ISACA-CRISC

Which of the following is the BEST course of action when risk is found to be above the acceptable risk appetite?

A risk assessment has identified that departments have installed their own WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

Which of the following would be a risk practitioner's BEST recommendation for preventing cyber intrusion?

Which of the following should be the risk practitioner's PRIMARY focus when determining whether controls are adequate to mitigate risk?

An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system. The risk practitioner is documenting the risk in the risk register. The risk should be owned by the:

The MAIN reason for creating and maintaining a risk register is to:

A risk practitioner's PRIMARY focus when validating a risk response action plan should be that risk response:

Which of the following is the MAIN benefit of involving stakeholders in the selection of key risk indicators (KRIs)?

Which of the following is MOST critical when designing controls?

An organization has procured a managed hosting service and just discovered the location is likely to be flooded every 20 years. Of the following, who should be notified of this new information FIRST?

Which of the following BEST enables a risk practitioner to enhance understanding of risk among stakeholders?

Which of the following would BEST provide early warning of a high-risk condition?

Quantifying the value of a single asset helps the organization to understand the:

Calculation of the recovery time objective (RTO) is necessary to determine the:

When reporting risk assessment results to senior management, which of the following is MOST important to include to enable risk-based decision making?

What can be determined from the risk scenario chart?

When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

The MOST important characteristic of an organization's policies is to reflect the organization's:

Which of the following is the BEST method for assessing control effectiveness?

The acceptance of control costs that exceed risk exposure is MOST likely demonstrates:

A management team is on an aggressive mission to launch a new product to penetrate new markets and overlooks IT risk factors, threats, and vulnerabilities. This scenario BEST demonstrates an organization's risk:

The risk associated with an asset before controls are applied can be expressed as:

Malware has recently affected an organization. The MOST effective way to resolve this situation and define a comprehensive risk treatment plan would be to perform:

When using a third party to perform penetration testing, which of the following is the MOST important control to minimize operational impact?

Which of the following is the BEST way to promote adherence to the risk tolerance level set by management?

An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

A risk practitioner is organizing a training session to communicate risk assessment methodologies to ensure a consistent risk view within the organization. Which of the following is the MOST important topic to cover in this training?

An organization wants to assess the maturity of its internal control environment. The FIRST step should be to:

A risk practitioner recently discovered that sensitive data from the production environment is required for testing purposes in non-production environments. Whichof the following is the BESTrecommendation to address this situation?

Which of the following techniques would be used during a risk assessment to demonstrate to stakeholders that all known alternatives were evaluated?