Question 1

An organization’s business gap analysis reveals the need for a robust IT risk strategy. Which of the following should be the risk practitioner’s PRIMARY consideration when participating in development of the new strategy?

Options :

A : Proposed risk budget

B : Risk indicators

C : Risk culture

D : Scale of technology

Answer: C

Question 2

After identifying new risk events during a project, the project manager's NEXT step should be to:

Options :

A : continue with a quantitative risk analysis

B : determine if the scenarios need to be accepted or responded to

C : continue with a qualitative risk analysis

D : record the scenarios into the risk register

Answer: A

Question 3

Which of the following vulnerability assessment software can check for weak passwords on the network?

Options :

A : Password cracker

B : Antivirus software

C : Anti-spyware software

D : Wireshark

Answer: A

Question 4

During a risk assessment, a key external technology supplier refuses to provide control design and effectiveness information, citing confidentiality concerns. What should the risk practitioner do NEXT?

Options :

A : Escalate the non-cooperation to management

B : Exclude applicable controls from the assessment

C : Review the supplier-s contractual obligations

D : Request risk acceptance from the business process owner

Answer: C

Question 5

Key control indicators (KCIs) help to assess the effectiveness of the internal control environment PRIMARILY by:

Options :

A : enabling senior leadership to better understand the level of risk the organization is facing.

B : ensuring controls are operating efficiently and facilitating productivity.

C : monitoring changes in the likelihood of adverse events due to ineffective controls.

D : providing information on the degree to which controls are meeting intended objectives.

Answer: D

Higher Test Marks with Free Online CRISC Exam Practice

Buying Options: