CRISC IT Risk Assessment Techniques 3

Question 1

Which risk assessment scope consideration is UNIQUE to IT environments compared to general business risk?

Accepted Answer

Interdependencies between interconnected systems and platforms

Answer

Reputational impact of risk events on customers

Answer

Regulatory compliance requirements

Answer

Financial impact of operational disruptions

Question 2

A risk scenario is MOST useful in risk assessment because it:

Accepted Answer

Provides a realistic narrative linking threats, vulnerabilities, and business impacts

Answer

Lists all technical vulnerabilities identified by scanning tools

Answer

Defines the organizational risk appetite in measurable terms

Answer

Documents the cost of implementing specific security controls

Question 3

When conducting a business impact analysis (BIA), which output is MOST directly used in IT risk assessment?

Accepted Answer

Recovery time objectives and critical process dependencies

Answer

A list of all software licenses in use

Answer

The organization's disaster recovery plan

Answer

A technical architecture diagram of IT systems

Question 4

The inherent risk of an IT process is BEST defined as:

Accepted Answer

The risk level before any controls are applied

Answer

The risk remaining after all controls are implemented

Answer

The risk transferred to a third party via contract

Answer

The risk accepted by senior management

Question 5

Which approach BEST ensures that a risk assessment remains relevant over time?

Accepted Answer

Periodic reassessment triggered by significant changes in the environment

Answer

A one-time comprehensive assessment stored in a risk register

Answer

Continuous automated vulnerability scanning of all systems

Answer

Annual penetration testing by external consultants

Question 6

Risk scenarios in CRISC are aligned with COBIT process goals PRIMARILY to:

Accepted Answer

Ensure IT risks are mapped to business processes and objectives

Answer

Provide technical vulnerability identification criteria

Answer

Define specific penetration testing methodologies

Answer

Establish IT budgeting and resource allocation priorities