ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 06.06.2025- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 06.06.2025
Which of the following emerging technologies is frequently used for botnet distributed denial of service (DDoS) attacks?
- A . Internet of Things (IoT)
- B . Quantum computing
- C . Virtual reality (VR)
- D . Machine learning
A business manager wants to leverage an existing approved vendor solution from another area within the organization.
Which of the following is the risk practitioner’s BEST course of action?
- A . Recommend allowing the new usage based on prior approval.
- B . Request a new third-party review.
- C . Request revalidation of the original use case.
- D . Assess the risk associated with the new use case.
An organization’s risk practitioner learns a new third-party system on the corporate network has introduced vulnerabilities that could compromise corporate IT systems.
What should the risk practitioner do FIRST?
- A . Confirm the vulnerabilities with the third party
- B . Identify procedures to mitigate the vulnerabilities.
- C . Notify information security management.
- D . Request IT to remove the system from the network.
When outsourcing a business process to a cloud service provider, it is MOST important to understand that:
- A . insurance could be acquired for the risk associated with the outsourced process.
- B . service accountability remains with the cloud service provider.
- C . a risk owner must be designated within the cloud service provider.
- D . accountability for the risk will remain with the organization.
A newly incorporated enterprise needs to secure its information assets From a governance perspective which of the following should be done FIRST?
- A . Define information retention requirements and policies
- B . Provide information security awareness training
- C . Establish security management processes and procedures
- D . Establish an inventory of information assets
Which of the following is the MOST effective way to incorporate stakeholder concerns when developing risk scenarios?
- A . Evaluating risk impact
- B . Establishing key performance indicators (KPIs)
- C . Conducting internal audits
- D . Creating quarterly risk reports
What is the BEST approach for determining the inherent risk of a scenario when the actual likelihood of the risk is unknown?
- A . Use the severity rating to calculate risk.
- B . Classify the risk scenario as low-probability.
- C . Use the highest likelihood identified by risk management.
- D . Rely on range-based estimates provided by subject-matter experts.
Which of the following should be management’s PRIMARY consideration when approving risk response action plans?
- A . Ability of the action plans to address multiple risk scenarios
- B . Ease of implementing the risk treatment solution
- C . Changes in residual risk after implementing the plans
- D . Prioritization for implementing the action plans
During implementation of an intrusion detection system (IDS) to monitor network traffic, a high number of alerts is reported.
The risk practitioner should recommend to:
- A . reset the alert threshold based on peak traffic
- B . analyze the traffic to minimize the false negatives
- C . analyze the alerts to minimize the false positives
- D . sniff the traffic using a network analyzer
Which of the following is MOST important to the integrity of a security log?
- A . Least privilege access
- B . Inability to edit
- C . Ability to overwrite
- D . Encryption