CRISC IS UPDATED ACTUAL Questions and CORRECT Answers
1. Handbook may violate local laws/regulations An enterprise expanded its
operations into Europe, Asia,
Latin America. Enterprise has
employee handbook that was
updated 3 years ago. What is
the biggest concern?
2. It is the utmost importance to assign risk to individ- Which of the following is the
ual owners to maximize accountability most important for effective
risk management.
3. Validating the companies policies to providers con- When requesting info to
tract comply with discovery, and
enterprise lead learned that
its cloud provider was not
contracted to backup mes-
sages. What is the greatest
concern?
4. provisions to assess the compliance of the provider Which of the following choic-
es is the most important part
of outsourcing a contract?
5. Processing of sensitive data was subcontracted by Which of the following out-
the vendor comes of outsourcing non-
core processes is of greatest
concern to the management
of an enterprise?
6. Are specific security controls mandated in the out- An enterprise has outsourced
sourcing contract/agreement several business functions to
a firm in another country, in-
cluding IT development, data
, hosting, and support. What
is the most important ques-
tion a risk professional will ask
in relation to the outsourcing
arrangements?
7. A new risk detection Which of the following is most
essential for a risk manage-
ment program to be effective?
8. Senior Management Who must give final sign off
on the IT Risk management
plan?
9. a level that the enterprise is willing to accept. Risk management are de-
signed to reduce risk to:
10. Probability and Consequence Which of the following com-
binations of factors helps
quantify risk?
11. improper oversight of IT investments The greatest risk posed by an
absence of strategic planning
is:
12. Lack of skilled resources Which of the following exam-
ples fo risk should be ad-
dressed during application
design?
13. Backdoors Which of the following is of
most concern for the risk
practitioner regarding appli-
, cations running in produc-
tion?
14. management control An enterprise security policy
is an example of which con-
trol?
15. It drives the risk response plan Which of the following state-
ments best describes the val-
ue of a risk register?
16. Users of IT services Who is accountable for busi-
ness risk related to IT?
17. A community cloud deployment model Which of the following cloud
computing models is most
appropriate for a collabora-
tive research between univer-
sities?
18. Corporate email system Senior management will most
likely have the highest toler-
ance for moving which of the
following to public cloud?
19. The installations of many insecure devices on the The most important external
internet factors that should be consid-
ered in a risk assessment are?
20. Board of Directors Who is accountable for the
overall enterprise strategy for
risk governance?
21. An actor
1. Handbook may violate local laws/regulations An enterprise expanded its
operations into Europe, Asia,
Latin America. Enterprise has
employee handbook that was
updated 3 years ago. What is
the biggest concern?
2. It is the utmost importance to assign risk to individ- Which of the following is the
ual owners to maximize accountability most important for effective
risk management.
3. Validating the companies policies to providers con- When requesting info to
tract comply with discovery, and
enterprise lead learned that
its cloud provider was not
contracted to backup mes-
sages. What is the greatest
concern?
4. provisions to assess the compliance of the provider Which of the following choic-
es is the most important part
of outsourcing a contract?
5. Processing of sensitive data was subcontracted by Which of the following out-
the vendor comes of outsourcing non-
core processes is of greatest
concern to the management
of an enterprise?
6. Are specific security controls mandated in the out- An enterprise has outsourced
sourcing contract/agreement several business functions to
a firm in another country, in-
cluding IT development, data
, hosting, and support. What
is the most important ques-
tion a risk professional will ask
in relation to the outsourcing
arrangements?
7. A new risk detection Which of the following is most
essential for a risk manage-
ment program to be effective?
8. Senior Management Who must give final sign off
on the IT Risk management
plan?
9. a level that the enterprise is willing to accept. Risk management are de-
signed to reduce risk to:
10. Probability and Consequence Which of the following com-
binations of factors helps
quantify risk?
11. improper oversight of IT investments The greatest risk posed by an
absence of strategic planning
is:
12. Lack of skilled resources Which of the following exam-
ples fo risk should be ad-
dressed during application
design?
13. Backdoors Which of the following is of
most concern for the risk
practitioner regarding appli-
, cations running in produc-
tion?
14. management control An enterprise security policy
is an example of which con-
trol?
15. It drives the risk response plan Which of the following state-
ments best describes the val-
ue of a risk register?
16. Users of IT services Who is accountable for busi-
ness risk related to IT?
17. A community cloud deployment model Which of the following cloud
computing models is most
appropriate for a collabora-
tive research between univer-
sities?
18. Corporate email system Senior management will most
likely have the highest toler-
ance for moving which of the
following to public cloud?
19. The installations of many insecure devices on the The most important external
internet factors that should be consid-
ered in a risk assessment are?
20. Board of Directors Who is accountable for the
overall enterprise strategy for
risk governance?
21. An actor
