DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Boost Your Certification Prep with CRISC Mock Tests, Certified in Risk and Information Systems Control | SPOTO

Enhance your CRISC® certification preparation with SPOTO's mock tests. Our comprehensive mock exams simulate the real exam environment, helping you familiarize yourself with the format and timing. Access a wealth of exam materials, including sample questions and exam answers, to reinforce your understanding of risk management and information systems control concepts. Utilize our online exam simulator to practice anytime, anywhere, and gauge your readiness for the certification exam. With SPOTO, you'll have the resources you need to boost your exam practice and ensure success on exam day. Start your journey towards becoming a certified risk management professional today.
Take other online exams

Question #1
Which of the following controls focuses on operational efficiency in a functional area sticking to management policies?
A. Internal accounting control
B. Detective control
C. Administrative control
D. Operational control
View answer
Correct Answer: C

View The Updated CRISC Exam Questions

SPOTO Provides 100% Real CRISC Exam Questions for You to Pass Your CRISC Exam!

Question #2
Suppose you are working in Techmart Inc. which sells various products through its website. Due to some recent losses, you are trying to identify the most important risks to the Website. Based on feedback from several experts, you have come up with a list. You now want to prioritize these risks. Now in which category you would put the risk concerning the modification of the Website by unauthorized parties.
A. Ping Flooding Attack
B. Web defacing
C. Denial of service attack
D. FTP Bounce Attack
View answer
Correct Answer: B
Question #3
Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing. Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?
A. Configuration management system
B. Integrated change control
C. Change log
D. Scope change control system
View answer
Correct Answer: AD
Question #4
Which of the following is NOT true for Key Risk Indicators?
A. They are selected as the prime monitoring indicators for the enterprise
B. They help avoid having to manage and report on an excessively large number of risk indicators
C. The complete set of KRIs should also balance indicators for risk, root causes and business impact
D. They are monitored annually
View answer
Correct Answer: ABCD
Question #5
You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?
A. Deferrals
B. Quick win
C. Business case to be made
D. Contagious risk
View answer
Correct Answer: A
Question #6
You are the risk professional of your enterprise. Your enterprise has introduced new systems in many departments. The business requirements that were to be addressed by the new system are still unfulfilled, and the process has been a waste of resources. Even if the system is implemented, it will most likely be underutilized and not maintained making it obsolete in a short period of time. What kind of risk is it?
A. Inherent risk
B. Business risk
C. Project risk
D. Residual risk
View answer
Correct Answer: C
Question #7
Which of the following is the MOST important objective of the information system control?
A. Business objectives are achieved and undesired risk events are detected and corrected
B. Ensuring effective and efficient operations
C. Developing business continuity and disaster recovery plans
D. Safeguarding assets
View answer
Correct Answer: A
Question #8
You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?
A. Transaction data
B. Process integrity
C. Configuration settings
D. System changes
View answer
Correct Answer: D
Question #9
Which of following is NOT used for measurement of Critical Success Factors of the project?
A. Productivity
B. Quality
C. Quantity
D. Customer service
View answer
Correct Answer: D
Question #10
You work as a project manager for Bluewell Inc. You have identified a project risk. You have then implemented the risk action plan and it turn out to be noneffective. What type of plan you should implement in such case?
A. Risk mitigation
B. Risk fallback plan
C. Risk avoidance
D. Risk response plan
View answer
Correct Answer: ACD
Question #11
You are the project manager of the QPS project. You and your project team have identified a pure risk. You along with the key stakeholders, decided to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?
A. It is a risk event that only has a negative side and not any positive result
B. It is a risk event that is created by the application of risk response
C. It is a risk event that is generated due to errors or omission in the project work
D. It is a risk event that cannot be avoided because of the order of the work
View answer
Correct Answer: A
Question #12
Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."
A. Perform Quantitative Risk Analysis
B. Monitor and Control Risks
C. Identify Risks
D. Perform Qualitative Risk Analysis
View answer
Correct Answer: D
Question #13
Which of the following is the BEST method for discovering high-impact risk types?
A. Qualitative risk analysis
B. Delphi technique
C. Failure modes and effects analysis
D. Quantitative risk analysis
View answer
Correct Answer: B
Question #14
Which of the following is the best reason for performing risk assessment?
A. To determine the present state of risk
B. To analyze the effect on the business
C. To satisfy regulatory requirements
D. To budget appropriately for the application of various controls
View answer
Correct Answer: C
Question #15
You are the project manager of HJT project. You want to measure the operational effectiveness of risk management capabilities. Which of the following is the BEST option to measure the operational effectiveness?
A. Key risk indicators
B. Capability maturity models
C. Key performance indicators
D. Metric thresholds
View answer
Correct Answer: D
Question #16
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?
A. Human resource needs
B. Quality control concerns
C. Costs
D. Risks
View answer
Correct Answer: D
Question #17
You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document do you and your team is creating in this scenario?
A. Project plan
B. Resource management plan
C. Project management plan
D. Risk management plan
View answer
Correct Answer: ABC
Question #18
A teaming agreement is an example of what type of risk response?
A. Acceptance
B. Mitigation
C. Transfer
D. Share
View answer
Correct Answer: A
Question #19
A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?
A. Add the identified risk to a quality control management chart
B. Add the identified risk to the issues log
C. Add the identified risk to the risk register
D. Add the identified risk to the low-level risk watch-list
View answer
Correct Answer: B
Question #20
You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case? Each correct answer represents a complete solution. Choose all that apply.
A. Education of staff or business partners
B. Deployment of a threat-specific countermeasure
C. Modify of the technical architecture
D. Apply more controls
View answer
Correct Answer: ABC
Question #21
Which of the following baselines identifies the specifications required by the resource that meet the approved requirements?
A. Functional baseline
B. Allocated baseline
C. Product baseline
D. Developmental baseline
View answer
Correct Answer: D
Question #22
Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?
A. Stakeholder identification
B. Vendor selection process
C. Quality baseline
D. Process improvement plan
View answer
Correct Answer: A
Question #23
What is the PRIMARY need for effectively assessing controls?
A. Control's alignment with operating environment
B. Control's design effectiveness
C. Control's objective achievement
D. Control's operating effectiveness
View answer
Correct Answer: C
Question #24
Which of the following role carriers has to account for collecting data on risk and articulating risk?
A. Enterprise risk committee
B. Business process owner
C. Chief information officer (CIO)
D. Chief risk officer (CRO)
View answer
Correct Answer: B
Question #25
Which section of the Sarbanes-Oxley Act specifies "Periodic financial reports must be certified by CEO and CFO"?
A. Section 302
B. Section 404C
D. Section 409
View answer
Correct Answer: A
Question #26
You are the project manager of GHT project. You have applied certain control to prevent the unauthorized changes in your project. Which of the following control you would have applied for this purpose?
A. Personnel security control
B. Access control
C. Configuration management control
D. Physical and environment protection control
View answer
Correct Answer: D
Question #27
Which of the following is the BEST way of managing risk inherent to wireless network?
A. Enabling auditing on every host that connects to a wireless network
B. Require private, key-based encryption to connect to the wireless network
C. Require that the every host that connect to this network have a well-tested recovery plan
D. Enable auditing on every connection to the wireless network
View answer
Correct Answer: D
Question #28
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
A. Quality management plan
B. Stakeholder register
C. Cost management plan
D. Procurement management plan
View answer
Correct Answer: C
Question #29
You are working in Bluewell Inc. which make advertisement Websites. Someone had made unauthorized changes to a your Website. Which of the following terms refers to this type of loss?
A. Loss of confidentiality
B. Loss of integrity
C. Loss of availability
D. Loss of revenue
View answer
Correct Answer: A
Question #30
Which of the following establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc?
A. Framework
B. Legal requirements
C. Standard
D. Practices
View answer
Correct Answer: AB
Question #31
Which of the following interpersonal skills has been identified as one of the biggest reasons for project success or failure?
A. Motivation
B. Influencing
C. Communication
D. Political and cultural awareness
View answer
Correct Answer: B
Question #32
Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?
A. Business management
B. Business process owner
C. Chief information officer (CIO)
D. Chief risk officer (CRO)
View answer
Correct Answer: A
Question #33
You are the project manager of GHT project. You have analyzed the risk and applied appropriate controls. In turn, you got residual risk as a result of this. Residual risk can be used to determine which of the following?
A. Status of enterprise's risk
B. Appropriate controls to be applied next
C. The area that requires more control
D. Whether the benefits of such controls outweigh the costs
View answer
Correct Answer: B
Question #34
Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level to the most mature level. Which of the following capability maturity levels shows that the enterprise does not recognize the need to consider the risk management or the business impact from IT risk?
A. Level 2
B. Level 0C
D. Level 1
View answer
Correct Answer: B
Question #35
Which of the following is the MOST critical security consideration when an enterprise outsource its major part of IT department to a third party whose servers are in foreign company?
A. A security breach notification may get delayed due to time difference
B. The enterprise could not be able to monitor the compliance with its internal security and privacy guidelines
C. Laws and regulations of the country of origin may not be enforceable in foreign country
D. Additional network intrusion detection sensors should be installed, resulting in additional cost
View answer
Correct Answer: C
Question #36
You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?
A. Risk register
B. Risk log
C. Project management plan
D. Risk management plan
View answer
Correct Answer: A
Question #37
Which of the following is BEST described by the definition below? "They are heavy influencers of the likelihood and impact of risk scenarios and should be taken into account during every risk analysis, when likelihood and impact are assessed."
A. Obscure risk
B. Risk factors
C. Risk analysis
D. Risk event
View answer
Correct Answer: B
Question #38
You are the project manager of GHT project. You have implemented an automated tool to analyze and report on access control logs based on severity. This tool generates excessively large amounts of results. You perform a risk assessment and decide to configure the monitoring tool to report only when the alerts are marked "critical". What you should do in order to fulfill that?
A. Apply risk response
B. Optimize Key Risk Indicator
C. Update risk register
D. Perform quantitative risk analysis
View answer
Correct Answer: C
Question #39
A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?
A. Transference
B. Mitigation
C. Avoidance
D. Exploit
View answer
Correct Answer: D
Question #40
Your project has several risks that may cause serious financial impact if they occur. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?
A. Risk response plan
B. Contingency reserve
C. Risk response
D. Quantitative analysis
View answer
Correct Answer: B

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: