Isaca CRISC Exam Practice Test Instant Access

Question 1

When assigning control ownership, it is MOST important to verify that the owner has accountability for:

AControl effectiveness.

BThe budget for control implementation.

CAssessment of control risk.

DInternal control audits.

Answer : A

Control owners must be accountable for ensuring the effectiveness of the controls they manage. This accountability ensures the alignment of controls with risk objectives, as outlined in Control Governance and Ownership.

Question 2

Which of the following outcomes of disaster recovery planning is MOST important to enable the initiation of necessary actions during a disaster?

ADefinition of disaster recovery plan (DRP) scope and key stakeholders

BRecovery time and maximum acceptable data loss thresholds

CA checklist including equipment, location of data backups, and backup sites

DA list of business areas and critical functions subject to risk analysis

Answer : B

Defining recovery time objectives (RTOs) and acceptable data loss thresholds is critical for effective disaster response, ensuring recovery activities are aligned with business priorities. This supports Business Continuity Planning.

Question 3

Which of the following is the PRIMARY risk management responsibility of the second line of defense?

AMonitoring risk responses

BApplying risk treatments

CImplementing internal controls

DProviding assurance of control effectiveness

Answer : A

The second line of defense is tasked with overseeing risk responses to ensure they align with the organization's risk strategy and appetite. This responsibility supports effective governance under the Three Lines of Defense Model.

Question 4

An organization has implemented a policy requiring staff members to take a minimum of five consecutive days' leave per year to mitigate the risk of malicious insider activities. Which of the following is the BEST key performance indicator (KPI) of the effectiveness of this policy?

AFinancial loss incurred due to malicious activities since policy implementation

BAverage number of consecutive days of leave per staff member

CNumber of suspected malicious activities reported since policy implementation

DPercentage of staff turnover following five consecutive days of leave

Answer : C

Tracking the number of suspected malicious activities reported provides direct evidence of the policy's effectiveness in detecting insider threats. This KPI aligns with Performance Metrics for Risk Mitigation.

Question 5

A risk practitioner has been notified of a social engineering attack using artificial intelligence (AI) technology to impersonate senior management personnel. Which of the following would BEST mitigate the impact of such attacks?

ASubscription to data breach monitoring sites

BSuspension and takedown of malicious domains or accounts

CIncreased monitoring of executive accounts

DTraining and awareness of employees for increased vigilance

Answer : D

Training employees to recognize and respond to social engineering tactics is the most effective way to mitigate these attacks. It empowers staff to act as the first line of defense, aligning with Risk Awareness and Organizational Training practices.

Question 6

Which of the following BEST reduces the likelihood of fraudulent activity that occurs through use of a digital wallet?

ARequire multi-factor authentication (MFA) to access the digital wallet.

BUse a digital key to encrypt the contents of the wallet.

CEnable audit logging on the digital wallet's device.

DRequire public key infrastructure (PKI) to authorize transactions.

Answer : A

Requiring MFA increases the security of digital wallets by adding an additional layer of authentication, making it harder for unauthorized users to gain access. This aligns with Access Control Standards and significantly reduces the likelihood of fraud.

Question 7

An organization has adopted an emerging technology without following proper processes. Which of the following is the risk practitioner's BEST course of action to address this risk?

AAccept the risk because the technology has already been adopted.

BPropose a transfer of risk to a third party with subsequent monitoring.

CConduct a risk assessment to determine risk exposure.

DRecommend to senior management to decommission the technology.

Answer : C

Conducting a risk assessment allows the organization to evaluate the exposure created by adopting the technology. This step ensures informed decision-making and aligns with the principles of Risk Identification and Assessment for managing emerging risks effectively.

Isaca CRISC Certified in Risk and Information Systems Control Exam Practice Test