Free CRISC Exam Braindumps

- (Exam Topic 1)
Which of the following is the MOST important consideration when multiple risk practitioners capture risk scenarios in a single risk register?

1. A. Aligning risk ownership and control ownership
2. B. Developing risk escalation and reporting procedures
3. C. Maintaining up-to-date risk treatment plans
4. D. Using a consistent method for risk assessment

Correct Answer: D

- (Exam Topic 3)
An organization's IT infrastructure is running end-of-life software that is not allowed without exception approval. Which of the following would provide the MOST helpful information to justify investing in updated software?

1. A. The balanced scorecard
2. B. A cost-benefit analysis
3. C. The risk management frameworkD, A roadmap of IT strategic planning

Correct Answer: B

- (Exam Topic 3)
The PRIMARY reason for prioritizing risk scenarios is to:

1. A. provide an enterprise-wide view of risk
2. B. support risk response tracking
3. C. assign risk ownership
4. D. facilitate risk response decisions.

Correct Answer: D

- (Exam Topic 3)
It is MOST important that security controls for a new system be documented in:

1. A. testing requirements
2. B. the implementation plan.
3. C. System requirements
4. D. The security policy

Correct Answer: C

- (Exam Topic 2)
Which of the following will provide the BEST measure of compliance with IT policies?

1. A. Evaluate past policy review reports.
2. B. Conduct regular independent reviews.
3. C. Perform penetration testing.
4. D. Test staff on their compliance responsibilities.

Correct Answer: C