Isaca CRISC Practice Test - Questions Answers, Page 149

Which of the following is MOST important to consider when assessing the likelihood that a recently discovered software vulnerability will be exploited?

A risk practitioner identifies an increasing trend of employees copying company information unrelated to their job functions to USB drives. Which of the following elements of the risk register should be updated to reflect this observation?

What would be MOST helpful to ensuring the effective implementation of a new cybersecurity program?

A MAJOR advantage of using key risk indicators (KRIs) is that they:

Which of the following is the PRIMARY benefit of using a risk profile?

An organization has established a single enterprise-wide risk register that records high-level risk scenarios. The IT risk department has created its own register to record more granular scenarios applicable to IT. Which of the following is the BEST way to ensure alignment between these two registers?

Where is the FIRST place a risk practitioner should look to identify accountability for a specific risk?

A service organization is preparing to adopt an IT control framework to comply with the contractual requirements of a new client. Which of the following would be MOST helpful to the risk practitioner?

A failure in an organization's IT system build process has resulted in several computers on the network missing the corporate endpoint detection and response (EDR) software. Which of the following should be the risk practitioner's IMMEDIATE concern?