Exam CRISC: Certified in Risk and Information Systems Control

Some new sample questions:
Question:
Which of the following is the MOST important course of action to foster an ethical, risk-aware culture?
A. Implement a fraud detection and prevention framework.
B. Ensure the alignment of the organization’s policies and standards to the defined risk appetite.
C. Establish an enterprise-wide ethics training and awareness program.
D. Perform a comprehensive review of all applicable legislative frameworks and requirements.

Question:
An organization has updated its acceptable use policy to mitigate the risk of employees disclosing confidential information. Which of the following is the BEST way to reinforce the effectiveness of this policy?
A. Communicate sanctions for policy violations to all staff.
B. Obtain signed acceptance of the new policy from employees.
C. Train all staff on relevant information security best practices.
D. Implement data loss prevention (DLP) within the corporate network.

Question:
Which of the following is MOST important to review when evaluating the ongoing effectiveness of the IT risk register?
A. The costs associated with mitigation options
B. The status of identified risk scenarios
C. The cost-benefit analysis of each risk response
D. The timeframes for risk response actions

Question:
An assessment of information security controls has identified ineffective controls. Which of the following should be the risk practitioner’s FIRST course of action?
A. Determine whether the impact is outside the risk appetite.
B. Request a formal acceptance of risk from senior management.
C. Report the ineffective control for inclusion in the next audit report.
D. Deploy a compensating control to address the identified deficiencies.

Question:
Which of the following will MOST likely change as a result of the decrease in risk appetite due to a new privacy regulation?
A. Key risk indicator (KRI) thresholds
B. Risk trends
C. Key performance indicators (KPIs)
D. Risk objectives
……………