ISACA-CRISC

Of the following, whose input is ESSENTIAL when developing risk scenarios for the implementation of a third-party mobile application that stores customer data?

An organization's senior management is considering whether to acquire cyber insurance. Which of the following is the BEST way for the risk practitioner to enable management's decision?

Which of the following would BEST mitigate the ongoing risk associated with operating system (OS) vulnerabilities?

Which of the following should be the PRIMARY basis for prioritizing two risk scenarios related to network service disruption that have the same impact?

In order to efficiently execute a risk response action plan, it is MOST important for the emergency response team members to understand:

Which of the following is the MOST important consideration when communicating the risk associated with technology end-of-life to business owners?

Which of the following should be the PRIMARY basis for the development of an IT risk scenario?

An organization has just implemented changes to close an identified vulnerability that impacted a critical business process. What should be the NEXT course of action?

Which of the following is the MOST critical factor to consider when determining an organization's risk appetite?

Senior management wants to increase investment in the organization's cybersecurity program in response to changes in the external threat landscape. Which of the following would BEST help to prioritize investment efforts?

A vendor manager reports that a previously compliant service provider had issues with its most recent security audit. Which of the following is the MOST important course of action?

Which of the following is a corrective control?

Which of the following elements of a risk register is MOST useful to share with key stakeholders to influence informed decision-making?

Which of the following elements is MOST essential when creating risk scenarios?

When presenting risk, the BEST method to ensure that the risk is measurable against the organization's risk appetite is through the use of a:

What would be MOST helpful to ensuring the effective implementation of a new cybersecurity program?

Which of the following is MOST likely to be identified from an information systems audit report?

Which of the following would MOST effectively mitigate the risk of data loss when production data is being used in a testing environment?

Which of the following MOST effectively enables senior management to communicate risk appetite?

Which activity would BEST enable a risk manager to verify the scope of responsibilities for stakeholders in IT risk scenarios?

Which of the following provides the MOST useful input when developing IT risk scenarios?

What is the PRIMARY purpose of reporting residual risk from two consecutive IT risk assessments to management?

Which of the following should be of MOST concern to a risk practitioner reviewing a recent audit report of an organization's data center?

Which of the following is the BEST way to mitigate the risk of inappropriate access to personally identifiable information (PII) by third-party cloud service personnel?

An organization is participating in an industry benchmarking study that involves providing customer transaction records for analysis. Which of the following is theMOST important control to ensure the privacy of customer information?

Which of the following is the BEST way to ensure adequate resources will be allocated to manage identified risk?

An information security manager has advocated for the purchase of a data loss prevention (DLP) system to reduce the impact of a potential data breach. Which of the following is the BEST way for the risk practitioner to support this recommendation?

As part of its vendor management program, an organization has commissioned an audit of a vendor's control framework for the purpose of implementing compensating controls into its environment. Which risk response option has been decided?

Which of the following would be MOST helpful to management when reviewing enterprise risk appetite and tolerance?

Which of the following are the MOST important inputs when determining the desired state of IT risk during gap analysis?