Free Access ISACA.CRISC.v2022-05-05.q821 Practice Test (Page 26)

Question 121

Which of the following is the BEST method for assessing control effectiveness against technical vulnerabilities that could be exploited to compromise an information system?

A.Vulnerability scanning

B.Penetration testing

C.Systems log correlation analysis

D.Monitoring of intrusion detection system (IDS) alerts

Question 122

You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?

A.Data gathering and representation techniques

B.Expert judgment

C.Quantitative risk analysis and modeling techniques

D.Organizational process assets

Question 123

Which of the following BEST enables a risk practitioner to enhance understanding of risk among stakeholders?

A.Threat analysis

B.Key risk indicators

C.Risk scenarios

D.Business impact analysis

Question 124

Which of the following BEST supports ethical IT risk management practices?

A.Robust organizational communication channels

B.Rigorously enforced operational service level agreements (SLAs)

C.Capability maturity models integrated with risk management frameworks

D.Mapping of key risk indicators (KRIs) to corporate strategy

Question 125

When prioritizing risk response, management should FIRST:

A.evaluate the organization's ability and expertise to implement the solution.

B.evaluate the risk response of similar organizations.

C.determine which risk factors have high remediation costs.

D.address high risk factors that have efficient and effective solutions.

Other Version: 3387ISACA.CRISC.v2025-07-19.q999; 6495ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12561ISACA.CRISC.v2022-08-23.q834; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 166TheSecOpsGroup.CNSP.v2025-09-08.q20; 229CFAInstitute.ESG-Investing.v2025-09-08.q173; 176PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 152Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 121

Question 122

Question 123

Question 124

Question 125

Download PDF File