Free Isaca CRISC Exam Dumps and CRISC Exam Questions

Question No: 11

MultipleChoice

It is MOST appropriate for changes to be promoted to production after they are;

Options

Acommunicated to business management

Btested by business owners.

Capproved by the business owner.

Dinitiated by business users.

Question No: 12

MultipleChoice

A WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

Options

AThe network security policy

BPotential business impact

CThe WiFi access point configuration

DPlanned remediation actions

Question No: 13

MultipleChoice

Which of the following should be a risk practitioner s MOST important consideration when developing IT risk scenarios?

Options

AThe impact of controls on the efficiency of the business in delivering services

BLinkage of identified risk scenarios with enterprise risk management

CPotential threats and vulnerabilities that may have an impact on the business

DResults of network vulnerability scanning and penetration testing

Question No: 14

MultipleChoice

After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:

Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

Options

AExternal audit

BInternal audit

CVendor performance scorecard

DRegulatory examination

Question No: 15

MultipleChoice

Which of the following can be interpreted from a single data point on a risk heat map7

Options

ARisk tolerance

BRisk magnitude

CRisk response

DRisk appetite

Question No: 16

MultipleChoice

When an organization's disaster recovery plan has a reciprocal agreement, which of the following risk treatment options is being applied?

Options

AAcceptance

BMitigation

CTransfer

DAvoidance

Question No: 17

MultipleChoice

Establishing ao organizational code of conduct is an example of which type of control?

Options

APreventive

BDirective

CDetective

DCompensating

Question No: 18

MultipleChoice

Which of the following is MOST important to review when determining whether a potential IT service provider s control environment is effective?

Options

AIndependent audit report

BControl self-assessment

CKey performance indicators (KPIs)

DService level agreements (SLAs)

Question No: 19

MultipleChoice

A risk assessment has identified that departments have installed their own WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

Options

AThe network security policy

BPotential business impact

CThe WiFi access point configuration

DPlanned remediation actions

Question No: 20

MultipleChoice

A risk practitioner observed Vial a high number of pokey exceptions were approved by senior management. Which of the following is the risk practitioner s BEST course of action to determine root cause?

Options

AReview the risk profile

BReview pokey change history

Cinterview the control owner

DPerform control testing

Free Isaca CRISC Exam Dumps - Page 2