ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 30.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 30.04.2026
An organization has completed a risk assessment of one of its service providers. Who should be accountable for ensuring that risk responses are implemented?
- A . IT risk practitioner
- B . Third -partf3ecurity team
- C . The relationship owner
- D . Legal representation of the business
Which of the following would be of GREATEST concern to a risk practitioner reviewing current key risk indicators (KRIs)?
- A . The KRIs‘ source data lacks integrity.
- B . The KRIs are not automated.
- C . The KRIs are not quantitative.
- D . The KRIs do not allow for trend analysis.
Which of the following is MOST important to sustainable development of secure IT services?
- A . Security training for systems development staff
- B . Well-documented business cases
- C . Security architecture principles
- D . Secure coding practices
Which of the following would BEST facilitate the implementation of data classification requirements?
- A . Implementing a data toss prevention (DLP) solution
- B . Assigning a data owner
- C . Scheduling periodic audits
- D . Implementing technical controls over the assets
A risk practitioner has been asked to propose a risk acceptance framework for an organization.
Which of the following is the MOST important consideration for the risk practitioner to address in the framework?
- A . Consistent forms to document risk acceptance rationales
- B . Acceptable scenarios to override risk appetite or tolerance thresholds
- C . Individuals or roles authorized to approve risk acceptance
- D . Communication protocols when a risk is accepted
Which of the following should be a risk practitioner’s NEXT action after identifying a high probability of data loss in a system?
- A . Enhance the security awareness program.
- B . Increase the frequency of incident reporting.
- C . Purchase cyber insurance from a third party.
- D . Conduct a control assessment.
Which of the following will BEST help to ensure that information system controls are effective?
- A . Responding promptly to control exceptions
- B . Implementing compensating controls
- C . Testing controls periodically
- D . Automating manual controls
A risk practitioner has been asked to evaluate a new cloud-based service to enhance an organization’s access management capabilities.
When is the BEST time for the risk practitioner to provide opinions on control strength?
- A . After the initial design
- B . Before production rollout
- C . After a few weeks in use
- D . Before end-user testing
Which of the following should be of MOST concern to a risk practitioner reviewing an organization risk register after the completion of a series of risk assessments?
- A . Several risk action plans have missed target completion dates.
- B . Senior management has accepted more risk than usual.
- C . Risk associated with many assets is only expressed in qualitative terms.
- D . Many risk scenarios are owned by the same senior manager.
Which of the following would provide the MOST useful input when evaluating the appropriateness of risk responses?
- A . Incident reports
- B . Cost-benefit analysis
- C . Risk tolerance
- D . Control objectives