nerdexam
ExamsCRISCQuestions#173
IsacaIsaca

CRISC · Question #173

CRISC Question #173: Real Exam Question with Answer & Explanation

The correct answer is D: optimize resource utilization.. Prioritizing IT risk responses primarily enables an organization to optimize its resource utilization.

Submitted by jordan8· Apr 18, 2026Risk Response and Reporting

Question

The MAIN reason for prioritizing IT risk responses is to enable an organization to:

Options

  • Adetermine the risk appetite.
  • Bdetermine the budget.
  • Cdefine key performance indicators (KPIs).
  • Doptimize resource utilization.

Explanation

Prioritizing IT risk responses primarily enables an organization to optimize its resource utilization.

Common mistakes.

  • A. Risk appetite is determined before or during risk identification, setting the context for risk responses, rather than being an outcome of prioritization.
  • B. While budget is a factor in determining specific responses, prioritizing responses aims to make the most of an existing or allocated budget, not necessarily to determine the overall budget itself.
  • C. KPIs measure the performance of risk management activities, but prioritizing responses is about acting on risks, not defining metrics.

Concept tested. Risk response prioritization benefits

Reference. https://learn.microsoft.com/en-us/azure/architecture/framework/security/security-governance

Topics

#Risk prioritization#Resource optimization#Risk response strategies#Decision making

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CRISC PracticeBrowse All CRISC Questions