CRISC Practice Test

Which of the following requirements is MOST important to include in an outsourcing contract to help ensure
sensitive data stored with a service provider is secure?

A.

A third-party assessment report of control environment effectiveness must be provided at least annually.

B.

Incidents related to data toss must be reported to the organization immediately after they occur.

C.

Risk assessment results must be provided to the organization at least annually.

D.

A cyber insurance policy must be purchased to cover data loss events.

When using a third party to perform penetration testing, which of the following is the MOST important control
to minimize operational impact?

A.

Perform a background check on the vendor.

B.

Require the vendor to sign a nondisclosure agreement.

C.

Require the vendor to have liability insurance.

D.

Clearly define the project scope

Which of the following elements of a risk register is MOST likely to change as a result of change in management's risk appetite?

A.

Key risk indicator (KRI) thresholds

B.

Inherent risk

C.

Risk likelihood and impact

D.

Risk velocity

An organization has initiated a project to launch an IT-based service to customers and take advantage of being
the first to market. Which of the following should be of GREATEST concern to senior management?

A.

More time has been allotted for testing.

B.

The project is likely to deliver the product late.

C.

A new project manager is handling the project.

D.

The cost of the project will exceed the allotted budget.

From a business perspective, which of the following is the MOST important objective of a disaster recovery
test?

A.

The organization gains assurance it can recover from a disaster

B.

Errors are discovered in the disaster recovery process.

C.

All business critical systems are successfully tested.

D.

All critical data is recovered within recovery time objectives (RTOs).