Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

ISACA CRISC Exam
Certified in Risk and Information Systems Control (Page 86 )

Updated On: 7-Feb-2026
Page 76 of 380
PDF with 1895 Questions

Which of the following is the PRIMARY objective of aggregating the impact of IT risk scenarios and reflecting the results in the enterprise risk register?

  1. Toensure IT risk appetite is communicated across the organization
  2. To ensure IT risk impact can be compared to the IT risk appetite
  3. To ensure IT risk ownership is assigned at the appropriate organizational level
  4. To ensure IT risk scenarios areconsistently assessed within the organization

Answer(s): B

Explanation:

The primary objective of aggregating the impact of IT risk scenarios and reflecting the results in the enterprise risk register is to ensure IT risk impact can be compared to the IT risk appetite, as it enables the organization to measure and evaluate the overall level and exposure of the IT risk, and to align and prioritize the IT risk response and strategy with the organizational objectives and regulations. The other options are not the primary objectives, as they are more related to the communication, assignment, or assessment of the IT risk scenarios, respectively, rather than the aggregation or reflection of the IT risk scenarios. References = CRISC Review Manual, 7th Edition, page 109.



An organization moved its payroll system to a Software as a Service (SaaS) application. A new data privacy regulation stipulates that data can only be processed within the countrywhere it is collected.
Which of the following should be done FIRST when addressing this situation?

  1. Analyze data protection methods.
  2. Understand data flows.
  3. Include a right-to-audit clause.
  4. Implement strong access controls.

Answer(s): B

Explanation:

The first step when addressing the situation of moving the payroll system to a SaaS application and complying with the new data privacy regulation is to understand the data flows. This means identifying where the data is collected, stored, processed, and transferred, and who has access to it. Understanding the data flows can help to determine the scope and impact of the regulation, as well as the potential risks and gaps in the current state. It can also help to identify the roles and responsibilities of the organization and the SaaS provider regarding data protection and compliance. References = Risk and Information Systems Control Study Manual, Chapter 5, Section 5.3.1.2, p. 237-238



An organization has been notified that a disgruntled, terminated IT administrator has tried to break into the corporate network.
Which of the following discoveries should be of

GREATEST concern to the organization?

  1. Authentication logs have been disabled.
  2. An external vulnerability scan has been detected.
  3. A brute force attack has been detected.
  4. An increase in support requests has been observed.

Answer(s): A

Explanation:

Authentication logs are records of the attempts and results of logging into an IT system, network, or application, such as the user name, password, date, time, location, or device1. Authentication logs can help to verify and audit the identity and access of the users, and to detect and investigate any unauthorized or suspicious login activities, such as failed or repeated attempts, or unusual patterns or locations2. Among the four options given, the discovery that authentication logs have been disabled should be of greatest concern to the organization. This is because disabling authentication logs can:
Prevent or hinder the organization from monitoring and controlling the access and activity of the users, especially the disgruntled, terminated IT administrator who may have malicious intentions or insider knowledge
Enable or facilitate the disgruntled, terminated IT administrator or other attackers to bypass or compromise the authentication mechanisms or policies, and gain unauthorized or elevated access to the IT systems, networks, or applications Conceal or erase the evidence or traces of the login attempts or actions of the disgruntled, terminated IT administrator or other attackers, and make it difficult or impossible to identify, investigate, or prosecute them
Indicate or imply that the disgruntled, terminated IT administrator or other attackers have already breached or compromised the IT systems, networks, or applications, and have disabled the authentication logs to cover their tracks or avoid detection3 References = What is Authentication Logging?, Authentication Logging - Wikipedia, Fired admin cripples former employer's network using old credentials



Which of the following BEST helps to ensure disaster recovery staff members are able to complete their assigned tasks effectively during a disaster?

  1. Performing parallel disaster recoverytesting
  2. Documenting the order of system and application restoration
  3. Involving disaster recovery staff members in risk assessments
  4. Conducting regular tabletop exercises and scenario analysis

Answer(s): D



A risk practitioner has been notified that an employee sent an email in error containing customers' personally identifiable information (Pll).
Which of the following is the risk practitioner's BEST course of action?

  1. Report it to the chief risk officer.
  2. Advise the employee to forward the email to the phishing team.
  3. follow incident reporting procedures.
  4. Advise the employee to permanently delete the email.

Answer(s): C

Explanation:

The best course of action for the risk practitioner is to follow the incident reporting procedures established by the organization. This will ensure that the incident is properly documented, escalated, and resolved in a timely and consistent manner. Reporting the incident to the chief risk officer, advising the employee to forward the email to the phishing team, or advising the employee to permanently delete the email are not the best courses of action, as they may not comply with the organization's policies and standards, and may not address the root cause and impact of the incident. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 4, Section 4.2.2.1, page 193.






Post your Comments and Discuss ISACA CRISC exam prep with other Community members:

Join the CRISC Discussion