ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 04.05.2025- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 04.05.2025
An application development team has a backlog of user requirements for a new system that will process insurance claim payments for customers.
Which of the following should be the MOST important consideration for a risk-based review of the user requirements?
- A . Number of claims affected by the user requirements
- B . Number of customers impacted
- C . Impact to the accuracy of claim calculation
- D . Level of resources required to implement the user requirements
The MAIN reason for creating and maintaining a risk register is to:
- A . assess effectiveness of different projects.
- B . define the risk assessment methodology.
- C . ensure assets have low residual risk.
- D . account for identified key risk factors.
An organization has contracted with a cloud service provider to support the deployment of a new product.
Of the following, who should own the associated risk?
- A . The head of enterprise architecture (EA)
- B . The IT risk manager
- C . The information security manager
- D . The product owner
Which of the following is the GREATEST impact of implementing a risk mitigation strategy?
- A . Improved alignment with business goals.
- B . Reduction of residual risk.
- C . Increased costs due to control implementation.
- D . Decreased overall risk appetite.
An incentive program is MOST likely implemented to manage the risk associated with loss of which organizational asset?
- A . Employees
- B . Data
- C . Reputation
- D . Customer lists
The PRIMARY objective of collecting information and reviewing documentation when performing periodic risk analysis should be to:
- A . Identify new or emerging risk issues.
- B . Satisfy audit requirements.
- C . Survey and analyze historical risk data.
- D . Understand internal and external threat agents.
Which of the following is the PRIMARY objective of establishing an organization’s risk tolerance and appetite?
- A . To align with board reporting requirements
- B . To assist management in decision making
- C . To create organization-wide risk awareness
- D . To minimize risk mitigation efforts
A risk practitioner learns that a risk owner has been accepting gifts from a supplier of IT products. Some of these IT products are used to implement controls and to mitigate risk to acceptable levels.
Which of the following should the risk practitioner do FIRST?
- A . Initiate disciplinary action against the risk owner.
- B . Reassess the risk and review the underlying controls.
- C . Review organizational ethics policies.
- D . Report the activity to the supervisor.
Which of the following is the result of a realized risk scenario?
- A . Threat event
- B . Vulnerability event
- C . Technical event
- D . Loss event
Which of the following BEST informs decision-makers about the value of a notice and consent control for the collection of personal information?
- A . A comparison of the costs of notice and consent control options
- B . Examples of regulatory fines incurred by industry peers for noncompliance
- C . A report of critical controls showing the importance of notice and consent
- D . A cost-benefit analysis of the control versus probable legal action