Free Access to ISACA.CRISC.v2024-01-06.q281 with Valid Practice Test (Page 55)

Question 266

A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner's BEST course of action when a compensating control needs to be applied?

A.Inform senior management.
B.Obtain the risk owner's approval.
C.Record the risk as accepted m the risk register.
D.update the risk response plan.

Question 267

Which of the following is described by the definition given below?
"It is the expected guaranteed value of taking a risk."

A.Certainty equivalent value
B.Risk premium
C.Risk value guarantee
D.Certain value assurance
E.Explanation:
The Certainty equivalent value is the expected guaranteed value of taking a risk. It is derived by
the uncertainty of the situation and the potential value of the situation's outcome.
F.is incorrect. The risk premium is the difference between the larger expected value of
the risk and the smaller certainty equivalent value.

Question 268

Which of the following is a risk practitioner's BEST course of action upon learning that a control under internal review may no longer be necessary?

A.Obtain approval to retire the control.
B.Update the status of the control as obsolete
C.Consult the internal auditor for a second opinion.
D.Verify the effectiveness of the original mitigation plan.

Question 269

Which of the following is the MOST important element of a successful risk awareness training program?

A.Mapping to a recognized standard
B.Customizing content for the audience
C.Providing metrics for measurement
D.Providing incentives to participants

Question 270

An organization has completed a project to implement encryption on all databases that host customer data.
Which of the following elements of the risk register should be updated the reflect this change?

A.Inherent risk
B.Risk likelihood
C.Risk tolerance
D.Risk appetite

Question 266

Question 267

Question 268

Question 269

Question 270

Download PDF File