ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 10.03.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 10.03.2026
During a risk treatment plan review, a risk practitioner finds the approved risk action plan has not been completed However, there were other risk mitigation actions implemented.
Which of the fallowing is the BEST course of action?
- A . Review the cost-benefit of mitigating controls
- B . Mark the risk status as unresolved within the risk register
- C . Verify the sufficiency of mitigating controls with the risk owner
- D . Update the risk register with implemented mitigating actions
Which of the following BEST enables a risk practitioner to understand management’s approach to organizational risk?
- A . Organizational structure and job descriptions
- B . Risk appetite and risk tolerance
- C . Industry best practices for risk management
- D . Prior year’s risk assessment results
Which of the following is a risk practitioner’s BEST course of action upon learning that regulatory authorities have concerns with an emerging technology the organization is considering?
- A . Redesign key risk indicators (KRIs).
- B . Update risk responses.
- C . Conduct a SWOT analysis.
- D . Perform a threat assessment.
When performing a risk assessment of a new service to support a ewe Business process.
Which of the following should be done FRST10 ensure continuity of operations?
- A . a identity conditions that may cause disruptions
- B . Review incident response procedures
- C . Evaluate the probability of risk events
- D . Define metrics for restoring availability
Which of the following is MOST likely to introduce risk for financial institutions that use blockchain?
- A . Cost of implementation
- B . Implementation of unproven applications
- C . Disruption to business processes
- D . Increase in attack surface area
The BEST key performance indicator (KPI) for monitoring adherence to an organization’s user accounts provisioning practices is the percentage of:
- A . accounts without documented approval
- B . user accounts with default passwords
- C . active accounts belonging to former personnel
- D . accounts with dormant activity.
Which of the following activities should be performed FIRST when establishing IT risk management processes?
- A . Collect data of past incidents and lessons learned.
- B . Conduct a high-level risk assessment based on the nature of business.
- C . Identify the risk appetite of the organization.
- D . Assess the goals and culture of the organization.
An organization is considering the adoption of an aggressive business strategy to achieve desired growth From a risk management perspective what should the risk practitioner do NEXT?
- A . Identify new threats resorting from the new business strategy
- B . Update risk awareness training to reflect current levels of risk appetite and tolerance
- C . Inform the board of potential risk scenarios associated with aggressive business strategies
- D . Increase the scale for measuring impact due to threat materialization
Which of the following BEST indicates the risk appetite and tolerance level (or the risk associated with business interruption caused by IT system failures?
- A . Mean time to recover (MTTR)
- B . IT system criticality classification
- C . Incident management service level agreement (SLA)
- D . Recovery time objective (RTO)
Which of the following is the GREATEST risk associated with the transition of a sensitive data backup solution from on-premise to a cloud service provider?
- A . More complex test restores
- B . Inadequate service level agreement (SLA) with the provider
- C . More complex incident response procedures
- D . Inadequate data encryption