ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 30.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 30.04.2026
Which of the following conditions presents the GREATEST risk to an application?
- A . Application controls are manual.
- B . Application development is outsourced.
- C . Source code is escrowed.
- D . Developers have access to production environment.
Which of the following is the MOST important criteria for selecting key risk indicators (KRIs)?
- A . Historical data availability
- B . Implementation and reporting effort
- C . Ability to display trends
- D . Sensitivity and reliability
Which of the following would be MOST helpful to a risk practitioner when ensuring that mitigated risk remains within acceptable limits?
- A . Building an organizational risk profile after updating the risk register
- B . Ensuring risk owners participate in a periodic control testing process
- C . Designing a process for risk owners to periodically review identified risk
- D . Implementing a process for ongoing monitoring of control effectiveness
The acceptance of control costs that exceed risk exposure MOST likely demonstrates:
- A . corporate culture alignment
- B . low risk tolerance
- C . high risk tolerance
- D . corporate culture misalignment.
Which of the following provides the BEST measurement of an organization’s risk management maturity level?
- A . Level of residual risk
- B . The results of a gap analysis
- C . IT alignment to business objectives
- D . Key risk indicators (KRIs)
A risk practitioner is assisting with the preparation of a report on the organization s disaster recovery (DR) capabilities.
Which information would have the MOST impact on the overall recovery profile?
- A . The percentage of systems meeting recovery target times has increased.
- B . The number of systems tested in the last year has increased.
- C . The number of systems requiring a recovery plan has increased.
- D . The percentage of systems with long recovery target times has decreased.
The MOST important objective of information security controls is to:
- A . Identify threats and vulnerability
- B . Ensure alignment with industry standards
- C . Provide measurable risk reduction
- D . Enforce strong security solutions
While conducting an organization-wide risk assessment, it is noted that many of the information security policies have not changed in the past three years.
The BEST course of action is to:
- A . review and update the policies to align with industry standards.
- B . determine that the policies should be updated annually.
- C . report that the policies are adequate and do not need to be updated frequently.
- D . review the policies against current needs to determine adequacy.
When formulating a social media policy lo address information leakage, which of the following is the MOST important concern to address?
- A . Sharing company information on social media
- B . Sharing personal information on social media
- C . Using social media to maintain contact with business associates
- D . Using social media for personal purposes during working hours
Which of the following is the MOST important key performance indicator (KPI) to monitor the effectiveness of disaster recovery processes?
- A . Percentage of IT systems recovered within the mean time to restore (MTTR) during the disaster recovery test
- B . Percentage of issues arising from the disaster recovery test resolved on time
- C . Percentage of IT systems included in the disaster recovery test scope
- D . Percentage of IT systems meeting the recovery time objective (RTO) during the disaster recovery test