Isaca CRISC Free Practice Questions

NEW QUESTION 1

An effective control environment is BEST indicated by controls that:

• A. minimize senior management's risk tolerance.
• B. manage risk within the organization's risk appetite.
• C. reduce the thresholds of key risk indicators (KRIs).
• D. are cost-effective to implement

Answer: B

NEW QUESTION 2

A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?

• A. Key risk indicators (KRls)
• B. Inherent risk
• C. Residual risk
• D. Risk appetite

Answer: C

NEW QUESTION 3

In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

• A. two-factor authentication.
• B. continuous data backup controls.
• C. encryption for data at rest.
• D. encryption for data in motion.

Answer: B

NEW QUESTION 4

Who is PRIMARILY accountable for risk treatment decisions?

• A. Risk owner
• B. Business manager
• C. Data owner
• D. Risk manager

Answer: B

NEW QUESTION 5

Which of the following should be included in a risk assessment report to BEST facilitate senior management's understanding of the results?

• A. Benchmarking parameters likely to affect the results
• B. Tools and techniques used by risk owners to perform the assessments
• C. A risk heat map with a summary of risk identified and assessed
• D. The possible impact of internal and external risk factors on the assessment results

Answer: C

NEW QUESTION 6

Which of the following provides the MOST up-to-date information about the effectiveness of an organization's overall IT control environment?

• A. Key performance indicators (KPIs)
• B. Risk heat maps
• C. Internal audit findings
• D. Periodic penetration testing

Answer: A

NEW QUESTION 7

Which of the following attributes of a key risk indicator (KRI) is MOST important?

• A. Repeatable
• B. Automated
• C. Quantitative
• D. Qualitative

Answer: A

NEW QUESTION 8

An organization operates in an environment where reduced time-to-market for new software products is a top business priority. Which of the following should be the risk practitioner's GREATEST concern?

• A. Sufficient resources are not assigned to IT development projects.
• B. Customer support help desk staff does not have adequate training.
• C. Email infrastructure does not have proper rollback plans.
• D. The corporate email system does not identify and store phishing emails.

Answer: A

NEW QUESTION 9

Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?

• A. Performing a benchmark analysis and evaluating gaps
• B. Conducting risk assessments and implementing controls
• C. Communicating components of risk and their acceptable levels
• D. Participating in peer reviews and implementing best practices

Answer: C

NEW QUESTION 10

The MOST effective way to increase the likelihood that risk responses will be implemented is to:

• A. create an action plan
• B. assign ownership
• C. review progress reports
• D. perform regular audits.

Answer: B

NEW QUESTION 11

Which of the following is the MOST important element of a successful risk awareness training program?

• A. Customizing content for the audience
• B. Providing incentives to participants
• C. Mapping to a recognized standard
• D. Providing metrics for measurement

Answer: A

NEW QUESTION 12

To help ensure all applicable risk scenarios are incorporated into the risk register, it is MOST important to review the:

• A. risk mitigation approach
• B. cost-benefit analysis.
• C. risk assessment results.
• D. vulnerability assessment results

Answer: C

NEW QUESTION 13

Which of the following is MOST helpful in identifying new risk exposures due to changes in the business environment?

• A. Standard operating procedures
• B. SWOT analysis
• C. Industry benchmarking
• D. Control gap analysis

Answer: B

NEW QUESTION 14

The PRIMARY objective for selecting risk response options is to:

• A. reduce risk 10 an acceptable level.
• B. identify compensating controls.
• C. minimize residual risk.
• D. reduce risk factors.

Answer: A

NEW QUESTION 15

Which of the following would be a risk practitioner'$ BEST recommendation to help ensure cyber risk is assessed and reflected in the enterprise-level risk profile?

• A. Manage cyber risk according to the organization's risk management framework.
• B. Define cyber roles and responsibilities across the organization
• C. Conduct cyber risk awareness training tailored specifically for senior management
• D. Implement a cyber risk program based on industry best practices

Answer: B

NEW QUESTION 16

While reviewing a contract of a cloud services vendor, it was discovered that the vendor refuses to accept liability for a sensitive data breach. Which of the following controls will BES reduce the risk associated with such a data breach?

• A. Ensuring the vendor does not know the encryption key
• B. Engaging a third party to validate operational controls
• C. Using the same cloud vendor as a competitor
• D. Using field-level encryption with a vendor supplied key

Answer: A

NEW QUESTION 17

Which of the following is the MOST important consideration when selecting key risk indicators (KRIs) to monitor risk trends over time?

• A. Ongoing availability of data
• B. Ability to aggregate data
• C. Ability to predict trends
• D. Availability of automated reporting systems

Answer: C

NEW QUESTION 18

Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?

• A. impact due to failure of control
• B. Frequency of failure of control
• C. Contingency plan for residual risk
• D. Cost-benefit analysis of automation

Answer: D

NEW QUESTION 19

Which of the following is MOST important to understand when determining an appropriate risk assessment approach?

• A. Complexity of the IT infrastructure
• B. Value of information assets
• C. Management culture
• D. Threats and vulnerabilities

Answer: A

NEW QUESTION 20

Which of the following would be the BEST key performance indicator (KPI) for monitoring the effectiveness of the IT asset management process?

• A. Percentage of unpatched IT assets
• B. Percentage of IT assets without ownership
• C. The number of IT assets securely disposed during the past year
• D. The number of IT assets procured during the previous month

Answer: B

NEW QUESTION 21

An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?

• A. Perform a risk assessment
• B. Disable user access.
• C. Develop an access control policy.
• D. Perform root cause analysis.

Answer: B

NEW QUESTION 22

Which of the following is the BEST way for a risk practitioner to help management prioritize risk response?

• A. Align business objectives to the risk profile.
• B. Assess risk against business objectives
• C. Implement an organization-specific risk taxonomy.
• D. Explain risk details to management.

Answer: B

NEW QUESTION 23

An IT license audit has revealed that there are several unlicensed copies of co be to:

• A. immediately uninstall the unlicensed software from the laptops
• B. centralize administration rights on laptops so that installations are controlled
• C. report the issue to management so appropriate action can be taken.
• D. procure the requisite licenses for the software to minimize business impact.

Answer: B

NEW QUESTION 24
......