Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CRISC Exam Dumps - Isaca Certification Questions and Answers

Question # 454

The PRIMARY advantage of involving end users in continuity planning is that they:

Options:

A.

have a better understanding of specific business needs

B.

can balance the overall technical and business concerns

C.

can see the overall impact to the business

D.

are more objective than information security management.

Buy Now
Question # 455

The PRIMARY purpose of IT control status reporting is to:

Options:

A.

ensure compliance with IT governance strategy.

B.

assist internal audit in evaluating and initiating remediation efforts.

C.

benchmark IT controls with Industry standards.

D.

facilitate the comparison of the current and desired states.

Buy Now
Question # 456

Which of the following approaches BEST identifies information systems control deficiencies?

Options:

A.

Countermeasures analysis

B.

Best practice assessment

C.

Gap analysis

D.

Risk assessment

Buy Now
Question # 457

Which of the following provides the BEST measurement of an organization's risk management maturity level?

Options:

A.

Level of residual risk

B.

The results of a gap analysis

C.

IT alignment to business objectives

D.

Key risk indicators (KRIs)

Buy Now
Question # 458

A risk practitioner identifies a database application that has been developed and implemented by the business independently of IT. Which of the following is the BEST course of action?

Options:

A.

Escalate the concern to senior management.

B.

Document the reasons for the exception.

C.

Include the application in IT risk assessments.

D.

Propose that the application be transferred to IT.

Buy Now
Question # 459

When updating the risk register after a risk assessment, which of the following is MOST important to include?

Options:

A.

Historical losses due to past risk events

B.

Cost to reduce the impact and likelihood

C.

Likelihood and impact of the risk scenario

D.

Actor and threat type of the risk scenario

Buy Now
Question # 460

Which of the following is the BEST evidence that risk management is driving business decisions in an organization?

Options:

A.

Compliance breaches are addressed in a timely manner.

B.

Risk ownership is identified and assigned.

C.

Risk treatment options receive adequate funding.

D.

Residual risk is within risk tolerance.

Buy Now
Question # 461

An organization discovers significant vulnerabilities in a recently purchased commercial off-the-shelf software product which will not be corrected until the next release. Which of the following is the risk manager's BEST course of action?

Options:

A.

Review the risk of implementing versus postponing with stakeholders.

B.

Run vulnerability testing tools to independently verify the vulnerabilities.

C.

Review software license to determine the vendor's responsibility regarding vulnerabilities.

D.

Require the vendor to correct significant vulnerabilities prior to installation.

Buy Now
Question # 462

Accountability for a particular risk is BEST represented in a:

Options:

A.

risk register

B.

risk catalog

C.

risk scenario

D.

RACI matrix

Buy Now
Question # 463

Which of the following is the MOST important objective of an enterprise risk management (ERM) program?

Options:

A.

To create a complete repository of risk to the organization

B.

To create a comprehensive view of critical risk to the organization

C.

To provide a bottom-up view of the most significant risk scenarios

D.

To optimize costs of managing risk scenarios in the organization

Buy Now
Question # 464

Winch of the following can be concluded by analyzing the latest vulnerability report for the it infrastructure?

Options:

A.

Likelihood of a threat

B.

Impact of technology risk

C.

Impact of operational risk

D.

Control weakness

Buy Now
Question # 465

Which of the following is the MOST important responsibility of a risk owner?

Options:

A.

Testing control design

B.

Accepting residual risk

C.

Establishing business information criteria

D.

Establishing the risk register

Buy Now
Question # 466

In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

Options:

A.

two-factor authentication.

B.

continuous data backup controls.

C.

encryption for data at rest.

D.

encryption for data in motion.

Buy Now
Question # 467

An organization is implementing encryption for data at rest to reduce the risk associated with unauthorized access. Which of the following MUST be considered to assess the residual risk?

Options:

A.

Data retention requirements

B.

Data destruction requirements

C.

Cloud storage architecture

D.

Key management

Buy Now
Question # 468

Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?

Options:

A.

Develop a risk treatment plan.

B.

Validate organizational risk appetite.

C.

Review results of prior risk assessments.

D.

Include the current and desired states in the risk register.

Buy Now
Question # 469

An organization recently received an independent security audit report of its cloud service provider that indicates significant control weaknesses. What should be done NEXT in response to this report?

Options:

A.

Migrate all data to another compliant service provider.

B.

Analyze the impact of the provider's control weaknesses to the business.

C.

Conduct a follow-up audit to verify the provider's control weaknesses.

D.

Review the contract to determine if penalties should be levied against the provider.

Buy Now
Question # 470

Which of the following is the BEST source for identifying key control indicators (KCIs)?

Options:

A.

Privileged user activity monitoring controls

B.

Controls mapped to organizational risk scenarios

C.

Recent audit findings of control weaknesses

D.

A list of critical security processes

Buy Now
Question # 471

Of the following, who is accountable for ensuing the effectiveness of a control to mitigate risk?

Options:

A.

Control owner

B.

Risk manager

C.

Control operator

D.

Risk treatment owner

Buy Now
Question # 472

Which of the following is the BEST course of action to help reduce the probability of an incident recurring?

Options:

A.

Perform a risk assessment.

B.

Perform root cause analysis.

C.

Initiate disciplinary action.

D.

Update the incident response plan.

Buy Now
Question # 473

Which of the following is the MOST important objective of establishing an enterprise risk management (ERM) function within an organization?

Options:

A.

To have a unified approach to risk management across the organization

B.

To have a standard risk management process for complying with regulations

C.

To optimize risk management resources across the organization

D.

To ensure risk profiles are presented in a consistent format within the organization

Buy Now
Question # 474

What should be the PRIMARY driver for periodically reviewing and adjusting key risk indicators (KRIs)?

Options:

A.

Risk impact

B.

Risk likelihood

C.

Risk appropriate

D.

Control self-assessments (CSAs)

Buy Now
Question # 475

When a high-risk security breach occurs, which of the following would be MOST important to the person responsible for managing the incident?

Options:

A.

An analysis of the security logs that illustrate the sequence of events

B.

An analysis of the impact of similar attacks in other organizations

C.

A business case for implementing stronger logical access controls

D.

A justification of corrective action taken

Buy Now
Exam Code: CRISC
Exam Name: Certified in Risk and Information Systems Control
Last Update: Apr 2, 2025
Questions: 1575
CRISC pdf

CRISC PDF

$25.5  $84.99
CRISC Engine

CRISC Testing Engine

$28.5  $94.99
CRISC PDF + Engine

CRISC PDF + Testing Engine

$40.5  $134.99