CRISC Practice Test

Which of the following is the BEST method to identify unnecessary controls?

A.

Evaluating the impact of removing existing controls

B.

Evaluating existing controls against audit requirements

C.

Reviewing system functionalities associated with business processes

D.

Monitoring existing key risk indicators (KRIs

Which of the following will BEST mitigate the risk associated with IT and business misalignment?

A.

Establishing business key performance indicators (KPIs)

B.

Introducing an established framework for IT architecture

C.

Establishing key risk indicators (KRIs)

D.

Involving the business process owner in IT strategy

An organization's HR department has implemented a policy requiring staff members to take a minimum of five
consecutive days leave per year to mitigate the risk of malicious insider activities. Which of the following is
the BEST key performance indicator (KPI) of the effectiveness of this policy?

A.

Number of malicious activities occurring during staff members leave

B.

Percentage of staff members seeking exception to the policy

C.

Percentage of staff members taking leave according to the policy

D.

Financial loss incurred due to malicious activities during staff members' leave

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of a disaster recovery plan (DRP)?

A.

Number of users that participated in the DRP testing

B.

Number of issues identified during DRP testing

C.

Percentage of applications that met the RTO during DRP testing

D.

Percentage of issues resolved as a result of DRP testing

Which of the following is the BEST way to promote adherence to the risk tolerance level set by management?

A.

Defining expectations in the enterprise risk policy

B.

Increasing organizational resources to mitigate risks

C.

Communicating external audit results

D.

Avoiding risks that could materialize into substantial losses