Isaca CRISC Actual Questions

The primary reason for periodically monitoring key risk indicators (KRIs) is to detect changes in the risk profile of the enterprise. KRIs are metrics that provide information on the level of exposure to a specific risk or a group of risks. By monitoring KRIs, the enterprise can identifyany deviations from the expected risk level, and take appropriate actions to adjust the risk response or the risk appetite. Monitoring KRIs also helps to validate the effectiveness of risk mitigation controls and the accuracy of risk assessments. Rectifying errors in results of KRIs, reducing costs of risk mitigation controls, and continually improving risk assessments are possible benefits of monitoring KRIs, but they are not the primary reason. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 4, Section 4.1.1.2, page 175.

Using a VPN ensures the secure transmission of sensitive data over a public network by encrypting the communication channel. This mitigates risks such as interception or unauthorized access, aligning withData Protection and Privacy Standards.

Defining recovery time objectives (RTOs) and acceptable data loss thresholds is critical for effective disaster response, ensuring recovery activities are aligned with business priorities. This supportsBusiness Continuity Planning.

Regular reviewshelp detect inappropriate, outdated, or excessive access rights. This is a fundamental part of access control governance and supports the principle of least privilege.