ISACA-CRISC

Which of the following roles should be assigned accountability for monitoring risk levels?

A MAJOR advantage of using key risk indicators (KRIs) is that they:

Which of the following is a risk practitioner’s BEST recommendation upon learning that an employee inadvertently disclosed sensitive data to a vendor?

An employee lost a personal mobile device that may contain sensitive corporate information. What should be the risk practitioner’s recommendation?

Who is the BEST person to authorize access privileges to database tables for an application system used to process employee personal data?

Which of the following is the MOST important reason to validate that risk responses have been executed as outlined in the risk response plan?

A control process has been implemented in response to a new regulatory requirement, but has significantly reduced productivity. Which of the following is the BEST way to resolve this concern?

A risk practitioner implemented a process to notify management of emergency changes that may not be approved. Which of the following is the BEST way to provide this information to management?

Which of the following is performed after a risk assessment is completed?

A risk owner has identified a risk with high impact and very low likelihood. The potential loss is covered by insurance. Which of the following should the risk practitioner do NEXT?

Which of the following is the MOST comprehensive input to the risk assessment process specific to the effects of system downtime?

Which of the following would provide the BEST evidence of an effective internal control environment?

Which of the following has the GREATEST influence on an organization’s risk appetite?

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery test of critical business processes?

Which of the following is the PRIMARY objective of establishing an organization’s risk tolerance and appetite?

Which of the following is the MOST effective way to identify an application backdoor prior to implementation?

Which of the following is MOST likely to introduce risk for financial institutions that use blockchain?

After an annual risk assessment is completed, which of the following would be MOST important to communicate to stakeholders?

Which of the following is the PRIMARY reason for an organization to include an acceptable use banner when users log in?

The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

Which of the following is the PRIMARY objective of maintaining an information asset inventory?

Which of the following would be of MOST concern to a risk practitioner reviewing risk action plans for documented IT risk scenarios?

Which of the following is MOST likely to deter an employee from engaging in inappropriate use of company-owned IT systems?

Which of the following is MOST important to include when reporting the effectiveness of risk management to senior management?

The PRIMARY objective of testing the effectiveness of a new control before implementation is to:

Which of the following is the BEST approach for selecting controls to minimize risk?

Which of the following provides the MOST reliable evidence of a control’s effectiveness?

An incentive program is MOST likely implemented to manage the risk associated with loss of which organizational asset?

An organization has experienced a cyber attack that exposed customer personally identifiable information (PII) and caused extended outages of network services. Which of the following stakeholders are MOST important to include in the cyber response team to determine response actions?

Who is MOST important to include in the assessment of existing IT risk scenarios?