CRISC Exam

QUESTION 955
An organization has completed a risk assessment of one of its service providers. Who should be accountable
for ensuring that risk responses are implemented?

A. IT risk practitioner
B. The relationship owner
C. Third-party security team
D. Legal representation of the business

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 956
A risk practitioner identifies a database application that has been developed and implemented by the business
independently of IT. Which of the following is the BEST course of action?

A. Document the reasons for the exception.

B. Include the application in IT risk assessments.
C. Propose that the application be transferred to IT.
D. Escalate the concern to senior management.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 957
Which of the following would be a risk practitioner's BEST course of action when a project team has accepted
a risk outside the established risk appetite?

A. Monitor the residual risk level of the accepted risk.

B. Escalate the risk decision to the project sponsor for review.
C. Document the risk decision in the project risk register.
D. Reject the risk acceptance and require mitigating controls.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 958
Who should be responsible for evaluating the residual risk after a compensating control has been applied?

A. Risk practitioner
B. Compliance manager
C. Risk owner
D. Control owner

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 375
 CRISC Exam

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 959
Which of the following should a risk practitioner validate FIRST when a mitigating control cannot be
implemented fully to support business objectives?

A. If the risk owner has accepted the risk

B. If compensating controls have been implemented
C. If insurance coverage has been obtained
D. If business objectives continue to align with organizational goals

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 960
Which of the following is the BEST way to determine whether system settings are in alignment with control
baselines?

A. Internal audit review

B. Control attestation
C. Penetration testing
D. Configuration validation

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 961
A maturity model is MOST useful to an organization when it:

A. defines a qualitative measure of risk.

B. provides a reference for progress.
C. benchmarks against other organizations.
D. provides risk metrics.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 962

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 376
 CRISC Exam

It was determined that replication of a critical database used by two business units failed. Which of the
following should be of GREATEST concern?

A. The cost of recovering the data

B. The lack of integrity of the data
C. The loss of data confidentiality
D. The underutilization of the replicated link

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 963
Which of the following is the BEST control to mitigate the risk when a critical customer-facing application has
been susceptible to recent credential stuffing attacks?

A. Block IP addresses from foreign countries.

B. Increase monitoring of account usage.
C. Implement multi-factor authentication.
D. Increase password complexity requirements.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 964
Which of the following is MOST important to the effective monitoring of key risk indicators (KRIs)?

A. Updating the threat inventory with new threats

B. Automating log data analysis
C. Preventing the generation of false alerts
D. Determining threshold levels

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 965
A multinational organization is considering implementing standard background checks for all new employees.
A KEY concern regarding this approach is that it may:

A. fail to identify all relevant issues.

B. be too costly.
C. violate laws in other countries.
D. be too time consuming.

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 377
 CRISC Exam

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 966
A core data center went offline abruptly for several hours, affecting many transactions across multiple
locations. Which of the following would provide the MOST useful information to determine mitigating controls?

A. Root cause analysis

B. Risk assessment
C. Business impact analysis (BIA)
D. Forensic analysis

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 967
A recent internal risk review reveals the majority of core IT application recovery time objectives (RTOs) have
exceeded the maximum time defined by the business application owners. Which of the following is MOST
likely to change as a result?

A. Risk tolerance
B. Risk likelihood
C. Risk appetite
D. Risk forecasting

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 968
A project team recommends accepting the residual risk associated with known regulatory control deficiencies.
Which of the following is the risk practitioner's MOST important recommendation to the project manager?

A. Present the remaining deficiencies to the project steering committee for sign-off.
B. Assess the risk of the remaining deficiencies and develop an action plan.
C. Update the project risk register with the remaining deficiencies and remediation actions.
D. Confirm a timeline to remediate the remaining deficiencies after the project goes live.

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 378
 CRISC Exam

QUESTION 969
The BEST key performance indicator (KPI) to measure the effectiveness of the security-patching process is
the percentage of patches installed:

A. successfully within the expected time frame.

B. successfully during the first attempt.
C. by the security administration team.
D. without causing an unplanned system outage.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 970
Which of the following is the BEST recommendation of a risk practitioner for an organization that recently
changed its organizational structure?

A. Re-validate the corporate risk appetite.

B. Communicate the new risk profile.
C. Review and adjust key risk indicators (KRIs).
D. Implement a new risk assessment process.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 971
The PRIMARY goal of conducting a business impact analysis (BIA) as part of an overall continuity planning
process is to:

A. map the business processes to supporting IT and other corporate resources.

B. document the disaster recovery process.
C. obtain the support of executive management.
D. identify critical business processes and the degree of reliance on support services.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 972
A financial institution has identified high risk of fraud in several business applications. Which of the following
controls will BEST help reduce the risk of fraudulent internal transactions?

A. Segregation of duties
B. Periodic internal audits
C. Log monitoring

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 379
 CRISC Exam

D. Periodic user privileges review

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 973
A new regulatory requirement imposes severe fines for data leakage involving customers' personally
identifiable information (PII). The risk practitioner has recommended avoiding the risk. Which of the following
actions would BEST align with this recommendation?

A. Implement strong encryption for PII.

B. Modify business processes to stop collecting PII.
C. Move PII to a highly secured outsourced site.
D. Reduce retention periods for PII data.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 974
As part of business continuity planning, which of the following is MOST important to include in a business
impact analysis (BIA)?

A. An assessment of threats to the organization

B. An assessment of recovery scenarios
C. Industry standard framework
D. Documentation of testing procedures

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 975
When documenting a risk response, which of the following provides the STRONGEST evidence to support the
decision?

A. A memo indicating risk acceptance

B. Verbal majority acceptance of risk by committee
C. List of compensating controls
D. IT audit follow-up responses

Correct Answer: C
Section: Volume D
Explanation

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 380
 CRISC Exam

Explanation/Reference:

QUESTION 976
Which of the following is the MOST important activity when identifying relevant risk data?

A. Performing peer reviews of the risk register

B. Interpreting IT assessment findings and data
C. Checking and maintaining data of incident response plans
D. Mapping IT resource data to business processes

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 977
An organization has made a decision to purchase a new IT system. During which phase of the system
development life cycle (SDLC) will identified risk MOST likely lead to architecture and design trade-offs?

A. Acquisition
B. Implementation
C. Initiation
D. Operation and maintenance

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 978
From a risk management perspective, which of the following is the PRIMARY benefit of using automated
system configuration validation tools?

A. Staff costs are reduced.

B. Operational costs are reduced.
C. Inherent risk is reduced.
D. Residual risk is reduced.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 979
Which of the following is the BEST approach to mitigate the risk associated with a control deficiency?

A. Perform a business case analysis.

B. Conduct a control self-assessment (CSA).

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 381
 CRISC Exam

C. Build a provision for risk.

D. Implement compensating controls.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 980
Who should be responsible for strategic decisions on risk management?

A. Audit committee
B. Executive management team
C. Chief information officer (CIO)
D. Business process owner

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 981
Which of the following would be the GREATEST concern for an IT risk practitioner when an employee has
transferred to another department?

A. Company equipment has not been retained by IT.

B. The organization's structure has not been updated.
C. Unnecessary access permissions have not been removed.
D. Job knowledge was not transferred to employees in the former department.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 982
An organization is planning to implement a guest wireless network granting internet access only. Which of the
following is the MOST important consideration to effectively mitigate the risk of guests gaining access to the
organization's internal network?

A. The wireless network is not available outside the office areas.

B. The networks are properly segregated from each other.
C. Guests are required to accept terms and conditions.
D. Only approved equipment is allowed on the guest network.

Correct Answer: B
Section: Volume D
Explanation

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 382
 CRISC Exam

Explanation/Reference:

QUESTION 983
Which of the following should be determined FIRST when a new security vulnerability is made public?

A. How pervasive the vulnerability is within the organization

B. Whether the affected technology is Internet-facing
C. Whether the affected technology is used within the organization
D. What mitigating controls are currently in place

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 984
When should be a risk practitioner’s PRIMARY focus when evaluating a proposed robotic process automation
of a business service?

A. License availability
B. Cost-benefit analysis
C. Code review
D. Control capability

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 985
Which of the following stakeholders are typically included as part of a line of defense within the three lines of
defense model?

A. Regulators
B. Legal team
C. Vendors
D. Board of directors

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 986
Which of the following is the MOST important data attribute of key risk indicators (KRIs)?

A. The data is calculated continuously.

B. The data is measurable.

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 383
 CRISC Exam

C. The data is relevant.

D. The data is automatically produced.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 987
What should a risk practitioner do FIRST when a shadow IT application is identified in a business owner's
business impact analysis (BIA)?

A. Include the application in the business continuity plan (BCP).

B. Report the finding to management.
C. Segregate the application from the network.
D. Determine the business purpose of the application.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 988
An organization is planning to move its application infrastructure from on-premise to the cloud. Which of the
following is the BEST course of action to address the risk associated with data transfer if the relationship is
terminated with the vendor?

A. Work closely with the information security officer to ensure the company has the proper security controls in
place.
B. Collect requirements for the environment to ensure the Infrastructure as a Service (IaaS) is configured
appropriately.
C. Meet with the business leaders to ensure the classification of their transferred data is in place.
D. Ensure the language in the contract explicitly states who is accountable for each step of the data transfer
process.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 989
Which of the following would BEST mitigate an identified risk scenario?

A. Establishing an organization's risk tolerance

B. Conducting awareness training
C. Performing periodic audits
D. Executing a risk response plan

Correct Answer: A

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 384
 CRISC Exam

Section: Volume D
Explanation

Explanation/Reference:

QUESTION 990
Which of the following is MOST important for mitigating ethical risk when establishing accountability for control
ownership?

A. Ensuring processes are documented to enable effective control execution

B. Ensuring schedules and deadlines for control-related deliverables are strictly monitored
C. Ensuring performance metrics balance business goals with risk appetite
D. Ensuring regular risk messaging is included in business communications from leadership

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 991
Which of the following is the MOST appropriate action when a tolerance threshold is exceeded?

A. Verify the response plan is adequate.

B. Communicate potential impact to decision makers.
C. Increase human resources to respond in the interim.
D. Research the root cause of similar incidents.

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 992
A risk practitioner has been asked to recommend a key performance indicator (KPI) to assess the
effectiveness of a manual process to terminate user access. Which of the following would be the BEST KPI to
recommend?

A. Percent increase in number of access termination requests

B. Timeframe of notification from business management to IT
C. Timeframe tram user termination to access revocation
D. Ratio of successful login attempts to unsuccessful log-in attempts

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 993
Which of the following would BEST help to address the risk associated with malicious outsiders modifying

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 385
 CRISC Exam

application data?

A. Role-based access controls

B. Multi-factor authentication
C. Activation of control audits
D. Acceptable use policies

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 994
Which of the following issues found during the review of a newly created disaster recovery plan (DRP) should
be of MOST concern?

A. The chief information security officer (CISO) has not approved the plan.
B. Several recovery activities will be outsourced.
C. Some critical business applications are not included in the plan.
D. The plan is not based on an internationally recognized framework.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 995
A key risk indicator (KRI) flags an exception for exceeding a threshold but remains within risk appetite. Which
of the following should be done NEXT?

A. Adjust the risk threshold level to match risk appetite.

B. Review the risk appetite level to ensure it is appropriate.
C. Review the trend to determine whether action is needed.
D. Document that the KRI is within risk appetite.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 996
An organization's capability to implement a risk management framework is PRIMARILY influenced by the:

A. guidance of the risk practitioner

B. approval of senior management
C. competence of the staff involved
D. maturity of its risk culture

Correct Answer: B

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 386
 CRISC Exam

Section: Volume D
Explanation

Explanation/Reference:

QUESTION 997
An organization is concerned that its employees may be unintentionally disclosing data through the use of
social media sites. Which of the following will MOST effectively mitigate this risk?

A. Conducting user awareness training

B. Requiring employee agreement of the acceptable use policy
C. Establishing a data classification policy
D. Requiring the use of virtual private networks (VPNs)

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 998
Which of the following contributes MOST to the effective implementation of risk responses?

A. Clear understanding of the risk.

B. Detailed standards and procedures.
C. Comparable industry risk trends.
D. Appropriate resources.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 999
Which of the following BEST indicates the risk appetite and tolerance level for the risk associated with
business interruption caused by IT system failures?

A. IT system criticality classification

B. Mean time to recover (MTTR)
C. Incident management service level agreement (SLA)
D. Recovery time objective (RTO)

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1000
Which of the following is the MOST important consideration when developing risk strategies?

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 387
 CRISC Exam

A. Long-term organizational goals

B. Organization's industry sector
C. Concerns of the business process owners
D. History of risk events

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1001
Which of the following would BEST facilitate the implementation of data classification requirements?

A. Implementing technical controls over the assets

B. Implementing a data loss prevention (DLP) solution
C. Scheduling periodic audits
D. Assigning a data owner

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1002
An organization has used generic risk scenarios to populate its risk register. Which of the following presents
the GREATEST challenge to assigning ownership of the associated risk entries?

A. The volume of risk scenarios is too large.

B. Risk scenarios are not applicable.
C. The risk analysis for each scenario is incomplete.
D. Risk aggregation has not been completed.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1003
An organization's business process requires the verbal verification of personal information in an environment
where other customers may overhear this information. Which of the following is the MOST significant risk?

A. The customer may view the process negatively.

B. The information could be used for identity theft.
C. The process could result in intellectual property theft.
D. The process could result in compliance violations.

Correct Answer: B
Section: Volume D
Explanation

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 388
 CRISC Exam

Explanation/Reference:

QUESTION 1004
An organization has initiated a project to launch an IT-based service to customers and take advantage of being
the first to market. Which of the following should be of GREATEST concern to senior management?

A. The project is likely to deliver the product late.

B. More time has been allotted for testing.
C. A new project manager is handling the project.
D. The cost of the project will exceed the allotted budget.

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1005
Which of the following is the MOST important objective of embedding risk management practices into the
initiation phase of the project management life cycle?

A. To deliver projects on time and on budget

B. To assess inherent risk
C. To assess risk throughout the project
D. To include project risk in the enterprise-wide IT risk profile

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1006
Which of the following is the MOST significant indicator of the need to perform a penetration test?

A. An increase in the number of infrastructure changes

B. An increase in the number of security incidents
C. An increase in the number of high-risk audit findings
D. An increase in the percentage of turnover in IT personnel

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1007
Which of the following provides the MOST reliable information to ensure a newly acquired company has
appropriate IT controls in place?

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 389
 CRISC Exam

A. Vulnerability assessment
B. Information system audit
C. Penetration testing
D. IT risk assessment

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1008
Print jobs containing confidential information are sent to a shared network printer located in a secure room.
Which of the following is the BEST control to prevent the inappropriate disclosure of confidential information?

A. Ensuring printer parameters are properly configured

B. Using video surveillance in the printer room
C. Using physical controls to access the printer room
D. Requiring a printer access code for each user

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1009
Which of the following would be MOST helpful when communicating roles associated with the IT risk
management process?

A. Skills matrix
B. RACI chart
C. Organizational chart
D. Job descriptions

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1010
The PRIMARY benefit of conducting a risk workshop using a top-down approach instead of a bottom-up
approach is the ability to:

A. incorporate subject matter expertise.

B. identify specific project risk.
C. understand risk associated with complex processes.
D. obtain a holistic view of IT strategy risk.

Correct Answer: A
Section: Volume D

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 390
 CRISC Exam

Explanation

Explanation/Reference:

QUESTION 1011
A bank recently incorporated blockchain technology with the potential to impact known risk within the
organization. Which of the following is the risk practitioner’s BEST course of action?

A. Analyze and update control assessments with the new processes.

B. Conduct testing of the controls that mitigate the existing risk.
C. Determine whether risk responses are still adequate.
D. Analyze the risk and update the risk register as needed.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1012
Of the following, who is BEST suited to assist a risk practitioner in developing a relevant set of risk scenarios?

A. Control owner
B. Internal auditor
C. Asset owner
D. Finance manager

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1013
The risk associated with an asset after controls are applied can be expressed as:

A. the likelihood of a given threat.

B. the magnitude of an impact.
C. a function of the likelihood and impact.
D. a function of the cost and effectiveness of controls.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1014
A risk practitioner notices a trend of noncompliance with an IT-related control. Which of the following would
BEST assist in making a recommendation to management?

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 391
 CRISC Exam

A. Reviewing the IT policy with the risk owner

B. Reviewing the roles and responsibilities of control process owners
C. Assessing noncompliance with control best practices
D. Assessing the degree to which the control hinders business objectives

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1015
Which key performance indicator (KPI) BEST measures the effectiveness of an organization's disaster
recovery program?

A. Number of service level agreement (SLA) violations.

B. Percentage of critical systems recovered within the recovery time objective (RTO).
C. Percentage of recovery issues identified during the exercise.
D. Number of total systems recovered within the recovery point objective (RPO).

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1016
The PRIMARY advantage of involving end users in continuity planning is that they:

A. can see the overall impact to the business.

B. have a better understanding of specific business needs.
C. can balance the overall technical and business concerns.
D. are more objective than information security management.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1017
Which of the following is the PRIMARY risk management responsibility of the second line of defense?

A. Applying risk treatments

B. Providing assurance of control effectiveness
C. Implementing internal controls
D. Monitoring risk responses

Correct Answer: B
Section: Volume D
Explanation

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 392
 CRISC Exam

Explanation/Reference:

QUESTION 1018
Which of the following is the BEST way to ensure ongoing control effectiveness?

A. Periodically reviewing control design

B. Establishing policies and procedures
C. Measuring trends in control performance
D. Obtaining management control attestations

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1019
Who should have the authority to approve an exception to a control?

A. Information security manager

B. Risk manager
C. Control owner
D. Risk owner

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1020
Which of the following is a responsibility of the second line of defense in the three lines of defense model?

A. Owning risk scenarios and bearing the consequences of loss

B. Alerting operational management to emerging issues
C. Implementing corrective actions to address deficiencies
D. Performing duties independently to provide assurance

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1021
To mitigate the risk of using a spreadsheet lo analyze financial data. IT has engaged a third-party vendor to
deploy a standard application to automate the process. Which of the following parties should own the risk
associated with calculation errors?

A. Third-party provider
B. Business owner

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 393
 CRISC Exam

C. IT department
D. Risk manager

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1022
Which of the following provides the BEST evidence that risk responses are effective?

A. Compliance breaches are addressed in a timely manner

B. Risk with low impact is accepted
C. Risk ownership is identified and assigned
D. Residual risk is within risk tolerance

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1023
A risk practitioner has just learned about new malware that has severely impacted industry peers worldwide.
Which of the following should be done FIRST?

A. Notify executive management.

B. Update the IT risk register.
C. Design IT risk mitigation plans.
D. Analyze the impact to the organization.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1024
Which of the following is the MAIN purpose of monitoring risk?

A. Benchmarking
B. Risk analysis
C. Decision support
D. Communication

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 394
 CRISC Exam

QUESTION 1025
What is the PRIMARY benefit of risk monitoring?

A. It facilitates communication of threat levels.

B. It provides statistical evidence of control efficiency.
C. It facilitates risk-aware decision making.
D. It reduces the number of audit findings.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1026
An organization's control environment is MOST effective when:

A. controls operate efficiently.

B. controls are implemented consistently.
C. controls perform as intended.
D. control designs are reviewed periodically.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1027
When reviewing the business continuity plan (BCP) of an online sales order system, a risk practitioner notices
that the recovery time objective (RTO) has a shorter time than what is defined in the disaster recovery plan
(DRP). Which of the following is the BEST way for the risk practitioner to address this concern?

A. Update the risk register to reflect the discrepancy.

B. Adopt the RTO defined in the BCP.
C. Adopt the RTO defined in the DRP.
D. Communicate the discrepancy to the DR manager for follow-up.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1028
Which of the following should be the PRIMARY consideration when assessing the risk of using Internet of
Things (IoT) devices to collect and process personally identifiable information (PII)?

A. Costs and benefits

B. Security features and support
C. Local laws and regulations

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 395
 CRISC Exam

D. Business strategies and needs

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1029
During a risk assessment of a financial institution, a risk practitioner discovers that tellers can initiate and
approve transactions of significant value. This team is also responsible for ensuring transactions are recorded
and balances are reconciled by the end of the day. Which of the following is the risk practitioner’s BEST
recommendation to mitigate the associated risk?

A. Require a code of ethics.

B. Implement continuous monitoring.
C. Implement segregation of duties.
D. Require a second level of approval.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1030
Due to a change in business processes, an identified risk scenario no longer requires mitigation. Which of the
following is the MOST important reason the risk should remain in the risk register?

A. To track historical risk assessment results

B. To prevent the risk scenario in the current environment
C. To monitor for potential changes to the risk scenario
D. To support regulatory requirements

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1031
Reviewing which of the following provides the BEST indication of an organization's risk tolerance?

A. Risk sharing strategy

B. Risk assessments
C. Risk transfer agreements
D. Risk policies

Correct Answer: B
Section: Volume D
Explanation

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 396
 CRISC Exam

Explanation/Reference:

QUESTION 1032
Which of the following is MOST helpful in defining an early-warning threshold associated with insufficient
network bandwidth?

A. Bandwidth used during business hours

B. Average bandwidth usage
C. Total bandwidth usage
D. Peak bandwidth usage

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1033
When developing a risk awareness training program, which of the following training topics would BEST
facilitate a thorough understanding of risk scenarios?

A. Mapping threats to organizational objectives

B. Reviewing past audits
C. Analyzing key risk indicators (KRIs)
D. Identifying potential sources of risk

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1034
Which of the following would provide the MOST objective assessment of the effectiveness of an organization's
security controls?

A. A third-party audit
B. Internal penetration testing
C. Security operations center review
D. An internal audit

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1035
Which of the following is the MOST important information to be communicated during security awareness
training?

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 397
 CRISC Exam

A. Corporate risk profile

B. Recent security incidents
C. Management's expectations
D. The current risk management capability

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1036
Which of the following is the GREATEST critical success factor (CSF) of an IT risk management program?

A. Identifying enterprise risk events

B. Conducting focus group meetings with key stakeholders
C. Aligning with business objectives
D. Identifying IT risk scenarios

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1037
Which of the following should be the risk practitioner's FIRST course of action when an organization has
decided to expand into new product areas?

A. Review existing risk scenarios with stakeholders.

B. Present a business case for new controls to stakeholders.
C. Revise the organization's risk and control policy.
D. Identify any new business objectives with stakeholders.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1038
Which of the following BEST supports the management of identified risk scenarios?

A. Using key risk indicators (KRIs)

B. Maintaining a risk register
C. Collecting risk event data
D. Defining risk parameters

Correct Answer: A
Section: Volume D
Explanation

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 398
 CRISC Exam

Explanation/Reference:

QUESTION 1039
A risk practitioner observed that a high number of policy exceptions were approved by senior management.
Which of the following is the risk practitioner's BEST course of action to determine root cause?

A. Perform control testing.

B. Review policy change history.
C. Review the risk profile.
D. Interview the control owner.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1040
An organization has decided to use an external auditor to review the control environment of an outsourced
service provider. The BEST control criteria to evaluate the provider would be based on:

A. the service provider's existing controls.

B. guidance provided by the external auditor.
C. a recognized industry control framework.
D. the organization's specific control requirements.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1041
A global company's business continuity plan (BCP) requires the transfer of its customer information systems to
an overseas cloud service provider in the event of a disaster. Which of the following should be the MOST
important risk consideration?

A. The lack of a service level agreement (SLA) in the vendor contract

B. The cloud computing environment is shared with another company
C. The organizational culture differences between each country
D. The difference in the management practices between each company

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1042
Which of the following will MOST effectively align IT controls with corporate risk tolerance?

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 399
 CRISC Exam

A. Benchmarks against industry leading practices

B. Internal policies approved by stakeholders
C. Key performance indicators (KPIs) approved by stakeholders
D. Risk management framework

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1043
Which of the following is MOST likely to be impacted as a result of a new policy which allows staff members to
remotely connect to the organization's IT systems via personal or public computers?

A. Risk tolerance
B. Risk appetite
C. Inherent risk
D. Key risk indicator (KRI)

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1044
Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster
recovery test of critical business processes?

A. Percentage of processes recovered within the recovery time and point objectives
B. Number of current test plans and procedures
C. Percentage of job failures identified and resolved during the recovery process
D. Number of issues and action items resolved during the recovery test

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1045
When developing risk scenarios using a list of generic scenarios based on industry best practices, it is MOST
important to:

A. assess generic risk scenarios with business users.

B. validate the generic risk scenarios for relevance.
C. select the maximum possible risk scenarios from the list.
D. identify common threats causing generic ask scenarios.

Correct Answer: B
Section: Volume D

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 400
 CRISC Exam

Explanation

Explanation/Reference:

QUESTION 1046
The MOST significant benefit of using a consistent risk ranking methodology across an organization is that it
enables:

A. assignment of risk to the appropriate owners.

B. allocation of available resources.
C. risk to be expressed in quantifiable terms.
D. clear understanding of risk levels.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1047
Which of the following is MOST important for a risk practitioner to consider when evaluating plans for changes
to IT services?

A. User acceptance testing (UAT)

B. Impact assessment of the change
C. Change communication plan
D. Change testing schedule

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1048
Which of the following should be the FIRST step to investigate an IT monitoring system that has a decreasing
alert rate?

A. Adjust the sensitivity to trigger more alerts.

B. Determine the root cause for the change in alert rate.
C. Conduct regression testing to ensure alerts can be triggered.
D. Review and adjust the timing of the reporting window.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1049
When formulating a social media policy to address information leakage, which of the following is the MOST
important concern to address?

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 401
 CRISC Exam

A. Using social media to maintain contact with business associates

B. Using social media for personal purposes during working hours
C. Sharing company information on social media
D. Sharing personal information on social media

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1050
Which of the following should be the risk practitioner's FIRST course of action when an organization plans to
adopt a cloud computing strategy?

A. Perform a controls assessment.

B. Request a budget for implementation.
C. Conduct a threat analysis.
D. Create a cloud computing policy.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1051
Which element of an organization's risk register is MOST important to update following the commissioning of a
new financial reporting system?

A. The owner of the financial reporting process

B. The list of relevant financial controls
C. Key risk indicators (KRIs)
D. The risk rating of affected financial processes

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1052
Which of the following is the BEST way to address a board's concern about the organization's cybersecurity
posture?

A. Update security risk scenarios

B. Create a new security risk officer role
C. Assess security capabilities against an industry framework
D. Contract with a third party to perform vulnerability testing

Correct Answer: D

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 402
 CRISC Exam

Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1053
Which of the following is MOST influential when management makes risk response decisions?

A. Detection risk
B. Risk appetite
C. Audit risk
D. Residual risk

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1054
Which of the following would MOST likely drive the need to review and update key performance indicators
(KPIs) for critical IT assets?

A. Changes in service level objectives

B. Findings from continuous monitoring
C. The outsourcing of related IT processes
D. Outcomes of periodic risk assessments

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1055
Which of the following is the MOST important component of effective security incident response?

A. A documented communications plan

B. Identification of attack sources
C. Network time protocol synchronization
D. Early detection of breaches

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1056
An organization has an approved bring your own device (BYOD) policy. Which of the following would BEST
mitigate the security risk associated with the inappropriate use of enterprise applications on the devices?

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 403
 CRISC Exam

A. Enable a remote wipe capability for BYOD devices.

B. Periodically review applications on BYOD devices.
C. Include BYOD in organizational awareness programs.
D. Implement BYOD mobile device management (MDM) controls.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1057
When is the BEST time to identify risk associated with major projects to determine a mitigation plan?

A. Project execution phase

B. Project closing phase
C. Project planning phase
D. Project initiation phase

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1058
Which of the following is a risk practitioner's BEST recommendation to address an organization's need to
secure multiple systems with limited IT resources?

A. Perform a vulnerability analysis.

B. Schedule a penetration test.
C. Apply available security patches.
D. Conduct a business impact analysis (BIA).

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1059
Which of the following is MOST important to include in a risk assessment of an emerging technology?

A. Key controls
B. Risk and control ownership
C. Risk response plans
D. Impact and likelihood ratings

Correct Answer: D
Section: Volume D
Explanation

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 404
 CRISC Exam

Explanation/Reference:

QUESTION 1060
Which of the following would MOST electively reduce risk associated with an increased volume of online
transactions on a retailer website?

A. Transaction limits
B. Scalable infrastructure
C. A hot backup site
D. Website activity monitoring

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1061
Which of the following is MOST important to consider when determining the value of an asset during the risk
identification process?

A. The vulnerability profile of the asset

B. The size of the asset's user base
C. The criticality of the asset
D. The monetary value of the asset

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1062
Risk acceptance of an exception to a security control would MOST likely be justified when:

A. the end-user license agreement has expired.

B. automation cannot be applied to the control.
C. the control is difficult to enforce in practice.
D. business benefits exceed the loss exposure.

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1063
Which of the following standard operating procedure (SOP) statements BEST illustrates appropriate risk
register maintenance?

A. Remove risk that management has decided to accept.

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 405
 CRISC Exam

B. Remove risk only following a significant change in the risk environment.

C. Remove risk when mitigation results in residual risk within tolerance levels.
D. Remove risk that has been mitigated by third-party transfer.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1064
It is MOST important that security controls for a new system be documented in:

A. the security policy

B. testing requirements
C. system requirements
D. the implementation plan

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1065
Which of the following is MOST important to review when determining whether a potential IT service provider’s
control environment is effective?

A. Control self-assessment (CSA)

B. Service level agreements (SLAs)
C. Key performance indicators (KPIs)
D. Independent audit report

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1066
Which of the following will BEST help to ensure the continued effectiveness of the IT risk management function
within an organization experiencing high employee turnover?

A. Change and release management

B. Well documented policies and procedures
C. Risk and issue tracking
D. An IT strategy committee

Correct Answer: B
Section: Volume D
Explanation

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 406
 CRISC Exam

Explanation/Reference:

QUESTION 1067
The PRIMARY purpose of using a framework for risk analysis is to:

A. help define risk tolerance

B. help develop risk scenarios
C. improve consistency
D. improve accountability.

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1068
Within the three lines of defense model, the accountability for the system of internal controls resides with:

A. enterprise risk management.

B. the risk practitioner.
C. the chief information officer (CIO).
D. the board of directors.

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1069
Before assigning sensitivity levels to information, it is MOST important to:

A. define the information classification policy.

B. conduct a sensitivity analysis.
C. identify information custodians.
D. define recovery time objectives (RTOs).

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1070
Which of the following risk-related information is MOST valuable to senior management when formulating an
IT strategic plan?

A. Risk mitigation plans

B. IT risk appetite statement
C. Emerging IT risk scenarios

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 407
 CRISC Exam

D. Key risk indicators (KRIs)

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1071
What information related to a system vulnerability would be MOST useful to management in making an
effective risk-based decision?

A. Consequences if the vulnerability is exploited

B. Availability of patches to mitigate the vulnerability
C. Vulnerability scanning tools currently in place
D. Risk mitigation plans for the vulnerability

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1072
Which of the following is MOST helpful to understand the consequences of an IT risk event?

A. Fault tree analysis

B. Root cause analysis
C. Business impact analysis (BIA)
D. Historical trend analysis

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1073
An organization striving to be on the leading edge in regard to risk monitoring would MOST likely implement:

A. a tool for monitoring critical activities and controls

B. procedures to monitor the operation of controls
C. real-time monitoring of risk events and control exceptions
D. monitoring activities for all critical assets.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 408
 CRISC Exam

QUESTION 1074
Which of the following is MOST important for an organization to update following a change in legislation
requiring notification to individuals impacted by data breaches?

A. Security awareness training

B. Policies and standards
C. Risk appetite and tolerance
D. Insurance coverage

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1075
Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled
fraud?

A. Ensuring that risk and control assessments consider fraud

B. Implementing processes to detect and deter fraud
C. Providing oversight of risk management processes
D. Monitoring the results of actions taken to mitigate fraud

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1076
Which of the following is the BEST way to quantify the likelihood of risk materialization?

A. Balanced scorecard
B. Business impact analysis (BIA)
C. Threat and vulnerability assessment
D. Compliance assessments

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1077
In order to determine if a risk is under-controlled, the risk practitioner will need to:

A. determine the sufficiency of the IT risk budget

B. monitor and evaluate IT performance
C. identify risk management best practices
D. understand the risk tolerance

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 409
 CRISC Exam

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1078
A third-party vendor has offered to perform user access provisioning and termination. Which of the following
control accountabilities is BEST retained within the organization?

A. Reviewing access control lists

B. Performing user access recertification
C. Authorizing user access requests
D. Terminating inactive user access

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1079
The PRIMARY reason for prioritizing risk scenarios is to:

A. facilitate risk response decisions.

B. support risk response tracking.
C. assign risk ownership.
D. provide an enterprise-wide view of risk.

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1080
A risk practitioner has been asked to evaluate the adoption of a third-party blockchain integration platform
based on the value added by the platform and the organization's risk appetite. Which of the following is the risk
practitioner’s BEST course of action?

A. Update the risk register with the process changes.

B. Review risk related to standards and regulations.
C. Conduct a risk assessment with stakeholders.
D. Conduct third-party resilience tests.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1081

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 410
 CRISC Exam

A company has recently acquired a customer relationship management (CRM) application from a certified
software vendor. Which of the following will BEST help to prevent technical vulnerabilities from being
exploited?

A. Verify the software agreement indemnifies the company from losses.

B. Update the software with the latest patches and updates.
C. Review the source code and error reporting of the application.
D. Implement code reviews and quality assurance on a regular basis.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1082
Which of the following MOST effectively limits the impact of a ransomware attack?

A. End user training

B. Cyber insurance
C. Data backups
D. Cryptocurrency reserve

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1083
A risk practitioner is presenting the risk profile to management, indicating an increase in the number of
successful network attacks. This information would be MOST helpful to:

A. determine the availability of network resources.

B. justify additional controls.
C. justify investing in a log collection system.
D. determine the frequency of monitoring.

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1084
Which of the following BEST helps to identify significant events that could impact an organization?

A. Vulnerability analysis
B. Scenario analysis
C. Heat map analysis
D. Control analysis

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 411
 CRISC Exam

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1085
A recent risk workshop has identified risk owners and responses for newly identified risk scenarios. Which of
the following should be the risk practitioner's NEXT step?

A. Identify resources for implementing responses.

B. Prepare a business case for the response options.
C. Update the risk register with the results.
D. Develop a mechanism for monitoring residual risk.

Correct Answer: C
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1086
Which of the following would present the MOST significant risk to an organization when updating the incident
response plan?

A. Undefined assignment of responsibility

B. Obsolete response documentation
C. Increased stakeholder turnover
D. Failure to audit third-party providers

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1087
An organization has provided legal text explaining the rights and expected behavior of users accessing a
system from geographic locations that have strong privacy regulations. Which of the following control types
has been applied?

A. Detective
B. Preventive
C. Compensating
D. Directive

Correct Answer: D
Section: Volume D
Explanation

Explanation/Reference:

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 412
 CRISC Exam

QUESTION 1088
An organization will be impacted by a new data privacy regulation due to the location of its production facilities.
What action should the risk practitioner take when evaluating the new regulation?

A. Perform an analysis of the new regulation to ensure current risk is identified.

B. Evaluate if the existing risk responses to the previous regulation are still adequate.
C. Assess the validity and perform update testing on data privacy controls.
D. Develop internal control assessments over data privacy for the new regulation.

Correct Answer: A
Section: Volume D
Explanation

Explanation/Reference:

QUESTION 1089
Which of the following is MOST helpful in preventing risk events from materializing?

A. Maintaining the risk register

B. Reviewing and analyzing security incidents
C. Establishing key risk indicators (KRIs)
D. Prioritizing and tracking issues

Correct Answer: B
Section: Volume D
Explanation

Explanation/Reference:

07B13F58239056B81577933EB624485B
“Best Material, Great Results”. www.certkingdom.com 413