Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

ISACA CRISC Exam Questions
Certified in Risk and Information Systems Control (Page 66 )

Updated On: 28-Feb-2026
Page 66 of 380
PDF with 1895 Questions

Real-time monitoring of security cameras implemented within a retail store is an example of which type of control?

  1. Preventive
  2. Deterrent
  3. Compensating
  4. Detective

Answer(s): D

Explanation:

Real-time monitoring is adetective control, as it is designed to identify and report suspicious or unauthorized activities as they occur. Detective controls provide feedback to mitigate ongoing risks and serve as an integral part of incident response plans.



Which of the following is the BEST way to mitigate the risk to IT infrastructure availability?

  1. Establishing a disaster recovery plan (DRP)
  2. Establishing recovery time objectives (RTOs)
  3. Maintaining a current list of staff contact delays
  4. Maintaining a risk register

Answer(s): A

Explanation:

The best way to mitigate the risk to IT infrastructure availability is to establish a disaster recovery plan (DRP), because a DRP is a document that defines the procedures and resources needed to restore the IT infrastructure and resume the critical business functions in the event of a disaster or disruption. A DRP helps to minimize the downtime, data loss, and financial impact of a disaster, and ensures the continuity of operations and services. The other options are not the best ways to mitigate the risk to IT infrastructure availability, although they may also be helpful in supporting the DRP. Establishing recovery time objectives (RTOs), maintaining a current list of staff contact details, and maintaining a risk register are examples of planning or monitoring activities that aim to define the requirements, roles, and responsibilities for the disaster recovery process, but they do not address the actual implementation or execution of the DRP. References = CRISC: Certified in Risk & Information Systems Control Sample Questions



Which of the following is the BEST key control indicator (KCI) for measuring the security of a blockchain network?

  1. Number of active nodes
  2. Blockchain size ingigabytes
  3. Average transaction speed
  4. Number of validated transactions

Answer(s): D

Explanation:

The number of validated transactions is a critical indicator of a blockchain network's security. It reflects the network's ability to accurately and securely process transactions, ensuring data integrity and trustworthiness. A higher number of validated transactions indicates robust consensus mechanisms and effective security controls within the blockchain infrastructure.


Reference:

ISACA CRISC Review Manual, 7th Edition, Chapter 4: Information Technology and Security, Section: Key Control Indicators.



A migration from an in-house developed system to an external cloud-based solution is affecting a previously rated key risk scenario related to payroll processing.
Which part of the risk register should be updated FIRST?

  1. Payroll system risk factors
  2. Payroll system risk mitigation plans
  3. Payroll process owner
  4. Payroll administrative controls

Answer(s): B

Explanation:

Payroll system risk mitigation plans are the actions that are taken to reduce or eliminate the risk associated with payroll processing.
When a migration from an in-house developed system to an external cloud-based solution is affecting a previously rated key risk scenario related to payroll processing, the first part of the risk register that should be updated is the payroll system risk mitigation plans. This is because the migration may introduce new risks or change the existing risks, and the risk mitigation plans may need to be revised or replaced accordingly. Updating the payroll system risk mitigation plans can help ensure that the risk level is acceptable and the payroll process is secure and reliable. According to the CRISC Review Manual 2022, one of the key risk treatment techniques is to update the risk action plan, which is a document that outlines the risk mitigation plans1. According to the CRISC Review Questions, Answers & Explanations Manual 2022, updating the risk mitigation plans is the correct answer to this question2.
Payroll system risk factors, payroll process owner, and payroll administrative controls are not the first part of the risk register that should be updated when a migration is affecting a key risk scenario. Payroll system risk factors are the sources or causes of risk, such as threats, vulnerabilities, or uncertainties. Payroll process owner is the person who is responsible for the payroll process and its outcomes. Payroll administrative controls are the policies, procedures, or guidelines that govern the payroll process. These parts of the risk register may also need to be updated, but they are not as urgent or critical as the risk mitigation plans. Updating the risk factors, process owner, and administrative controls can help identify, assess, and monitor the risk, but they do not directly address the risk response. The risk response is the most important part of the risk management process, as it determines how the risk is handled and controlled.



A MAJOR advantage of using key risk indicators (KRIs) is that they:

  1. Identify scenarios that exceed defined risk appetite.
  2. Help with internal control assessments concerning risk appetite.
  3. Assess risk scenarios that exceed defined thresholds.
  4. Identify when risk exceeds defined thresholds.

Answer(s): D

Explanation:

KRIs provide measurable indicators that flag when risks exceed predefined thresholds, enabling swift and effective risk response. This supports theMonitoring and

Reportingfunction in risk management, ensuring risks are managed proactively.



Viewing page 66 of 380
Viewing questions 326 - 330 out of 1895 questions



Post your Comments and Discuss ISACA CRISC exam dumps with other Community members:

CRISC Exam Discussions & Posts

AI Tutor