Online Access Free ISACA.CRISC.v2022-02-22.q349 Practice Test (Page 26)

CRISC Exam Question 121

The BEST key performance indicator (KPI) to measure the effectiveness of a vendor risk management program is the percentage of:

A.vendor contracts reviewed in the past year.

B.vendors providing risk assessments on time.

C.vendor risk mitigation action items completed on time.

D.vendors that have reported control-related incidents.

CRISC Exam Question 122

The BEST reason to classify IT assets during a risk assessment is to determine the:

A.appropriate level of protection

B.enterprise risk profile

C.priority in the risk register

D.business process owner

CRISC Exam Question 123

You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission refers to?

A.Probabilities

B.Threats

C.Vulnerabilities

D.Impacts

E.Explanation:
Vulnerabilities represent characteristics of information resources that may be exploited by a threat.
The given scenario describes such a situation, hence it is a vulnerability.

F.is incorrect. Threats are circumstances or events with the potential to cause harm to
information resources. This scenario does not describe a threat.

G.is incorrect. Probabilities represent the likelihood of the occurrence of a threat, and this
scenario does not describe a probability.

CRISC Exam Question 124

A maturity model is MOST useful to an organization when it:

A.benchmarks against other organizations

B.provides risk metrics.

C.provides a reference for progress

D.defines a qualitative measure of risk

CRISC Exam Question 125

Which of the following establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc.?

A.Framework

B.Legal requirements

C.Standard

D.Practices

Other Version: 1014ISACA.CRISC.v2025-08-27.q675; 3110ISACA.CRISC.v2025-01-04.q999; 1406ISACA.CRISC.v2024-06-13.q683; 2096ISACA.CRISC.v2024-04-02.q999; 2687ISACA.CRISC.v2023-07-10.q544; 5410ISACA.CRISC.v2022-05-25.q338; 76ISACA.Actual4dump.CRISC.v2022-04-12.by.newman.349q.pdf; 5053ISACA.CRISC.v2021-10-27.q295; 42ISACA.Updatedumps.CRISC.v2021-09-05.by.bonnie.114q.pdf

Latest Upload: 287ISACA.CGEIT.v2025-09-19.q537; 153Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 154Scrum.SAFe-Practitioner.v2025-09-18.q63; 146Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 129Oracle.1Z1-182.v2025-09-17.q32; 244Nutanix.NCP-US-6.5.v2025-09-16.q73; 265Oracle.1z0-071.v2025-09-16.q232; 203Oracle.1Z1-922.v2025-09-16.q125; 325CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CRISC Exam Question 121

CRISC Exam Question 122

CRISC Exam Question 123

CRISC Exam Question 124

CRISC Exam Question 125

Download PDF File