ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 30.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 30.04.2026
An organization has recently hired a large number of part-time employees. During the annual audit, it was discovered that many user IDs and passwords were documented in procedure manuals for use by the part-time employees.
Which of the following BEST describes this situation?
- A . Threat
- B . Risk
- C . Vulnerability
- D . Policy violation
Which of the following is MOST important to the effective monitoring of key risk indicators (KRIS)?
- A . Updating the threat inventory with new threats
- B . Automating log data analysis
- C . Preventing the generation of false alerts
- D . Determining threshold levels
Which of the following is a risk practitioner’s BEST recommendation to address an organization’s need to secure multiple systems with limited IT resources?
- A . Apply available security patches.
- B . Schedule a penetration test.
- C . Conduct a business impact analysis (BIA)
- D . Perform a vulnerability analysis.
Which of the following is MOST important to the effectiveness of key performance indicators (KPIs)?
- A . Management approval
- B . Annual review
- C . Relevance
- D . Automation
Concerned about system load capabilities during the month-end close process, management requires monitoring of the average time to complete tasks and monthly reporting of the findings.
What type of measure has been established?
- A . Service level agreement (SLA)
- B . Critical success factor (CSF)
- C . Key risk indicator (KRI)
- D . Key performance indicator (KPI)
Whether the results of risk analyses should be presented in quantitative or qualitative terms should be based PRIMARILY on the:
- A . requirements of management.
- B . specific risk analysis framework being used.
- C . organizational risk tolerance
- D . results of the risk assessment.
Which of the following tasks should be completed prior to creating a disaster recovery plan (DRP)?
- A . Conducting a business impact analysis (BIA)
- B . Identifying the recovery response team
- C . Procuring a recovery site
- D . Assigning sensitivity levels to data
Which of the following elements of a risk register is MOST likely to change as a result of change in management’s risk appetite?
- A . Key risk indicator (KRI) thresholds
- B . Inherent risk
- C . Risk likelihood and impact
- D . Risk velocity
During a control review, the control owner states that an existing control has deteriorated over time.
What is the BEST recommendation to the control owner?
- A . Implement compensating controls to reduce residual risk
- B . Escalate the issue to senior management
- C . Discuss risk mitigation options with the risk owner.
- D . Certify the control after documenting the concern.
Which of the following would provide the MOST helpful input to develop risk scenarios associated with hosting an organization’s key IT applications in a cloud environment?
- A . Reviewing the results of independent audits
- B . Performing a site visit to the cloud provider’s data center
- C . Performing a due diligence review
- D . Conducting a risk workshop with key stakeholders