CRISC Question #326: Real Exam Question with Answer & Explanation

The correct answer is C: Risk register. The risk register is the central repository for identified risks, their assessment, and treatment plans, offering the most comprehensive view of an organization's overall risk profile.

Submitted by kim_seoul· Apr 18, 2026Risk Response and Reporting

Question

Reviewing which of the following BEST helps an organization gain insight into its overall risk profile?

Options

AThreat landscape
BRisk appetite
CRisk register
DRisk metrics

Explanation

The risk register is the central repository for identified risks, their assessment, and treatment plans, offering the most comprehensive view of an organization's overall risk profile.

Common mistakes.

A. The threat landscape identifies potential external dangers but doesn't detail how these threats specifically impact the organization or its current risk posture.
B. Risk appetite defines the amount of risk an organization is willing to accept, which is a policy statement, not a dynamic list of actual risks.
D. Risk metrics provide specific measurements of risk elements or control effectiveness but offer a fragmented view compared to the comprehensive overview of the risk register.

Concept tested. Risk register for risk profile insight

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

Topics

#Risk Register#Overall Risk Profile#Risk Reporting#Risk Management Tools

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions