Free ISACA CRISC Exam Dumps Questions & Answers

Which of the following is the MOST important key risk indicator (KRI) to protect personal information on corporate mobile endpoints?

• A.  Number of endpoints not compliant with patching policy
• B.  Percentage of endpoints that are not encrypted
• C.  Percentage of endpoints with outdated antivirus signatures
• D.  Ratio of undiscoverable endpoints to encrypted endpoints

Which of the following risk scenarios should be considered in a disaster recovery plan (DRP)?

• A.  A pandemic situation requiring remote work
• B.  Hacking activity leading to theft of sensitive data
• C.  A ransomware attack affecting critical systems
• D.  A vendor failing to notify the organization of a data breach

A MAJOR advantage of using key risk indicators (KRIs) is that they:

• A.  Assess risk scenarios that exceed defined thresholds.
• B.  Help with internal control assessments concerning risk appetite.
• C.  Identify scenarios that exceed defined risk appetite.
• D.  Identify when risk exceeds defined thresholds.

An organization uses one centralized single sign-on (SSO) control to cover many applications. Which of the following is the BEST course of action when a new application is added to the environment after testing of the SSO control has been completed?

• A.  Initiate a retest of the full control
• B.  Retest the control using the new application as the only sample.
• C.  Review the corresponding change control documentation
• D.  Re-evaluate the control during (he next assessment

Which of the following provides The BEST information when determining whether to accept residual risk of a critical system to be implemented?

• A.  Availability of additional compensating controls
• B.  Potential business impacts are within acceptable levels
• C.  Single loss expectancy (SLE)
• D.  Cost of the information system