Isaca CRISC Exam Practice Test Instant Access

Question 1

Following the implementation of an Internet of Things (loT) solution, a risk practitioner identifies new risk factors with impact to existing controls. Which of the following is MOST important to include in a report to stakeholders?

AIdentified vulnerabilities

BBusiness managers' concerns

CChanges to residual risk

DRisk strategies of peer organizations

Answer : C

Question 2

An organization has outsourced its customer management database to an external service provider. Of the following, who should be accountable for ensuring customer data privacy?

AThe organization's business process owner

BThe organization's information security manager

CThe organization's vendor management officer

DThe vendor's risk manager

Answer : A

Question 3

A risk practitioner finds that data has been misclassified. Which of the following is the GREATEST concern?

AUnauthorized access

BData corruption

CInadequate retention schedules

DData disruption

Answer : A

Question 4

A recently purchased IT application does not meet project requirements. Of the following, who is accountable for the potential impact?

ABusiness analyst

BProject sponsor

CIT project team

DIT project management office (PMO)

Answer : B

Question 5

A new risk practitioner finds that decisions for implementing risk response plans are not being made. Which of the following would MOST likely explain this situation?

ARisk ownership is not being assigned properly.

BThe organization has a high level of risk appetite.

CRisk management procedures are outdated.

DThe organization's risk awareness program is ineffective.

Answer : A

Question 6

Which of the following is the MOST critical consideration when awarding a project to a third-party service provider whose servers are located offshore?

ADifficulty of monitoring compliance due to geographical distance

BCost implications due to installation of network intrusion detection systems (IDSs)

CDelays in incident communication

DPotential impact on data governance

Answer : D

Question 7

Which of the following provides the MOST mitigation value for an organization implementing new Internet of Things (loT) devices?

APerforming a vulnerability assessment on the loT devices

BDesigning loT architecture with IT security controls from the start

CImplementing key risk indicators (KRIs) for loT devices

DTo ensure risk trend data is collected and reported

Answer : B

Isaca CRISC Certified in Risk and Information Systems Control Exam Practice Test