CRISC Practice Test

When determining which control deficiencies are most significant, which of the following would provide the MOST useful information?

A.

Risk analysis results

B.

Exception handling policy

C.

Vulnerability assessment results

D.

Benchmarking assessments

A bank is experiencing an increasing incidence of customer identity theft. Which of the following is the BEST way to mitigate this risk?

A.

Implement monitoring techniques.

B.

Implement layered security.

C.

Outsource to a local processor.

D.

Conduct an awareness campaign.

Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?

A.

Risk tolerance is decreased.

B.

Residual risk is increased.

C.

Inherent risk is increased.

D.

Risk appetite is decreased

E.

Risk appetite is decreased

What is MOST important for the risk practitioner to understand when creating an initial IT risk register?

A.

Enterprise architecture (EA)

B.

Control environment

C.

IT objectives

D.

Organizational objectives

Which of the following is the BEST way to determine the ongoing efficiency of control processes?

A.

Perform annual risk assessments.

B.

Interview process owners.

C.

Review the risk register.

D.

Analyze key performance indicators (KPIs).