DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest 2024 CRISC Certification Questions & Mock Tests, Certified in Risk and Information Systems Control | SPOTO

Prepare effectively for your CRISC® certification exam with SPOTO's latest 2024 CRISC certification questions and mock tests. Access a comprehensive range of practice tests and mock exams designed to simulate the real exam environment. Our exam materials include exam dumps, sample questions, and exam answers to reinforce your understanding of key concepts in risk management and information systems control. Utilize our exam simulator for realistic exam practice, allowing you to improve your time management skills and boost confidence. With SPOTO, you'll have all the resources you need to succeed in your CRISC® certification journey. Start your exam preparation today and become a certified risk management expert capable of optimizing risk management across your organization.
Take other online exams

Question #1
What are the responsibilities of the CRO? Each correct answer represents a complete solution. Choose three.
A. Managing the supporting risk management function
B. Managing the risk assessment process
C. Advising Board of Directors
D. Implement corrective actions
View answer
Correct Answer: A
Question #2
Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?
A. Cost change control system
B. Configuration management system
C. Scope change control system
D. Integrated change control
View answer
Correct Answer: A
Question #3
Which of the following is true for Cost Performance Index (CPI)?
A. If the CPI > 1, it indicates better than expected performance of project
B. CPI = Earned Value (EV) * Actual Cost (AC)
C. It is used to measure performance of schedule
D. If the CPI = 1, it indicates poor performance of project
View answer
Correct Answer: A
Question #4
Which of the following assets are the examples of intangible assets of an enterprise? Each correct answer represents a complete solution. Choose two.
A. Customer trust
B. Information
C. People
D. Infrastructure
View answer
Correct Answer: C
Question #5
You are the project manager for the NHH project. You are working with your project team to examine the project from four different defined perspectives to increase the breadth of identified risks by including internally generated risks. What risk identification approach are you using in this example?
A. Root cause analysis
B. Influence diagramming techniques
C. SWOT analysis
D. Assumptions analysis
View answer
Correct Answer: B
Question #6
Which among the following acts as a trigger for risk response process?
A. Risk level increases above risk appetite
B. Risk level increase above risk tolerance
C. Risk level equates risk appetite
D. Risk level equates the risk tolerance
View answer
Correct Answer: ACD
Question #7
You have been assigned as the Project Manager for a new project that involves development of a new interface for your existing time management system. You have completed identifying all possible risks along with the stakeholders and team and have calculated the probability and impact of these risks. Which of the following would you need next to help you prioritize the risks?
A. Affinity Diagram
B. Risk rating rules
C. Project Network Diagram
D. Risk categories
View answer
Correct Answer: D
Question #8
Which of the following are risk components of the COSO ERM framework? Each correct answer represents a complete solution. Choose three.
A. Risk response
B. Internal environment
C. Business continuity
D. Control activities
View answer
Correct Answer: A
Question #9
Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes?
A. Qualitative Risk Analysis
B. Plan Risk Management
C. Identify Risks
D. Quantitative Risk Analysis
View answer
Correct Answer: A
Question #10
Which of the following control is used to ensure that users have the rights and permissions they need to perform their jobs, and no more?
A. System and Communications protection control
B. Audit and Accountability control
C. Access control
D. Identification and Authentication control
View answer
Correct Answer: D
Question #11
You are the project manager of HFD project. You have identified several project risks. You have adopted alternatives to deal with these risks which do not attempt to reduce the probability of a risk event or its impacts. Which of the following response have you implemented?
A. Acceptance
B. Mitigation
C. Avoidance
D. Contingent response
View answer
Correct Answer: A
Question #12
Which of the following is the MOST effective inhibitor of relevant and efficient communication?
A. A false sense of confidence at the top on the degree of actual exposure related to IT and lack of a well-understood direction for risk management from the top down
B. The perception that the enterprise is trying to cover up known risk from stakeholders
C. Existence of a blame culture
D. Misalignment between real risk appetite and translation into policies
View answer
Correct Answer: C
Question #13
For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"
A. Level 3
B. Level 0C
D. Level 2
View answer
Correct Answer: C
Question #14
You are the project manager of the AFD project for your company. You are working with the project team to reassess existing risk events and to identify risk events that have not happened and whose relevancy to the project has passed. What should you do with these events that have not happened and would not happen now in the project?
A. Add the risk to the issues log
B. Close the outdated risks
C. Add the risks to the risk register
D. Add the risks to a low-priority watch-list
View answer
Correct Answer: C
Question #15
You are the project manager of the GHY Project for your company. You need to complete a project management process that will be on the lookout for new risks, changing risks, and risks that are now outdated. Which project management process is responsible for these actions?
A. Risk planning
B. Risk monitoring and controlling
C. Risk identification
D. Risk analysis
View answer
Correct Answer: AD
Question #16
Which of the following is described by the definition given below? "It is the expected guaranteed value of taking a risk."
A. Certainty equivalent value
B. Risk premium
C. Risk value guarantee
D. Certain value assurance
View answer
Correct Answer: B
Question #17
Mary is a project manager in her organization. On her current project she is working with her project team and other key stakeholders to identify the risks within the project. She is currently aiming to create a comprehensive list of project risks so she is using a facilitator to help generate ideas about project risks. What risk identification method is Mary likely using?
A. Delphi Techniques
B. Expert judgment
C. Brainstorming
D. Checklist analysis
View answer
Correct Answer: A
Question #18
What is the FIRST phase of IS monitoring and maintenance process?
A. Report result
B. Prioritizing risks
C. Implement monitoring
D. Identifying controls
View answer
Correct Answer: A
Question #19
You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project?
A. Conduct a feasibility study
B. Acquire software
C. Define requirements of project
D. Plan project management
View answer
Correct Answer: B
Question #20
Which of the following statements are true for enterprise's risk management capability maturity level 3?
A. Workflow tools are used to accelerate risk issues and track decisions
B. The business knows how IT fits in the enterprise risk universe and the risk portfolio view
C. The enterprise formally requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals
D. Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized
View answer
Correct Answer: D
Question #21
You are the project manager of GHT project. You and your team have developed risk responses for those risks with the highest threat to or best opportunity for the project objectives. What are the immediate steps you should follow, after planning for risk response process? Each correct answer represents a complete solution. Choose three.
A. Updating Project management plan and Project document
B. Applying controls
C. Updating Risk register
D. Prepare Risk-related contracts
View answer
Correct Answer: ABD
Question #22
What are the functions of audit and accountability control? Each correct answer represents a complete solution. Choose all that apply.
A. Provides details on how to protect the audit logs
B. Implement effective access control
C. Implement an effective audit program
D. Provides details on how to determine what to audit
View answer
Correct Answer: A
Question #23
You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?
A. Project network diagrams
B. Cause-and-effect analysis
C. Decision tree analysis
D. Delphi Technique
View answer
Correct Answer: C
Question #24
Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?
A. Business management
B. Business process owner
C. Chief information officer (CIO)
D. Chief risk officer (CRO)
View answer
Correct Answer: ABD
Question #25
Which of the following are parts of SWOT Analysis? Each correct answer represents a complete solution. Choose all that apply.
A. Weaknesses
B. Tools
C. Threats
D. Opportunities
E. Strengths
View answer
Correct Answer: A
Question #26
Which of the following controls do NOT come under technical class of control?
A. Program management control
B. System and Communications Protection control
C. Identification and Authentication control
D. Access Control
View answer
Correct Answer: C
Question #27
You and your project team have identified a few risk events in the project and recorded the events in the risk register. Part of the recording of the events includes the identification of a risk owner. Who is a risk owner?
A. A risk owner is the party that will monitor the risk events
B. A risk owner is the party that will pay for the cost of the risk event if it becomes an issue
C. A risk owner is the party that has caused the risk event
D. A risk owner is the party authorized to respond to the risk event
View answer
Correct Answer: A
Question #28
Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?
A. Business Continuity Strategy
B. Index of Disaster-Relevant Information
C. Disaster Invocation Guideline
D. Availability/ ITSCM/ Security Testing Schedule
View answer
Correct Answer: A
Question #29
Which of the following is the MOST effective method for indicating that the risk level is approaching a high or unacceptable level of risk?
A. Risk register
B. Cause and effect diagram
C. Risk indicator
D. Return on investment
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: