Free Isaca CRISC Exam Questions

Become Isaca Certified with updated CRISC exam questions and correct answers

Page: 1 / 364

Total 1818 Questions | Updated On: Oct 27, 2025

Add To Cart

Question 1

Which of the following provides a risk practitioner with the MOST reliable evidence of a third-party’s ability to protect the confidentiality of sensitive corporate information?

A : External audit reports

B : Internal audit reports

C : Control self-assessment (CSA) results

D : A signed nondisclosure agreement (NDA)

Answer: A

Question 2

Which of the following is the BEST evidence that a user account has been properly authorized?

A : tification from human resources that the account is active

B : rmal approval of the account by the user's manager

C : er privileges matching the request form

D : email from the user accepting the account

Answer: C

Question 3

A vendor manager reports that a previously compliant service provider had issues with its most recent security audit. Which of the following is the MOST important course of action?

A : termine whether credits are due under the service level agreement (SLA)

B : hedule an independent audit of the vendor

C : ure that the vendor remediates all identified issues

D : termine whether any of the issues could impact the business

Answer: C

Question 4

A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

A : ief risk officer (CRO)

B : iness continuity manager (BCM)

C : man resources manager (HRM)

D : ief information officer (CIO)

Answer: D

Question 5

Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

A : oject management plan

B : oject communications plan

C : oject contractual relationship with the vendor

D : oject scope statement

Answer: A

Page: 1 / 364

Total 1818 Questions | Updated On: Oct 27, 2025

Add To Cart