Certified in Risk and Information Systems Control (CRISC) Free Practice Test

Question 1

Which of the following will BEST support management reporting on risk?

A. A risk register

B. Risk policy requirements

C. Control self-assessment (CSA)

D. Key performance indicators (KPIs)

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

A PRIMARY objective of disaster recovery is to:

A. Restore critical business and IT services

B. Recover financial data and statements

C. Improve infrastructure of physical locations

D. Maintain operational processes and connectivity

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

A vendor ' s planned maintenance schedule will cause a critical application to temporarily lose failover capabilities. Of the following, who should approve this proposed schedule?

A. IT infrastructure manager

B. Business application owner

C. Business continuity manager

D. Chief Risk Officer (CRO)

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

An organization retains footage from its data center security camera for 30 days when the policy requires 90- day retention The business owner challenges whether the situation is worth remediating Which of the following is the risk manager s BEST response '

A. Highlight news articles about data breaches

B. Evaluate the risk as a measure of probable loss

C. Verify if competitors comply with a similar policy

D. Identify the regulatory bodies that may highlight this gap

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Which of the following IT key risk indicators (KRIs) provides management with the BEST feedback on IT capacity?

A. Trends in IT maintenance costs

B. Trends in IT resource usage

C. Increased number of incidents

D. Increased resource availability

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

An IT risk practitioner has determined that mitigation activities differ from an approved risk action plan.
Which of the following is the risk practitioner ' s BEST course of action?

A. Update the risk register with the implemented risk mitigation actions.

B. Revert the implemented mitigation measures until approval is obtained

C. Report the observation to the chief risk officer (CRO).

D. Validate the adequacy of the implemented risk mitigation measures.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

Changes in which of the following would MOST likely cause a risk practitioner to adjust the risk impact rating in the risk register?

A. Control effectiveness

B. Risk tolerance

C. Control costs

D. Risk appetite

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

Several newly identified risk scenarios are being integrated into an organization ' s risk register. The MOST appropriate risk owner would be the individual who:

A. can implement remediation action plans.

B. is responsible for enterprise risk management (ERM)

C. is accountable for loss if the risk materializes.

D. is in charge of information security.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

Which of the following BEST supports the integration of IT risk management into an organization ' s strategic planning?

A. Regular organization-wide risk awareness training

B. Clearly defined organizational goals and objectives

C. Incentive plans that reward employees based on IT risk metrics

D. A comprehensive and documented IT risk management plan

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

Which of the following is the PRIMARY purpose of analyzing control effectiveness during risk analysis?

A. To enable a control cost-benefit analysis

B. To determine the current risk level

C. To evaluate the risk impact

D. To determine the likelihood of occurrence

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

Which of The following is the MOST comprehensive input to the risk assessment process specific to the effects of system downtime?

A. results Recovery point objective (RPO)

B. Business impact analysis (BIA)

C. Recovery lime objective (RTO)

D. Business continuity plan (BCP) testing results

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

When assigning control ownership, it is MOST important to verify that the owner has accountability for:

A. The budget for control implementation.

B. Assessment of control risk.

C. Control effectiveness.

D. Internal control audits.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

ISACA Certified in Risk and Information Systems Control (CRISC) Free Practice Test