Isaca CRISC Certified in Risk and Information Systems Control Exam Practice Test

Page: 1 / 14
Total 1590 questions
Question 1

Which of the following would be the GREATEST risk associated with a new implementation of single sign-on?



Answer : B

Single sign-on (SSO) systems provide convenience by allowing users to authenticate once and gain access to multiple systems. However, the greatest risk associated with SSO is the potential for a single point of failure. If the SSO system is compromised, attackers could gain unauthorized access to all connected systems, leading to widespread security breaches. While complex security administration (Option A), inability to access key information (Option C), and user resistance (Option D) are valid concerns, they do not pose as significant a threat as the catastrophic impact of a single point of failure.


ISACA CRISC Review Manual, Domain 1: IT Risk Identification -- Highlights the risks associated with authentication mechanisms like SSO.

ISACA CRISC Job Practice, Task 1.3: Analyze risk scenarios based on identified threats, vulnerabilities, and impacts.

Question 2

During the creation of an organization's IT risk management program, the BEST time to identify key risk indicators (KRIs) is while:



Answer : C

KRIs should be identified during the development of a risk monitoring process to ensure alignment with organizational objectives and effective risk tracking. This reflects Proactive Risk Monitoring.


Question 3

An organization recently implemented a cybersecurity awareness program that includes phishing simulation exercises for all employees. What type of control is being utilized?



Answer : C

Phishing simulations serve as a deterrent by highlighting the consequences of risky behavior and reinforcing secure practices, reducing the likelihood of successful attacks. This supports Behavioral Risk Management.


Question 4

An organization has established a policy prohibiting ransom payments if subjected to a ransomware attack. Which of the following is the MOST effective control to support this policy?



Answer : B

Immutable backups ensure data recovery without paying ransom, supporting the organization's policy and reducing the impact of ransomware attacks. This aligns with Business Continuity and Recovery Controls.


Question 5

A business unit is updating a risk register with assessment results for a key project. Which of the following is MOST important to capture in the register?



Answer : B

Including action plans ensures that identified risks are appropriately addressed, providing clarity and accountability for treatment activities. This aligns with Risk Treatment and Reporting.


Question 6

Within the three lines of defense model, the PRIMARY responsibility for ensuring risk mitigation controls are properly configured belongs with:



Answer : A

Line management owns the day-to-day responsibility for configuring and maintaining controls, ensuring they align with the organization's risk management strategy. This is central to Operational Risk Management.


Question 7

Concerned about system load capabilities during the month-end close process, management requires monitoring of the average time to complete tasks and monthly reporting of the findings. What type of measure has been established?



Answer : D

Key performance indicators (KPIs) measure operational performance, such as the average time to complete tasks, providing insights into system efficiency during critical processes. This supports Performance Monitoring Practices.


Page:    1 / 14   
Total 1590 questions