← Back to exam page

CRISC Certified in Risk and Information Systems Control

Loading demo links...

Showing 10–12 of 20 questions

Question 10 (Volume C)

Which of the following are the common mistakes while implementing KRIs?

Each correct answer represents a complete solution. (Choose three.)

Select all that apply, then click Submit answer.

  • Choosing KRIs that are difficult to measure

  • Choosing KRIs that has high correlation with the risk

  • Choosing KRIs that are incomplete or inaccurate due to unclear specifications

  • Choosing KRIs that are not linked to specific risk
Question 11 (Volume D)

Which of the following is the GREATEST benefit when enterprise risk management (ERM) provides oversight of IT risk management?

Select an option, then click Submit answer.

  • Prioritizing internal departments that provide service to customers

  • Ensuring the IT budget and resources focus on risk management

  • Ensuring senior management’s primary focus is on the impact of identified risk

  • Aligning IT with short-term and long-term goals of the organization
Question 12 (New Update)

Which of the following issues found during the review of a newly created disaster recovery plan (DRP) should be of MOST concern?

Select an option, then click Submit answer.

  • Some critical business applications are not included in the plan

  • Several recovery activities will be outsourced

  • The plan is not based on an internationally recognized framework

  • The chief information security officer (CISO) has not approved the plan