CRISC Practice Test

The PRIMARY objective of The board of directors periodically reviewing the risk profile is to help ensure:

A.

the risk strategy is appropriate

B.

KRIs and KPIs are aligned

C.

performance of controls is adequate

D.

the risk monitoring process has been established

Which of the following is MOST effective against external threats to an organizations confidential
information?

A.

Single sign-on

B.

Data integrity checking

C.

Strong authentication

D.

Intrusion detection system

The MAIN reason for creating and maintaining a risk register is to:

A.

assess effectiveness of different projects.

B.

define the risk assessment methodology.

C.

ensure assets have low residual risk.

D.

account for identified key risk factors.

Which of the following aspects of an IT risk and control self-assessment would be MOST important to include
in a report to senior management?

A.

Changes in control design

B.

A decrease in the number of key controls

C.

Changes in control ownership

D.

An increase in residual risk

After mapping generic risk scenarios to organizational security policies, the NEXT course of action should be
to:

A.

record risk scenarios in the risk register for analysis.

B.

validate the risk scenarios for business applicability.

C.

reduce the number of risk scenarios to a manageable set.

D.

perform a risk analysis on the risk scenarios.