CRISC Practice Test

A peer review of a risk assessment finds that a relevant threat community was not included. Mitigation of the risk will require substantial changes to a software application. Which of the following is the BEST course of action?

A.

Ask the business to make a budget request to remediate the problem.

B.

Build a business case to remediate the fix.

C.

Research the types of attacks the threat can present.

D.

Determine the impact of the missing threat.

Which of the following is the MOST common concern associated with outsourcing to a service provider?

A.

Lack of technical expertise

B.

Combining incompatible duties

C.

Unauthorized data usage

D.

Denial of service attacks

Which of the following is the PRIMARY benefit of identifying and communicating with stakeholders at the onset of an IT risk assessment?

A.

Obtaining funding support

B.

Defining the risk assessment scope

C.

Selecting the risk assessment framework

D.

Establishing inherent risk

When prioritizing risk response, management should FIRST:

A.

evaluate the organization s ability and expertise to implement the solution.

B.

evaluate the risk response of similar organizations.

C.

address high risk factors that have efficient and effective solutions.

D.

determine which risk factors have high remediation costs

Which of the following BEST provides an early warning that network access of terminated employees is not being revoked in accordance with the service level agreement (SLA)?

A.

Updating multi-factor authentication

B.

Monitoring key access control performance indicators

C.

Analyzing access control logs for suspicious activity

D.

Revising the service level agreement (SLA