ISACA CRISC Certified in Risk and Information Systems Control Online Training
ISACA CRISC Online Training
The questions for CRISC were last updated at Nov 23,2024.
- Exam Code: CRISC
- Exam Name: Certified in Risk and Information Systems Control
- Certification Provider: ISACA
- Latest update: Nov 23,2024
Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails .
Which of the following can BEST alleviate this issue while not sacrificing security?
- A . Implementing record retention tools and techniques
- B . Establishing e-discovery and data loss prevention (DLP)
- C . Sending notifications when near storage quota
- D . Implementing a bring your own device 1BVOD) policy
Malware has recently affected an organization.
The MOST effective way to resolve this situation and define a comprehensive risk treatment plan would be to perform:
- A . a gap analysis
- B . a root cause analysis.
- C . an impact assessment.
- D . a vulnerability assessment.
Calculation of the recovery time objective (RTO) is necessary to determine the:
- A . time required to restore files.
- B . point of synchronization
- C . priority of restoration.
- D . annual loss expectancy (ALE).
During testing, a risk practitioner finds the IT department’s recovery time objective (RTO) for a key system does not align with the enterprise’s business continuity plan (BCP) .
Which of the following should be done NEXT?
- A . Report the gap to senior management
- B . Consult with the IT department to update the RTO
- C . Complete a risk exception form.
- D . Consult with the business owner to update the BCP
Which of the following is the MOST important key performance indicator (KPI) to establish in the service level agreement (SLA) for an outsourced data center?
- A . Percentage of systems included in recovery processes
- B . Number of key systems hosted
- C . Average response time to resolve system incidents
- D . Percentage of system availability
Which of the following is the MOST important factor affecting risk management in an organization?
- A . The risk manager’s expertise
- B . Regulatory requirements
- C . Board of directors’ expertise
- D . The organization’s culture
A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization .
Which of the following components of this review would provide the MOST useful information?
- A . Risk appetite statement
- B . Enterprise risk management framework
- C . Risk management policies
- D . Risk register
Which of the following should be the PRIMARY input when designing IT controls?
- A . Benchmark of industry standards
- B . Internal and external risk reports
- C . Recommendations from IT risk experts
- D . Outcome of control self-assessments
A rule-based data loss prevention {DLP) tool has recently been implemented to reduce the risk of sensitive data leakage .
Which of the following is MOST likely to change as a result of this implementation?
- A . Risk likelihood
- B . Risk velocity
- C . Risk appetite
- D . Risk impact
The PRIMARY objective of testing the effectiveness of a new control before implementation is to:
- A . ensure that risk is mitigated by the control.
- B . measure efficiency of the control process.
- C . confirm control alignment with business objectives.
- D . comply with the organization’s policy.
Latest CRISC Dumps Valid Version with 933 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
