Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

CRISC Exam Dumps - Certified in Risk and Information Systems Control

Go to page:
Question # 361

The PRIMARY reason for tracking the status of risk mitigation plans is to ensure:

A.

the proposed controls are implemented as scheduled.

B.

security controls are tested prior to implementation.

C.

compliance with corporate policies.

D.

the risk response strategy has been decided.

Full Access
Question # 362

An IT risk practitioner has been asked to regularly report on the overall status and effectiveness of the IT risk management program. Which of the following is MOST useful for this purpose?

A.

Balanced scorecard

B.

Capability maturity level

C.

Internal audit plan

D.

Control self-assessment (CSA)

Full Access
Question # 363

Determining if organizational risk is tolerable requires:

A.

mapping residual risk with cost of controls

B.

comparing against regulatory requirements

C.

comparing industry risk appetite with the organizations.

D.

understanding the organization's risk appetite.

Full Access
Question # 364

The MOST important objective of information security controls is to:

A.

Identify threats and vulnerability

B.

Ensure alignment with industry standards

C.

Provide measurable risk reduction

D.

Enforce strong security solutions

Full Access
Question # 365

A risk practitioner has just learned about new malware that has severely impacted industry peers worldwide data loss?

A.

Customer database manager

B.

Customer data custodian

C.

Data privacy officer

D.

Audit committee

Full Access
Question # 366

Which of the following should be a risk practitioner's PRIMARY focus when tasked with ensuring organization records are being retained for a sufficient period of time to meet legal obligations?

A.

Data duplication processes

B.

Data archival processes

C.

Data anonymization processes

D.

Data protection processes

Full Access
Question # 367

Which of the following data would be used when performing a business impact analysis (BIA)?

A.

Cost-benefit analysis of running the current business

B.

Cost of regulatory compliance

C.

Projected impact of current business on future business

D.

Expected costs for recovering the business

Full Access
Question # 368

When reviewing a report on the performance of control processes, it is MOST important to verify whether the:

A.

business process objectives have been met.

B.

control adheres to regulatory standards.

C.

residual risk objectives have been achieved.

D.

control process is designed effectively.

Full Access
Go to page: