ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 30.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 30.04.2026
An IT organization is replacing the customer relationship management (CRM) system.
Who should own the risk associated with customer data leakage caused by insufficient IT security controls for the new system?
- A . Chief information security officer
- B . Business process owner
- C . Chief risk officer
- D . IT controls manager
Which of the following is the GREATEST benefit of updating the risk register to include outcomes from a risk assessment?
- A . It maintains evidence of compliance with risk policy.
- B . It facilitates timely risk-based decisions.
- C . It validates the organization’s risk appetite.
- D . It helps to mitigate internal and external risk factors.
Which of the following is MOST important to promoting a risk-aware culture?
- A . Regular testing of risk controls
- B . Communication of audit findings
- C . Procedures for security monitoring
- D . Open communication of risk reporting
Which of the following information is MOST useful to a risk practitioner for developing IT risk scenarios?
- A . Published vulnerabilities relevant to the business
- B . Threat actors that can trigger events
- C . Events that could potentially impact the business
- D . IT assets requiring the greatest investment
Calculation of the recovery time objective (RTO) is necessary to determine the:
- A . time required to restore files.
- B . point of synchronization
- C . priority of restoration.
- D . annual loss expectancy (ALE).
A recent risk workshop has identified risk owners and responses for newly identified risk scenarios.
Which of the following should be the risk practitioner’s NEXT step?
- A . Develop a mechanism for monitoring residual risk.
- B . Update the risk register with the results.
- C . Prepare a business case for the response options.
- D . Identify resources for implementing responses.
Which of the following should be the GREATEST concern to a risk practitioner when process documentation is incomplete?
- A . Inability to allocate resources efficiently
- B . Inability to identify the risk owner
- C . Inability to complete the risk register
- D . Inability to identify process experts
WhichT5f the following is the MOST effective way to promote organization-wide awareness of data security in response to an increase in regulatory penalties for data leakage?
- A . Enforce sanctions for noncompliance with security procedures.
- B . Conduct organization-w>de phishing simulations.
- C . Require training on the data handling policy.
- D . Require regular testing of the data breach response plan.
An internal audit report reveals that a legacy system is no longer supported Which of the following is the risk practitioner’s MOST important action before recommending a risk response‘
- A . Review historical application down me and frequency
- B . Assess the potential impact and cost of mitigation
- C . identify other legacy systems within the organization
- D . Explore the feasibility of replacing the legacy system
Which of the following indicates an organization follows IT risk management best practice?
- A . The risk register template uses an industry standard.
- B . The risk register is regularly updated.
- C . All fields in the risk register have been completed.
- D . Controls are listed against risk entries in the register.