Free ISACA CRISC Exam Dumps Questions & Answers

Which of the following should be the PRIMARY consideration when assessing the risk of using Internet of Things (loT) devices to collect and process personally identifiable information (PII)?

• A.  Local laws and regulations
• B.  Security features and support
• C.  Business strategies and needs
• D.  Costs and benefits

During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?

• A.  Report the gap to senior management
• B.  Complete a risk exception form.
• C.  Consult with the business owner to update the BCP
• D.  Consult with the IT department to update the RTO

Which of the following is the BEST indication of a potential threat?

• A.  Excessive policy and standard exceptions
• B.  Excessive activity in system logs
• C.  Ineffective risk treatment plans
• D.  Increase in identified system vulnerabilities

An organization is participating in an industry benchmarking study that involves providing customer transaction records for analysis Which of the following is the MOST important control to ensure the privacy of customer information?

• A.  Nondisclosure agreements (NDAs)
• B.  Data anonymization
• C.  Data encryption
• D.  Data cleansing

Which of the following is the MAIN reason for analyzing risk scenarios?

• A.  Identifying additional risk scenarios
• B.  Updating the heat map
• C.  Establishing a risk appetite
• D.  Assessing loss expectancy