Isaca CRISC Exam Practice Test Instant Access

Question 1

[Governance]

Which of the following should be the risk practitioner's FIRST course of action when an organization plans to adopt a cloud computing strategy?

ARequest a budget for implementation

BConduct a threat analysis.

CCreate a cloud computing policy.

DPerform a controls assessment.

Answer : D

Question 2

[Governance]

Which of the following is the GREATEST concern if user acceptance testing (UAT) is not conducted when implementing a new application?

AThe probability of application defects will increase

BData confidentiality could be compromised

CIncrease in the use of redundant processes

DThe application could fail to meet defined business requirements

Answer : D

Question 3

[Governance]

Which of the following is MOST helpful in providing a high-level overview of current IT risk severity*?

ARisk mitigation plans

Bheat map

CRisk appetite statement

DKey risk indicators (KRls)

Answer : B

Question 4

[Governance]

Once a risk owner has decided to implement a control to mitigate risk, it is MOST important to develop:

Aa process for measuring and reporting control performance.

Ban alternate control design in case of failure of the identified control.

Ca process for bypassing control procedures in case of exceptions.

Dprocedures to ensure the effectiveness of the control.

Answer : A

Question 5

[Governance]

An organization's financial analysis department uses an in-house forecasting application for business projections. Who is responsible for defining access roles to protect the sensitive data within this application?

AIT risk manager

BIT system owner

CInformation security manager

DBusiness owner

Answer : D

Question 6

[Information Technology and Security]

Who should be responsible for implementing and maintaining security controls?

AEnd user

BInternal auditor

CData owner

DData custodian

Answer : D

Question 7

[Governance]

Which of the following is the BEST Key control indicator KCO to monitor the effectiveness of patch management?

APercentage of legacy servers out of support

BPercentage of severs receiving automata patches

CNumber of unpremeditated vulnerabilities

DNumber of intrusion attempts

Answer : B

Isaca CRISC Certified in Risk and Information Systems Control Exam Practice Test