Free CRISC Exam Braindumps

- (Exam Topic 1)
A risk assessment has identified that departments have installed their own WiFi access points on the enterprise network. Which of the following would be MOST important to include in a report to senior management?

1. A. The network security policy
2. B. Potential business impact
3. C. The WiFi access point configuration
4. D. Planned remediation actions

Correct Answer: B

- (Exam Topic 3)
The objective of aligning mitigating controls to risk appetite is to ensure that:

1. A. exposures are reduced to the fullest extent
2. B. exposures are reduced only for critical business systems
3. C. insurance costs are minimized
4. D. the cost of controls does not exceed the expected loss.

Correct Answer: D

- (Exam Topic 3)
Which of the following is the MOST important responsibility of a risk owner?

1. A. Testing control design
2. B. Accepting residual risk
3. C. Establishing business information criteria
4. D. Establishing the risk register

Correct Answer: C

- (Exam Topic 1)
During an IT risk scenario review session, business executives question why they have been assigned ownership of IT-related risk scenarios. They feel IT risk is technical in nature and therefore should be owned by IT. Which of the following is the BEST way for the risk practitioner to address these concerns?

1. A. Describe IT risk scenarios in terms of business risk.
2. B. Recommend the formation of an executive risk council to oversee IT risk.
3. C. Provide an estimate of IT system downtime if IT risk materializes.
4. D. Educate business executives on IT risk concepts.

Correct Answer: A

- (Exam Topic 2)
A risk practitioner has learned that an effort to implement a risk mitigation action plan has stalled due to lack of funding. The risk practitioner should report that the associated risk has been:

1. A. mitigated
2. B. accepted
3. C. avoided
4. D. deferred

Correct Answer: B