CRISC Exam Questions
640 real CRISC exam questions with expert-verified answers and explanations. Page 4 of 13.
- Question #151IT Risk Assessment
Which of the following is the result of a realized risk scenario?
Risk realizationLoss eventRisk terminologyRisk outcomes - Question #152IT Risk Assessment
Which of the following is the MOST important outcome of a business impact analysis (BIA)?
Business Impact AnalysisBusiness Continuity ManagementCritical Process IdentificationPrioritization - Question #153Risk Response and Reporting
Senior management is deciding whether to share confidential data with the organization's business partners. The BEST course of action for a risk practitioner would be to submit a r...
Risk ReportingRisk MitigationSenior Management CommunicationData Sharing Risk - Question #154Risk Response and Reporting
Which of the following is MOST important for successful incident response?
Incident ResponseThreat DetectionAttack RecognitionTimeliness - Question #155Risk Response and Reporting
Which of The following BEST represents the desired risk posture for an organization?
Risk PostureResidual RiskRisk ToleranceRisk Management Goal - Question #156IT Risk Assessment
An organization is adopting block chain for a new financial system. Which of the following should be the GREATEST concern for a risk practitioner evaluating the system's production...
Emerging Technology RiskOrganizational CapabilityProduction Readiness AssessmentRisk Prioritization - Question #157Risk Response and Reporting
Which of the following should be the PRIMARY basis for prioritizing risk responses?
Risk prioritizationRisk responseRisk impactRisk assessment - Question #158Governance
Risk appetite should be PRIMARILY driven by which of the following?
Risk AppetiteStakeholder RequirementsRisk GovernanceStrategic Risk Management - Question #159IT Risk Assessment
What is the MAIN benefit of using a top-down approach to develop risk scenarios?
Risk scenario developmentTop-down approachOrganizational objectivesRisk assessment methodology - Question #160IT Risk Assessment
A zero-day vulnerability has been discovered in a globally used brand of hardware server that allows hackers to gain access to affected IT systems. Which of the following is MOST l...
Zero-day vulnerabilityRisk likelihoodRisk assessmentVulnerability management - Question #161Risk Response and Reporting
When developing a response plan to address security incidents regarding sensitive data loss, it is MOST important
Incident ResponseData Loss PreventionData ClassificationSecurity Incident Management - Question #162IT Risk Assessment
Which of the following potential scenarios associated with the implementation of a new database technology presents the GREATEST risk to an organization?
IT Risk AssessmentData RecoveryBusiness ContinuityDatabase Implementation - Question #163Risk Response and Reporting
After entering a large number of low-risk scenarios into the risk register, it is MOST important for the risk practitioner to:
Aggregate riskRisk analysisRisk monitoringRisk register - Question #164Risk Response and Reporting
Which of the following provides the MOST reliable evidence of a control's effectiveness?
Control effectivenessControl testingEvidence reliabilityMonitoring controls - Question #165Risk Response and Reporting
Which of the following BEST reduces the risk associated with the theft of a laptop containing sensitive information?
Data encryptionPortable device securityRisk mitigationInformation confidentiality - Question #166IT Risk Assessment
An organization has asked an IT risk practitioner to conduct an operational risk assessment on an initiative to outsource the organization's customer service operations overseas. W...
Outsourcing RiskCross-border Data TransferRegulatory ComplianceOperational Risk Assessment - Question #167Risk Response and Reporting
Which of the following is the MOST effective way for a large and diversified organization to minimize risk associated with unauthorized software on company devices?
Unauthorized softwareEndpoint securityAsset managementRisk mitigation - Question #168Governance
Which of the following BEST facilitates the identification of appropriate key performance indicators (KPIs) for a risk management program?
Risk Management KPIsRisk AppetiteProgram PerformanceGovernance - Question #169Risk Response and Reporting
Which of the following is a risk practitioner's BEST recommendation upon learning that an employee inadvertently disclosed sensitive data to a vendor?
Incident ResponseData BreachSecurity Incident ManagementRisk Treatment - Question #170Governance
Which of the following is the BEST method to maintain a common view of IT risk within an organization?
IT risk managementRisk communicationRisk profileCommon risk view - Question #171Risk Response and Reporting
Which of the following is the MOST important information to cover a business continuity awareness Ira nine, program for all employees of the organization?
Business Continuity AwarenessCommunication PlanEmployee TrainingCrisis Communication - Question #172Risk Response and Reporting
Which of the following is the BEST approach for selecting controls to minimize risk?
Risk responseControl selectionCost-benefit analysisRisk mitigation - Question #173Risk Response and Reporting
The MAIN reason for prioritizing IT risk responses is to enable an organization to:
Risk prioritizationResource optimizationRisk response strategiesDecision making - Question #174Risk Response and Reporting
An organization has experienced a cyber-attack that exposed customer personally identifiable information (Pll) and caused extended outages of network services. Which of the followi...
Incident ResponseRisk OwnershipStakeholder ManagementCyber Crisis Management - Question #175IT Risk Assessment
Which of the following is the PRIMARY reason for a risk practitioner to review an organization's IT asset inventory?
IT Asset InventoryVulnerability IdentificationIT Risk Assessment Foundations - Question #176Governance
An organization's business gap analysis reveals the need for a robust IT risk strategy. Which of the following should be the risk practitioner's PRIMARY consideration when particip...
IT Risk StrategyRisk CultureStrategic PlanningOrganizational Governance - Question #177Risk Response and Reporting
A risk practitioner implemented a process to notify management of emergency changes that may not be approved. Which of the following is the BEST way to provide this information to...
Key Risk Indicators (KRIs)Risk ReportingEmergency ChangesChange Management - Question #178Governance
Which of the following should be the GREATEST concern to a risk practitioner when process documentation is incomplete?
Risk ownershipAccountabilityRisk management fundamentalsProcess documentation - Question #179Governance
Which of the following is the MOST effective way to help ensure accountability for managing risk?
Risk AccountabilityProcess OwnershipRisk Governance - Question #180Risk Response and Reporting
Which of the following would provide the MOST reliable evidence of the effectiveness of security controls implemented for a web application?
Penetration TestingSecurity Control EffectivenessControl TestingRisk Response Validation - Question #181Risk Response and Reporting
Which of the following would be of MOST concern to a risk practitioner reviewing risk action plans for documented IT risk scenarios?
Risk Action PlansRisk ResponseRisk AcceptanceRisk Management Oversight - Question #182Governance
Which of the following is MOST important for an organization to consider when developing its IT strategy?
IT strategybusiness alignmentorganizational goalsstrategic planning - Question #183Governance
Which of the following is the BEST way to ensure adequate resources will be allocated to manage identified risk?
Risk ownershipResource allocationAccountabilityRisk governance - Question #184IT Risk Assessment
Which of the following provides the MOST comprehensive information when developing a risk profile for a system?
Risk ProfileRisk AssessmentInformation Gathering - Question #185Governance
Which of the following, who should be PRIMARILY responsible for performing user entitlement reviews?
User entitlement reviewsData ownershipRole responsibilitiesAccess control - Question #186IT Risk Assessment
An organization has decided to implement a new Internet of Things (loT) solution. Which of the following should be done FIRST when addressing security concerns associated with this...
IoT securityRisk identificationRisk assessment processNew technology risk - Question #187Risk Response and Reporting
Which of the following is the BEST course of action when an organization wants to reduce likelihood in order to reduce a risk level?
Risk LikelihoodPreventive ControlsRisk MitigationRisk Response - Question #188Governance
Who is the BEST person to the employee personal data?
Data ownershipRoles and responsibilitiesEmployee data managementData stewardship - Question #189IT Risk Assessment
Which of the following is MOST important to consider before determining a response to a vulnerability?
Risk AssessmentData QualityVulnerability ManagementRisk Response Planning - Question #190Risk Response and Reporting
Which of the following is the GREATEST benefit of centralizing IT systems?
IT centralizationRisk reportingRisk management benefitsEnterprise risk management - Question #191IT Risk Assessment
Which of the following is the PRIMARY objective of maintaining an information asset inventory?
Information Asset InventoryBusiness Impact AnalysisRisk Assessment InputsAsset Management - Question #192IT Risk Assessment
Which of the following provides the MOST useful information for developing key risk indicators (KRIs)?
Key Risk Indicators (KRIs)Risk MonitoringRisk AnalysisRisk Causes - Question #193Information Technology and Security
Which of the following should be used as the PRIMARY basis for evaluating the state of an organization's cloud computing environment against leading practices?
Cloud ArchitectureCloud SecurityLeading PracticesEvaluation - Question #194IT Risk Assessment
An organization is implementing robotic process automation (RPA) to streamline business processes. Given that implementation of this technology is expected to impact existing contr...
RPA RiskControl AssessmentRisk MitigationChange Management Risk - Question #195Risk Response and Reporting
Which of the following is the MOST important consideration for effectively maintaining a risk register?
Risk RegisterRisk MonitoringRisk Management ProcessData Integrity - Question #196IT Risk Assessment
Which of the following activities BEST facilitates effective risk management throughout the organization?
Risk AssessmentEffective Risk ManagementRisk IdentificationRisk Analysis - Question #197Risk Response and Reporting
Which of the following is the MOST important benefit of reporting risk assessment results to senior management?
Risk reportingSenior managementDecision makingRisk communication - Question #198IT Risk Assessment
When performing a risk assessment of a new service to support a core business process, which of the following should be done FIRST to ensure continuity of operations?
Risk Assessment ProcessDisruption IdentificationBusiness Continuity PlanningNew Service Risk - Question #199Governance
What should be the PRIMARY consideration related to data privacy protection when there are plans for a business initiative to make use of personal information?
Data PrivacyData MinimizationPrivacy PrinciplesRisk Reduction - Question #200Governance
Which of the following has the GREATEST influence on an organization's risk appetite?
Risk AppetiteBusiness ObjectivesStrategic AlignmentRisk Governance