Online Access Free CRISC Exam Questions

Which of The following BEST represents the desired risk posture for an organization?

• A.Accepted risk is higher than risk tolerance.
• B.Operational risk is higher than risk tolerance.
• C.Inherent risk is lower than risk tolerance.
• D.Residual risk is lower than risk tolerance.

Which of the following is MOST important to consider when determining a recovery time objective (RTO)?

• A.Maximum tolerable data loss after an incident
• B.Sensitivity of business data involved
• C.Time between backups for critical data
• D.Cost of downtime due to a disaster

Which of The following is the MOST comprehensive input to the risk assessment process specific to the effects of system downtime?

• A.Business continuity plan (BCP) testing results
• B.results Recovery point objective (RPO)
• C.Business impact analysis (BIA)
• D.Recovery lime objective (RTO)

Which of the following is the PRIMARY role of the board of directors in corporate risk governance?

• A.Monitoring the results of actions taken to mitigate risk
• B.Ensuring the effectiveness of the risk management program
• C.Ensuring risk scenarios are identified and recorded in the risk register
• D.Approving operational strategies and objectives

If preventive controls cannot be Implemented due to technology limitations, which of the following should be done FIRST to reduce risk7

• A.Define a process for monitoring risk.
• B.Redefine the business process to reduce the risk.
• C.Evaluate alternative controls.
• D.Develop a plan to upgrade technology.