ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 30.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 30.04.2026
Which of the following is the MOST important component of effective security incident response?
- A . Network time protocol synchronization
- B . Identification of attack sources
- C . Early detection of breaches
- D . A documented communications plan
Which of the following is a KEY consideration for a risk practitioner to communicate to senior management evaluating the introduction of artificial intelligence (Al) solutions into the organization?
- A . Al requires entirely new risk management processes.
- B . Al potentially introduces new types of risk.
- C . Al will result in changes to business processes.
- D . Third-party Al solutions increase regulatory obligations.
When an organization’s disaster recovery plan (DRP) has a reciprocal agreement, which of the following risk treatment options is being applied?
- A . Acceptance
- B . Mitigation
- C . Transfer
- D . Avoidance
Which of the following should be the MAIN consideration when validating an organization’s risk appetite?
- A . Comparison against regulations
- B . Maturity of the risk culture
- C . Capacity to withstand loss
- D . Cost of risk mitigation options
Which of the following scenarios is MOST likely to cause a risk practitioner to request a formal risk acceptance sign-off?
- A . Residual risk in excess of the risk appetite cannot be mitigated.
- B . Inherent risk is too high, resulting in the cancellation of an initiative.
- C . Risk appetite has changed to align with organizational objectives.
- D . Residual risk remains at the same level over time without further mitigation.
A risk practitioner implemented a process to notify management of emergency changes that may not be approved.
Which of the following is the BEST way to provide this information to management?
- A . Change logs
- B . Change management meeting minutes
- C . Key control indicators (KCIs)
- D . Key risk indicators (KRIs)
Who is ULTIMATELY accountable for risk treatment?
- A . Risk owner
- B . Enterprise risk management (ERM)
- C . Risk practitioner
- D . Control owner
An organization is concerned that a change in its market situation may impact the current level of acceptable risk for senior management.
As a result, which of the following is MOST important to reevaluate?
- A . Risk classification
- B . Risk policy
- C . Risk strategy
- D . Risk appetite
An organization is participating in an industry benchmarking study that involves providing customer transaction records for analysis.
Which of the following is the MOST important control to ensure the privacy of customer information?
- A . Nondisclosure agreements (NDAs)
- B . Data anonymization
- C . Data cleansing
- D . Data encryption
Which of the following is the BEST method to ensure a terminated employee’s access to IT systems is revoked upon departure from the organization?
- A . Login attempts are reconciled to a list of terminated employees.
- B . A list of terminated employees is generated for reconciliation against current IT access.
- C . A process to remove employee access during the exit interview is implemented.
- D . The human resources (HR) system automatically revokes system access.