ISACA CRISC Certification Sample Questions

CRISC Dumps, CRISC PDF, CRISC VCE, ISACA Risk and Information Systems Control VCE, , ISACA Risk and Information Systems Control PDFThe purpose of this Sample Question Set is to provide you with information about the ISACA Risk and Information Systems Control (CRISC) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CRISC certification test. To get familiar with real exam environment, we suggest you try our Sample ISACA Risk and Information Systems Control Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual ISACA Certified in Risk and Information Systems Control (CRISC) certification exam.

These sample questions are simple and basic questions that represent likeness to the real ISACA Risk and Information Systems Control exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium ISACA CRISC Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

ISACA CRISC Sample Questions:

01. Which of the following is MOST important to determine when defining risk management strategies?
a) Risk assessment criteria
b) IT architecture complexity
c) Enterprise disaster recovery plan
d) Business objectives and operations
02. What is the MOST important control that should be in place to safeguard against the misuse of the corporate social media account?
a) Social media account monitoring
b) Two-factor authentication
c) Awareness training
d) Strong passwords
03. The GREATEST risk posed by an absence of strategic planning is:
a) increase in the number of licensing violations.
b) increase in the number of obsolete systems.
c) improper oversight of IT investment.
d) unresolved current and past problems.
04. A business case developed to support risk mitigation efforts for a complex application development project should be retained until:
a) the application’s end of life.
b) user acceptance of the application.
c) the application is deployed.
d) the project is approved.
05. Which of the following risk management roles is part of first line of defense?
a) Chief risk officer.
b) Risk steering committee.
c) Risk owner.
d) Board of directors.
06. According to the three lines of defense model, where would the data ethics function MOST likely reside in an enterprise?
a) The first line of defense
b) The second line of defense
c) The third line of defense
d) The board of directors
07. Which of the following factors should be assessed after the likelihood of a loss event has been determined?
a) Magnitude of impact
b) Risk tolerance
c) Residual risk
d) Compensating controls
08. Which of the following is MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?
a) The approved budget of the project
b) The frequency of incidents
c) The annual loss expectancy of incidents
d) The total cost of ownership
09. If risk has been identified, but not yet mitigated, the enterprise would?
a) record and mitigate serious risk and disregard low-level risk.
b) obtain management commitment to mitigate all identified risk within a reasonable time frame.
c) document identified risk in the risk register and maintain the remediation status.
d) conduct an annual risk assessment, but disregard previous assessments to prevent risk bias.
10. Which of the following BEST ensures that appropriate mitigation occurs on identified information systems vulnerabilities?
a) Presenting root cause analysis to the management of the enterprise.
b) Implementing software to input the action points.
c) Incorporating the findings into the annual report to shareholders.
d) Assigning action plans with deadlines to responsible personnel.


Question: 01
Answer: d
Question: 02
Answer: b
Question: 03
Answer: c
Question: 04
Answer: a
Question: 05
Answer: c
Question: 06
Answer: b
Question: 07
Answer: a
Question: 08
Answer: d
Question: 09
Answer: c
Question: 10
Answer: d

Note: For any error in ISACA Certified in Risk and Information Systems Control (CRISC) certification exam sample questions, please update us by writing an email on

Rating: 4.8 / 5 (198 votes)