Browse Exams Pricing

ExamsCRISCQuestions

CRISC Exam Questions

640 real CRISC exam questions with expert-verified answers and explanations. Page 5 of 13.

Question #201Risk Response and Reporting
Which organization is implementing a project to automate the purchasing process, including the modification of approval controls. Which of the following tasks is lie responsibility...
Risk practitioner responsibilitiesControl modificationProject risk managementContinuous control monitoring
Question #202IT Risk Assessment
Which of the following is MOST important to determine when assessing the potential risk exposure of a loss event involving personal data?
Risk ExposureRegulatory FinesPersonal DataData Breach Impact
Question #203Risk Response and Reporting
Which of the following s MOST likely to deter an employee from engaging in inappropriate use of company owned IT systems?
DeterrenceEmployee MonitoringRisk MitigationSecurity Controls
Question #204IT Risk Assessment
Reviewing which of the following BEST helps an organization gam insight into its overall risk profile''
Risk registerOverall risk profileRisk assessment
Question #205Governance
Which of the following is the GREATEST benefit of a three lines of defense structure?
Three lines of defenseRisk governanceAccountabilityOrganizational structure
Question #206IT Risk Assessment
Which of the following is the MOST effective way 10 identify an application backdoor prior to implementation'?
Application SecuritySecure SDLCCode ReviewBackdoor Detection
Question #207Governance
Which of the following is the PRIMARY objective of establishing an organization's risk tolerance and appetite?
Risk AppetiteRisk ToleranceDecision MakingRisk Governance
Question #208IT Risk Assessment
The MAJOR reason to classify information assets is
Information Asset ClassificationData SensitivityData CriticalityRisk Assessment Fundamentals
Question #209IT Risk Assessment
Which of the following key performance indicators (KPis) would BEST measure me risk of a service outage when using a Software as a Service (SaaS) vendors
SaaS risk managementKey performance indicators (KPIs)Service availabilityVendor risk
Question #210IT Risk Assessment
An organization recently configured a new business division Which of the following is MOST likely to be affected?
Risk profileOrganizational changeRisk identificationIT Risk Assessment
Question #211Governance
Which of the following BEST balances the costs and benefits of managing IT risk*?
Risk AppetiteRisk Management StrategyCost-Benefit AnalysisRisk Prioritization
Question #212Risk Response and Reporting
A MAJOR advantage of using key risk indicators (KRis) is that (hey
Key Risk Indicators (KRIs)Risk MonitoringRisk Thresholds
Question #213Governance
Who is MOST appropriate to be assigned ownership of a control
Control ownershipAccountabilityRisk management rolesControl responsibility
Question #214IT Risk Assessment
Which stakeholder is MOST important to include when defining a risk profile during me selection process for a new third party application'?
Stakeholder managementRisk profilingThird-party riskBusiness process owner
Question #215IT Risk Assessment
An internal audit report reveals that a legacy system is no longer supported Which of the following is the risk practitioner's MOST important action before recommending a risk resp...
Risk assessmentImpact analysisCost-benefit analysisRisk response preparation
Question #216Risk Response and Reporting
Which of the following is MOST helpful in providing a high-level overview of current IT risk severity*?
Risk reportingHeat mapRisk visualizationIT risk overview
Question #217IT Risk Assessment
Which of the following would be of GREATEST concern regarding an organization's asset management?
Asset ManagementInventory ManagementRisk IdentificationData Quality
Question #218Governance
To define the risk management strategy which of the following MUST be set by the board of directors?
Board of DirectorsRisk Management StrategyRisk GovernanceOrganizational Oversight
Question #219Risk Response and Reporting
An information security audit identified a risk resulting from the failure of an automated control Who is responsible for ensuring the risk register is updated accordingly?
Control Owner ResponsibilitiesRisk Register UpdatesControl FailureRisk Management Roles
Question #220Governance
Which of the following is the PRIMARY reason to engage business unit managers in risk management processes'?
Risk Management EngagementBusiness Decision MakingStakeholder InvolvementRisk Governance
Question #221IT Risk Assessment
An organization retains footage from its data center security camera for 30 days when the policy requires 90-day retention The business owner challenges whether the situation is wo...
Risk EvaluationRisk AssessmentPolicy Non-complianceData Retention
Question #222Risk Response and Reporting
An organization has been experiencing an increasing number of spear phishing attacks Which of the following would be the MOST effective way to mitigate the risk associated with the...
Spear phishingSecurity awarenessRisk mitigationSocial engineering
Question #223Risk Response and Reporting
During a risk assessment, a risk practitioner learns that an IT risk factor is adequately mitigated by compensating controls in an associated business process. Which of the followi...
Residual Risk ManagementCompensating ControlsControl MonitoringRisk Response
Question #224IT Risk Assessment
Who should be responsible for determining which stakeholders need to be involved in the development of a risk scenario?
Risk management rolesRisk scenario developmentStakeholder identification
Question #225Governance
Which of the following is a risk practitioner's BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?
Risk EscalationRegulatory ComplianceRisk ReportingSenior Management Oversight
Question #226Governance
Which of the following is the GREATEST benefit of having a mature enterprise architecture (EA) in place?
Enterprise Architecture (EA)Operational EfficiencyIT GovernanceValue Realization
Question #227Risk Response and Reporting
Which of the following would provide the MOST useful input when evaluating the appropriateness of risk responses?
Risk ToleranceRisk Response EvaluationResidual Risk
Question #228Risk Response and Reporting
Which of the following will BEST ensure that controls adequately support business goals and objectives?
Risk Management ProcessControl AlignmentBusiness ObjectivesControl Effectiveness
Question #229Risk Response and Reporting
The cost of maintaining a control has grown to exceed the potential loss. Which of the following BEST describes this situation?
Control cost-benefitControl optimizationRisk response effectivenessOver-control
Question #230Governance
Which of the following is the BEST key performance indicator (KPI) to measure how effectively risk management practices are embedded in the project management office (PMO)?
KPIProject Risk ManagementPMORisk Integration
Question #231Risk Response and Reporting
A global organization has implemented an application that does not address all privacy requirements across multiple jurisdictions. Which of the following risk responses has the org...
risk responserisk acceptanceprivacy riskregulatory compliance
Question #232IT Risk Assessment
Which of the following is MOST likely to introduce risk for financial institutions that use blockchain?
Blockchain riskUnproven applicationsFinancial sector riskRisk identification
Question #233Risk Response and Reporting
A failed IT system upgrade project has resulted in the corruption of an organization's asset inventory database. Which of the following controls BEST mitigates the impact of this i...
Data RecoveryBackupsIncident ResponseMitigation Controls
Question #234Governance
Which of the following should be accountable for ensuring that media containing financial information are adequately destroyed per an organization's data disposal policy?
Data ownerData disposalAccountabilityRoles and responsibilities
Question #235Governance
A risk practitioner is reviewing accountability assignments for data risk in the risk register. Which of the following would pose the GREATEST concern?
Risk ownershipAccountabilityRisk registerRisk governance
Question #236Governance
Which of the following roles should be assigned accountability for monitoring risk levels?
Risk ownerAccountabilityRisk monitoringRoles and responsibilities
Question #237IT Risk Assessment
A penetration test reveals several vulnerabilities in a web-facing application. Which of the following should be the FIRST step in selecting a risk response?
Risk assessmentVulnerability managementRisk response planning
Question #238Risk Response and Reporting
After an annual risk assessment is completed, which of the following would be MOST important to communicate to stakeholders?
Risk CommunicationStakeholder ReportingRisk ProfileRisk Assessment Outcomes
Question #239IT Risk Assessment
Which of the following would MOST likely cause management to unknowingly accept excessive risk?
risk assessment accuracyrisk ratingsrisk acceptancemanagement decision making
Question #240IT Risk Assessment
An organization recently implemented a machine learning-based solution to monitor IT usage and analyze user behavior in an effort to detect internal fraud. Which of the following i...
Risk assessmentRisk likelihoodControls implementationFraud detection
Question #241Risk Response and Reporting
The MOST important measure of the effectiveness of risk management in project implementation is the percentage of projects:
Risk management effectivenessProject risk management metricsOutcome-based measurementsRisk reporting
Question #242IT Risk Assessment
Which of the following is MOST helpful in identifying loss magnitude during risk analysis of a new system?
Risk AnalysisLoss MagnitudeBusiness Impact AnalysisRisk Assessment
Question #243Risk Response and Reporting
Which of the following is the BEST way to protect sensitive data from administrators within a public cloud?
Cloud SecurityData EncryptionData ConfidentialityClient-side Encryption
Question #244Risk Response and Reporting
When confirming whether implemented controls are operating effectively, which of the following is MOST important to review?
Control effectivenessControl monitoringOperational effectivenessEmergency change management
Question #245Governance
Which of the following should be the PRIMARY input to determine risk tolerance?
Risk toleranceOrganizational objectivesRisk appetiteRisk governance
Question #246IT Risk Assessment
Which of the following is the ULTIMATE goal of conducting a privacy impact analysis (PIA)?
Privacy Impact Analysis (PIA)Data ProtectionPrivacy ControlsRisk Assessment
Question #247IT Risk Assessment
Which of the following is MOST important to determine as a result of a risk assessment?
Risk assessment outcomesRisk response planningRisk evaluationRisk management process
Question #248IT Risk Assessment
Which of the following is the GREATEST benefit of using IT risk scenarios?
Risk scenariosRisk communicationIT risk assessment
Question #249IT Risk Assessment
When implementing an IT risk management program, which of the following is the BEST time to evaluate current control effectiveness?
IT Risk Management ProgramControl EffectivenessRisk Assessment ProcessResidual Risk
Question #250Risk Response and Reporting
After undertaking a risk assessment of a production system, the MOST appropriate action is fcr the risk manager to
Risk communicationStakeholder managementRisk response planningProcess owner responsibility

PreviousPage 5 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.