasked data for testing purposes?

An organization is implementing encryption for data at rest to reduce the risk associated with unauthorized access. Which of the following MUST be considered to assess the residual risk?

Which of the following is a KEY outcome of risk ownership?

Which of the following should be an element of the risk appetite of an organization?

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a vulnerability management process?

An organization operates in a jurisdiction where heavy fines are imposed for leakage of customer data. Which of the following provides the BEST input to assess the inherent risk impact?

An organization has allowed its cyber risk insurance to lapse while seeking a new insurance provider. The risk practitioner should report to management that the risk has been:

A risk assessment has identified that an organization may not be in compliance with industry regulations. The BEST course of action would be to:

What is the BEST information to present to business control owners when justifying costs related to controls?

Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?

An organization is considering acquiring a new line of business and wants to develop new IT risk scenarios to guide its decisions. Which of the following would add the MOST value to the new risk scenarios?

For the first time, the procurement department has requested that IT grant remote access to third-party suppliers. Which of the following is the BEST course of action for IT in responding to the request?

Which of the following is the BEST control to detect an advanced persistent threat (APT)?

What is the PRIMARY reason to periodically review key performance indicators (KPIs)?

Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?

To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

From a risk management perspective, the PRIMARY objective of using maturity models is to enable:

Which of the following is the BEST indication of an effective risk management program?

A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

Participants in a risk workshop have become focused on the financial cost to mitigate risk rather than choosing the most appropriate response. Which of the following is the BEST way to address this type of issue in the long term?

Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

Which of the following would be MOST useful when measuring the progress of a risk response action plan?

An organization uses a vendor to destroy hard drives. Which of the following would BEST reduce the risk of data leakage?

When evaluating enterprise IT risk management, it is MOST important to:

Which of the following is MOST important to communicate to senior management during the initial implementation of a risk management program?

Which of the following should be management's PRIMARY consideration when approving risk response action plans?