DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare Efficiently CRISC Exam Questions, Certified in Risk and Information Systems Control | SPOTO

Efficiently prepare for your CRISC exam with SPOTO's comprehensive resources tailored to CRISC exam questions. Access a variety of practice tests and mock exams to evaluate your knowledge and readiness. Our exam materials, including exam dumps and sample questions, reinforce key concepts in risk management and information systems control. Utilize our exam simulator for realistic exam practice, simulating the exam environment and enhancing time management skills. With SPOTO, you'll have all the necessary tools to excel in your CRISC certification journey. Start your exam preparation today and become a certified risk management expert capable of optimizing risk management across your organization.
Take other online exams

Question #1
Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."
A. Quality management plan
B. Risk management plan
C. Risk register
D. Project charter
View answer
Correct Answer: A
Question #2
NIST SP 800-53 identifies controls in three primary classes. What are they?
A. Technical, Administrative, and Environmental
B. Preventative, Detective, and Corrective
C. Technical, Operational, and Management
D. Administrative, Technical, and Operational
View answer
Correct Answer: C
Question #3
During which of the following processes, probability and impact matrix are prepared?
A. Risk response
B. Monitoring and Control Risk
C. Quantitative risk assessment
D. Qualitative risk assessment
View answer
Correct Answer: ACD
Question #4
You are the project manager of your enterprise. You have identified several risks. Which of the following responses to risk is considered the MOST appropriate?
A. Any of the above B
C. Avoiding
D. Accepting
View answer
Correct Answer: AC
Question #5
A teaming agreement is an example of what type of risk response?
A. Acceptance
B. Mitigation
C. Transfer
D. Share
View answer
Correct Answer: D
Question #6
Which of the following is the best reason for performing risk assessment?
A. To determine the present state of risk
B. To analyze the effect on the business
C. To satisfy regulatory requirements
D. To budget appropriately for the application of various controls
View answer
Correct Answer: C
Question #7
You are the project manager of the QPS project. You and your project team have identified a pure risk. You along with the key stakeholders, decided to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?
A. It is a risk event that only has a negative side and not any positive result
B. It is a risk event that is created by the application of risk response
C. It is a risk event that is generated due to errors or omission in the project work
D. It is a risk event that cannot be avoided because of the order of the work
View answer
Correct Answer: C
Question #8
Which of the following come under the management class of controls? Each correct answer represents a complete solution. Choose all that apply.
A. Risk assessment control
B. Audit and accountability control
C. Program management control
D. Identification and authentication control
View answer
Correct Answer: AC
Question #9
Which of the following items is considered as an objective of the three dimensional model within the framework described in COSO ERM?
A. Risk assessment
B. Financial reporting
C. Control environment
D. Monitoring
View answer
Correct Answer: D
Question #10
What are the functions of the auditor while analyzing risk? Each correct answer represents a complete solution. Choose three.
A. Aids in determining audit objectives
B. Identify threats and vulnerabilities to the information system
C. Provide information for evaluation of controls in audit planning
D. Supporting decision based on risks
View answer
Correct Answer: C
Question #11
Which of the following serve as the authorization for a project to begin?
A. Approval of project management plan
B. Approval of a risk response document
C. Approval of risk management document
D. Approval of a project request document
View answer
Correct Answer: ABD
Question #12
You work as a Project Manager for Company Inc. You have to conduct the risk management activities for a project. Which of the following inputs will you use in the plan risk management process? Each correct answer represents a complete solution. Choose all that apply.
A. Quality management plan
B. Schedule management plan
C. Cost management plan
D. Project scope statement
View answer
Correct Answer: B
Question #13
You are the project manager of GHT project. A risk event has occurred in your project and you have identified it. Which of the following tasks you would do in reaction to risk event occurrence? Each correct answer represents a part of the solution. Choose three.
A. Monitor risk
B. Maintain and initiate incident response plans
C. Update risk register
D. Communicate lessons learned from risk events
View answer
Correct Answer: C
Question #14
Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just $15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?
A. Mitigation
B. Avoidance
C. Transference
D. Enhancing
View answer
Correct Answer: C
Question #15
Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?
A. Cost change control system B
C. Scope change control system
D. Integrated change control
View answer
Correct Answer: D
Question #16
Which is the MOST important parameter while selecting appropriate risk response? A. Cost of response
B. Capability to implement response
C. Importance of risk
D. Efficiency of response
View answer
Correct Answer: A
Question #17
Which of the following parameters would affect the prioritization of the risk responses and development of the risk response plan? Each correct answer represents a complete solution. Choose three.
A. Importance of the risk B
C. Effectiveness of the response
D. Cost of the response to reduce risk within tolerance levels
View answer
Correct Answer: B
Question #18
Jane, the Director of Sales, contacts you and demands that you add a new feature to the software your project team is creating for the organization. In the meeting she tells you how important the scope change would be. You explain to her that the software is almost finished and adding a change now could cause the deliverable to be late, cost additional funds, and would probably introduce new risks to the project. Jane stands up and says to you, "I am the Director of Sales and this change will happen in the
A. Include the change in the project scope immediately
B. Direct your project team to include the change if they have time
C. Do not implement the verbal change request
D. Report Jane to your project sponsor and then include the change
View answer
Correct Answer: C
Question #19
Which of the following establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc?
A. Framework
B. Legal requirements
C. Standard
D. Practices
View answer
Correct Answer: B
Question #20
You are the project manager of the KJH Project and are working with your project team to plan the risk responses. Consider that your project has a budget of $500,000 and is expected to last six months. Within the KJH Project you have identified a risk event that has a probability of .70 and has a cost impact of $350,000. When it comes to creating a risk response for this event what is the risk exposure of the event that must be considered for the cost of the risk response?
A. The risk exposure of the event is $350,000
B. The risk exposure of the event is $500,000
C. The risk exposure of the event is $850,000
D. The risk exposure of the event is $245,000
View answer
Correct Answer: ABD
Question #21
You are the project manager of the PFO project. You are working with your project team members and two subject matter experts to assess the identified risk events in the project. Which of the following approaches is the best to assess the risk events in the project?
A. Interviews or meetings
B. Determination of the true cost of the risk event
C. Probability and Impact Matrix
D. Root cause analysis
View answer
Correct Answer: C
Question #22
Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes?
A. Qualitative Risk Analysis
B. Plan Risk Management C
D. Quantitative Risk Analysis
View answer
Correct Answer: D
Question #23
What are the PRIMARY objectives of a control?
A. Detect, recover, and attack
B. Prevent, respond, and log
C. Prevent, control, and attack
D. Prevent, recover, and detect
View answer
Correct Answer: D
Question #24
Malicious code protection is which type control?
A. Configuration management control
B. System and information integrity control
C. Media protection control D
View answer
Correct Answer: B
Question #25
An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.
A. Information security managers
B. Internal auditors
C. Incident response team members
D. Business managers
View answer
Correct Answer: A
Question #26
You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?
A. Monitoring and recording unsuccessful logon attempts
B. Forcing periodic password changes
C. Using a challenge response system
D. Providing access on a need-to-know basis
View answer
Correct Answer: ACDE
Question #27
You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a server. For this assessment you need to calculate monetary value of the server. On which of the following bases do you calculate monetary value? A. Cost to obtain replacement
B. Original cost to acquire
C. Annual loss expectancy
D. Cost of software stored
View answer
Correct Answer: AB
Question #28
If one says that the particular control or monitoring tool is sustainable, then it refers to what ability?
A. The ability to adapt as new elements are added to the environment
B. The ability to ensure the control remains in place when it fails
C. The ability to protect itself from exploitation or attack
D. The ability to be applied in same manner throughout the organization
View answer
Correct Answer: A
Question #29
Which of the following role carriers has to account for collecting data on risk and articulating risk? A. Enterprise risk committee
B. Business process owner
C. Chief information officer (CIO)
D. Chief risk officer (CRO)
View answer
Correct Answer: B
Question #30
You are the project manager of GHT project. Your hardware vendor left you a voicemail saying that the delivery of the equipment you have ordered would not arrive on time. You identified a risk response strategy for this risk and have arranged for a local company to lease you the needed equipment until yours arrives. This is an example of which risk response strategy?
A. Avoid
B. Transfer
C. Acceptance
D. Mitigate
View answer
Correct Answer: A
Question #31
You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?
A. Reduction in the frequency of a threat B
C. Reduction in the impact of a threat
D. Minimization of residual risk
View answer
Correct Answer: B
Question #32
Which of the following are true for threats? Each correct answer represents a complete solution. Choose three.
A. They can become more imminent as time goes by, or it can diminish
B. They can result in risks from external sources
C. They are possibility
D. They are real
E. They will arise and stay in place until they are properly dealt
View answer
Correct Answer: A
Question #33
Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?
A. Sammy is correct, because she is the project manager
B. Sammy is correct, because organizations can create risk scores for each objective of the project
C. Harry is correct, the risk probability and impact matrix is the only approach to risk assessment
D. Harry is correct, because the risk probability and impact considers all objectives of the project
View answer
Correct Answer: A
Question #34
You are the project manager of the NNN Project. Stakeholders in the two-year project have requested to send status reports to them via. email every week. You have agreed and send reports every Thursday. After six months of the project, the stakeholders are pleased with the project progress and they would like you to reduce the status reports to every two weeks. What process will examine the change to this project process and implement it in the project?
A. Configuration management
B. Communications management
C. Perform integrated change control process
D. Project change control process
View answer
Correct Answer: B
Question #35
You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?
A. Stakeholder management strategy
B. Lessons learned documentation
C. Risk register
D. Risk management plan
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: