Isaca Updated CRISC Exam Questions and Answers by miriam

Conducting a risk assessment allows the organization to evaluate the exposure created by adopting the technology. This step ensures informed decision-making and aligns with the principles ofRisk Identification and Assessmentfor managing emerging risks effectively.

In a SaaS environment, the provider manages infrastructure and platforms. The primary asset that remains under the organization’s control is its hosted data. Hence, data is the key business asset.

The lack of integrity of data is the greatest concern when replication of a critical database used by two business units failed. Data integrity means that the data is accurate, complete, consistent, and reliable. If the replication failed, it means that the data in the primary and secondary databases may not be synchronized and may have discrepancies or errors. This could affect the quality and reliability of the data and the business processes that depend on it. The other options are not as concerning as the lack of integrity of data, as they are related to the efficiency, cost, or confidentiality of the data, which are less critical than the accuracy and reliability of the data. References = Risk and Information Systems Control Study Manual, Chapter 4: Risk and Control Monitoring and Reporting, Section 4.2: Key Performance Indicators, page 183.

The primary objective of automating controls is to facilitate continuous control monitoring. Automation enables real-time or near-real-time oversight of control activities, allowing for prompt detection and response to control failures or anomalies. This continuous monitoring enhances the organization's ability to maintain compliance and manage risks effectively.