Free Access ISACA.CRISC.v2024-09-11.q999 Practice Test (Page 14)

Question 61

A risk practitioner is developing a set of bottom-up IT risk scenarios. The MOST important time to involve business stakeholders is when:

A.identifying risk mitigation controls

B.documenting the risk scenarios

C.validating the risk scenarios

D.updating the risk register

Question 62

An organization has four different projects competing for funding to reduce overall IT risk. Which project should management defer?

A.Project Bravo

B.Project Charlie

C.Project Alpha

D.Project Delta

Question 63

An organization with a large number of applications wants to establish a security risk assessment program.
Which of the following would provide the MOST useful information when determining the frequency of risk assessments?

A.Results of a benchmark analysis

B.Feedback from end users

C.Recommendations from internal audit

D.Prioritization from business owners

Question 64

Which of the following would be MOST helpful in assessing the risk associated with data loss due to human vulnerabilities?

A.Reviewing password change history

B.Performing periodic access recertification

C.Conducting social engineering exercises

D.Reviewing the results of security awareness surveys

Question 65

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?

A.Management review and sign-off on system documentation

B.Review of internal audit and third-party reports

C.Self-assessment questionnaires completed by management

D.First-hand direct observation of the controls in operation

Other Version: 3335ISACA.CRISC.v2025-07-19.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12549ISACA.CRISC.v2022-08-23.q834; 15322ISACA.CRISC.v2022-05-05.q821; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 103OCEG.GRCP.v2025-09-11.q211; 102HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 147Salesforce.Data-Architect.v2025-09-05.q216; 141Adobe.AD0-E605.v2025-09-05.q50

Question 61

Question 62

Question 63

Question 64

Question 65

Download PDF File