DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Dominate CRISC Mock Tests & Study Materials, Certified in Risk and Information Systems Control | SPOTO

Excel in your CRISC® exam preparation with SPOTO's comprehensive mock tests and study materials. Access a wide range of mock exams and practice tests to assess your knowledge and readiness for the certification exam. Our exam materials, including exam dumps and sample questions, reinforce understanding of key concepts in risk management and information systems control. Utilize our exam simulator for realistic exam practice, simulating the exam environment and improving time management skills. With SPOTO, you'll have all the necessary resources to dominate your CRISC® exam. Start your exam preparation today and become a certified risk management expert capable of optimizing risk management across your organization.
Take other online exams

Question #1
There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to quantitative risk analysis process? A. Risk management plan
B. Enterprise environmental factors
C. Cost management plan
D. Risk register
View answer
Correct Answer: B

View The Updated CRISC Exam Questions

SPOTO Provides 100% Real CRISC Exam Questions for You to Pass Your CRISC Exam!

Question #2
FISMA requires federal agencies to protect IT systems and data. How often should compliance be audited by an external organization?
A. Annually
B. Quarterly
C. Every three years
D. Never
View answer
Correct Answer: C
Question #3
Which of the following processes is described in the statement below? "It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."
A. Risk governance
B. Risk identification
C. Risk response planning
D. Risk communication
View answer
Correct Answer: D
Question #4
You are the project manager of GHT project. During the data extraction process you evaluated the total number of transactions per year by multiplying the monthly average by twelve. This process of evaluating total number of transactions is known as?
A. Duplicates test
B. Controls total
C. Simplistic and ineffective
D. Reasonableness test
View answer
Correct Answer: D
Question #5
According to the Section-302 of the Sarbanes-Oxley Act of 2002, what does certification of reports implies? Each correct answer represents a complete solution. Choose three.
A. The signing officer has evaluated the effectiveness of the issuer's internal controls as of a date at the time to report
C. The signing officer has reviewed the report
D. The signing officer has presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date
View answer
Correct Answer: C
Question #6
Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)? A. ALE= ARO/SLE
B. ARO= SLE/ALE
C. ARO= ALE*SLE
D. ALE= ARO*SLE
View answer
Correct Answer: A
Question #7
Which of the following characteristics of risk controls can be defined as under? "The separation of controls in the production environment rather than the separation in the design and implementation of the risk" A. Trusted source
B. Secure
C. Distinct
D. Independent
View answer
Correct Answer: A
Question #8
Which of the following is the process of numerically analyzing the effects of identified risks on the overall enterprise's objectives? A. Identifying Risks
B. Quantitative Risk Assessment
C. Qualitative Risk Assessment
D. Monitoring and Controlling Risks
View answer
Correct Answer: A
Question #9
Which of the following steps ensure effective communication of the risk analysis results to relevant stakeholders? Each correct answer represents a complete solution. Choose three.
A. The results should be reported in terms and formats that are useful to support business decisions B
C. Communicate the negative impacts of the events only, it needs more consideration
D. Communicate the risk-return context clearly
View answer
Correct Answer: B
Question #10
Which of the following process ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule?
A. Risk management
B. Risk response integration
C. Risk response implementation
D. Risk response tracking
View answer
Correct Answer: ABC
Question #11
Which of the following matrices is used to specify risk thresholds?
A. Risk indicator matrix
B. Impact matrix C
D. Probability matrix
View answer
Correct Answer: A
Question #12
Which of the following is the PRIMARY requirement before choosing Key performance indicators of an enterprise?
A. Determine size and complexity of the enterprise
B. Prioritize various enterprise processes
C. Determine type of market in which the enterprise operates
D. Enterprise must establish its strategic and operational goals
View answer
Correct Answer: BD
Question #13
Which of the following guidelines should be followed for effective risk management? Each correct answer represents a complete solution. Choose three.
A. Promote and support consistent performance in risk management
B. Promote fair and open communication
C. Focus on enterprise's objective
D. Balance the costs and benefits of managing risk
View answer
Correct Answer: AD
Question #14
What are the three PRIMARY steps to be taken to initialize the project? Each correct answer represents a complete solution. Choose all that apply.
A. Conduct a feasibility study
B. Define requirements C
D. Plan risk management
View answer
Correct Answer: D
Question #15
Which of the following are the principles of risk management? Each correct answer represents a complete solution. Choose three.
A. Risk management should be an integral part of the organization
B. Risk management should be a part of decision-making
C. Risk management is the responsibility of executive management
D. Risk management should be transparent and inclusive
View answer
Correct Answer: D
Question #16
Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just $15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?
A. Mitigation
B. Avoidance C
D. Enhancing
View answer
Correct Answer: A
Question #17
Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?
A. Transference B
C. Acceptance
D. Avoidance
View answer
Correct Answer: A
Question #18
Suppose you are working in Techmart Inc. which sells various products through its website. Due to some recent losses, you are trying to identify the most important risks to the Website. Based on feedback from several experts, you have come up with a list. You now want to prioritize these risks. Now in which category you would put the risk concerning the modification of the Website by unauthorized parties.
A. Ping Flooding Attack
B. Web defacing
C. Denial of service attack D
View answer
Correct Answer: ACD
Question #19
You are the product manager in your enterprise. You have identified that new technologies, products and services are introduced in your enterprise time-to-time. What should be done to prevent the efficiency and effectiveness of controls due to these changes?
A. Receive timely feedback from risk assessments and through key risk indicators, and update controls
B. Add more controls
C. Perform Business Impact Analysis (BIA)
D. Nothing, efficiency and effectiveness of controls are not affected by these changes
View answer
Correct Answer: D
Question #20
You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks : Communicating risk analysis results Reporting risk management activities and the state of compliance Interpreting independent risk assessment findings Identifying business opportunities Which of the following process are you performing?
A. Articulating risk
B. Mitigating risk C
D. Reporting risk
View answer
Correct Answer: A
Question #21
You have been assigned as the Project Manager for a new project that involves development of a new interface for your existing time management system. You have completed identifying all possible risks along with the stakeholders and team and have calculated the probability and impact of these risks. Which of the following would you need next to help you prioritize the risks?
A. Affinity Diagram
B. Risk rating rules C
D. Risk categories
View answer
Correct Answer: A
Question #22
Which of the following is MOST appropriate method to evaluate the potential impact of legal, regulatory, and contractual requirements on business objectives?
A. Communication with business process stakeholders
B. Compliance-oriented business impact analysis
C. Compliance-oriented gap analysis
D. Mapping of compliance requirements to policies and procedures
View answer
Correct Answer: A
Question #23
You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming year. Management has asked you to identify the risk events and communicate the event's probability and impact as early as possible in the project. Management wants to avoid risk events and needs to analyze the cost-benefits of each risk event in this project. What term is assigned to the low-level of stakeholder tolerance in this
A. Mitigation-ready project management
B. Risk avoidance
C. Risk utility function
D. Risk-reward mentality
View answer
Correct Answer: A
Question #24
You work as a Project Manager for www.company.com Inc. You have to measure the probability, impact, and risk exposure. Then, you have to measure how the selected risk response can affect the probability and impact of the selected risk event. Which of the following tools will help you to accomplish the task?
A. Project network diagrams
B. Delphi technique
C. Decision tree analysis
D. Cause-and-effect diagrams
View answer
Correct Answer: CDE
Question #25
You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a network connectivity for 1 day. Which of the following factors would you include?
A. Aggregate compensation of all affected business users
B. Hourly billing rate charged by the carrier
C. Value that enterprise get on transferring data over the network
D. Financial losses incurred by affected business units
View answer
Correct Answer: A
Question #26
Which of the following represents lack of adequate controls?
A. Vulnerability
B. Threat
C. Asset
D. Impact
View answer
Correct Answer: C
Question #27
While developing obscure risk scenarios, what are the requirements of the enterprise? Each correct answer represents a part of the solution. Choose two.
A. Have capability to cure the risk events
B. Have capability to recognize an observed event as something wrong
C. Have sufficient number of analyst
D. Be in a position that it can observe anything going wrong
View answer
Correct Answer: ABC
Question #28
You are working on a project in an enterprise. Some part of your project requires e- commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?
A. risk avoidance
B. risk treatment
C. risk acceptance
D. risk transfer
View answer
Correct Answer: B
Question #29
You are working as a project manager in Bluewell Inc.. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
A. Qualitative risk analysis
B. Risk audits
C. Quantitative risk analysis
D. Requested changes
View answer
Correct Answer: B
Question #30
Which of the following techniques examines the degree to which organizational strengths offset threats and opportunities that may serve to overcome weaknesses?
A. SWOT Analysis
B. Delphi
C. Brainstorming
D. Expert Judgment
View answer
Correct Answer: A
Question #31
You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take? A. Apply risk response
B. Update risk register
C. No action
D. Prioritize risk response options
View answer
Correct Answer: C
Question #32
You are a project manager for your organization and you're working with four of your key stakeholders. One of the stakeholders is confused as to why you're not discussing the current problem in the project during the risk identification meeting. Which one of the following statements best addresses when a project risk actually happens?
A. Project risks are uncertain as to when they will happen
B. Risks can happen at any time in the project
C. Project risks are always in the future
D. Risk triggers are warning signs of when the risks will happen
View answer
Correct Answer: A
Question #33
You are the project manager of the HGT project in Bluewell Inc. The project has an asset valued at $125,000 and is subjected to an exposure factor of 25 percent. What will be the Single Loss Expectancy of this project?
A. $ 125,025
B. $ 31,250
C. $ 5,000
D. $ 3,125,000
View answer
Correct Answer: B

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: