ISACA CRISC Certified in Risk and Information Systems Control Online Training
ISACA CRISC Online Training
The questions for CRISC were last updated at Nov 23,2024.
- Exam Code: CRISC
- Exam Name: Certified in Risk and Information Systems Control
- Certification Provider: ISACA
- Latest update: Nov 23,2024
An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system.
The risk practitioner is documenting the risk in the risk register. The risk should be owned by the:
- A . chief risk officer.
- B . project manager.
- C . chief information officer.
- D . business process owner.
When using a third party to perform penetration testing, which of the following is the MOST important control to minimize operational impact?
- A . Perform a background check on the vendor.
- B . Require the vendor to sign a nondisclosure agreement.
- C . Require the vendor to have liability insurance.
- D . Clearly define the project scope
Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?
- A . Continuous monitoring
- B . A control self-assessment
- C . Transaction logging
- D . Benchmarking against peers
The MOST important characteristic of an organization s policies is to reflect the organization’s:
- A . risk assessment methodology.
- B . risk appetite.
- C . capabilities
- D . asset value.
A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:
- A . communication
- B . identification.
- C . treatment.
- D . assessment.
A trusted third party service provider has determined that the risk of a client’s systems being hacked is low .
Which of the following would be the client’s BEST course of action?
- A . Perform their own risk assessment
- B . Implement additional controls to address the risk.
- C . Accept the risk based on the third party’s risk assessment
- D . Perform an independent audit of the third party.
Which of the following is the BEST course of action to reduce risk impact?
- A . Create an IT security policy.
- B . Implement corrective measures.
- C . Implement detective controls.
- D . Leverage existing technology
Improvements in the design and implementation of a control will MOST likely result in an update to:
- A . inherent risk.
- B . residual risk.
- C . risk appetite
- D . risk tolerance
A risk practitioner observes that hardware failure incidents have been increasing over the last few months. However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:
- A . a root cause analysis is required
- B . controls are effective for ensuring continuity
- C . hardware needs to be upgraded
- D . no action is required as there was no impact
A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet .
What should be the risk practitioner’s FIRST course of action?
- A . invoke the established incident response plan.
- B . Inform internal audit.
- C . Perform a root cause analysis
- D . Conduct an immediate risk assessment
Latest CRISC Dumps Valid Version with 933 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
