CRISC Review Questions With Answers
100% Correct
Why do you make risk aware business decisions? To ensure the full function of
governance and range of opportunities with the consequences for each decision that will impact
the enterprise or the environment.
What are the Risk Management controls to be implemented and operating correctly? For
oversight and due diligence. For mitigating risk and ensuring the protection of the organization
with the implemented and monitoring controls that are effective.
What is the process of he Risk Management Life Cycle? IT Risk Identification
IT Risk Assessment
Risk Response & Mitigation
Risk & Control Monitoring & Report
Risk & Business Continuity If the BCP (Business Continuity Plan) is inadequate or
inaccurate, the organization/enterprise may not meet their goals for recovery after an incident.
This is where the IT Risk Management connections with Business Continuity. IT Risk
Management and the Business ensure that all functions are organized and are meeting the firms
, CRISC Review Questions With Answers
100% Correct
missions and goals to reduces risk to an acceptable level and mitigate any failures that occur in
timely fashion.
Risk & Audit Risk associates with Audit to ensure that the effectiveness of the Control
Framework. This helps with Legislation, Government oversight and Media scrutiny. All IS
(information systems) auditors are required to be: objective, skilled, and independent. They
should be able to assess, identify, document and provide recommendations for risks,
vulnerabilities and addressed issues.
Risk & Information Security This drives the selection of controls and justifies the initial
and continued operations. Every control should be traceable back to specific risk that the control
is designed to mitigate. Types of risk: Control, Project & Change
Control Risk The risk that a material error exists that would not be prevented or detected
on a timely basis by the system of internal control.
Project Risk A structured set of activities concerned with delivering a defined capability
(that is necessary, but not sufficient, to achieve a required business outcome) to the enterprise,
based on agreed-on schedule and budget.
, CRISC Review Questions With Answers
100% Correct
Change Risk Risk that is not static, changes in the technology, regulations, business
processes, functionality, architecture, users and other variables that affect the business and
technical environments of the organization may affect the levels of risk associated with system
operations.
What are the SIX NIST Risk Management Framework Steps? 1. Categorize Information
Systems
2. Select Security Controls
3. Implement Security Controls
4. Assess Security Controls
5. Authorize Information Systems
6. Monitor Security Control
1.1 Which of the following business requirements BEST relates to the need for resilient business
and information system processes?
A. Effectiveness
B. Confidentiality
C. Integrity
, CRISC Review Questions With Answers
100% Correct
D. Availability D. AVAILABILITY relates to information being available when required
by the business process - now and in the future. Resilience is the ability to provide and maintain
an acceptable level of service during disasters or when casing operational challenges.
1.2 Which of the following Statements BEST describes the value of a risk register?
A. It captures the Risk inventory.
B. It drives the risk response plan.
C. It is a risk reporting tool.
D. It lists internal and external risk B. Risk registers serve as the main reference for all
risk-related information, supporting risk-related decisions such as risk response activities and
their prioritization.
1.3 Shortly after preforming the annual review and revision of corporate policies, a risk
practitioner becomes aware that a new law may affect security requirements for the human
resources system. The risk practitioner should:
A. analyze in detail how the law may affect the enterprise.
B. ensure that necessary adjustments are implemented during the next review cycle.
100% Correct
Why do you make risk aware business decisions? To ensure the full function of
governance and range of opportunities with the consequences for each decision that will impact
the enterprise or the environment.
What are the Risk Management controls to be implemented and operating correctly? For
oversight and due diligence. For mitigating risk and ensuring the protection of the organization
with the implemented and monitoring controls that are effective.
What is the process of he Risk Management Life Cycle? IT Risk Identification
IT Risk Assessment
Risk Response & Mitigation
Risk & Control Monitoring & Report
Risk & Business Continuity If the BCP (Business Continuity Plan) is inadequate or
inaccurate, the organization/enterprise may not meet their goals for recovery after an incident.
This is where the IT Risk Management connections with Business Continuity. IT Risk
Management and the Business ensure that all functions are organized and are meeting the firms
, CRISC Review Questions With Answers
100% Correct
missions and goals to reduces risk to an acceptable level and mitigate any failures that occur in
timely fashion.
Risk & Audit Risk associates with Audit to ensure that the effectiveness of the Control
Framework. This helps with Legislation, Government oversight and Media scrutiny. All IS
(information systems) auditors are required to be: objective, skilled, and independent. They
should be able to assess, identify, document and provide recommendations for risks,
vulnerabilities and addressed issues.
Risk & Information Security This drives the selection of controls and justifies the initial
and continued operations. Every control should be traceable back to specific risk that the control
is designed to mitigate. Types of risk: Control, Project & Change
Control Risk The risk that a material error exists that would not be prevented or detected
on a timely basis by the system of internal control.
Project Risk A structured set of activities concerned with delivering a defined capability
(that is necessary, but not sufficient, to achieve a required business outcome) to the enterprise,
based on agreed-on schedule and budget.
, CRISC Review Questions With Answers
100% Correct
Change Risk Risk that is not static, changes in the technology, regulations, business
processes, functionality, architecture, users and other variables that affect the business and
technical environments of the organization may affect the levels of risk associated with system
operations.
What are the SIX NIST Risk Management Framework Steps? 1. Categorize Information
Systems
2. Select Security Controls
3. Implement Security Controls
4. Assess Security Controls
5. Authorize Information Systems
6. Monitor Security Control
1.1 Which of the following business requirements BEST relates to the need for resilient business
and information system processes?
A. Effectiveness
B. Confidentiality
C. Integrity
, CRISC Review Questions With Answers
100% Correct
D. Availability D. AVAILABILITY relates to information being available when required
by the business process - now and in the future. Resilience is the ability to provide and maintain
an acceptable level of service during disasters or when casing operational challenges.
1.2 Which of the following Statements BEST describes the value of a risk register?
A. It captures the Risk inventory.
B. It drives the risk response plan.
C. It is a risk reporting tool.
D. It lists internal and external risk B. Risk registers serve as the main reference for all
risk-related information, supporting risk-related decisions such as risk response activities and
their prioritization.
1.3 Shortly after preforming the annual review and revision of corporate policies, a risk
practitioner becomes aware that a new law may affect security requirements for the human
resources system. The risk practitioner should:
A. analyze in detail how the law may affect the enterprise.
B. ensure that necessary adjustments are implemented during the next review cycle.
