Online Access Free ISACA.CRISC.v2023-07-10.q544 Practice Test (Page 56)

CRISC Exam Question 271

A risk practitioner is reviewing a vendor contract and finds there is no clause to control privileged access to the organization's systems by vendor employees. Which of the following is the risk practitioner's BEST course of action?

A.Contact the control owner to determine if a gap in controls exists.

B.Add this concern to the risk register and highlight it for management review.

C.Document this concern as a threat and conduct an impact analysis.

D.Report this concern to the contracts department for further action.

CRISC Exam Question 272

An organization has an approved bring your own device (BYOD) policy. Which of the following would BEST mitigate the security risk associated with the inappropriate use of enterprise applications on the devices?

A.Periodically review application on BYOD devices

B.Implement BYOD mobile device management (MDM) controls.

C.Include BYOD in organizational awareness programs

D.Enable a remote wee capability for BYOD devices

CRISC Exam Question 273

A highly regulated enterprise is developing a new risk management plan to specifically address legal and regulatory risk scenarios What should be done FIRST by IT governance to support this effort?

A.Require critical success factors (CSFs) for IT risks.

B.Communicate IT key risk indicators (KRIs) and triggers

C.Request a regulatory risk reporting methodology

D.Establish IT-specific compliance objectives

CRISC Exam Question 274

What is MOST important for the risk practitioner to understand when creating an initial IT risk register?

A.IT objectives

B.Organizational objectives

C.Enterprise architecture (EA)

D.Control environment

CRISC Exam Question 275

A newly hired risk practitioner finds that the risk register has not been updated in the past year. What is the risk practitioner's BEST course of action?

A.Engage an external consultant to redesign the risk management process.

B.Outsource the process for updating the risk register.

C.Implement a process improvement and replace the old risk register.

D.Identify changes in risk factors and initiate risk reviews.

Other Version: 1072ISACA.CRISC.v2025-08-27.q675; 3166ISACA.CRISC.v2025-01-04.q999; 1459ISACA.CRISC.v2024-06-13.q683; 2149ISACA.CRISC.v2024-04-02.q999; 5436ISACA.CRISC.v2022-05-25.q338; 76ISACA.Actual4dump.CRISC.v2022-04-12.by.newman.349q.pdf; 5245ISACA.CRISC.v2022-02-22.q349; 5070ISACA.CRISC.v2021-10-27.q295; 42ISACA.Updatedumps.CRISC.v2021-09-05.by.bonnie.114q.pdf

Latest Upload: 105Microsoft.SC-400.v2025-09-20.q290; 363ISACA.CGEIT.v2025-09-19.q537; 156Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 158Scrum.SAFe-Practitioner.v2025-09-18.q63; 154Workday.Workday-Prism-Analytics.v2025-09-17.q17; 133Oracle.1Z0-1055-24.v2025-09-17.q28; 131Oracle.1Z1-182.v2025-09-17.q32; 256Nutanix.NCP-US-6.5.v2025-09-16.q73; 273Oracle.1z0-071.v2025-09-16.q232; 205Oracle.1Z1-922.v2025-09-16.q125

CRISC Exam Question 271

CRISC Exam Question 272

CRISC Exam Question 273

CRISC Exam Question 274

CRISC Exam Question 275

Download PDF File