ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 30.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 30.04.2026
Which of the following statements BEST describes risk appetite?
- A . The amount of risk an organization is willing to accept
- B . The effective management of risk and internal control environments
- C . Acceptable variation between risk thresholds and business objectives
- D . The acceptable variation relative to the achievement of objectives
Which of the following would be a risk practitioner’s GREATEST concern related to the monitoring of key risk indicators (KRIs)?
- A . Logs are retained for longer than required.
- B . Logs are reviewed annually.
- C . Logs are stored in a multi-tenant cloud environment.
- D . Logs are modified before analysis is conducted.
Which of the following BEST enables a proactive approach to minimizing the potential impact of unauthorized data disclosure?
- A . Cyber insurance
- B . Data backups
- C . Incident response plan
- D . Key risk indicators (KRIs)
An organization has made a decision to purchase a new IT system.
During when phase of the system development life cycle (SDLC) will identified risk MOST likely lead to architecture and design trade-offs?
- A . Acquisition
- B . Implementation
- C . Initiation
- D . Operation and maintenance
Which of the following is MOST important to compare against the corporate risk profile?
- A . Industry benchmarks
- B . Risk tolerance
- C . Risk appetite
- D . Regulatory compliance
The PRIMARY focus of an ongoing risk awareness program should be to:
- A . enable better risk-based decisions.
- B . define appropriate controls to mitigate risk.
- C . determine impact of risk scenarios.
- D . expand understanding of risk indicators.
The PRIMARY benefit of selecting an appropriate set of key risk indicators (KRIs) is that they:
- A . serve as a basis for measuring risk appetite.
- B . align with the organization’s risk profile.
- C . provide a warning of emerging high-risk conditions.
- D . provide data for updating the risk register.
Which of the following is MOST likely to cause a key risk indicator (KRI) to exceed thresholds?
- A . Occurrences of specific events
- B . A performance measurement
- C . The risk tolerance level
- D . Risk scenarios
Before assigning sensitivity levels to information it is MOST important to:
- A . define recovery time objectives (RTOs).
- B . define the information classification policy
- C . conduct a sensitivity analyse
- D . Identify information custodians
Which of the following BEST balances the costs and benefits of managing IT risk*?
- A . Prioritizing and addressing risk in line with risk appetite. Eliminating risk through preventive and detective controls
- B . Considering risk that can be shared with a third party
- C . Evaluating the probability and impact of risk scenarios