DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CRISC Exam Essentials: Exam Questions & Practice Tests, Certified in Risk and Information Systems Control | SPOTO

Master the essentials of the CRISC® exam with SPOTO's exam questions and practice tests. Our comprehensive resources cover all the key areas of risk management and information systems control, ensuring you're well-prepared for the certification exam. Access sample questions and exam materials to reinforce your understanding and improve your exam readiness. Utilize our mock exams and exam simulator to simulate the exam environment and enhance your exam practice. With SPOTO, you'll have everything you need to succeed in your CRISC® certification journey. Start your exam preparation today and become a certified risk management professional equipped to optimize risk management across your organization.
Take other online exams

Question #1
Which of the following guidelines should be followed for effective risk management? Each correct answer represents a complete solution. Choose three.
A. Promote and support consistent performance in risk management
B. Promote fair and open communication
C. Focus on enterprise's objective
D. Balance the costs and benefits of managing risk
View answer
Correct Answer: D
Question #2
Which of the following role carriers will decide the Key Risk Indicator of the enterprise? Each correct answer represents a part of the solution. Choose two.
A. Business leaders
B. Senior management
C. Human resource
D. Chief financial officer
View answer
Correct Answer: C
Question #3
Ben is the project manager of the CMH Project for his organization. He has identified a risk that has a low probability of happening, but the impact of the risk event could save the project and the organization with a significant amount of capital. Ben assigns Laura to the risk event and instructs her to research the time, cost, and method to improve the probability of the positive risk event. Ben then communicates the risk event and response to management. What risk response has been used here?
A. Transference
B. Enhance
C. Exploit
D. Sharing
View answer
Correct Answer: B
Question #4
What are the various outputs of risk response?
A. Risk Priority Number
B. Residual risk
C. Risk register updates
D. Project management plan and Project document updates
E. Risk-related contract decisions
View answer
Correct Answer: B
Question #5
You are the project manager of GFT project. Your project involves the use of electrical motor. It was stated in its specification that if its temperature would increase to 500 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. If the machine overheats even once it will delay the project's arrival date. So to prevent this you have decided while creating response that if the temperature of the machine reach 450, the machine will be paused for at least an hour so as to normalize
A. Risk identification
B. Risk trigger
C. Risk event
D. Risk response
View answer
Correct Answer: D
Question #6
One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?
A. Acceptance
B. Transference
C. Enhance
D. Mitigation
View answer
Correct Answer: B
Question #7
Jeff works as a Project Manager for www.company.com Inc. He and his team members are involved in the identify risk process. Which of the following tools & techniques will Jeff use in the identify risk process? Each correct answer represents a complete solution. Choose all that apply.
A. Information gathering technique
B. Documentation reviews
C. Checklist analysis
D. Risk categorization
View answer
Correct Answer: D
Question #8
Out of several risk responses, which of the following risk responses is used for negative risk events?
A. Share
B. Enhance
C. Exploit
D. Accept
View answer
Correct Answer: D
Question #9
You work as a Project Manager for www.company.com Inc. You have to measure the probability, impact, and risk exposure. Then, you have to measure how the selected risk response can affect the probability and impact of the selected risk event. Which of the following tools will help you to accomplish the task?
A. Project network diagrams
B. Delphi technique
C. Decision tree analysis
D. Cause-and-effect diagrams
View answer
Correct Answer: CDE
Question #10
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?
A. Risk transfer
B. Risk acceptance
C. Risk avoidance
D. Risk mitigation
View answer
Correct Answer: A
Question #11
Which of the following are sub-categories of threat? Each correct answer represents a complete solution. Choose three.
A. Natural and supernatural
B. Computer and user
C. Natural and man-made
D. Intentional and accidental
E. External and internal
View answer
Correct Answer: D
Question #12
Which of the following are the principles of risk management? Each correct answer represents a complete solution. Choose three.
A. Risk management should be an integral part of the organization
B. Risk management should be a part of decision-making
C. Risk management is the responsibility of executive management
D. Risk management should be transparent and inclusive
View answer
Correct Answer: B
Question #13
You are the risk professional of your enterprise. You need to calculate potential revenue loss if a certain risks occurs. Your enterprise has an electronic (ecommerce) web site that is producing US $1 million of revenue each day, then if a denial of service (DoS) attack occurs that lasts half a day creates how much loss?
A. US $250,000 loss
B. US $500,000 loss
C. US $1 million loss
D. US $100,000 loss
View answer
Correct Answer: A
Question #14
You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take?
A. Apply risk response
B. Update risk register
C. No action
D. Prioritize risk response options
View answer
Correct Answer: D
Question #15
Which of the following aspects are included in the Internal Environment Framework of COSO ERM? Each correct answer represents a complete solution. Choose three.
A. Enterprise's integrity and ethical values
B. Enterprise's working environment
C. Enterprise's human resource standards
D. Enterprise's risk appetite
View answer
Correct Answer: ABC
Question #16
Which of the following actions assures management that the organization's objectives are protected from the occurrence of risk events?
A. Internal control
B. Risk management
C. Hedging
D. Risk assessment
View answer
Correct Answer: C
Question #17
Which of the following characteristics of risk controls can be defined as under? "The separation of controls in the production environment rather than the separation in the design and implementation of the risk"
A. Trusted source
B. Secure
C. Distinct
D. Independent
View answer
Correct Answer: C
Question #18
Which of the following statements are true for risk communication? Each correct answer represents a complete solution. Choose three.
A. It requires a practical and deliberate scheduling approach to identify stakeholders, actions, and concerns
B. It helps in allocating the information concerning risk among the decision-makers
C. It requires investigation and interconnectivity of procedural, legal, social, political, and economic factors
D. It defines the issue of what a stakeholders does, not just what it says
View answer
Correct Answer: B
Question #19
Which of the following BEST ensures that a firewall is configured in compliance with an enterprise's security policy?
A. Interview the firewall administrator
B. Review the actual procedures
C. Review the device's log file for recent attacks
D. Review the parameter settings
View answer
Correct Answer: D
Question #20
Mortality tables are based on what mathematical activity? Each correct answer represents a complete solution. Choose three.
A. Normal distributions
B. Probabilities
C. Impact
D. Sampling
View answer
Correct Answer: ABD
Question #21
Which of the following process ensures that extracted data are ready for analysis?
A. Data analysis
B. Data validation
C. Data gathering
D. Data access
View answer
Correct Answer: B
Question #22
What are the requirements of monitoring risk? Each correct answer represents a part of the solution. Choose three.
A. Information of various stakeholders
B. Preparation of detailed monitoring plan
C. Identifying the risk to be monitored
D. Defining the project's scope
View answer
Correct Answer: BCD
Question #23
You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
A. Risk Management Plan
B. Stakeholder management strategy
C. Communications Management Plan
D. Resource Management Plan
View answer
Correct Answer: C
Question #24
Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?
A. Transference
B. Mitigation
C. Acceptance
D. Avoidance
View answer
Correct Answer: A
Question #25
Which of the following is the most accurate definition of a project risk?
A. It is an unknown event that can affect the project scope
B. It is an uncertain event or condition within the project execution
C. It is an uncertain event that can affect the project costs
D. It is an uncertain event that can affect at least one project objective
View answer
Correct Answer: B
Question #26
Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?
A. Monitor and Control Risk
B. Plan risk response
C. Identify Risks
D. Qualitative Risk Analysis
View answer
Correct Answer: B
Question #27
What are the three PRIMARY steps to be taken to initialize the project? Each correct answer represents a complete solution. Choose all that apply.
A. Conduct a feasibility study
B. Define requirements
C. Acquire software
D. Plan risk management
View answer
Correct Answer: BCD
Question #28
Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?
A. Detective control
B. Preventive control
C. Corrective control
D. Scope creep
View answer
Correct Answer: D
Question #29
You are working with a vendor on your project. A stakeholder has requested a change for the project, which will add value to the project deliverables. The vendor that you're working with on the project will be affected by the change. What system can help you introduce and execute the stakeholder change request with the vendor?
A. Contract change control system
B. Scope change control system
C. Cost change control system
D. Schedule change control system
View answer
Correct Answer: A
Question #30
Which of the following is the MOST important use of KRIs?
A. Providing a backward-looking view on risk events that have occurred
B. Providing an early warning signal
C. Providing an indication of the enterprise's risk appetite and tolerance
D. Enabling the documentation and analysis of trends
View answer
Correct Answer: C
Question #31
Which of the following decision tree nodes have probability attached to their branches?
A. Root node
B. Event node
C. End node
D. Decision node
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: