Free CRISC Exam Braindumps

- (Exam Topic 2)
A newly enacted information privacy law significantly increases financial penalties for breaches of personally identifiable information (Pll). Which of the following will MOST likely outcome for an organization affected by the new law?

1. A. Increase in compliance breaches
2. B. Increase in loss event impact
3. C. Increase in residual risk
4. D. Increase in customer complaints

Correct Answer: B

- (Exam Topic 3)
A control for mitigating risk in a key business area cannot be implemented immediately. Which of the following is the risk practitioner's BEST course of action when a compensating control needs to be applied?

1. A. Obtain the risk owner's approval.
2. B. Record the risk as accepted in the risk register.
3. C. Inform senior management.
4. D. update the risk response plan.

Correct Answer: A

- (Exam Topic 2)
Which of the following should a risk practitioner do FIRST when an organization decides to use a cloud service?

1. A. Review the vendor selection process and vetting criteria.
2. B. Assess whether use of service falls within risk tolerance thresholds.
3. C. Establish service level agreements (SLAs) with the vendor.
4. D. Check the contract for appropriate security risk and control provisions.

Correct Answer: D

- (Exam Topic 2)
Which of The following is the PRIMARY consideration when establishing an organization's risk management methodology?

1. A. Business context
2. B. Risk tolerance level
3. C. Resource requirements
4. D. Benchmarking information

Correct Answer: A

- (Exam Topic 2)
Which of The following would offer the MOST insight with regard to an organization's risk culture?

1. A. Risk management procedures
2. B. Senior management interviews
3. C. Benchmark analyses
4. D. Risk management framework

Correct Answer: B