ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 06.06.2025- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 06.06.2025
Which of the following is the BEST way to mitigate the risk associated with fraudulent use of an enterprise’s brand on Internet sites?
- A . Utilizing data loss prevention (DLP) technology
- B . Monitoring the enterprise’s use of the Internet
- C . Scanning the Internet to search for unauthorized usage
- D . Developing training and awareness campaigns
A risk practitioner has identified that the organization’s secondary data center does not provide redundancy for a critical application.
Who should have the authority to accept the associated risk?
- A . Business continuity director
- B . Disaster recovery manager
- C . Business application owner
- D . Data center manager
Which of the following would be MOST relevant to stakeholders regarding ineffective control
implementation?
- A . Threat to IT
- B . Number of control failures
- C . Impact on business
- D . Risk ownership
Which of the following practices BEST mitigates risk related to enterprise-wide ethical decision making in a multi-national organization?
- A . Customized regional training on local laws and regulations
- B . Policies requiring central reporting of potential procedure exceptions
- C . Ongoing awareness training to support a common risk culture
- D . Zero-tolerance policies for risk taking by middle-level managers
An internal audit report reveals that not all IT application databases have encryption in place.
Which of the following information would be MOST important for assessing the risk impact?
- A . The number of users who can access sensitive data
- B . A list of unencrypted databases which contain sensitive data
- C . The reason some databases have not been encrypted
- D . The cost required to enforce encryption
Which of the following is MOST important when defining controls?
- A . Identifying monitoring mechanisms
- B . Including them in the risk register
- C . Aligning them with business objectives
- D . Prototyping compensating controls
Which of the following should be the PRIMARY driver for an organization on a multi-year cloud implementation to publish a cloud security policy?
- A . Evaluating gaps in the on-premise and cloud security profiles
- B . Establishing minimum cloud security requirements
- C . Enforcing compliance with cloud security parameters
- D . Educating IT staff on variances between on premise and cloud security
Which of the following is the MAIN purpose of monitoring risk?
- A . Communication
- B . Risk analysis
- C . Decision support
- D . Benchmarking
Which of the following should be the PRIMARY basis for deciding whether to disclose information related to risk events that impact external stakeholders?
- A . Stakeholder preferences
- B . Contractual requirements
- C . Regulatory requirements
- D . Management assertions
Which of the following is the BEST key performance indicator (KPI) to measure how effectively risk management practices are embedded in the project management office (PMO)?
- A . Percentage of projects with key risk accepted by the project steering committee
- B . Reduction in risk policy noncompliance findings
- C . Percentage of projects with developed controls on scope creep
- D . Reduction in audits involving external risk consultants