Isaca CRISC Exam Practice Test Instant Access

Question 1

Which of the following is BEST used to aggregate data from multiple systems to identify abnormal behavior?

ACyber threat intelligence

BAnti-malware software

CEndpoint detection and response (EDR)

DSIEM systems

Answer : D

Question 2

Which of the following is MOST important to include in a risk assessment of an emerging technology?

ARisk response plans

BRisk and control ownership

CKey controls

DImpact and likelihood ratings

Answer : D

Question 3

A deficient control has been identified which could result in great harm to an organization should a low frequency threat event occur. When communicating the associated risk to senior management the risk practitioner should explain:

Amitigation plans for threat events should be prepared in the current planning period.

Bthis risk scenario is equivalent to more frequent but lower impact risk scenarios.

Cthe current level of risk is within tolerance.

Dan increase in threat events could cause a loss sooner than anticipated.

Answer : A

Question 4

Which of the following will be MOST effective to mitigate the risk associated with the loss of company data stored on personal devices?

AAn acceptable use policy for personal devices

BRequired user log-on before synchronizing data

CEnforced authentication and data encryption

DSecurity awareness training and testing

Answer : C

Question 5

Which of the following BEST indicates that an organization's disaster

recovery plan (DRP) will mitigate the risk of the organization failing to recover

from a major service disruption?

AA defined recovery point objective (RPO)

BAn experienced and certified disaster recovery team

CA comprehensive list of critical applications

DA record of quarterly disaster recovery tests

Answer : A

Question 6

An IT department originally planned to outsource the hosting of its data center at an overseas location to reduce operational expenses. After a risk assessment, the department has decided to keep the data center in-house. How should the risk treatment response be reflected in the risk register?

ARisk mitigation

BRisk avoidance

CRisk acceptance

DRisk transfer

Answer : B

Question 7

Which of the following is the GREATEST concern when establishing key risk indicators (KRIs)?

AHigh percentage of lagging indicators

BNonexistent benchmark analysis

CIncomplete documentation for KRI monitoring

DIneffective methods to assess risk

Answer : D

Isaca CRISC Certified in Risk and Information Systems Control Exam Practice Test