ISACA CRISC Übungsprüfungen
Zuletzt aktualisiert am 01.06.2025- Prüfungscode: CRISC
- Prüfungsname: Certified in Risk and Information Systems Control
- Zertifizierungsanbieter: ISACA
- Zuletzt aktualisiert am: 01.06.2025
Which of the following will BEST help to ensure implementation of corrective action plans?
- A . Establishing employee awareness training
- B . Assigning accountability to risk owners
- C . Selling target dates to complete actions
- D . Contracting to third parties
Which of the following sources is MOST relevant to reference when updating security awareness training materials?
- A . Risk management framework
- B . Risk register
- C . Global security standards
- D . Recent security incidents reported by competitors
Which of the following should be done FIRST when information is no longer required to support business objectives?
- A . Archive the information to a backup database.
- B . Protect the information according to the classification policy.
- C . Assess the information against the retention policy.
- D . Securely and permanently erase the information
Which of the following is MOST helpful in defining an early-warning threshold associated with insufficient network bandwidth’’?
- A . Average bandwidth usage
- B . Peak bandwidth usage
- C . Total bandwidth usage
- D . Bandwidth used during business hours
Zero Trust architecture is designed and deployed with adherence to which of the following basic tenets?
- A . Incoming traffic must be inspected before connection is established.
- B . Security frameworks and libraries should be leveraged.
- C . Digital identities should be implemented.
- D . All communication is secured regardless of network location.
When presenting risk, the BEST method to ensure that the risk is measurable against the organization’s risk appetite is through the use of a:
- A . risk map
- B . cause-and-effect diagram
- C . maturity model
- D . technology strategy plan.
Which of the following changes would be reflected in an organization’s risk profile after the failure of a critical patch implementation?
- A . Risk appetite is decreased.
- B . Inherent risk is increased.
- C . Risk tolerance is decreased.
- D . Residual risk is increased.
Which of the following is the PRIMARY objective of a risk awareness program?
- A . To demonstrate senior management support
- B . To enhance organizational risk culture
- C . To increase awareness of risk mitigation controls
- D . To clearly define ownership of risk
Which of the following is the MOST useful input when developing risk scenarios?
- A . Common attacks in other industries
- B . Identification of risk events
- C . Impact on critical assets
- D . Probability of disruptive risk events
A payroll manager discovers that fields in certain payroll reports have been modified without authorization.
Which of the following control weaknesses could have contributed MOST to this problem?
- A . The user requirements were not documented.
- B . Payroll files were not under the control of a librarian.
- C . The programmer had access to the production programs.
- D . The programmer did not involve the user in testing.