ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 05.06.2025- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 05.06.2025
When reviewing a risk response strategy, senior management’s PRIMARY focus should be placed on the:
- A . cost-benefit analysis.
- B . investment portfolio.
- C . key performance indicators (KPIs).
- D . alignment with risk appetite.
A risk practitioner observed Vial a high number of pokey exceptions were approved by senior management.
Which of the following is the risk practitioner’s BEST course of action to determine root cause?
- A . Review the risk profile
- B . Review pokey change history
- C . interview the control owner
- D . Perform control testing
Which of the following is MOST important for an organization to have in place when developing a risk management framework?
- A . A strategic approach to risk including an established risk appetite
- B . A risk-based internal audit plan for the organization
- C . A control function within the risk management team
- D . An organization-wide risk awareness training program
Which of the following would require updates to an organization’s IT risk register?
- A . Discovery of an ineffectively designed key IT control
- B . Management review of key risk indicators (KRls)
- C . Changes to the team responsible for maintaining the register
- D . Completion of the latest internal audit
An organization’s decision to remain noncompliant with certain laws or regulations is MOST likely influenced by:
- A . The region in which the organization operates.
- B . Established business culture.
- C . Risk appetite set by senior management.
- D . Identified business process controls.
An organization is implementing internet of Things (loT) technology to control temperature and lighting in its headquarters.
Which of the following should be of GREATEST concern?
- A . Insufficient network isolation
- B . impact on network performance
- C . insecure data transmission protocols
- D . Lack of interoperability between sensors
In the three lines of defense model, a PRIMARY objective of the second line is to:
- A . Review and evaluate the risk management program.
- B . Ensure risk and controls are effectively managed.
- C . Implement risk management policies regarding roles and responsibilities.
- D . Act as the owner for any operational risk identified as part of the risk program.
Which of the following approaches will BEST help to ensure the effectiveness of risk awareness training?
- A . Piloting courses with focus groups
- B . Using reputable third-party training programs
- C . Reviewing content with senior management
- D . Creating modules for targeted audiences
Which of the following provides the MOST useful information for developing key risk indicators (KRIs)?
- A . Business impact analysis (BIA) results
- B . Risk scenario ownership
- C . Risk thresholds
- D . Possible causes of materialized risk
Which of the following is MOST important to determine as a result of a risk assessment?
- A . Risk appetite statement
- B . Risk response options
- C . Risk tolerance levels
- D . Process ownership