CRISC Practice Test

In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?

A.

The control catalog

B.

The asset profile

C.

Business objectives

D.

Key risk indicators (KRls)

Which of the following would be MOST helpful to a risk practitioner when ensuring that mitigated risk remains within acceptable limits?

A.

Building an organizational risk profile after updating the risk register

B.

Ensuring risk owners participate in a periodic control testing process

C.

Designing a process for risk owners to periodically review identified risk

D.

Implementing a process for ongoing monitoring of control effectiveness

Which of the following is the FIRST step in managing the security risk associated with wearable technology in the workplace?

A.

Identify the potential risk.

B.

Monitor employee usage.

C.

Assess the potential risk.

D.

Develop risk awareness training.

Which of the following roles would provide the MOST important input when identifying IT risk scenarios?

A.

Information security managers

B.

Internal auditors

C.

Business process owners

D.

Operational risk managers

Which of the following is the BEST key performance indicator (KPI) for determining how well an IT policy is aligned to business requirements?

A.

Total cost to support the policy

B.

Number of exceptions to the policy

C.

Total cost of policy breaches

D.

Number of inquiries regarding the policy