CRISC IT Risk Assessment Techniques 2

Question 1

The Delphi technique is MOST useful in risk assessment for which purpose?

Accepted Answer

Reaching consensus among experts without groupthink bias

Answer

Automating the collection of risk metrics

Answer

Quantifying the financial impact of risks

Answer

Documenting the results of a penetration test

Question 2

When assessing the impact of a risk, a CRISC practitioner should consider which dimension FIRST?

Accepted Answer

Business impact rather than technical impact

Answer

The cost of the exploited vulnerability patch

Answer

The number of systems affected by the risk

Answer

The technical severity score from a scanning tool

Question 3

Which risk assessment output BEST supports prioritization of risk remediation efforts?

Accepted Answer

A risk heat map showing likelihood vs. impact

Answer

A list of all identified vulnerabilities by CVE score

Answer

A count of total risks per business unit

Answer

An inventory of all IT assets and their owners

Question 4

In IT risk assessment, exposure factor (EF) represents:

Accepted Answer

The percentage of an asset's value lost if a threat event occurs

Answer

The annual frequency at which a threat is expected to occur

Answer

The total value of all assets at risk

Answer

The cost of implementing a compensating control

Question 5

A risk assessment that evaluates risks AFTER controls are applied is measuring:

Accepted Answer

Residual risk

Answer

Inherent risk

Answer

Control risk

Answer

Detection risk

Question 6

Which factor should be considered when determining the frequency component of a risk assessment?

Accepted Answer

Historical incident data and threat intelligence

Answer

The organization's annual IT budget

Answer

The number of IT staff available for response

Answer

The vendor's patch release schedule