CRISC Practice Test

Who is the MOST appropriate owner for newly identified IT risk?

A.

The manager responsible for IT operations that will support the risk mitigation efforts

B.

The individual with authority to commit organizational resources to mitigate the risk

C.

A project manager capable of prioritizing the risk remediation efforts

D.

The individual with the most IT risk-related subject matter knowledge

Which of the following is a crucial component of a key risk indicator (KRI) to ensure appropriate action is taken to mitigate risk?

A.

Management intervention

B.

Risk appetite

C.

Board commentary

D.

Escalation triggers

Which of the following is the MOST important data source for monitoring key risk indicators (KRIs)?

A.

Directives from legal and regulatory authorities

B.

Audit reports from internal information systems audits

C.

Automated logs collected from different systems

D.

Trend analysis of external risk factors

A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data. Which of the following would be MOST impacted?

A.

Key risk indicators (KRls)

B.

Inherent risk

C.

Residual risk

D.

Risk appetite

A risk practitioner is reviewing the status of an action plan to mitigate an emerging IT risk and finds the risk level has increased. The BEST course of action would be to:

A.

implement the planned controls and accept the remaining risk.

B.

suspend the current action plan in order to reassess the risk.

C.

revise the action plan to include additional mitigating controls.

D.

evaluate whether selected controls are still appropriate.