Certbus > Isaca > Isaca Certifications > CRISC > CRISC Online Practice Questions and Answers

CRISC Online Practice Questions and Answers

Questions 4

Which of the following assets are the examples of intangible assets of an enterprise? Each correct answer represents a complete solution. Choose two.

A. Customer trust

B. Information

C. People

D. Infrastructure

Browse 2246 Q&As
Questions 5

You are the project manager of your enterprise. You have identified several risks. Which of the following responses to risk is considered the MOST appropriate?

A. Any of the above

B. Insuring

C. Avoiding

D. Accepting

Browse 2246 Q&As
Questions 6

You are a project manager for your organization and you're working with four of your key stakeholders. One of the stakeholders is confused as to why you're not discussing the current problem in the project during the risk identification meeting. Which one of the following statements best addresses when a project risk actually happens?

A. Project risks are uncertain as to when they will happen.

B. Risks can happen at any time in the project.

C. Project risks are always in the future.

D. Risk triggers are warning signs of when the risks will happen.

Browse 2246 Q&As
Questions 7

Which of the following is MOST helpful in determining the effectiveness of an organization's IT risk mitigation efforts?

A. Assigning identification dates for risk scenarios in the risk register

B. Updating impact assessments for risk scenario

C. Verifying whether risk action plans have been completed

D. Reviewing key risk indicators (KRIS)

Browse 2246 Q&As
Questions 8

When defining thresholds for control key performance indicators (KPIs). it is MOST helpful to align:

A. information risk assessments with enterprise risk assessments.

B. key risk indicators (KRIs) with risk appetite of the business.

C. the control key performance indicators (KPIs) with audit findings.

D. control performance with risk tolerance of business owners.

Browse 2246 Q&As
Questions 9

Which of the following presents the GREATEST challenge to managing an organization's end-user devices?

A. Incomplete end-user device inventory

B. Unsupported end-user applications

C. Incompatible end-user devices

D. Multiple end-user device models

Browse 2246 Q&As
Questions 10

Which of the following activities BEST facilitates effective risk management throughout the organization?

A. Reviewing risk-related process documentation

B. Conducting periodic risk assessments

C. Performing a business impact analysis (BIA)

D. Performing frequent audits

Browse 2246 Q&As
Questions 11

Who should be PRIMARILY responsible for establishing an organization's IT risk culture?

A. Business process owner

B. Executive management

C. Risk management

D. IT management

Browse 2246 Q&As
Questions 12

Which of the following is MOST important to compare against the corporate risk profile?

A. Industry benchmarks

B. Risk tolerance

C. Risk appetite

D. Regulatory compliance

Browse 2246 Q&As
Questions 13

Which of the following is the BEST recommendation to senior management when the results of a risk and control assessment indicate a risk scenario can only be partially mitigated?

A. Implement controls to bring the risk to a level within appetite and accept the residual risk.

B. Implement a key performance indicator (KPI) to monitor the existing control performance.

C. Accept the residual risk in its entirety and obtain executive management approval.

D. Separate the risk into multiple components and avoid the risk components that cannot be mitigated.

Browse 2246 Q&As
Questions 14

Which of the following will MOST improve stakeholders' understanding of the effect of a potential threat?

A. Establishing a risk management committee

B. Updating the organization's risk register to reflect the new threat

C. Communicating the results of the threat impact analysis

D. Establishing metrics to assess the effectiveness of the responses

Browse 2246 Q&As
Questions 15

Which of the following processes BEST enables a risk practitioner to gather evidence about the threat environment for further analysis?

A. Risk assessment

B. Threat modeling

C. Vulnerability scanning

D. Threat intelligence

Browse 2246 Q&As
Questions 16

Which of the following is MOST important for a risk practitioner to confirm when reviewing the disaster recovery plan (DRP)?

A. The DRP covers relevant scenarios.

B. The business continuity plan (BCP) has been documented.

C. Senior management has approved the DRP.

D. The DRP has been tested by an independent third party.

Browse 2246 Q&As
Questions 17

When assigning an IT risk owner, it is ESSENTIAL that the owner has:

A. ownership of the service where the risk exists.

B. authority to commit resources to manage the risk.

C. oversight of the IT function.

D. relevant experience with risk mitigation strategy.

Browse 2246 Q&As
Questions 18

What is the MOST important consideration when establishing key risk indicator (KRI) tolerance levels?

A. Aligning KRI thresholds with the organization's business operations

B. Aligning KRI thresholds with the organization's risk appetite

C. Identifying KRIs that track changes in the organization's risk profile

D. Establishing a reporting and escalation framework

Browse 2246 Q&As
Exam Code: CRISC
Exam Name: Certified in Risk and Information Systems Control
Last Update: Mar 19, 2025
Questions: 2246 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99