DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master CRISC Exams with Exam Questions & Study Materials, Certified in Risk and Information Systems Control | SPOTO

Achieve mastery in CRISC® exams with SPOTO's expertly crafted exam questions and comprehensive study materials. Access a variety of practice tests and mock exams to assess your knowledge and readiness for the certification exam. Our exam materials, including exam dumps and sample questions, reinforce understanding of key concepts in risk management and information systems control. Utilize our exam simulator for realistic exam practice, simulating the exam environment and refining your time management skills. With SPOTO, you'll have all the necessary resources to excel in your CRISC® certification journey. Start your exam preparation today and become a certified risk management expert capable of optimizing risk management across your organization.
Take other online exams

Question #1
What are the PRIMARY requirements for developing risk scenarios? Each correct answer represents a part of the solution. Choose two.
A. Potential threats and vulnerabilities that could lead to loss events
B. Determination of the value of an asset at risk
C. Determination of actors that has potential to generate risk
D. Determination of threat type
View answer
Correct Answer: AB
Question #2
Which of the following is the MOST important aspect to ensure that an accurate risk register is maintained?
A. Publish the risk register in a knowledge management platform with workflow features that periodically contacts and polls risk assessors to ensure accuracy of content
B. Perform regular audits by audit personnel and maintain risk register
C. Submit the risk register to business process owners for review and updating
D. Monitor key risk indicators, and record the findings in the risk register
View answer
Correct Answer: A
Question #3
What is the most important benefit of classifying information assets?
A. Linking security requirements to business objectives
B. Allotting risk ownership
C. Defining access rights D
View answer
Correct Answer: A
Question #4
You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve this goal of improving the project's performance through risk analysis with your project stakeholders?
A. Involve subject matter experts in the risk analysis activities
B. Involve the stakeholders for risk identification only in the phases where the project directly affects them
C. Use qualitative risk analysis to quickly assess the probability and impact of risk events
D. Focus on the high-priority risks through qualitative risk analysis
View answer
Correct Answer: D
Question #5
Which of the following is a performance measure that is used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments?
A. Return On Security Investment
B. Total Cost of Ownership
C. Return On Investment
D. Redundant Array of Inexpensive Disks
View answer
Correct Answer: ABD
Question #6
You are the project manager of GHT project. You have selected appropriate Key Risk Indicators for your project. Now, you need to maintain those Key Risk Indicators. What is the MOST important reason to maintain Key Risk Indicators?
A. Risk reports need to be timely
B. Complex metrics require fine-tuning
C. Threats and vulnerabilities change over time
D. They help to avoid risk
View answer
Correct Answer: D
Question #7
You work as a project manager for BlueWell Inc. Your project is using a new material to construct a large warehouse in your city. This new material is cheaper than traditional building materials, but it takes some time to learn how to use the material properly. You have communicated to the project stakeholders that you will be able to save costs by using the new material, but you will need a few extra weeks to complete training to use the materials. This risk response of learning how to use the new material
A. Benchmarking
B. Cost-benefits analysis
C. Cost of conformance to quality
D. Team development
View answer
Correct Answer: ABD
Question #8
Which of the following steps ensure effective communication of the risk analysis results to relevant stakeholders? Each correct answer represents a complete solution. Choose three.
A. The results should be reported in terms and formats that are useful to support business decisions
B. Provide decision makers with an understanding of worst-case and most probable scenarios,due diligence exposures and significant reputation, legal or regulatory considerations
C. Communicate the negative impacts of the events only, it needs more consideration
D. Communicate the risk-return context clearly
View answer
Correct Answer: AD
Question #9
John is the project manager of the HGH Project for her company. He and his project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of response does John adopt here?
A. Contingent response strategy
B. Risk avoidance
C. Risk mitigation
D. Expert judgment
View answer
Correct Answer: D
Question #10
You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here?
A. Of risk indicator
B. Of risk identification
C. Of risk trigger D
View answer
Correct Answer: A
Question #11
Which of the following are the principles of access controls? Each correct answer represents a complete solution. Choose three.
A. Confidentiality
B. Availability C
D. Integrity
View answer
Correct Answer: C
Question #12
You are the risk official of your enterprise. Your enterprise takes important decisions without considering risk credential information and is also unaware of external requirements for risk management and integration with enterprise risk management. In which of the following risk management capability maturity levels does your enterprise exists?
A. Level 1
B. Level 0C
D. Level 4
View answer
Correct Answer: B
Question #13
Which negative risk response usually has a contractual agreement?
A. Sharing
B. Transference
C. Mitigation
D. Exploiting
View answer
Correct Answer: A
Question #14
You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk Priority Number (RPN) you would give to it?
A. 120
B. 100
C. 15
D. 30
View answer
Correct Answer: D
Question #15
Which of the following is the priority of data owners when establishing risk mitigation method?
A. User entitlement changes
B. Platform security
C. Intrusion detection
D. Antivirus controls
View answer
Correct Answer: A
Question #16
What are the responsibilities of the CRO? Each correct answer represents a complete solution. Choose three.
A. Managing the risk assessment process
B. Implement corrective actions
C. Advising Board of Directors
D. Managing the supporting risk management function
View answer
Correct Answer: ABD
Question #17
Which of the following phases is involved in the Data Extraction, Validation, Aggregation and Analysis?
A. Risk response and Risk monitoring
B. Requirements gathering, Data access, Data validation, Data analysis, and Reporting and corrective action
C. Data access and Data validation
D. Risk identification, Risk assessment, Risk response and Risk monitoring
View answer
Correct Answer: D
Question #18
To which level the risk should be reduced to accomplish the objective of risk management?
A. To a level where ALE is lower than SLE
B. To a level where ARO equals SLE
C. To a level that an organization can accept
D. To a level that an organization can mitigate
View answer
Correct Answer: B
Question #19
You are the project manager of a large networking project. During the execution phase the customer requests for a change in the existing project plan. What will be your immediate action?
A. Update the risk register
B. Ask for a formal change request
C. Ignore the request as the project is in the execution phase
D. Refuse the change request
View answer
Correct Answer: B
Question #20
Which section of the Sarbanes-Oxley Act specifies "Periodic financial reports must be certified by CEO and CFO"?
A. Section 302
B. Section 404 C
D. Section 409
View answer
Correct Answer: C
Question #21
You are the risk professional in Bluewell Inc. A risk is identified and enterprise wants to quickly implement control by applying technical solution that deviates from the company's policies. What you should do? A. Recommend against implementation because it violates the company's policies
B. Recommend revision of the current policy
C. Recommend a risk assessment and subsequent implementation only if residual risk is accepted
D. Conduct a risk assessment and allow or disallow based on the outcome
View answer
Correct Answer: A
Question #22
Which of the following controls do NOT come under technical class of control? A. Program management control
B. System and Communications Protection control
C. Identification and Authentication control
D. Access Control
View answer
Correct Answer: D
Question #23
Which of the following is the process of numerically analyzing the effects of identified risks on the overall enterprise's objectives?
A. Identifying Risks
B. Quantitative Risk Assessment
C. Qualitative Risk Assessment
D. Monitoring and Controlling Risks
View answer
Correct Answer: C
Question #24
You are the project manager of the NHQ project in Bluewell Inc. The project has an asset valued at $200,000 and is subjected to an exposure factor of 45 percent. If the annual rate of occurrence of loss in this project is once a month, then what will be the Annual Loss Expectancy (ALE) of the project?
A. $ 2,160,000
B. $ 95,000
C. $ 108,000
D. $ 90,000
View answer
Correct Answer: D
Question #25
Which of the following IS processes provide indirect information? Each correct answer represents a complete solution. Choose three.
A. Post-implementation reviews of program changes
B. Security log monitoring
C. Problem management
D. Recovery testing
View answer
Correct Answer: A
Question #26
Which of the following IS processes provide indirect information? Each correct answer represents a complete solution. Choose three.
A. Post-implementation reviews of program changes
B. Security log monitoring
C. Problem management
D. Recovery testing
View answer
Correct Answer: AD
Question #27
You are the risk professional of your enterprise. You need to calculate potential revenue loss if a certain risks occurs. Your enterprise has an electronic (e- commerce) web site that is producing US $1 million of revenue each day, then if a denial of service (DoS) attack occurs that lasts half a day creates how much loss?
A. US $250,000 loss
B. US $500,000 loss
C. US $1 million loss
D. US $100,000 loss
View answer
Correct Answer: A
Question #28
Which of the following are the responsibilities of Enterprise risk committee? Each correct answer represents a complete solution. Choose three.
A. React to risk events
B. Analyze risk
C. Risk aware decision
D. Articulate risk
View answer
Correct Answer: D
Question #29
Risks to an organization's image are referred to as what kind of risk?
A. Operational
B. Financial
C. Information
D. Strategic
View answer
Correct Answer: C
Question #30
You work as a Project Manager for Company Inc. You are incorporating a risk response owner to take the job for each agreed-to and funded risk response. On which of the following processes are you working?
A. Quantitative Risk Analysis
B. Identify Risks
C. Plan risk response
D. Qualitative Risk Analysis
View answer
Correct Answer: B
Question #31
Which of the following is a technique that provides a systematic description of the combination of unwanted occurrences in a system?
A. Sensitivity analysis
B. Scenario analysis
C. Fault tree analysis
D. Cause and effect analysis
View answer
Correct Answer: BCD
Question #32
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?
A. Human resource needs B
C. Costs
D. Risks
View answer
Correct Answer: D
Question #33
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
A. Warning signs
B. Symptoms
C. Risk rating
D. Cost of the project
View answer
Correct Answer: C
Question #34
Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?
A. ALE= ARO/SLE
B. ARO= SLE/ALE
C. ARO= ALE*SLE
D. ALE= ARO*SLE
View answer
Correct Answer: D
Question #35
In the project initiation phase of System Development Life Cycle, there is information on project initiated by which of the following role carriers? A. CRO
B. Sponsor
C. Business management
D. CIO
View answer
Correct Answer: B
Question #36
The Identify Risk process determines the risks that affect the project and document their characteristics. Why should the project team members be involved in the Identify Risk process?
A. They are the individuals that will most likely cause and respond to the risk events
B. They are the individuals that will have the best responses for identified risks events within the project
C. They are the individuals that are most affected by the risk events
D. They are the individuals that will need a sense of ownership and responsibility for the risk events
View answer
Correct Answer: D
Question #37
Which of the following is NOT the method of Qualitative risk analysis?
A. Scorecards
B. Attribute analysis C
D. Business process modeling (BPM) and simulation
View answer
Correct Answer: D
Question #38
Which of the following test is BEST to map for confirming the effectiveness of the system access management process?
A. user accounts to human resources (HR) records
B. user accounts to access requests
C. the vendor database to user accounts
D. access requests to user accounts
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: