DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CRISC Exam Questions 2024 Updated: Get Ready for Exams, Certified in Risk and Information Systems Control | SPOTO

Prepare confidently for the CRISC® exam with SPOTO's updated collection of exam questions for 2024. Access a comprehensive range of practice tests and exam materials to reinforce your understanding of key concepts in risk management and information systems control. Our exam materials include sample questions and exam dumps to help you assess your readiness and improve your exam performance. Utilize our mock exams and exam simulator for effective exam practice, allowing you to simulate the exam environment and enhance your time management skills. With SPOTO, you'll have all the resources you need to succeed in your CRISC® certification journey. Start your exam preparation today and become a certified risk management professional capable of optimizing risk management across your organization.
Take other online exams

Question #1
You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here?
A. Of risk indicator
B. Of risk identification
C. Of risk trigger
D. Of risk response
View answer
Correct Answer: B
Question #2
What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?
A. Anti-harassment policy
B. Acceptable use policy
C. Intellectual property policy
D. Privacy policy
View answer
Correct Answer: B
Question #3
Which of the following aspect of monitoring tool ensures that the monitoring tool has the ability to keep up with the growth of an enterprise?
A. Scalability
B. Customizability
C. Sustainability
D. Impact on performance
View answer
Correct Answer: A
Question #4
You are an experienced Project Manager that has been entrusted with a project to develop a machine which produces auto components. You have scheduled meetings with the project team and the key stakeholders to identify the risks for your project. Which of the following is a key output of this process?
A. Risk Register
B. Risk Management Plan
C. Risk Breakdown Structure
D. Risk Categories
View answer
Correct Answer: A
Question #5
Your project has several risks that may cause serious financial impact if they occur. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?
A. Risk response plan
B. Contingency reserveC
D. Quantitative analysis
View answer
Correct Answer: ABD
Question #6
Which of the following statements is true for risk analysis?
A. Risk analysis should assume an equal degree of protection for all assets
B. Risk analysis should give more weight to the likelihood than the size of loss
C. Risk analysis should limit the scope to a benchmark of similar companies
D. Risk analysis should address the potential size and likelihood of loss
View answer
Correct Answer: A
Question #7
Which of the following parameters would affect the prioritization of the risk responses and development of the risk response plan? Each correct answer represents a complete solution. Choose three.
A. Importance of the risk
B. Time required to mitigate risk
C. Effectiveness of the response
D. Cost of the response to reduce risk within tolerance levels
View answer
Correct Answer: D
Question #8
What is the MAIN purpose of designing risk management programs?
A. To reduce the risk to a level that the enterprise is willing to accept
B. To reduce the risk to the point at which the benefit exceeds the expense
C. To reduce the risk to a level that is too small to be measurable
D. To reduce the risk to a rate of return that equals the current cost of capital
View answer
Correct Answer: D
Question #9
You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re-architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?
A. Deferrals
B. Quick win
C. Business case to be made
D. Contagious risk
View answer
Correct Answer: D
Question #10
Which of the following is the FOREMOST root cause of project risk? Each correct answer represents a complete solution. Choose two.
A. New system is not meeting the user business needs
B. Delay in arrival of resources
C. Lack of discipline in managing the software development process D
View answer
Correct Answer: B
Question #11
Which of the following parameters are considered for the selection of risk indicators? Each correct answer represents a part of the solution. Choose three.
A. Size and complexity of the enterprise
B. Type of market in which the enterprise operates
C. Risk appetite and risk tolerance
D. Strategy focus of the enterprise
View answer
Correct Answer: B
Question #12
Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."
A. Quality management plan
B. Risk management plan
C. Risk register
D. Project charter
View answer
Correct Answer: A
Question #13
What is the FIRST phase of IS monitoring and maintenance process?
A. Report result
B. Prioritizing risks
C. Implement monitoring
D. Identifying controls
View answer
Correct Answer: C
Question #14
Which of the following is NOT true for risk management capability maturity level 1?
A. There is an understanding that risk is important and needs to be managed, but it is viewed as a technical issue and the business primarily considers the downside of IT risk
B. Decisions involving risk lack credible information
C. Risk appetite and tolerance are applied only during episodic risk assessments
D. Risk management skills exist on an ad hoc basis, but are not actively developed
View answer
Correct Answer: AC
Question #15
Which of the following is described by the definition given below? "It is the expected guaranteed value of taking a risk."
A. Certainty equivalent value
B. Risk premium C
D. Certain value assurance
View answer
Correct Answer: D
Question #16
You are working in an enterprise. Assuming that your enterprise periodically compares finished goods inventory levels to the perpetual inventories in its ERP system. What kind of information is being provided by the lack of any significant differences between perpetual levels and actual levels?
A. Direct information
B. Indirect information
C. Risk management plan
D. Risk audit information
View answer
Correct Answer: A
Question #17
You work as a project manager for TechSoft Inc. You are working with the project stakeholders on the qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?
A. Risk Urgency Assessment
B. Risk Reassessment
C. Risk Data Quality Assessment
D. Risk Categorization
View answer
Correct Answer: AC
Question #18
Risks to an organization's image are referred to as what kind of risk? A. Operational
B. Financial
C. Information
D. Strategic
View answer
Correct Answer: ABC
Question #19
Which of the following is the priority of data owners when establishing risk mitigation method?
A. User entitlement changes
B. Platform security C
D. Antivirus controls
View answer
Correct Answer: C
Question #20
Which of the following risks refer to probability that an actual return on an investment will be lower than the investor's expectations?
A. Integrity risk
B. Project ownership risk C
D. Expense risk
View answer
Correct Answer: B
Question #21
Which one of the following is the only output for the qualitative risk analysis process?
A. Project management plan
B. Risk register updates
C. Organizational process assets
D. Enterprise environmental factors
View answer
Correct Answer: C
Question #22
What are the functions of audit and accountability control? Each correct answer represents a complete solution. Choose all that apply.
A. Provides details on how to protect the audit logs
B. Implement effective access control
C. Implement an effective audit program
D. Provides details on how to determine what to audit
View answer
Correct Answer: A
Question #23
David is the project manager of HRC project. He concluded while HRC project is in process that if he adopts e-commerce, his project can be more fruitful. But he did not engaged in electronic commerce (e-commerce) so that he would escape from risk associated with that line of business. What type of risk response had he adopted?
A. Acceptance
B. Avoidance
C. Exploit
D. Enhance
View answer
Correct Answer: D
Question #24
Which of the following is the MOST effective inhibitor of relevant and efficient communication?
A. A false sense of confidence at the top on the degree of actual exposure related to IT and lackof a well-understood direction for risk management from the top down
B. The perception that the enterprise is trying to cover up known risk from stakeholders
C. Existence of a blame culture
D. Misalignment between real risk appetite and translation into policies
View answer
Correct Answer: B
Question #25
You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?
A. Detective
B. Corrective
C. Preventative
D. Recovery
View answer
Correct Answer: D
Question #26
Which of the following components of risk scenarios has the potential to generate internal or external threat on an enterprise?
A. Timing dimension
B. Events
C. Assets
D. Actors
View answer
Correct Answer: D
Question #27
Which of the following risks is the risk that happen with an important business partner and affects a large group of enterprises within an area or industry?
A. Contagious risk
B. Reporting risk
C. Operational risk
D. Systemic risk
View answer
Correct Answer: A
Question #28
You are the project manager of a SGT project. You have been actively communicating and working with the project stakeholders. One of the outputs of the "manage stakeholder expectations" process can actually create new risk events for your project. Which output of the manage stakeholder expectations process can create risks?
A. Project management plan updates
B. An organizational process asset updates
C. Change requests
D. Project document updates
View answer
Correct Answer: B
Question #29
Which of the following processes is described in the statement below? "It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."
A. Risk governance
B. IRGC
C. Risk response planning
D. Risk communication
View answer
Correct Answer: C
Question #30
You are the IT manager in Bluewell Inc. You identify a new regulation for safeguarding the information processed by a specific type of transaction. What would be the FIRST action you will take?
A. Assess whether existing controls meet the regulation
B. Update the existing security privacy policy
C. Meet with stakeholders to decide how to comply
D. Analyze the key risk in the compliance process
View answer
Correct Answer: CD
Question #31
You are the project manager in your enterprise. You have identified occurrence of risk event in your enterprise. You have pre-planned risk responses. You have monitored the risks that had occurred. What is the immediate step after this monitoring process that has to be followed in response to risk events?
A. Initiate incident response
B. Update the risk register
C. Eliminate the risk completely
D. Communicate lessons learned from risk events
View answer
Correct Answer: A
Question #32
Which of the following characteristics of risk controls answers the aspect about the control given below: "Will it continue to function as expressed over the time and adopts as changes or new elements are introduced to the environment"
A. Reliability
B. Sustainability
C. Consistency
D. Distinct
View answer
Correct Answer: B
Question #33
In which of the following risk management capability maturity levels does the enterprise takes major business decisions considering the probability of loss and the probability of reward? Each correct answer represents a complete solution. Choose two.
A. Level 0
B. Level 2C
D. Level 4
View answer
Correct Answer: D
Question #34
What is the value of exposure factor if the asset is lost completely? A. 1
B. Infinity
C. 10
D. 0
View answer
Correct Answer: ACD
Question #35
In which of the following risk management capability maturity levels risk appetite and tolerance are applied only during episodic risk assessments?
A. Level 3
B. Level 2C
D. Level 1
View answer
Correct Answer: B
Question #36
Which of the following operational risks ensures that the provision of a quality product is not overshadowed by the production costs of that product?
A. Information security risks
B. Contract and product liability risks
C. Project activity risks
D. Profitability operational risks
View answer
Correct Answer: C
Question #37
You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?
A. Reduction in the frequency of a threat
B. Minimization of inherent risk
C. Reduction in the impact of a threat
D. Minimization of residual risk
View answer
Correct Answer: A
Question #38
Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?
A. Mary will schedule when the identified risks are likely to happen and affect the project schedule
C. Mary will use the schedule management plan to schedule the risk identification meetings throughout the remaining project
D. Mary will utilize the schedule controls to determine how risks may be allowed to change the project schedule
View answer
Correct Answer: ABD
Question #39
You work as a project manager for BlueWell Inc. You are preparing for the risk identification process. You will need to involve several of the project's key stakeholders to help you identify and communicate the identified risk events. You will also need several documents to help you and the stakeholders identify the risk events. Which one of the following is NOT a document that will help you identify and communicate risks within the project?
A. Stakeholder registers
B. Activity duration estimates
C. Activity cost estimates
D. Risk register
View answer
Correct Answer: D
Question #40
Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes. What is the primary advantage to group risks by common causes during qualitative risk analysis?
A. It helps the project team realize the areas of the project most laden with risks
B. It assist in developing effective risk responses
C. It saves time by collecting the related resources, such as project team members, to analyze the risk events
D. It can lead to the creation of risk categories unique to each project
View answer
Correct Answer: B
Question #41
Ben works as a project manager for the MJH Project. In this project, Ben is preparing to identify stakeholders so he can communicate project requirements, status, and risks. Ben has elected to use a salience model as part of his stakeholder identification process. Which of the following activities best describes a salience model?
A. Describing classes of stakeholders based on their power (ability to impose their will), urgency (need for immediate attention), and legitimacy (their involvement is appropriate)
B. Grouping the stakeholders based on their level of authority ("power") and their level or concern ("interest") regarding the project outcomes
C. Influence/impact grid, grouping the stakeholders based on their active involvement ("influence") in the project and their ability to affect changes to the project's planning or execution ("impact")
D. Grouping the stakeholders based on their level of authority ("power") and their active involvement ("influence") in the project
View answer
Correct Answer: A
Question #42
You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve this goal of improving the project's performance through risk analysis with your project stakeholders?
A. Involve subject matter experts in the risk analysis activities
B. Involve the stakeholders for risk identification only in the phases where the project directly affects them
C. Use qualitative risk analysis to quickly assess the probability and impact of risk events
D. Focus on the high-priority risks through qualitative risk analysis
View answer
Correct Answer: BCD
Question #43
Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events? A. The events should be entered into qualitative risk analysis.
B. The events should be determined if they need to be accepted or responded to
C. The events should be entered into the risk register
D. The events should continue on with quantitative risk analysis
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: