ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 01.05.2026- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 01.05.2026
Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?
- A . Providing oversight of risk management processes
- B . Implementing processes to detect and deter fraud
- C . Ensuring that risk and control assessments consider fraud
- D . Monitoring the results of actions taken to mitigate fraud
What is the GREATEST concern with maintaining decentralized risk registers instead of a consolidated risk register?
- A . Aggregated risk may exceed the enterprise’s risk appetite and tolerance.
- B . Duplicate resources may be used to manage risk registers.
- C . Standardization of risk management practices may be difficult to enforce.
- D . Risk analysis may be inconsistent due to non-uniform impact and likelihood scales.
Which of the following BEST enables the integration of IT risk management across an organization?
- A . Enterprise risk management (ERM) framework
- B . Enterprise-wide risk awareness training
- C . Robust risk reporting practices
- D . Risk management policies
Which group has PRIMARY ownership of reputational risk stemming from unethical behavior within the organization?
- A . Board of directors
- B . Human resources (HR)
- C . Risk management committee
- D . Audit committee
Which of the following is MOST important to consider when assessing the likelihood that a recently discovered software vulnerability will be exploited?
- A . The skill level required of a threat actor
- B . The amount of personally identifiable information (PH) disclosed
- C . The ability to detect and trace the threat action
- D . The amount of data that might be exposed by a threat action
Which of the following scenarios is MOST important to communicate to senior management?
- A . Accepted risk scenarios with detailed plans for monitoring
- B . Risk scenarios that have been shared with vendors and third parties
- C . Accepted risk scenarios with impact exceeding the risk tolerance
- D . Risk scenarios that have been identified, assessed, and responded to by the risk owners
A recent big data project has resulted in the creation of an application used to support important investment decisions.
Which of the following should be of GREATEST concern to the risk practitioner?
- A . Data quality
- B . Maintenance costs
- C . Data redundancy
- D . System integration
An organization is considering outsourcing user administration controls tor a critical system. The potential vendor has offered to perform quarterly sett-audits of its controls instead of having annual independent audits.
Which of the following should be of GREATEST concern to me risk practitioner?
- A . The controls may not be properly tested
- B . The vendor will not ensure against control failure
- C . The vendor will not achieve best practices
- D . Lack of a risk-based approach to access control
Which of the following would qualify as a key performance indicator (KPI)?
- A . Aggregate risk of the organization
- B . Number of identified system vulnerabilities
- C . Number of exception requests processed in the past 90 days
- D . Number of attacks against the organization’s website
Which of the following would be the result of a significant increase in the motivation of a malicious threat actor?
- A . Increase in mitigating control costs
- B . Increase in risk event impact
- C . Increase in risk event likelihood
- D . Increase in cybersecurity premium