CRISC Practice Questions

A.  

Robust organizational communication channels

B.  

Mapping of key risk indicators (KRIs) to corporate strategy

C.  

Capability maturity models integrated with risk management frameworks

D.  

Rigorously enforced operational service level agreements (SLAs)

A.  

Monitoring of high-risk areas

B.  

Classification of risk profiles

C.  

Periodic review of the risk register

D.  

Assignment of risk ownership

A.  

Implement user access controls

B.  

Perform regular internal audits

C.  

Develop and communicate fraud prevention policies

D.  

Conduct fraud prevention awareness training.

A.  

Challenging risk decision making

B.  

Developing controls to manage risk scenarios

C.  

Implementing risk response plans

D.  

Establishing organizational risk appetite

A.  

Management, has decreased organisational risk appetite

B.  

The risk register and portfolio do not include all risk scenarios

C.  

merging risk scenarios have been identified

D.  

Risk events and losses exceed risk tolerance

A.  

Penetration testing

B.  

IT general controls audit

C.  

Vulnerability assessment

D.  

Fault tree analysis

A.  

Mapped to the corresponding business areas.

B.  

Aligned with corporate security policies.

C.  

Effectively implemented and maintained.

D.  

Designed based on standards and frameworks.

A.  

Service level agreements (SLAs) have not been met over the last quarter.

B.  

The service contract is up for renewal in less than thirty days.

C.  

Key third-party personnel have recently been replaced.

D.  

Monthly service charges are significantly higher than industry norms.

A.  

Expertise in both methodologies

B.  

Maturity of the risk management program

C.  

Time available for risk analysis

D.  

Resources available for data analysis

A.  

document the risk universe of the organization.

B.  

promote an understanding of risk across the organization.

C.  

enable well-informed risk management decisions.

D.  

identify stakeholders associated with risk scenarios.

A.  

Risk register

B.  

Risk scenario

C.  

RACI matrix

D.  

Risk response plan

A.  

time required to restore files.

B.  

point of synchronization

C.  

priority of restoration.

D.  

annual loss expectancy (ALE).

A.  

Mean time to restore (MTTR)

B.  

Recovery time objective (RTO)

C.  

Recovery point objective (RPO)

D.  

Mean time to detect (MTTD)

A.  

Test system reliability and performance.

B.  

Adopt an Agile development approach.

C.  

Conduct user acceptance testing (UAT).

D.  

Adopt a phased changeover approach.

A.  

Defining risk taxonomy

B.  

Identifying vulnerabilities

C.  

Conducting an impact analysis

D.  

Defining risk response options

A.  

low cost effectiveness ratios and high risk levels

B.  

high cost effectiveness ratios and low risk levels.

C.  

high cost effectiveness ratios and high risk levels

D.  

low cost effectiveness ratios and low risk levels.

A.  

Performing parallel disaster recovery testing

B.  

Documenting the order of system and application restoration

C.  

Involving disaster recovery staff members in risk assessments

D.  

Conducting regular tabletop exercises and scenario analysis

A.  

a lack of mitigating actions for identified risk

B.  

decreased threat levels

C.  

ineffective service delivery

D.  

ineffective IT governance