Free Access ISACA.CRISC.v2022-08-23.q834 Practice Test (Page 42)

Question 201

Which of the following statements is true for risk analysis?

A.Risk analysis should assume an equal degree of protection for all assets.

B.Risk analysis should give more weight to the likelihood than the size of loss.

C.Risk analysis should limit the scope to a benchmark of similar companies

D.Risk analysis should address the potential size and likelihood of loss.

Question 202

Which of the following BEST protects an organization against breaches when using a software as a service (SaaS) application?

A.Data privacy impact assessment (DPIA)

B.Control self-assessment (CSA)

C.Security information and event management (SIEM) solutions

D.Data loss prevention (DLP) tools

Question 203

Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?

A.A high number of approved exceptions exist with compensating controls.

B.Asset custodians are responsible for defining controls instead of asset owners.

C.Successive assessments have the same recurring vulnerabilities.

D.Redundant compensating controls are in place.

Question 204

The maturity of an IT risk management program is MOST influenced by:

A.expertise available within the IT department

B.benchmarking results against similar organizations

C.the organization's risk culture

D.industry-specific regulatory requirements

Question 205

Which of the following is the MOST important objective of embedding risk management practices into the initiation phase of the project management life cycle?

A.To include project risk in the enterprise-wide IT risk profile

B.To deliver projects on time and on budget

C.To assess risk throughout the project

D.To assess inherent risk

Other Version: 3403ISACA.CRISC.v2025-07-19.q999; 6510ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 15360ISACA.CRISC.v2022-05-05.q821; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 105HP.HPE0-V27.v2025-09-11.q78; 119Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 135SAP.C-S4EWM-2023.v2025-09-08.q83; 168TheSecOpsGroup.CNSP.v2025-09-08.q20; 235CFAInstitute.ESG-Investing.v2025-09-08.q173; 216PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 154Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 201

Question 202

Question 203

Question 204

Question 205

Download PDF File