Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

CRISC Exam Dumps - Certified in Risk and Information Systems Control

Go to page:
Question # 537

A control owner responsible for the access management process has developed a machine learning model to automatically identify excessive access privileges. What is the risk practitioner's BEST course of action?

A.

Review the design of the machine learning model against control objectives.

B.

Adopt the machine learning model as a replacement for current manual access reviews.

C.

Ensure the model assists in meeting regulatory requirements for access controls.

D.

Discourage the use of emerging technologies in key processes.

Full Access
Question # 538

Which of the following is the PRIMARY reason to conduct risk assessments at periodic intervals?

A.

To ensure emerging risk is identified and monitored

B.

To establish the maturity level of risk assessment processes

C.

To promote a risk-aware culture among staff

D.

To ensure risk trend data is collected and reported

Full Access
Question # 539

Which of the following scenarios is MOST important to communicate to senior management?

A.

Accepted risk scenarios with detailed plans for monitoring

B.

Risk scenarios that have been shared with vendors and third parties

C.

Accepted risk scenarios with impact exceeding the risk tolerance

D.

Risk scenarios that have been identified, assessed, and responded to by the risk owners

Full Access
Question # 540

Which of the following is the BEST method to mitigate the risk of an unauthorized employee viewing confidential data in a database''

A.

Implement role-based access control

B.

Implement a data masking process

C.

Include sanctions in nondisclosure agreements (NDAs)

D.

Install a data loss prevention (DLP) tool

Full Access
Question # 541

A risk practitioner is utilizing a risk heat map during a risk assessment. Risk events that are coded with the same color will have a similar:

A.

risk score

B.

risk impact

C.

risk response

D.

risk likelihood.

Full Access
Question # 542

An organization is planning to outsource its payroll function to an external service provider Which of the following should be the MOST important consideration when selecting the provider?

A.

Disaster recovery plan (DRP) of the system

B.

Right to audit the provider

C.

Internal controls to ensure data privacy

D.

Transparency of key performance indicators (KPIs)

Full Access
Question # 543

Which of the following is MOST important to sustainable development of secure IT services?

A.

Security training for systems development staff

B.

\Well-documented business cases

C.

Security architecture principles

D.

Secure coding practices

Full Access
Go to page: