Online Access Free ISACA.CRISC.v2025-01-04.q999 Practice Test (Page 158)

CRISC Exam Question 781

Which of the following is the MAIN reason for analyzing risk scenarios?

A.Establishing a risk appetite

B.Updating the heat map

C.Identifying additional risk scenarios

D.Assessing loss expectancy

CRISC Exam Question 782

Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?

A.Redundant compensating controls are in place.

B.A high number of approved exceptions exist with compensating controls.

C.Asset custodians are responsible for defining controls instead of asset owners.

D.Successive assessments have the same recurring vulnerabilities.

CRISC Exam Question 783

Which of the following is the FIRST step in managing the security risk associated with wearable technology in the workplace?

A.Develop risk awareness training

B.Monitor employee usage

C.Identify the potential risk

D.Assess the potential risk

CRISC Exam Question 784

The risk associated with inadvertent disclosure of database records from a public cloud service provider (CSP) would MOST effectively be reduced by:

A.encrypting the data

B.including a nondisclosure clause in the CSP contract

C.assessing the data classification scheme

D.reviewing CSP access privileges

Correct Answer: A

Encrypting the data would MOST effectively reduce the risk associated with inadvertent disclosure of database records from a public cloud service provider (CSP), because it is a control that protects the confidentiality and integrity of the data by transforming it into an unreadable and unmodifiable form, using a secret key or algorithm. Encrypting the data can prevent or minimize the unauthorized or accidental access, modification, or leakage of the data, especially when the data is stored, transmitted, or processed in a public cloud environment, which may have less security and control than a private or on-premise environment. The other options are not as effective as encrypting the data, because:
* Option B: Including a nondisclosure clause in the CSP contract is a legal measure that can deter or penalize the CSP from disclosing the data to any third party, but it does not reduce the risk of inadvertent disclosure of the data, which may occur due to human error, system failure, or malicious attack, and it does not protect the data from unauthorized or accidental access, modification, or leakage.
* Option C: Assessing the data classification scheme is a process that can help to identify and categorize the data according to its sensitivity, value, and criticality, and to determine the appropriate level of protection and handling for the data, but it does not reduce the risk of inadvertent disclosure of the data, which may affect any type or class of data, and it does not provide the specific or effective control to protect the data from unauthorized or accidental access, modification, or leakage.
* Option D: Reviewing CSP access privileges is a procedure that can help to monitor and verify the access rights and permissions of the CSP to the data, and to ensure that they are aligned with the business needs and expectations, but it does not reduce the risk of inadvertent disclosure of the data, which may occur even with the legitimate or authorized access of the CSP, and it does not protect the data from unauthorized or accidental access, modification, or leakage by other parties. References = Risk and Information Systems Control Study Manual, 7th Edition, ISACA, 2020, p. 211.

CRISC Exam Question 785

A company has recently acquired a customer relationship management (CRM) application from a certified software vendor. Which of the following will BE ST help lo prevent technical vulnerabilities from being exploded?

A.Update the software with the latest patches and updates

B.implement code reviews and Quality assurance on a regular basis

C.Review the source coda and error reporting of the application

D.Verity me software agreement indemnifies the company from losses

Other Version: 1053ISACA.CRISC.v2025-08-27.q675; 1449ISACA.CRISC.v2024-06-13.q683; 2131ISACA.CRISC.v2024-04-02.q999; 2726ISACA.CRISC.v2023-07-10.q544; 5436ISACA.CRISC.v2022-05-25.q338; 76ISACA.Actual4dump.CRISC.v2022-04-12.by.newman.349q.pdf; 5245ISACA.CRISC.v2022-02-22.q349; 5070ISACA.CRISC.v2021-10-27.q295; 42ISACA.Updatedumps.CRISC.v2021-09-05.by.bonnie.114q.pdf

Latest Upload: 103Microsoft.SC-400.v2025-09-20.q290; 357ISACA.CGEIT.v2025-09-19.q537; 156Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 157Scrum.SAFe-Practitioner.v2025-09-18.q63; 147Workday.Workday-Prism-Analytics.v2025-09-17.q17; 133Oracle.1Z0-1055-24.v2025-09-17.q28; 130Oracle.1Z1-182.v2025-09-17.q32; 251Nutanix.NCP-US-6.5.v2025-09-16.q73; 267Oracle.1z0-071.v2025-09-16.q232; 205Oracle.1Z1-922.v2025-09-16.q125

CRISC Exam Question 781

CRISC Exam Question 782

CRISC Exam Question 783

CRISC Exam Question 784

CRISC Exam Question 785

Download PDF File