Free CRISC Exam Braindumps

- (Exam Topic 2)
Which of the following provides The BEST information when determining whether to accept residual risk of a critical system to be implemented?

1. A. Single loss expectancy (SLE)
2. B. Cost of the information system
3. C. Availability of additional compensating controls
4. D. Potential business impacts are within acceptable levels

Correct Answer: D

- (Exam Topic 3)
Which of the following is the BEST key control indicator (KCI) for a vulnerability management program?

1. A. Percentage of high-risk vulnerabilities missed
2. B. Number of high-risk vulnerabilities outstanding
3. C. Defined thresholds for high-risk vulnerabilities
4. D. Percentage of high-risk vulnerabilities addressed

Correct Answer: D

- (Exam Topic 3)
When defining thresholds for control key performance indicators (KPIs). it is MOST helpful to align:

1. A. information risk assessments with enterprise risk assessments.
2. B. key risk indicators (KRIs) with risk appetite of the business.
3. C. the control key performance indicators (KPIs) with audit findings.
4. D. control performance with risk tolerance of business owners.

Correct Answer: B

- (Exam Topic 3)
A bank recently incorporated Blockchain technology with the potential to impact known risk within the organization. Which of the following is the risk practitioner’s BEST course of action?

1. A. Determine whether risk responses are still adequate.
2. B. Analyze and update control assessments with the new processes.
3. C. Analyze the risk and update the risk register as needed.
4. D. Conduct testing of the control that mitigate the existing risk.

Correct Answer: B

- (Exam Topic 2)
The PRIMARY reason for periodic penetration testing of Internet-facing applications is to:

1. A. ensure policy and regulatory compliance.
2. B. assess the proliferation of new threats.
3. C. verify Internet firewall control settings.
4. D. identify vulnerabilities in the system.

Correct Answer: C