CRISC Practice Test

Which of the following is the MOST important key performance indicator (KPI) to establish in the service level agreement (SLA) for an outsourced data center?

A.

Percentage of systems included in recovery processes

B.

Number of key systems hosted

C.

Average response time to resolve system incidents

D.

Percentage of system availability

The BEST reason to classify IT assets during a risk assessment is to determine the:

A.

priority in the risk register.

B.

business process owner.

C.

enterprise risk profile.

D.

appropriate level of protection.

Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?

 

A.

Corporate incident escalation protocols are established.

B.

Exposure is integrated into the organization's risk profile.

C.

Risk appetite cascades to business unit management

D.

The organization-wide control budget is expanded.

A risk practitioner shares the results of a vulnerability assessment for a critical business application with the business manager. Which of the following is the NEXT step?

A.

Develop a risk action plan to address the findings.

B.

Evaluate the impact of the vulnerabilities to the business application.

C.

Escalate the findings to senior management and internal audit.

D.

Conduct a penetration test to validate the vulnerabilities from the findings.

The PRIMARY advantage of implementing an IT risk management framework is the:

 

A.

establishment of a reliable basis for risk-aware decision making.

B.

compliance with relevant legal and regulatory requirements.

C.

improvement of controls within the organization and minimized losses.

D.

alignment of business goals with IT objectives.