Exam (elaborations)
CRISC EXAM TOPIC 1,2,3 Questions With Complete Solutions
- Course
- Institution
CRISC EXAM TOPIC 1,2,3 Questions With Complete Solutions
[Show more]
Content preview
CRISC EXAM TOPIC 1,2,3 Questions With CompleteSolutions
Question #:1 - (Exam Topic 1)
Which of the following will BEST mitigate the risk associated
with IT and business misalignment?
A. Establishing business key performance indicators (KPIs)
B. Introducing an established framework for IT architecture
C. Establishing key risk indicators (KRIs)
D. Involving the business process owner in IT strategy Correct
Answer D. Involving the business process owner in IT strategy.
Question #:10 - (Exam Topic 1)
A risk practitioner observes that hardware failure incidents have
been increasing over the last few months. However, due to built-
in redundancy and fault-tolerant architecture, there have been no
interruptions to business operations. The risk practitioner should
conclude that:
A. a root cause analysis is required
B. controls are effective for ensuring continuity
C. hardware needs to be upgraded
D. no action is required as there was no impact Correct Answer
A. a root cause analysis is required.
Question #:100 - (Exam Topic 1)
Which of the following should be the PRIMARY input when
designing IT controls?
A. Benchmark of industry standards
,B. Internal and external risk reports
C. Recommendations from IT risk experts
D. Outcome of control self-assessments Correct Answer B.
Internal and external risk reports.
Question #:101 - (Exam Topic 1)
Which of the following would BEST help minimize the risk
associated with social engineering threats?
A. Enforcing employees sanctions
B. Conducting phishing exercises
C. Enforcing segregation of dunes
D. Reviewing the organization's risk appetite Correct Answer
B. Conducting phishing exercises.
Question #:102 - (Exam Topic 1)
Which of the following is the FIRST step in managing the risk
associated with the leakage of confidential data?
A. Maintain and review the classified data inventor.
B. Implement mandatory encryption on data
C. Conduct an awareness program for data owners and users.
D. Define and implement a data classification policy Correct
Answer D. Define and implement a data classification policy
Question #:103 - (Exam Topic 1)
A key risk indicator (KRI) is reported to senior management on
a periodic basis as exceeding thresholds, but each time senior
management has decided to take no action to reduce the risk.
Which of the following is the MOST likely reason for senior
management's response?
,A. The underlying data source for the KRI is using inaccurate
data and needs to be corrected.
B. The KRI is not providing useful information and should be
removed from the KRI inventory.
C. The KRI threshold needs to be revised to better align with the
organization s risk appetite
D. Senior management does not understand the KRI and should
undergo risk training. Correct Answer C. The KRI threshold
needs to be revised to better align with the organization s risk
appetite.
Question #:104 - (Exam Topic 1)
Which of the following is the BEST course of action to reduce
risk impact?
A. Create an IT security policy.
B. Implement corrective measures.
C. Implement detective controls.
D. Leverage existing technology Correct Answer B. Implement
corrective measures.
Question #:105 - (Exam Topic 1)
Which of the following is MOST important to understand when
determining an appropriate risk assessment approach?
A. Complexity of the IT infrastructure
B. Value of information assets
C. Management culture
D. Threats and vulnerabilities Correct Answer B. Value of
information assets.
, Question #:106 - (Exam Topic 1)
A risk practitioner is organizing a training session lo
communicate risk assessment methodologies to ensure a
consistent risk view within the organization Which of the
following i< the MOST important topic to cover in this training?
A. Applying risk appetite
B. Applying risk factors
C. Referencing risk event data
D. Understanding risk culture Correct Answer D.
Understanding risk culture.
Question #:107 - (Exam Topic 1)
In an organization with a mature risk management program,
which of the following would provide the BEST evidence that
the IT risk profile is up to date?
A. Risk questionnaire
B. Risk register
C. Management assertion
D. Compliance manual Correct Answer B. Risk register.
Question #:108 - (Exam Topic 1)
A risk practitioners PRIMARY focus when validating a risk
response action plan should be that risk response:
A. reduces risk to an acceptable level
B. quantifies risk impact
C. aligns with business strategy
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $22.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75632 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now