CRISC Dumps CRISC Braindumps

CRISC Real Questions CRISC Practice Test CRISC dumps free

ISACA

CRISC

Certified in Risk and Information Systems Control

https://killexams.com/pass4sure/exam-detail/CRISC

Which of the following criteria associated with key risk indicators (KRIs) BEST enables effective risk monitoring?

1. Use of industry risk data sources

2. Sensitivity to changes in risk levels

3. Low cost of development and maintenance

4. Approval by senior management

Answer: A Question #911

Which of the following is the BEST indication of a mature organizational risk culture?

1. Corporate risk appetite is communicated to staff members.

2. Risk policy has been published and acknowledged by employees.

3. Management encourages the reporting of policy breaches.

4. Risk owners understand and accept accountability for risk.

Answer: D Question #912

The BEST key performance indicator (KPI) for monitoring adherence to an organizationג€™s user accounts provisioning practices is the percentage of:

1. active accounts belonging to former personnel.

2. accounts with dormant activity.

3. accounts without documented approval.

4. user accounts with default passwords.

Answer: A Question #913

Which of the following facilitates a completely independent review of test results for evaluating control effectiveness?

1. Segregation of duties

2. Compliance review

3. Three lines of defense

4. Quality assurance review

Answer: C Question #914

Which of the following is a KEY consideration for a risk practitioner to communicate to senior management evaluating the introduction of artificial intelligence (AI) solutions into the organization?

1. Third-party AI solutions increase regulatory obligations.

2. AI requires entirely new risk management processes.

3. AI will result in changes to business processes.

4. AI potentially introduces new types of risk.

Answer: D

An organization must make a choice among multiple options to respond to a risk. The stakeholders cannot agree and decide to postpone the decision. Which of the following risk responses has the organization adopted?

1. Mitigation

2. Acceptance

3. Avoidance

4. Transfer

Answer: B Question #916

To communicate the risk associated with IT in business terms, which of the following MUST be defined?

1. Risk appetite of the organization

2. Compliance objectives

3. Organizational objectives

4. Inherent and residual risk

Answer: C Question #917

An organization learns of a new ransomware attack affecting organizations worldwide. Which of the following should be done FIRST to reduce the likelihood of infection from the attack?

1. Verify the data backup process and confirm which backups are the most recent ones available.

2. Identify systems that are vulnerable to being exploited by the attack.

3. Confirm with the antivirus solution vendor whether the next update will detect the attack.

4. Obtain approval for funding to purchase a cyber insurance plan.

Answer: B Question #918

Which of the following is MOST important to the successful development of IT risk scenarios?

1. Control effectiveness assessment

2. Threat and vulnerability analysis

3. Internal and external audit reports

4. Cost-benefit analysis

Answer: D Question #919

While reviewing an organizationג€™s monthly change management metrics, a risk practitioner notes that the number of emergency changes has increased substantially. Which of the following would be the BEST approach for the risk practitioner to take?

1. Temporarily suspend emergency changes.

2. Continue monitoring change management metrics.

3. Conduct a root cause analysis.

4. Document the control deficiency in the risk register.

Answer: C Question #920

Which of the following MUST be updated to maintain an IT risk register?

1. Risk appetite

2. Risk tolerance

3. Expected frequency and potential impact

4. Enterprise-wide IT risk assessment

Answer: C Question #921

Which of the following is the BEST method for assessing control effectiveness against technical vulnerabilities that could be exploited to compromise an information system?

1. Vulnerability scanning

2. Penetration testing

3. Systems log correlation analysis

4. Monitoring of intrusion detection system (IDS) alerts

Answer: B Question #922

Which of the following is the MOST effective control to ensure user access is maintained on a least-privilege basis?

1. Change log review

2. User recertification

3. Access log monitoring

4. User authorization

Answer: D Question #923

Which of the following is MOST important when considering risk in an enterprise risk management (ERM) process?

1. Risk identified by industry benchmarking is included.

2. Financial risk is given a higher priority.

3. Risk with strategic impact is included.

4. Security strategy is given a higher priority.

Answer: C Question #924

Which of the following is MOST important when developing risk scenarios?

1. Conducting vulnerability assessments

2. Reviewing business impact analysis (BIA)

3. Collaborating with IT audit

4. Obtaining input from key stakeholders

Answer: B Question #925

Which of the following BEST protects an organization against breaches when using a software as a service (SaaS)

application?

1. Security information and event management (SIEM) solutions

2. Control self-assessment (CSA)

3. Data privacy impact assessment (DPIA)

4. Data loss prevention (DLP) tools

Answer: D Question #926

Which of the following is the GREATEST risk associated with the misclassification of data?

1. Data disruption

2. Inadequate resource allocation

3. Unauthorized access

4. Inadequate retention schedules

Answer: C Question #927

Which of the following would BEST mitigate the risk associated with reputational damage from inappropriate use of social media sites by employees?

1. Disabling social media access from the organizationג€™s technology

2. Validating employee social media accounts and passwords

3. Implementing training and awareness programs

4. Monitoring Internet usage on employee workstations

Answer: C Question #928

Which of the following should be the FIRST step when a company is made aware of new regulatory requirements impacting IT?

1. Perform a risk assessment.

2. Prioritize impact to the business units.

3. Perform a gap analysis.

4. Review the risk tolerance and appetite.

Answer: C Question #929

The design of procedures to prevent fraudulent transactions within an enterprise resource planning (ERP) system should be based on:

1. benchmarking criteria.

2. stakeholder risk tolerance.

3. the control environment.

4. suppliers used by the organization.

Answer: A Question #930

A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross-site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?

1. Require the software vendor to remediate the vulnerabilities.

2. Approve exception to allow the software to continue operating.

3. Monitor the databases for abnormal activity.

4. Accept the risk and let the vendor run the software as is.

Answer: A Question #931

Which of the following represents a vulnerability?

1. An employee recently fired for insubordination

2. An identity thief seeking to acquire personal financial data from an organization

3. Media recognition of an organizationג€™s market leadership in its industry

4. A standard procedure for applying software patches two weeks after release

Answer: D Question #932

An organization has detected unauthorized logins to its client database servers. Which of the following should be of GREATEST concern?

1. Potential increase in regulatory scrutiny

2. Potential theft of personal information

3. Potential legal risk

4. Potential system downtime

Answer: B Question #933

Which of the following is the PRIMARY role of a data custodian in the risk management process?

1. Ensuring data is protected according to the classification

2. Being accountable for control design

3. Reporting and escalating data breaches to senior management

4. Performing periodic data reviews according to policy

Answer: A