CRISC Practice Test

A risk practitioner is organizing a training session lo communicate risk assessment methodologies to ensure a consistent risk view within the organization Which of the following i< the MOST important topic to cover i this training?

A.

Applying risk appetite

B.

Applying risk factors

C.

Referencing risk event data

D.

Understanding risk culture

In an organization dependent on data analytics to drive decision-making, which of the following would BEST help to minimize the risk associated with inaccurate data?

A.

Establishing an intellectual property agreement

B.

Evaluating each of the data sources for vulnerabilities

C.

Periodically reviewing big data strategies

D.

Benchmarking to industry best practice

The PRIMARY benefit of maintaining an up-to-date risk register is that it helps to:

A.

implement uniform controls for common risk scenarios.

B.

ensure business unit risk is uniformly distributed.

C.

build a risk profile for management review.

D.

quantify the organization's risk appetite.

An organization is planning to engage a cloud-based service provider for some of its data-intensive business processes. Which of the following is MOST important to help define the IT risk associated with this outsourcing activity?

A.

Service level agreement

B.

Customer service reviews

C.

Scope of services provided

D.

Right to audit the provider

Which of the following is the BEST indication of an improved risk-aware culture following the
implementation of a security awareness training program for all employees?

A.

A reduction in the number of help desk calls

B.

An increase in the number of identified system flaws

C.

A reduction in the number of user access resets

D.

An increase in the number of incidents reported