Is the CRISC practice exam free?

Yes. ExamCademy offers all 1857 CRISC practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the CRISC practice questions?

All CRISC questions are community-created and reviewed by moderators to align with Isaca's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the CRISC exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Isaca documentation and hands-on experience for best results.

CRISC Practice Exam — Free 1857+ Questions

1857Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Risk Response and Reporting

Question 2

Governance

Question 3

Risk Assessment

Question 4

Risk Assessment

Question 5

Risk Response and Reporting

Question 6

Risk Assessment

Question 7

Risk Response and Reporting

Question 8

Risk Assessment

Question 9

Governance

Question 10

Risk Response and Reporting

Question 11

Risk Response and Reporting

Question 12

Governance

Question 13

Risk Assessment

Question 14

Risk Response and Reporting

Question 15

Risk Response and Reporting

Question 16

Risk Response and Reporting

Question 17

Risk Response and Reporting

Question 18

Risk Response and Reporting

Question 19

Governance

Question 20

Governance

Question 21

Risk Assessment

Question 22

Risk Response and Reporting

Question 23

Risk Response and Reporting

Question 24

Risk Assessment

Question 25

Risk Assessment

Page 1 of 75 • Questions 1-25 of 1857

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?

A Avoidance
B Mitigation
C Acceptance
D Transfer

Which of the following is an administrative control?

A Water detection
B Reasonableness check
C Data loss prevention program
D Session timeout

Risks to an organization's image are referred to as what kind of risk?

A Operational
B Financial
C Information
D Strategic

You are the project manager of the NHQ project in Bluewell Inc. The project has an asset valued at $200,000 and is subjected to an exposure factor of 45 percent.
If the annual rate of occurrence of loss in this project is once a month, then what will be the Annual Loss Expectancy (ALE) of the project?

A $ 2,160,000
B $ 95,000
C $ 108,000
D $ 90,000

You are the project manager of GHT project. You have planned the risk response process and now you are about to implement various controls. What you should do before relying on any of the controls?

A Review performance data
B Discover risk exposure
C Conduct pilot testing
D Articulate risk

Which of the following statements are true for enterprise's risk management capability maturity level 3?

A Workflow tools are used to accelerate risk issues and track decisions
B The business knows how IT fits in the enterprise risk universe and the risk portfolio view
C The enterprise formally requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals
D Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized

You are the project manager of GHT project. You have analyzed the risk and applied appropriate controls. In turn, you got residual risk as a result of this. Residual risk can be used to determine which of the following?

A Status of enterprise's risk
B Appropriate controls to be applied next
C The area that requires more control
D Whether the benefits of such controls outweigh the costs

Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization.
Which of the following assessment are you doing?

A IT security assessment
B IT audit
C Threat and vulnerability assessment
D Risk assessment

Which of the following control audit is performed to assess the efficiency of the productivity in the operations environment?

A Operational
B Financial
C Administrative
D Specialized

Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly.
What type of risk response had been used by him?

A Avoiding
B Accepting
C Exploiting
D Enhancing

You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?

A Reduction in the frequency of a threat
B Minimization of inherent risk
C Reduction in the impact of a threat
D Minimization of residual risk

Which of the following will significantly affect the standard information security governance model?

A Currency with changing legislative requirements
B Number of employees
C Complexity of the organizational structure
D Cultural differences between physical locations

You work as a project manager for BlueWell Inc. You are preparing for the risk identification process. You will need to involve several of the project's key stakeholders to help you identify and communicate the identified risk events. You will also need several documents to help you and the stakeholders identify the risk events. Which one of the following is NOT a document that will help you identify and communicate risks within the project?

A Stakeholder registers
B Activity duration estimates
C Activity cost estimates
D Risk register

You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here?

A Of risk indicator
B Of risk identification
C Of risk trigger
D Of risk response

You are working in an enterprise. Assuming that your enterprise periodically compares finished goods inventory levels to the perpetual inventories in its ERP system. What kind of information is being provided by the lack of any significant differences between perpetual levels and actual levels?

A Direct information
B Indirect information
C Risk management plan
D Risk audit information

A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

A Transference
B Mitigation
C Avoidance
D Exploit

Which of the following control detects problem before it can occur?

A Deterrent control
B Detective control
C Compensation control
D Preventative control

Out of several risk responses, which of the following risk responses is used for negative risk events?

A Share
B Enhance
C Exploit
D Accept

Which of the following is MOST important to the effectiveness of key performance indicators (KPIs)?

A Management approval
B Automation
C Annual review
D Relevance

Which of the following is the BEST indication of an effective risk management program?

A Risk action plans are approved by senior management
B Mitigating controls are designed and implemented
C Residual risk is within the organizational risk appetite
D Risk is recorded and tracked in the risk register

After undertaking a risk assessment of a production system, the MOST appropriate action is for the risk manager to:

A inform the IT manager of the concerns and propose measures to reduce them
B inform the process owner of the concerns and propose measures to reduce them
C inform the development team of the concerns, and together formulate risk reduction measures
D recommend a program that minimizes the concerns of that production system

An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?

A Restrict access to customer data on a ג€need to knowג€ basis
B Enforce criminal background checks
C Mask customer data fields
D Require vendor to sign a confidentiality agreement

Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?

A A decrease in the number of key controls
B Changes in control design
C An increase in residual risk
D Changes in control ownership

Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

A Business management
B Business process owner
C Chief information officer (CIO)
D Chief risk officer (CRO)

When developing a business continuity plan (BCP), it is MOST important to:

A develop a multi-channel communication plan
B prioritize critical services to be restored
C identify a geographically dispersed disaster recovery site
D identify an alternative location to host operations

CRISCPreview

About the CRISC Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

CRISCPreview

About the CRISC Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25