Isaca CRISC Practice Test - Questions Answers, Page 143

An organization recently implemented a cybersecurity awareness program that includes phishing sim-ulation exercises for all employees. What type of control is being utilized?

A risk practitioner is advising management on how to update the IT policy framework to account for the organization s cloud usage. Which of the following should be the FIRST step in this process?

Which of the following BEST enables a risk practitioner to identify the consequences of losing critical resources due to a disaster?

Which of the following is the BEST way to mitigate the risk associated with fraudulent use of an enterprise's brand on Internet sites?

Which of the following is PRIMARILY responsible for providing assurance to the board of directors and senior management during the evaluation of a risk management program implementation?

Because of a potential data breach, an organization has decided to temporarily shut down its online sales order system until sufficient controls can be implemented. Which risk treatment has been selected?

Which of the following BEST enables an organization to address risk associated with technical complexity?

Which of the following is the MOST important reason for a risk practitioner to continuously monitor a critical security transformation program?

An organization has identified the need to implement an asset tiering model to establish the appropriate level of impact. Which of the following is the MOST effective risk assessment methodology for a risk practitioner to use for this initiative?