CRISC Practice Test

Which of the following roles would be MOST helpful in providing a high-level view of risk related to customer data loss?

A.

Customer database manager 

B.

Customer data custodian

C.

Data privacy officer

D.

Audit committee

A risk owner should be the person accountable for:

A.

the risk management process

B.

managing controls.

C.

implementing actions.

D.

the business process.

A risk practitioner discovers several key documents detailing the design of a product currently in development
have been posted on the Internet. What should be the risk practitioner's FIRST course of action?

A.

invoke the established incident response plan.

B.

Inform internal audit.

C.

Perform a root cause analysis

D.

Conduct an immediate risk assessment

Senior management has asked a risk practitioner to develop technical risk scenarios related to a recently
developed enterprise resource planning (ERP) system. These scenarios will be owned by the system manager.
Which of the following would be the BEST method to use when developing the scenarios?

A.

Cause-and-effect diagram

B.

Delphi technique

C.

Bottom-up approach

D.

Top-down approach

Which of the following should an organization perform to forecast the effects of a disaster?

A.

Develop a business impact analysis (6IA).

B.

Define recovery time objectives (RTO).

C.

Analyze capability maturity model gaps.

D.

Simulate a disaster recovery.