Isaca CRISC.pdf
Q: 1
The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:
Options
Q: 2
Which of the following will BEST help mitigate the risk associated with malicious functionality in
outsourced application development?
Options
Q: 3
Which of the following would be MOST useful to senior management when determining an
appropriate risk response?
Options
Q: 4
Which of the following is the MOST important benefit of implementing a data classification program?
Options
Q: 5
After the implementation of internal of Things (IoT) devices, new risk scenarios were identified.
What is the PRIMARY reason to report this information to risk owners?
Options
Q: 6
Which of the following BEST prevents control gaps in the Zero Trust model when implementing in the
environment?
Options
Q: 7
Which of the following is the MOST significant indicator of the need to perform a penetration test?
Options
Q: 8
Which of the following is the BEST course of action for a system administrator who suspects a
colleague may be intentionally weakening a system's validation controls in order to pass through
fraudulent transactions?
Options
Q: 9
Which of the following is the BEST way for a risk practitioner to verify that management has
addressed control issues identified during a previous external audit?
Options
Q: 10
Which of the following should be included in a risk scenario to be used for risk analysis?
Options
Question 1 of 10
