DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CRISC Exam Practice Made Easy: Latest Mock Exams, Certified in Risk and Information Systems Control | SPOTO

Elevate your CRISC® exam preparation effortlessly with SPOTO's latest mock exams. Our comprehensive resources offer the latest practice tests and mock exams designed to replicate the real exam environment. Access exam materials and sample questions to reinforce your understanding of risk management and information systems control concepts. Utilize our exam simulator for effective exam practice, allowing you to improve your time management skills and boost confidence. With SPOTO, preparing for the CRISC® certification exam has never been easier. Start your exam practice today and become a certified risk management professional equipped to optimize risk management across your organization.
Take other online exams

Question #1
Which of the following do NOT indirect information?
A. Information about the propriety of cutoff
B. Reports that show orders that were rejected for credit limitations
C. Reports that provide information about any unusual deviations and individual product margins
D. The lack of any significant differences between perpetual levels and actual levels of goods
View answer
Correct Answer: A

View The Updated CRISC Exam Questions

SPOTO Provides 100% Real CRISC Exam Questions for You to Pass Your CRISC Exam!

Question #2
You are working as the project manager of the ABS project. The project is for establishing a computer network in a school premises. During the project execution, the school management asks to make the campus Wi-Fi enabled. You know that this may impact the project adversely. You have discussed the change request with other stakeholders. What will be your NEXT step?
A. Update project management plan
B. Issue a change request
C. Analyze the impact
D. Update risk management plan
View answer
Correct Answer: B
Question #3
Which of the following risks refer to probability that an actual return on an investment will be lower than the investor's expectations?
A. Integrity risk
B. Project ownership risk
C. Relevance risk
D. Expense risk
View answer
Correct Answer: D
Question #4
You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?
A. 5
B. 7
C. 1
D. 4
View answer
Correct Answer: AD
Question #5
You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?
A. Detective
B. Corrective
C. Preventative
D. Recovery
View answer
Correct Answer: C
Question #6
Which of the following is the BEST defense against successful phishing attacks?
A. Intrusion detection system
B. Application hardening
C. End-user awareness
D. Spam filters
View answer
Correct Answer: A
Question #7
Which of the following is an administrative control?
A. Water detection
B. Reasonableness check
C. Data loss prevention program
D. Session timeout
View answer
Correct Answer: C
Question #8
Which of the following characteristics of risk controls can be defined as under? "The separation of controls in the production environment rather than the separation in the design and implementation of the risk"
A. Trusted source
B. Secure
C. Distinct
D. Independent
View answer
Correct Answer: C
Question #9
Mike is the project manager of the NNP Project for his organization. He is working with his project team to plan the risk responses for the NNP Project. Mike would like the project team to work together on establishing risk thresholds in the project. What is the purpose of establishing risk threshold?
A. It is a study of the organization's risk tolerance
B. It is a warning sign that a risk event is going to happen
C. It is a limit of the funds that can be assigned to risk events
D. It helps to identify those risks for which specific responses are needed
View answer
Correct Answer: C
Question #10
Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just $15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?
A. Mitigation
B. Avoidance
C. Transference
D. Enhancing
View answer
Correct Answer: B
Question #11
Which of the following should be PRIMARILY considered while designing information systems controls?
A. The IT strategic plan
B. The existing IT environment
C. The organizational strategic plan
D. The present IT budget
View answer
Correct Answer: BCD
Question #12
What are the various outputs of risk response?
A. Risk Priority Number
B. Residual risk
C. Risk register updates
D. Project management plan and Project document updates
E. Risk- related contract decisions
View answer
Correct Answer: B
Question #13
The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?
A. Trends in qualitative risk analysis
B. Risk probability-impact matrix
C. Risks grouped by categories
D. Watchlist of low-priority risks
View answer
Correct Answer: A
Question #14
You are the project manager of GHT project. Your hardware vendor left you a voicemail saying that the delivery of the equipment you have ordered would not arrive on time. She wanted to give you a heads-up and asked that you return the call. Which of the following statements is TRUE?
A. This is a residual risk
B. This is a trigger
C. This is a contingency plan
D. This is a secondary risk
View answer
Correct Answer: A
Question #15
What should be considered while developing obscure risk scenarios? Each correct answer represents a part of the solution. Choose two.
A. Visibility
B. Controls
C. Assessment methods
D. Recognition
View answer
Correct Answer: B
Question #16
Which of the following control audit is performed to assess the efficiency of the productivity in the operations environment?
A. Operational
B. Financial
C. Administrative
D. Specialized
View answer
Correct Answer: ACD
Question #17
You are the project manager of GHT project. You have selected appropriate Key Risk Indicators for your project. Now, you need to maintain those Key Risk Indicators. What is the MOST important reason to maintain Key Risk Indicators?
A. Risk reports need to be timely
B. Complex metrics require fine-tuning
C. Threats and vulnerabilities change over time
D. They help to avoid risk
View answer
Correct Answer: ABD
Question #18
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project i
A. Project management plan
B. Project communications plan
C. Project contractual relationship with the vendor
D. Project scope statement
View answer
Correct Answer: D
Question #19
Who is at the BEST authority to develop the priorities and identify what risks and impacts would occur if there were loss of the organization's private information?
A. External regulatory agencies
B. Internal auditor
C. Business process owners
D. Security management
View answer
Correct Answer: C
Question #20
An interruption in business productivity is considered as which of the following risks?
A. Reporting risk
B. Operational risk
C. Legal risk
D. Strategic risk
View answer
Correct Answer: B
Question #21
Which of the following events refer to loss of integrity? Each correct answer represents a complete solution. Choose three.
A. Someone sees company's secret formula
B. Someone makes unauthorized changes to a Web site
C. An e-mail message is modified in transit
D. A virus infects a file
View answer
Correct Answer: ACD
Question #22
Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly. What type of risk response had be
A. Avoiding
B. Accepting
C. Exploiting
D. Enhancing
View answer
Correct Answer: C
Question #23
What is the PRIMARY objective difference between an internal and an external risk management assessment reviewer?
A. In quality of work
B. In ease of access
C. In profession
D. In independence
View answer
Correct Answer: CDE
Question #24
Your project spans the entire organization. You would like to assess the risk of your project but worried about that some of the managers involved in the project could affect the outcome of any risk identification meeting. Your consideration is based on the fact that some employees would not want to publicly identify risk events that could declare their supervision as poor. You would like a method that would allow participants to anonymously identify risk events. What risk identification method could you us
A. Delphi technique
B. Root cause analysis
C. Isolated pilot groups
D. SWOT analysis
View answer
Correct Answer: C
Question #25
Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?
A. Bias towards risk in new resources
B. Risk probability and impact matrixes
C. Uncertainty in values such as duration of schedule activities
D. Risk identification
View answer
Correct Answer: BD
Question #26
Della works as a project manager for Tech Perfect Inc. She is studying the documentation of planning of a project. The documentation states that there are twentyeight stakeholders with the project. What will be the number of communication channels for the project?
A. 250
B. 28
C. 378
D. 300
View answer
Correct Answer: ACD
Question #27
Which of the following is the HIGHEST risk of a policy that inadequately defines data and system ownership?
A. User management coordination does not exists
B. Audit recommendations may not be implemented
C. Users may have unauthorized access to originate, modify or delete data
D. Specific user accountability cannot be established
View answer
Correct Answer: C
Question #28
You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?
A. risk avoidance
B. risk treatment
C. risk acceptance
D. risk transfer
View answer
Correct Answer: C
Question #29
You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?
A. These risks can be dismissed
B. These risks can be accepted
C. These risks can be added to a low priority risk watch list
D. All risks must have a valid, documented risk response
View answer
Correct Answer: C
Question #30
Which of the following role carriers are responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk- aware business decisions, and setting the enterprise's risk culture? Each correct answer represents a complete solution. Choose two.
A. Senior management
B. Chief financial officer (CFO)
C. Human resources (HR)
D. Board of directors
View answer
Correct Answer: C
Question #31
Using which of the following one can produce comprehensive result while performing qualitative risk analysis?
A. Scenarios with threats and impacts
B. Cost-benefit analysis
C. Value of information assets
D. Vulnerability assessment
View answer
Correct Answer: A
Question #32
You are the project manager of GHT project. You want to perform post-project review of your project. What is the BEST time to perform post-project review by you and your project development team to access the effectiveness of the project?
A. Project is completed and the system has been in production for a sufficient time period
B. During the project
C. Immediately after the completion of the project
D. Project is about to complete
View answer
Correct Answer: B
Question #33
You are the risk official of your enterprise. Your enterprise takes important decisions without considering risk credential information and is also unaware of external requirements for risk management and integration with enterprise risk management. In which of the following risk management capability maturity levels does your enterprise exists?
A. Level 1
B. Level 0C
D. Level 4
View answer
Correct Answer: C
Question #34
Which of the following type of risk could result in bankruptcy?
A. Marginal
B. Negligible
C. Critical
D. Catastrophic
View answer
Correct Answer: ACD
Question #35
Which of the following laws applies to organizations handling health care information?
A. GLBA
B. HIPAA
C. SOX
D. FISMA
View answer
Correct Answer: C
Question #36
There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to quantitative risk analysis process?
A. Risk management plan
B. Enterprise environmental factors
C. Cost management plan
D. Risk register
View answer
Correct Answer: B
Question #37
Which of the following process ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule?
A. Risk management
B. Risk response integration
C. Risk response implementation
D. Risk response tracking
View answer
Correct Answer: BCD
Question #38
What is the value of exposure factor if the asset is lost completely?
A. 1
B. Infinity
C. 10
D. 0
View answer
Correct Answer: B

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: