ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 30.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 30.04.2026
Which of the following is the PRIMARY reason for an organization to ensure the risk register is updated regularly?
- A . Risk assessment results are accessible to senior management and stakeholders.
- B . Risk mitigation activities are managed and coordinated.
- C . Key risk indicators (KRIs) are evaluated to validate they are still within the risk threshold.
- D . Risk information is available to enable risk-based decisions.
Which of the following is the BEST indicator of the effectiveness of a control action plan’s implementation?
- A . Increased number of controls
- B . Reduced risk level
- C . Increased risk appetite
- D . Stakeholder commitment
Which of the following is the result of a realized risk scenario?
- A . Technical event
- B . Threat event
- C . Vulnerability event
- D . Loss event
An organization is considering adopting artificial intelligence (AI).
Which of the following is the risk practitioner’s MOST important course of action?
- A . Develop key risk indicators (KRIs).
- B . Ensure sufficient pre-implementation testing.
- C . Identify applicable risk scenarios.
- D . Identify the organization’s critical data.
Which of the following is MOST helpful when prioritizing action plans for identified risk?
- A . Comparing risk rating against appetite
- B . Obtaining input from business units
- C . Determining cost of controls to mitigate risk
- D . Ranking the risk based on likelihood of occurrence
Reviewing which of the following provides the BEST indication of an organizations risk tolerance?
- A . Risk sharing strategy
- B . Risk transfer agreements
- C . Risk policies
- D . Risk assessments
Which of the following is the BEST key performance indicator (KPI) to measure the ability to deliver
uninterrupted IT services?
- A . Mean time between failures (MTBF)
- B . Mean time to recover (MTTR)
- C . Planned downtime
- D . Unplanned downtime
Which of the following provides The MOST useful information when determining a risk management program’s maturity level?
- A . Risk assessment results
- B . A recently reviewed risk register
- C . Key performance indicators (KPIs)
- D . The organization’s risk framework
When reporting to senior management on changes in trends related to IT risk, which of the following is MOST important?
- A . Materiality
- B . Confidentiality
- C . Maturity
- D . Transparency
The annualized loss expectancy (ALE) method of risk analysis:
- A . helps in calculating the expected cost of controls
- B . uses qualitative risk rankings such as low. medium and high.
- C . can be used m a cost-benefit analysts
- D . can be used to determine the indirect business impact.