ISACA-CRISC

Which of the following provides the MOST useful information to determine risk exposure following control implementations?

Reviewing historical risk events is MOST useful for which of the following processes within the risk management life cycle?

Which of the following is the BEST key control indicator (KCI) for a vulnerability management program?

Which of the following is the BESTapproach when a risk practitioner has been asked by a business unit manager for special consideration during a risk assessment of a system?

Upon learning that the number of failed back-up attempts continually exceeds the current risk threshold, the risk practitioner should:

A highly regulated organization acquired a medical technology startup company that processes sensitive personal information with weak data protection controls.Which of the following is the BEST way for the acquiring company to reduce its risk while still enabling the flexibility needed by the startup company?

An organization has outsourced its billing function to an external service provider. Who should own the risk of customer data leakage caused by the service provider?

Which of the following is the MOST important component in a risk treatment plan?

Which of the following is the BEST course of action to help reduce the probability of an incident recurring?

An organization is preparing to transfer a large number of customer service representatives to the sales department. Of the following, who is responsible for mitigating the risk associated with residual system access?

Which of the following would BEST assist in reconstructing the sequence of events following a security incident across multiple IT systems in the organization's network?

Which of the following should be done FIRST when information is no longer required to support business objectives?

A deficient control has been identified which could result in great harm to an organization should a low frequency threat event occur. When communicating the associated risk to senior management, the risk practitioner should explain:

Which of the following is the MOST important reason to link an effective key control indicator (KCI) to relevant key risk indicators (KRIs)?

Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?

The MOST important objective of information security controls is to:

Which of the following controls BEST enables an organization to ensure a complete and accurate IT asset inventory?

Which of the following scenarios represents a threat?

Which of the following is the GREATEST risk associated with an environment that lacks documentation of the architecture?

Which of the following will be MOST effective in uniquely identifying the originator of electronic transactions?

Which of the following BEST assists in justifying an investment in automated controls?

Which of the following statements BEST illustrates the relationship between key performance indicators (KPIs) and key control indicators (KCIs)?

Which of the following is necessary to enable an IT risk register to be consolidated with the rest of the organization's risk register?

The GREATEST benefit of including low-probability, high-impact events in a risk assessment is the ability to:

Which of the following will BEST help in communicating strategic risk priorities?

What is the PRIMARY purpose of a business impact analysis (BIA)?

Which of the following is the BEST way to determine whether new controls mitigate security gaps in a business system?

Which of the following criteria associated with key risk indicators (KRIs) BEST enables effective risk monitoring?

Which of the following is the BEST indication of a mature organizational risk culture?

The BEST key performance indicator (KPI) for monitoring adherence to an organization's user accounts provisioning practices is the percentage of: