CRISC Practice Test

The MOST effective way to increase the likelihood that risk responses will be implemented is to:

A.

create an action plan

B.

assign ownership

C.

review progress reports

D.

perform regular audits.

A company has located its computer center on a moderate earthquake fault. Which of the following is the
MOST important consideration when establishing a contingency plan and an alternate processing site?

A.

The alternative site is a hot site with equipment ready to resume processing immediately.

B.

The contingency plan provides for backup media to be taken to the alternative site.

C.

The contingency plan for high priority applications does not involve a shared cold site.

D.

The alternative site does not reside on the same fault to matter how the distance apart.

Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

A.

The number of security incidents escalated to senior management

B.

The number of resolved security incidents

C.

The number of newly identified security incidents

D.

The number of recurring security incidents

Which of the following is the PRIMARY reason to establish the root cause of an IT security incident?

A.

Prepare a report for senior management.

B.

Assign responsibility and accountability for the incident.

C.

Update the risk register.

D.

Avoid recurrence of the incident.

A business unit is updating a risk register with assessment results for a key project. Which of the following is
MOST important to capture in the register?

A.

The team that performed the risk assessment

B.

An assigned risk manager to provide oversight

C.

Action plans to address risk scenarios requiring treatment

D.

The methodology used to perform the risk assessment