CRISC Exam Question 131

During a risk assessment, a risk practitioner learns that an IT risk factor is adequately mitigated by compensating controls in an associated business process. Which of the following would enable the MOST effective management of the residual risk?
  • CRISC Exam Question 132

    Which of the following would MOST effectively reduce the potential for inappropriate exposure of vulnerabilities documented in an organization's risk register?
  • CRISC Exam Question 133

    An organization's IT infrastructure is running end-of-life software that is not allowed without exception approval. Which of the following would provide the MOST helpful information to justify investing in updated software?
  • CRISC Exam Question 134

    An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?
  • CRISC Exam Question 135

    Which of the following BEST prevents unauthorized access to customer personal data transmitted to third- party service providers?