CRISC Online Practice Questions and Answers

You are the project manager of GHT project. A risk event has occurred in your project and you have identified it. Which of the following tasks you would do in reaction to risk event occurrence? Each correct answer represents a part of the solution. Choose three.

A. Monitor risk

B. Maintain and initiate incident response plans

C. Update risk register

D. Communicate lessons learned from risk events

Which of the following parameters are considered for the selection of risk indicators?

Each correct answer represents a part of the solution. Choose three.

A. Size and complexity of the enterprise

B. Type of market in which the enterprise operates

C. Risk appetite and risk tolerance

D. Strategy focus of the enterprise

You are the project manager of the NHQ project in Bluewell Inc. The project has an asset valued at $200,000 and is subjected to an exposure factor of 45 percent. If the annual rate of occurrence of loss in this project is once a month, then what will be the Annual Loss Expectancy (ALE) of the project?

A. $ 2,160,000

B. $ 95,000

C. $ 108,000

D. $ 90,000

Which of the following would BEST enable a risk practitioner to embed risk management within the organization?

A. Provide risk management feedback to key stakeholders.

B. Collect and analyze risk data for report generation.

C. Monitor and prioritize risk data according to the heat map.

D. Engage key stakeholders in risk management practices.

The PRIMARY benefit of using a maturity model is that it helps to evaluate the:

A. capability to implement new processes

B. evolution of process improvements

C. degree of compliance with policies and procedures

D. control requirements.

Which of the following will BEST help to ensure implementation of corrective action plans?

A. Establishing employee awareness training

B. Assigning accountability to risk owners

C. Selling target dates to complete actions

D. Contracting to third parties

Which of the following should be implemented to BEST mitigate the risk associated with infrastructure updates?

A. Role-specific technical training

B. Change management audit

C. Change control process

D. Risk assessment

An organization has recently corrected its machine-learning model that had been producing automated decisions that had adverse impact on its customers. Which of the following is the BEST course of action?

A. Discontinue use of machine learning for customer-related decision making.

B. Report the adverse impact to regulatory authorities.

C. Request risk acceptance from senior management.

D. Implement appropriate data governance to monitor decision-making outcomes.

Which of the following BEST protects organizational data within a production cloud environment?

A. Right to audit

B. Data encryption

C. Data obfuscation

D. Continuous log monitoring

An organization's key risk indicator (KRI) that tracks patch compliance has exceeded its threshold. Which of the following is the risk practitioner's NEXT step?

A. Instruct users to refrain from using affected devices.

B. Submit change requests to deploy patches.

C. Isolate noncompliant devices.

D. Report the condition to the risk owner.