ISACA-CRISC

Mapping open risk issues to an enterprise risk heat map BEST facilitates:

After recent updates to the risk register, management has requested that the overall level of residual risk be reduced. Which of the following is the risk practitioner's BEST course of action?

Which of the following is the MOST important topic to cover in a risk awareness training program for all staff?

Which of the following would be MOST helpful to a risk practitioner when ensuring that mitigated risk remains within acceptable limits?

Which of the following is MOST important for maintaining the effectiveness of an IT risk register?

Which of the following should be a risk practitioner's NEXT action after identifying a high probability of data loss in a system?

The PRIMARY objective for requiring an independent review of an organizations IT risk management process should be to:

After the implementation of Internet of Things (IoT) devices, new risk scenarios were identified. What is the PRIMARY reason to report this information to risk owners?

Which of the following is the BEST indication of the effectiveness of a business continuity program?

Several network user accounts were recently created without the required management approvals. Which of the following would be the risk practitioner's BEST recommendation to address this situation?

Which of the following is MOST important when discussing risk within an organization?

Which of the following tools is MOST helpful when mapping IT risk management outcomes to organizational objectives?

An organization has just started accepting credit card payments from customers via the corporate website. Which of the following is MOST likely to increase as a result of this new initiative?

An application runs a scheduled job that compiles financial data from multiple business systems and updates the financial reporting system. If this job runs too long, it can delay financial reporting. Which of the following is the risk practitioner's BEST recommendation?

Which of the following can be used to assign a monetary value to risk?

Which of the following would BEST help secure online financial transactions from improper users?

Which of the following is the BEST indication that an organization is following a mature risk management process?

Which of the following BEST indicates that an organization has implemented IT performance requirements?

Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?

Which of the following activities should be performed FIRST when establishing IT risk management processes?

Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?

An organization moved its payroll system to a Software as a Service (SaaS) application. A new data privacy regulation stipulates that data can only be processed within the country where it is collected. Which of the following should be done FIRST when addressing this situation?

The FIRST task when developing a business continuity plan should be to:

Which of the following is the BEST indicator of the effectiveness of IT risk management processes?

Which of the following should be a risk practitioner's NEXT step upon learning the organization is not in compliance with a specific legal regulation?

Which of the following would be of GREATEST assistance when justifying investment in risk response strategies?

Which of the following is the MOST important consideration when determining whether to accept residual risk after security controls have been implemented on a critical system?

The BEST criteria when selecting a risk response is the:

The BEST indication that risk management is effective is when risk has been reduced to meet:

What is the GREATEST concern with maintaining decentralized risk registers instead of a consolidated risk register?