Online Access Free CRISC Exam Questions

Which of the following is the MOST effective way to validate organizational awareness of cybersecurity risk?

• A.Conducting security awareness training
• B.Updating the information security policy
• C.Implementing mock phishing exercises
• D.Requiring two-factor authentication

An organization is analyzing the risk of shadow IT usage. Which of the following is the MOST important input into the assessment?

• A.Business benefits of shadow IT
• B.Classification of the data
• C.Volume of data
• D.Application-related expresses

Which of the following is the MOST relevant information to include in a risk management strategy?

• A.Quantified risk triggers
• B.Cost of controls
• C.Organizational goals
• D.Regulatory requirements

A rule-based data loss prevention {DLP) tool has recently been implemented to reduce the risk of sensitive data leakage. Which of the following is MOST likely to change as a result of this implementation?

• A.Risk velocity
• B.Risk impact
• C.Risk likelihood
• D.Risk appetite

Which of the following is the BEST evidence of a well-defined risk event?

• A.Incident response plans include recovery time objectives (RTOs)
• B.Forensic investigations include chain-of-custody requirements
• C.Critical systems include key performance indicators (KPIs)
• D.Impact analyses include annual loss expectancy (ALE)