Certified in Risk and Information Systems Control Exam (CRISC) - Isaca Actual Exam Questions
Last updated on May 02, 2026
Which of the following will MOST improve stakeholders' understanding of the effect of a potential threat?
Establishing a risk management committee
Updating the organization's risk register to reflect the new threat
Communicating the results of the threat impact analysis
Establishing metrics to assess the effectiveness of the responses
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Establishing and organizational code of conduct is an example of which type of control?
Preventive
Directive
Detective
Compensating
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
An organization has outsourced its customer management database to an external service provider. Of the following, who should be accountable for ensuring customer data privacy?
The organization's business process owner
The organization's information security manager
The organization's vendor management officer
The vendor's risk manager
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Within the three lines of defense model, the responsibility for managing risk and controls resides with:
operational management.
the risk practitioner.
the internal auditor.
executive management.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
What is the PRIMARY benefit of risk monitoring?
It reduces the number of audit findings.
It provides statistical evidence of control efficiency.
Itfacilitates risk-aware decision making.
It facilitates communication of threat levels.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Finish Practice?
Are you sure you want to finish? This will end your practice session.