ISACA-CRISC

The cost of maintaining a control has grown to exceed the potential loss. Which of the following BEST describes this situation?

When implementing an IT risk management program, which of the following is the BEST time to evaluate current control effectiveness?

Which of the following key performance indicators (KPIs) would BEST measure the risk of a service outage when using a Software as a Service (SaaS) vendor?

An organization has asked an IT risk practitioner to conduct an operational risk assessment on an initiative to outsource the organization’s customer service operations overseas. Which of the following would MOST significantly impact management’s decision?

Which of the following should be the GREATEST concern to a risk practitioner when process documentation is incomplete?

After entering a large number of low-risk scenarios into the risk register, it is MOST important for the risk practitioner to:

When classifying and prioritizing risk responses, the areas to address FIRST are those with:

Which of the following controls will BEST mitigate risk associated with excessive access privileges?

Which of the following provides the MOST comprehensive information when developing a risk profile for a system?

An organization retains footage from its data center security camera for 30 days when the policy requires 90-day retention. The business owner challenges whether the situation is worth remediating. Which of the following is the risk manager’s BEST response?

Which of the following should be accountable for ensuring that media containing financial information are adequately destroyed per an organization’s data disposal policy?

The MOST important measure of the effectiveness of risk management in project implementation is the percentage of projects:

A zero-day vulnerability has been discovered in a globally used brand of hardware server that allows hackers to gain access to affected IT systems. Which of the following is MOST likely to change as a result of this situation?

Which of the following would provide the MOST helpful input to develop risk scenarios associated with hosting an organization’s key IT applications in a cloud environment?

Which of the following would present the GREATEST challenge for a risk practitioner during a merger of two organizations?

Which of the following is the PRIMARY accountability for a control owner?

Risk appetite should be PRIMARILY driven by which of the following?

Which of the following is the MOST important outcome of a business impact analysis (BIA)?

Which component of a software inventory BEST enables the identification and mitigation of known vulnerabilities?

Which of the following BEST reduces the risk associated with the theft of a laptop containing sensitive information?

The operational risk associated with attacks on a web application should be owned by the individual in charge of:

Which of the following is the MOST important benefit of reporting risk assessment results to senior management?

Which of the following is the GREATEST benefit of implementing an enterprise risk management (ERM) program?

When confirming whether implemented controls are operating effectively, which of the following is MOST important to review?

Which of the following is the PRIMARY reason for a risk practitioner to review an organization’s IT asset inventory?

When performing a risk assessment of a new service to support a core business process, which of the following should be done FIRST to ensure continuity of operations?

Which of the following is the MOST important information to cover in a business continuity awareness training program for all employees of the organization?

Which of the following is the MOST effective way for a large and diversified organization to minimize risk associated with unauthorized software on company devices?

An organization is implementing a project to automate the purchasing process, including the modification of approval controls. Which of the following tasks is the responsibility of the risk practitioner?

Which of the following situations presents the GREATEST challenge to creating a comprehensive IT risk profile of an organization?