Free Isaca CRISC Exam Dumps and CRISC Exam Questions

Question No: 1

MultipleChoice

A risk practitioner is preparing a business case for purchasing a cyber insurance policy. Which of the following is the MOST useful and comprehensive information to include in the business case to obtain management buy-in?

Options

ABusiness impact analysis (BIA)

BCost-benefit analysis

CControl gap analysis

DScenario analysis

Question No: 2

MultipleChoice

Which of the following BEST supports the integration of IT risk management into an organization's strategic planning?

Options

AClearly defined organizational goals and objectives

BA comprehensive and documented IT risk management plan

CIncentive plans that reward employees based on IT risk metrics

DRegular organization-wide risk awareness training

Question No: 3

MultipleChoice

A trusted third party service provider has determined that the risk of a client's systems being hacked is low. Which of the following would be the client's BEST course of action?

Options

APerform their own risk assessment

BImplement additional controls to address the risk.

CAccept the risk based on the third party's risk assessment

DPerform an independent audit of the third party.

Question No: 4

MultipleChoice

An organization's control environment is MOST effective when

Options

Acontrols perform as intended.

Bcontrols operate efficiently.

Ccontrols are implemented consistent

Dcontrol designs are reviewed periodically

Question No: 5

MultipleChoice

It is MOST appropriate for changes to be promoted to production after they are;

Options

Acommunicated to business management

Btested by business owners.

Capproved by the business owner.

Dinitiated by business users.

Question No: 6

MultipleChoice

A WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

Options

AThe network security policy

BPotential business impact

CThe WiFi access point configuration

DPlanned remediation actions

Question No: 7

MultipleChoice

Which of the following should be a risk practitioner s MOST important consideration when developing IT risk scenarios?

Options

AThe impact of controls on the efficiency of the business in delivering services

BLinkage of identified risk scenarios with enterprise risk management

CPotential threats and vulnerabilities that may have an impact on the business

DResults of network vulnerability scanning and penetration testing

Question No: 8

MultipleChoice

After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:

Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

Options

AExternal audit

BInternal audit

CVendor performance scorecard

DRegulatory examination

Question No: 9

MultipleChoice

Which of the following can be interpreted from a single data point on a risk heat map7

Options

ARisk tolerance

BRisk magnitude

CRisk response

DRisk appetite

Question No: 10

MultipleChoice

When an organization's disaster recovery plan has a reciprocal agreement, which of the following risk treatment options is being applied?

Options

AAcceptance

BMitigation

CTransfer

DAvoidance