ISACA-CRISC

Which of the following is MOST useful for measuring the existing risk management process against a desired date?

Which of the following BEST enables senior management to compare the ratings of risk scenarios?

Which of the following BEST reduces the probability of laptop theft?

Which of the following is the GREATEST benefit of having a mature enterprise architecture (EA) in place?

What is the MAIN benefit of using a top-down approach to develop risk scenarios?

Management has determined that it will take significant time to remediate exposures in the current IT control environment. Which of the following is the BEST course of action?

Which of the following is the BEST risk management approach for the strategic IT planning process?

Which of the following will BEST help to ensure new IT policies address the enterprise’s requirements?

The PRIMARY objective of collecting information and reviewing documentation when performing periodic risk analyses should be to:

An organization is developing a risk universe to create a holistic view of its overall risk profile. Which of the following is the GREATEST barrier to achieving the initiative's objectives?

Which of the following is MOST important for managing ethical risk?

Which of the following is PRIMARILY a risk management responsibility of the first line of defense?

Which of the following is the MOST important metric to monitor the performance of the change management process?

Which of the following should be the PRIMARY basis for deciding whether to disclose information related to risk events that impact external stakeholders?

Which of the following is a risk practitioner’s BEST course of action upon learning that regulatory authorities have concerns with an emerging technology the organization is considering?

Which of the following provides the BEST assurance of control effectiveness for security risk scenarios in a service provider’s environment?

Which of the following BEST enables risk mitigation associated with software licensing noncompliance?

As part of software development projects, risk assessments are MOST effective when performed:

Which of the following MOST effectively ensures controls are built into applications during development?

Which of the following analyses is MOST useful for prioritizing risk scenarios associated with loss of IT assets?

The PRIMARY reason to implement a formalized risk taxonomy is to:

Which of the following is the FIRST consideration to reduce risk associated with the storage of personal data?

After the announcement of a new IT regulatory requirement, it is MOST important for a risk practitioner to:

Which of the following has the GREATEST impact on ensuring the alignment of the risk profile with business objectives?

Which of the following is MOST helpful to review when assessing the risk exposure associated with ransomware?

Which of the following should be the PRIMARY area of focus when reporting changes to an organization’s risk profile to executive management?

When assembling IT risk scenarios, it is MOST important that the scenarios:

Optimized risk management is achieved when risk is reduced:

Which of the following should be done FIRST to enable consistent understanding of risk across the organization?

Which of the following is the BEST way to reduce the likelihood of an individual performing a potentially harmful action as the result of unnecessary entitlement?