Question 1

Periodically reviewing and updating a risk register with details on identified risk factors PRIMARILY helps to:

Options :

A : provide a current reference to stakeholders for risk-based decisions

B : minimize the number of risk scenarios for risk assessment

C : aggregate risk scenarios identified across different business units

D : build a threat profile of the organization for management review

Answer: A

Question 2

Which of the following is the HIGHEST risk of a policy that inadequately defines data and system ownership?

Options :

A : User management coordination does not exist

B : Audit recommendations may not be implemented

C : Users may have unauthorized access to originate, modify or delete data

D : Specific user accountability cannot be established

Answer: C

Question 3

Implementing which of the following will BEST help ensure that systems comply with an established baseline before deployment?

Options :

A : Continuous monitoring and alerting.

B : Access controls and active logging.

C : Configuration management.

D : Vulnerability scanning.

Answer: A

Question 4

An internal audit report reveals that a legacy system is no longer supported. Which of the following is the risk practitioner’s MOST important action before recommending a risk response?

Options :

A : Explore the feasibility of replacing the legacy system.

B : Identify other legacy systems within the organization.

C : Assess the potential impact and cost of mitigation.

D : Review historical application downtime and frequency.

Answer: C

Question 5

A PRIMARY advantage of involving business management in evaluating and managing risk is that management:

Options :

A : can make better informed business decisions

B : better understands the system architecture

C : can balance technical and business risk

D : is more objective than risk management

Answer: A

Higher Test Marks with Free Online CRISC Exam Practice

Buying Options: