Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA CRISC Exam (page: 36)
ISACA Certified in Risk and Information Systems Control
Updated on: 25-Dec-2025

Viewing Page 36 of 361
CRISC PDF 1895 Questions

Which of the following are the security plans adopted by the organization? Each correct answer represents a complete solution. (Choose three.)

  1. Business continuity plan
  2. Backup plan
  3. Disaster recovery plan
  4. Project management plan

Answer(s): A,B,C

Explanation:

Organizations create different security plans to address different scenarios. Many of the security plans are common to most organizations.

Most used security plans found in many organizations are: Business continuity plan
Disaster recovery plan Backup plan
Incident response plan

Incorrect Answers:
D: Project management plan is not a security plan, but a plan which describes the implementation of the project.



Which of the following guidelines should be followed for effective risk management? Each correct answer represents a complete solution. Choose three.

  1. Promote and support consistent performance in risk management
  2. Promote fair and open communication
  3. Focus on enterprise's objective
  4. Balance the costs and benefits of managing risk

Answer(s): B,C,D

Explanation:

The primary function of the enterprise is to meet its objective. Each business activity for fulfilling enterprise's objective carries both risk and opportunity, therefore objective should be considered while managing risk.

Open and fair communication should me there for effective risk management. Open, accurate, timely and transparent information on lT risk is exchanged and serves as the basis for all risk-related decisions.

Cost-benefit analysis should be done for proper weighing the total costs expected against the total benefits expected, which is the major aspect of risk management.

Incorrect Answers:
A: For effective risk management, there should be continuous improvement, not consistent. Because of the dynamic nature of risk, risk management is an iterative, perpetual and ongoing process; that's why, continuous improvement is required.



According to the Section-302 of the Sarbanes-Oxley Act of 2002, what does certification of reports implies? Each correct answer represents a complete solution. Choose three.

  1. The signing officer has evaluated the effectiveness of the issuer's internal controls as of a date at the time to report.
  2. The financial statement does not contain any materially untrue or misleading information.
  3. The signing officer has reviewed the report.
  4. The signing officer has presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.

Answer(s): B,C,D

Explanation:

Section 302 of Sarbanes-Oxley act has the tremendous impact on the risk management solution adopted by corporations. This section specifies that the reports must be certified by the CEO, CFO, or other senior officer performing similar functions.

Certification of reports establishes:
The signing officer has reviewed the report.
The financial statement does not contain, to the knowledge of signing officer, any materially untrue or misleading information and represent fairly all financial conditions and results of the enterprise’s operations. The signing officers:
- are responsible for establishing and maintaining internal controls
- have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made - known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared
- have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report
- have presented in the report their conclusions about the effectiveness of their internal controls base on their evaluation as of that date

The signing officer have disclosed to external auditors, audit committee, and other directors:
- all significant deficiencies in the design or operation of internal controls which could adversely affect the reliability of the reported financial data
- any fraud, whether or not material, that involves management or other employees who have a significant role in the internal controls of the enterprise

The signing officer have indicated in the report any internal controls or changes to those internal controls which have been implemented since they were evaluated.

Incorrect Answers:
A: The signing officer has evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report, not at the time of the report.



Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing.

Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?

  1. Configuration management system
  2. Integrated change control
  3. Change log
  4. Scope change control system

Answer(s): B

Explanation:

Integrated change control is responsible for facilitating, documenting, and dispersing information on a proposed change to the project scope.

Integrated change control is a way to manage the changes incurred during a project. It is a method that manages reviewing the suggestions for changes and utilizing the tools and techniques to evaluate whether the change should be approved or rejected. Integrated change control is a primary component of the project's change control system that examines the affect of a proposed change on the entire project.

Incorrect Answers:
A: The configuration management system controls and documents changes to the project's product C: The change log documents approved changes in the project scope.
D: The scope change control system controls changes that are permitted to the project scope.



Which of the following process ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule?

  1. Risk management
  2. Risk response integration
  3. Risk response implementation
  4. Risk response tracking

Answer(s): D

Explanation:

Risk response tracking tracks the ongoing status of risk mitigation processes as part of risk response process. This tracking ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule. When an enterprise is conscious of a risk, but does not have an appropriate risk response strategy, then it leads to the increase of the liability of the organization to adverse publicity or even civil or criminal penalties.

Incorrect Answers:
A: Risk management provides an approach for individuals and groups to make a decision on how to deal with potentially harmful situations

B: Integrating risk response options to address more than one risk together, help in achieving greater efficiency.

The use of techniques that are versatile and enterprise-wide, rather than individual solutions provides better justification for risk response strategies and related costs.

C: Implementation of risk response ensures that the risks analyzed in risk analysis process are being lowered to level that the enterprise can accept, by applying appropriate controls.



Viewing Page 36 of 361



Share your comments for ISACA CRISC exam with other users:

yenvti2@gmail.com 8/12/2023 7:56:00 PM

very helpful for exam preparation
Anonymous


Miguel 10/5/2023 12:16:00 PM

question 11: https://help.salesforce.com/s/articleview?id=sf.admin_lead_to_patient_setup_overview.htm&type=5
SPAIN


Noushin 11/28/2023 4:52:00 PM

i think the answer to question 42 is b not c
CANADA


susan sandivore 8/28/2023 1:00:00 AM

thanks for the dump
Anonymous


Aderonke 10/31/2023 12:51:00 AM

fantastic assessments
Anonymous


Priscila 7/22/2022 9:59:00 AM

i find the xengine test engine simulator to be more fun than reading from pdf.
GERMANY


suresh 12/16/2023 10:54:00 PM

nice document
Anonymous


Wali 6/4/2023 10:07:00 PM

thank you for making the questions and answers intractive and selectable.
UNITED STATES


Nawaz 7/18/2023 1:10:00 AM

answers are correct?
UNITED STATES


das 6/23/2023 7:57:00 AM

can i belive this dump
INDIA


Sanjay 10/15/2023 1:34:00 PM

great site to practice for sitecore exam
INDIA


jaya 12/17/2023 8:36:00 AM

good for students
UNITED STATES


Bsmaind 8/20/2023 9:23:00 AM

nice practice dumps
Anonymous


kumar 11/15/2023 11:24:00 AM

nokia 4a0-114 dumps
Anonymous


Vetri 10/3/2023 12:59:00 AM

great content and wonderful to have the answers with explanation
UNITED STATES


Ranjith 8/21/2023 3:39:00 PM

for question #118, the answer is option c. the screen shot is showing the drop down, but the answer is marked incorrectly please update . thanks for sharing such nice questions.
Anonymous


Eduardo Ramírez 12/11/2023 9:55:00 PM

the correct answer for the question 29 is d.
Anonymous


Dass 11/2/2023 7:43:00 AM

question no 22: correct answers: bc, 1 per session 1 per page 1 per component always
UNITED STATES


Reddy 12/14/2023 2:42:00 AM

these are pretty useful
Anonymous


Daisy Delgado 1/9/2023 1:05:00 PM

awesome
UNITED STATES


Atif 6/13/2023 4:09:00 AM

yes please upload
UNITED STATES


Xunil 6/12/2023 3:04:00 PM

great job whoever put this together, for the greater good! thanks!
Anonymous


Lakshmi 10/2/2023 5:26:00 AM

just started to view all questions for the exam
NETHERLANDS


rani 1/19/2024 11:52:00 AM

helpful material
Anonymous


Greg 11/16/2023 6:59:00 AM

hope for the best
UNITED STATES


hi 10/5/2023 4:00:00 AM

will post exam has finished
UNITED STATES


Vmotu 8/24/2023 11:14:00 AM

really correct and good analyze!
AZERBAIJAN


hicham 5/30/2023 8:57:00 AM

excellent thanks a lot
FRANCE


Suman C 7/7/2023 8:13:00 AM

will post once pass the cka exam
INDIA


Ram 11/3/2023 5:10:00 AM

good content
Anonymous


Nagendra Pedipina 7/13/2023 2:12:00 AM

q:32 answer has to be option c
INDIA


Tamer Barakat 12/7/2023 5:17:00 PM

nice questions
Anonymous


Daryl 8/1/2022 11:33:00 PM

i really like the support team in this website. they are fast in communication and very helpful.
UNITED KINGDOM


Curtis Nakawaki 6/29/2023 9:13:00 PM

a good contemporary exam review
UNITED STATES