CRISC Practice Test

Which of the following should be a risk practitioner s MOST important consideration when developing IT risk
scenarios?

A.

The impact of controls on the efficiency of the business in delivering services

B.

Linkage of identified risk scenarios with enterprise risk management

C.

Potential threats and vulnerabilities that may have an impact on the business

D.

Results of network vulnerability scanning and penetration testing

Which of the following helps ensure compliance with a nonrepudiation policy requirement for electronic transactions?

A.

Digital signatures

B.

Encrypted passwords

C.

One-time passwords

D.

Digital certificates

Which of the following is the MOST important information to be communicated during security awareness training?

A.

Management's expectations

B.

Corporate risk profile

C.

Recent security incidents

D.

The current risk management capability

During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?

A.

Communicate the decision to the risk owner for approval

B.

Seek approval from the previous action plan manager.

C.

Identify an owner for the new control.

D.

Modify the action plan in the risk register.

Which of the following is the BEST way to support communication of emerging risk?

A.

Update residual risk levels to reflect the expected risk impact.

B.

Adjust inherent risk levels upward.

C.

Include it on the next enterprise risk committee agenda.

D.

Include it in the risk register for ongoing monitoring.