CRISC Practice Test

Risk management strategies are PRIMARILY adopted to:

A.

take necessary precautions for claims and losses.

B.

achieve acceptable residual risk levels.

C.

avoid risk for business and IT assets.

D.

achieve compliance with legal requirements

During the control evaluation phase of a risk assessment, it is noted that multiple controls are ineffective.

Which of the following should be the risk practitioner's FIRST course of action?

A.

Recommend risk remediation of the ineffective controls.

B.

Compare the residual risk to the current risk appetite.

C.

Determine the root cause of the control failures.

D.

Escalate the control failures to senior management.

Which of the following BEST enables a risk practitioner to enhance understanding of risk among
stakeholders?

A.

Key risk indicators

B.

Risk scenarios

C.

Business impact analysis

D.

Threat analysis

Which of the following is the MOST critical element to maximize the potential for a successful security
implementation?

A.

The organization's knowledge

B.

Ease of implementation

C.

The organization's culture

D.

industry-leading security tools

Which of the following would be the GREATEST concern related to data privacy when implementing an
Internet of Things (loT) solution that collects personally identifiable information (Pll)?

A.

A privacy impact assessment has not been completed.

B.

Data encryption methods apply to a subset of Pll obtained.

C.

The data privacy officer was not consulted.

D.

Insufficient access controls are used on the loT devices.