Free CRISC Exam Braindumps

- (Exam Topic 3)
In which of the following system development life cycle (SDLC) phases should controls be incorporated into system specifications?

1. A. Implementation
2. B. Development
3. C. Design
4. D. Feasibility

Correct Answer: C

- (Exam Topic 3)
An organization automatically approves exceptions to security policies on a recurring basis. This practice is MOST likely the result of:

1. A. a lack of mitigating actions for identified risk
2. B. decreased threat levels
3. C. ineffective service delivery
4. D. ineffective IT governance

Correct Answer: D

- (Exam Topic 3)
The PRIMARY objective of a risk identification process is to:

1. A. evaluate how risk conditions are managed.
2. B. determine threats and vulnerabilities.
3. C. estimate anticipated financial impact of risk conditions.
4. D. establish risk response options.

Correct Answer: B

- (Exam Topic 2)
An audit reveals that there are changes in the environment that are not reflected in the risk profile. Which of the following is the BEST course of action?

1. A. Review the risk identification process.
2. B. Inform the risk scenario owners.
3. C. Create a risk awareness communication plan.
4. D. Update the risk register.

Correct Answer: A

- (Exam Topic 3)
An organization's chief information officer (CIO) has proposed investing in a new. untested technology to take advantage of being first to market Senior management has concerns about the success of the project and has set a limit for expenditures before final approval. This conditional approval indicates the organization's risk:

1. A. capacity.
2. B. appetite.
3. C. management capability.
4. D. treatment strategy.

Correct Answer: B