Question 1

Which of the following methods is an example of risk mitigation?

Options :

A : Outsourcing the IT activities and infrastructure

B : Taking out insurance coverage for IT-related incidents

C : Enforcing change and configuration management processes

D : Not providing capability for employees to work remotely

Answer: C

Question 2

Numerous media reports indicate a recently discovered technical vulnerability is being actively exploited. Which of the following would be the BEST response to this scenario?

Options :

A : Assess the vulnerability management process

B : Conduct a control self-assessment

C : Reassess the inherent risk of the target

D : Conduct a vulnerability assessment

Answer: D

Question 3

Which of the following are sub-categories of threat?

Each correct answer represents a complete solution. (Choose three.)

Options :

A : Natural and supernatural

B : Computer and user

C : Natural and man-made

D : Intentional and accidental

E : External and internal

Answer: A,C,D

Question 4

Which of the following is the MOST likely reason for a significant year-over-year increase in inherent risk?

Options :

A : Targeted cyberattacks against the organization-s infrastructure

B : A significant number of control failures identified during an audit

C : A lack of defined risk ownership due to organizational changes

D : An ineffective risk action plan validation process

Answer: B

Question 5

Which of the following is the MOST effective inhibitor of relevant and efficient communication?

Options :

A : A false sense of confidence at the top on the degree of actual exposure related to IT and lack of a well-understood direction for risk management from the top down

B : The perception that the enterprise is trying to cover up known risk from stakeholders

C : Existence of a blame culture

D : Misalignment between real risk appetite and translation into policies

Answer: C

Smartly Prepare Exam with Free Online CRISC Practice Test

Buying Options: