CRISC Online Practice Questions and Answers

What is the FIRST phase of IS monitoring and maintenance process?

A. Report result

B. Prioritizing risks

C. Implement monitoring

D. Identifying controls

While developing obscure risk scenarios, what are the requirements of the enterprise? Each correct answer represents a part of the solution. Choose two.

A. Have capability to cure the risk events

B. Have capability to recognize an observed event as something wrong

C. Have sufficient number of analyst

D. Be in a position that it can observe anything going wrong

The effectiveness of a control has decreased. What is the MOST likely effect on the associated risk?

A. The risk impact changes.

B. The risk classification changes.

C. The inherent risk changes.

D. The residual risk changes.

The MAIN purpose of reviewing a control after implementation is to validate that the control:

A. operates as intended.

B. is being monitored.

C. meets regulatory requirements.

D. operates efficiently.

Which of the following is the MOST appropriate key risk indicator (KRI) for backup media that is recycled monthly?

A. Time required for backup restoration testing

B. Change in size of data backed up

C. Successful completion of backup operations

D. Percentage of failed restore tests

Which of the following is MOST important to the integrity of a security log?

A. Least privilege access

B. Inability to edit

C. Ability to overwrite

D. Encryption

An organization's IT infrastructure is running end-of-life software that is not allowed without exception approval. Which of the following would provide the MOST helpful information to justify investing in updated software?

A. The balanced scorecard

B. A cost-benefit analysis

C. The risk management framework D, A roadmap of IT strategic planning

Business management is seeking assurance from the CIO that IT has a plan in place for early identification of potential issues that could impact the delivery of a new application Which of the following is the BEST way to increase the chances of a successful delivery'?

A. Implement a release and deployment plan

B. Conduct comprehensive regression testing.

C. Develop enterprise-wide key risk indicators (KRls)

D. Include business management on a weekly risk and issues report

A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?

A. invoke the established incident response plan.

B. Inform internal audit.

C. Perform a root cause analysis

D. Conduct an immediate risk assessment

Which of the following is the GREATEST concern associated with the transmission of healthcare data across the internet?

A. Unencrypted data

B. Lack of redundant circuits

C. Low bandwidth connections

D. Data integrity