Free Isaca CRISC Exam Questions

Become Isaca Certified with updated CRISC exam questions and correct answers

Page: 1 / 364

Total 1818 Questions | Updated On: Feb 19, 2025

Add To Cart

Question 1

Which of the following is the MOST important consideration when determining whether to accept residual risk after security controls have been implemented on a critical system?

A : t of the information control system.

B : t versus benefit of additional mitigating controls.

C : nualized loss expectancy (ALE) for the system.

D : equency of business impact.

Answer: C

Question 2

Which of the following is the BEST evidence that a user account has been properly authorized?

A : tification from human resources that the account is active

B : rmal approval of the account by the user's manager

C : er privileges matching the request form

D : email from the user accepting the account

Answer: C

Question 3

When classifying and prioritizing risk responses, the areas to address FIRST are those with:

A : w cost effectiveness ratios and low risk levels.

B : gh cost effectiveness ratios and low risk levels.

C : w cost effectiveness ratios and high risk levels.

D : gh cost effectiveness ratios and high risk levels.

Answer: A

Question 4

Which of the following should be the FIRST step to investigate an IT monitoring system that has a decreasing alert rate?

A : just the sensitivity to trigger more alerts.

B : termine the root cause for the change in alert rate.

C : nduct regression testing to ensure alerts can be triggered.

D : view and adjust the timing of the reporting window.

Answer: B

Question 5

Which of the following is the MAIN reason for documenting the performance of controls?

A : tifying return on investment

B : monstrating effective risk mitigation

C : oviding accurate risk reporting

D : taining management sign-off

Answer: B

Page: 1 / 364

Total 1818 Questions | Updated On: Feb 19, 2025

Add To Cart