ISACA CRISC Certified in Risk and Information Systems Control Online Training
ISACA CRISC Online Training
The questions for CRISC were last updated at Nov 19,2024.
- Exam Code: CRISC
- Exam Name: Certified in Risk and Information Systems Control
- Certification Provider: ISACA
- Latest update: Nov 19,2024
The PRIMARY objective for selecting risk response options is to:
- A . reduce risk 10 an acceptable level.
- B . identify compensating controls.
- C . minimize residual risk.
- D . reduce risk factors.
An organization has procured a managed hosting service and just discovered the location is likely to be flooded every 20 years. Of the following, who should be notified of this new information FIRST.
- A . The risk owner who also owns the business service enabled by this infrastructure
- B . The data center manager who is also employed under the managed hosting services contract
- C . The site manager who is required to provide annual risk assessments under the contract
- D . The chief information officer (CIO) who is responsible for the hosted services
IT management has asked for a consolidated view into the organization’s risk profile to enable project prioritization and resource allocation .
Which of the following materials would be MOST helpful?
- A . IT risk register
- B . List of key risk indicators
- C . Internal audit reports
- D . List of approved projects
Which of the following is the MOST useful indicator to measure the efficiency of an identity and access management process?
- A . Number of tickets for provisioning new accounts
- B . Average time to provision user accounts
- C . Password reset volume per month
- D . Average account lockout time
A risk practitioner is assisting with the preparation of a report on the organization s disaster recovery (DR) capabilities .
Which information would have the MOST impact on the overall recovery profile?
- A . The percentage of systems meeting recovery target times has increased.
- B . The number of systems tested in the last year has increased.
- C . The number of systems requiring a recovery plan has increased.
- D . The percentage of systems with long recovery target times has decreased.
Which of the following changes would be reflected in an organization’s risk profile after the failure of a critical patch implementation?
- A . Risk tolerance is decreased.
- B . Residual risk is increased.
- C . Inherent risk is increased.
- D . Risk appetite is decreased
Which of the following would be MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?
- A . Closed management action plans from the previous audit
- B . Annual risk assessment results
- C . An updated vulnerability management report
- D . A list of identified generic risk scenarios
The MAIN purpose of conducting a control self-assessment (CSA) is to:
- A . gain a better understanding of the control effectiveness in the organization
- B . gain a better understanding of the risk in the organization
- C . adjust the controls prior to an external audit
- D . reduce the dependency on external audits
Which of the following attributes of a key risk indicator (KRI) is MOST important?
- A . Repeatable
- B . Automated
- C . Quantitative
- D . Qualitative
A contract associated with a cloud service provider MUST include:
- A . ownership of responsibilities.
- B . a business recovery plan.
- C . provision for source code escrow.
- D . the providers financial statements.
Latest CRISC Dumps Valid Version with 933 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
