ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 30.04.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 30.04.2026
Which of the following is PRIMARILY a risk management responsibly of the first line of defense?
- A . Implementing risk treatment plans
- B . Validating the status of risk mitigation efforts
- C . Establishing risk policies and standards
- D . Conducting independent reviews of risk assessment results
Which of the following would BEST facilitate the maintenance of data classification requirements?
- A . Scheduling periodic audits
- B . Assigning a data custodian
- C . Implementing technical controls over the assets
- D . Establishing a data loss prevention (DLP) solution
A business impact analysis (BIA) has documented the duration of maximum allowable outage for each of an organization’s applications.
Which of the following MUST be aligned with the maximum allowable outage?
- A . Mean time to restore (MTTR)
- B . Recovery time objective (RTO)
- C . Recovery point objective (RPO)
- D . Mean time to detect (MTTD)
When evaluating a number of potential controls for treating risk, it is MOST important to consider:
- A . risk appetite and control efficiency.
- B . inherent risk and control effectiveness.
- C . residual risk and cost of control.
- D . risk tolerance and control complexity.
Which of the following is the ULTIMATE goal of conducting a privacy impact analysis (PIA)?
- A . To identify gaps in data protection controls
- B . To develop a customer notification plan
- C . To identify personally identifiable information (Pll)
- D . To determine gaps in data identification processes
Which of the following is the BEST indicator of the effectiveness of IT risk management processes?
- A . Percentage of business users completing risk training
- B . Percentage of high-risk scenarios for which risk action plans have been developed
- C . Number of key risk indicators (KRIs) defined
- D . Time between when IT risk scenarios are identified and the enterprise’s response
An organization has just started accepting credit card payments from customers via the corporate website.
Which of the following is MOST likely to increase as a result of this new initiative?
- A . Risk tolerance
- B . Risk appetite
- C . Inherent risk
- D . Residual risk
Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?
- A . Perform an m-depth code review with an expert
- B . Validate functionality by running in a test environment
- C . Implement a service level agreement.
- D . Utilize the change management process.
An organization has introduced risk ownership to establish clear accountability for each process.
To ensure effective risk ownership, it is MOST important that:
- A . senior management has oversight of the process.
- B . process ownership aligns with IT system ownership.
- C . segregation of duties exists between risk and process owners.
- D . risk owners have decision-making authority.
Senior management wants to increase investment in the organization’s cybersecurity program in response to changes in the external threat landscape.
Which of the following would BEST help to prioritize investment efforts?
- A . Analyzing cyber intelligence reports
- B . Engaging independent cybersecurity consultants
- C . Increasing the frequency of updates to the risk register
- D . Reviewing the outcome of the latest security risk assessment