ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 29.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 29.04.2026
The BEST key performance indicator (KPI) to measure the effectiveness of the security patching
process is the percentage of patches installed:
- A . by the security administration team.
- B . successfully within the expected time frame.
- C . successfully during the first attempt.
- D . without causing an unplanned system outage.
A risk action plan has been changed during the risk mitigation effort.
Which of the following is MOST important for the risk practitioner to verify?
- A . Impact of the change on inherent risk
- B . Approval for the change by the risk owner
- C . Business rationale for the change
- D . Risk to the mitigation effort due to the change
Which of the following is the MOST appropriate key risk indicator (KRI) for backup media that is recycled monthly?
- A . Time required for backup restoration testing
- B . Change in size of data backed up
- C . Successful completion of backup operations
- D . Percentage of failed restore tests
Which of the following BEST measures the impact of business interruptions caused by an IT service outage?
- A . Sustained financial loss
- B . Cost of remediation efforts
- C . Duration of service outage
- D . Average time to recovery
Which of the following is the MOST important consideration when selecting key risk indicators (KRIs) to monitor risk trends over time?
- A . Ongoing availability of data
- B . Ability to aggregate data
- C . Ability to predict trends
- D . Availability of automated reporting systems
Quantifying the value of a single asset helps the organization to understand the:
- A . overall effectiveness of risk management
- B . consequences of risk materializing
- C . necessity of developing a risk strategy,
- D . organization s risk threshold.
The effectiveness of a control has decreased.
What is the MOST likely effect on the associated risk?
- A . The risk impact changes.
- B . The risk classification changes.
- C . The inherent risk changes.
- D . The residual risk changes.
Which of the following is the MOST useful information for prioritizing risk mitigation?
- A . Cost of risk mitigation
- B . Asset criticality
- C . Acceptable risk level
- D . Business impact assessment
An organization has established a policy prohibiting ransom payments if subjected to a ransomware attack.
Which of the following is the MOST effective control to support this policy?
- A . Conducting periodic vulnerability scanning
- B . Creating immutable backups
- C . Performing required patching
- D . Implementing continuous intrusion detection monitoring
A data center has recently been migrated to a jurisdiction where heavy fines will be imposed should leakage of customer personal data occur.
Assuming no other changes to the operating environment, which factor should be updated to reflect this situation as an input to scenario development for this particular risk event?
- A . Risk likelihood
- B . Risk impact
- C . Risk capacity
- D . Risk appetite