ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 04.09.2025- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 04.09.2025
Which of the following BEST enables an organization to address new risk associated with an Internet of Things (IoT) solution?
- A . Transferring the risk
- B . Introducing control procedures early in the life cycle
- C . Updating the risk tolerance to include the new risk
- D . Implementing IoT device monitoring software
Which of the following would MOST likely cause management to unknowingly accept excessive risk?
- A . Satisfactory audit results
- B . Risk tolerance being set too low
- C . Inaccurate risk ratings
- D . Lack of preventive controls
Who should be accountable for monitoring the control environment to ensure controls are effective?
- A . Risk owner
- B . Security monitoring operations
- C . Impacted data owner
- D . System owner
An organization requires a third party for processing customer personal data.
Which of the following is the BEST approach when sharing data over a public network?
- A . Include a nondisclosure agreement (NDA) for personal data in the contract.
- B . Implement a digital rights protection tool to monitor data.
- C . Use a virtual private network (VPN) to communicate data.
- D . Transfer a read-only version of the data.
Which of the following would MOST likely require a risk practitioner to update the risk register?
- A . An alert being reported by the security operations center.
- B . Development of a project schedule for implementing a risk response
- C . Completion of a project for implementing a new control
- D . Engagement of a third party to conduct a vulnerability scan
Who is MOST important lo include in the assessment of existing IT risk scenarios?
- A . Technology subject matter experts
- B . Business process owners
- C . Business users of IT systems
- D . Risk management consultants
Which of the following is the BEST indication of the effectiveness of a business continuity program?
- A . Business continuity tests are performed successfully and issues are addressed.
- B . Business impact analyses are reviewed and updated in a timely manner.
- C . Business continuity and disaster recovery plans are regularly updated.
- D . Business units are familiar with the business continuity plans and process.
Which of the following should be a risk practitioner’s GREATEST concern upon learning of failures in a data migration activity?
- A . Availability of test data
- B . Integrity of data
- C . Cost overruns
- D . System performance
Which of the following would be MOST helpful when communicating roles associated with the IT risk management process?
- A . Skills matrix
- B . Job descriptions
- C . RACI chart
- D . Organizational chart
IT risk assessments can BEST be used by management:
- A . for compliance with laws and regulations
- B . as a basis for cost-benefit analysis.
- C . as input for decision-making
- D . to measure organizational success.