Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CRISCFree trial

By isaca

Verified

25Q per page

Question 276

The operational risk associated with attacks on a web application should be owned by the individual in charge of:

A: network operations.
B: the cybersecurity function.
C: application development.
D: the business function.

—

Question 277

Which of the following is the MOST important benefit of reporting risk assessment results to senior management?

A: Facilitation of risk-aware decision making
B: Alignment of business activities
C: Compilation of a comprehensive risk register
D: Promotion of a risk-aware culture

—

Question 278

Which of the following is the GREATEST benefit of implementing an enterprise risk management (ERM) program?

A: A common view of enterprise risk is established.
B: Risk-aware decision making is enabled.
C: Risk management is integrated into the organization.
D: Risk management controls are implemented.

—

Question 279

When confirming whether implemented controls are operating effectively, which of the following is MOST important to review?

A: Maturity model
B: Results of risk assessments
C: Number of emergency change requests
D: Results of benchmarking studies

—

Question 280

Which of the following is the PRIMARY reason for a risk practitioner to review an organization’s IT asset inventory?

A: To plan for the replacement of assets at the end of their life cycles
B: To understand vulnerabilities associated with the use of the assets
C: To calculate mean time between failures (MTBF) for the assets
D: To assess requirements for reducing duplicate assets

—

Question 281

When performing a risk assessment of a new service to support a core business process, which of the following should be done FIRST to ensure continuity of operations?

A: Identity conditions that may cause disruptions.
B: Evaluate the probability of risk events.
C: Review incident response procedures.
D: Define metrics for restoring availability.

—

Question 282

Risks to an organization's image are referred to as what kind of risk?

A: Operational
B: Financial
C: Information
D: Strategic

—

Question 283

Which of the following is the MOST important information to cover in a business continuity awareness training program for all employees of the organization?

A: Critical asset inventory
B: Communication plan
C: Segregation of duties
D: Recovery time objectives (RTOs)

—

Question 284

Which of the following is the MOST effective way for a large and diversified organization to minimize risk associated with unauthorized software on company devices?

A: Perform frequent internal audits of enterprise IT infrastructure.
B: Scan end points for applications not included in the asset inventory.
C: Conduct frequent reviews of software licenses.
D: Prohibit the use of cloud-based virtual desktop software.

—

Question 285

An organization is implementing a project to automate the purchasing process, including the modification of approval controls. Which of the following tasks is the responsibility of the risk practitioner?

A: Test approval process controls once the project is completed.
B: Update the existing controls for changes in approval processes from this project.
C: Perform a gap analysis of the impacted control processes.
D: Verify that existing controls continue to properly mitigate defined risk.