CRISC Risk Response and Reporting UPDATED ACTUAL Questions and
CORRECT Answers
1. What would BEST help an enterprise select an appro- An analysis of control costs
priate risk response? and benefits
2. What is MOST useful for communicating current enter- KRIs
prise risk to management?
3. Which control assessment type is MOST effective for Penetration Testing
an Internet-facing application?
4. What is the MOST important control that should be in Use of two-factor au-
place to safeguard against the misuse of the corporate thentication will proactive-
social media account? ly protect the account from
unauthorized access.
5. The PRIMARY reason to report significant changes in initiate a risk impact analy-
IT risk to management is to: sis to determine if ad-
ditional response is re-
quired.
6. Which of the following is MOST important to ensure a representative sample
meaningful reporting of key risk indicators? Data are
extracted from:
7. Which of the following activities is MOST important in Perform a cost-benefit
determining the risk mitigation strategy? analysis related to risk ac-
ceptance.
8. How can an enterprise determine the aggregated risk security information and
from several sources? Through a: event management sys-
tem
9. An attainable KPI is one
, that is realistic and based
2/8
CORRECT Answers
1. What would BEST help an enterprise select an appro- An analysis of control costs
priate risk response? and benefits
2. What is MOST useful for communicating current enter- KRIs
prise risk to management?
3. Which control assessment type is MOST effective for Penetration Testing
an Internet-facing application?
4. What is the MOST important control that should be in Use of two-factor au-
place to safeguard against the misuse of the corporate thentication will proactive-
social media account? ly protect the account from
unauthorized access.
5. The PRIMARY reason to report significant changes in initiate a risk impact analy-
IT risk to management is to: sis to determine if ad-
ditional response is re-
quired.
6. Which of the following is MOST important to ensure a representative sample
meaningful reporting of key risk indicators? Data are
extracted from:
7. Which of the following activities is MOST important in Perform a cost-benefit
determining the risk mitigation strategy? analysis related to risk ac-
ceptance.
8. How can an enterprise determine the aggregated risk security information and
from several sources? Through a: event management sys-
tem
9. An attainable KPI is one
, that is realistic and based
2/8
