CRISC IT Risk Identification

Question 1

Which CRISC domain is primarily responsible for identifying IT risk scenarios that could affect business objectives?

Accepted Answer

IT Risk Identification

Answer

IT Risk Assessment

Answer

Risk Response and Mitigation

Answer

Risk and Control Monitoring

Question 2

What is a risk scenario in the context of CRISC?

Accepted Answer

A documented description of a threat that could negatively impact business objectives

Answer

A technical vulnerability found during a penetration test

Answer

A compliance checklist used by auditors

Answer

A financial projection for IT spending

Question 3

Which of the following best describes a threat actor in IT risk identification?

Accepted Answer

Any entity that could exploit a vulnerability to cause harm

Answer

A software patch that reduces system exposure

Answer

A business continuity plan

Answer

A risk register entry

Question 4

During IT risk identification, which asset classification approach is most useful?

Accepted Answer

Categorizing assets by their criticality and sensitivity to business operations

Answer

Listing assets alphabetically in a spreadsheet

Answer

Grouping assets solely by hardware type

Answer

Sorting assets by purchase date

Question 5

What is the primary purpose of maintaining a risk register?

Accepted Answer

To document identified risks, their attributes, and status for tracking and communication

Answer

To store backup copies of IT policies

Answer

To log user access attempts to systems

Answer

To record software license expiry dates

Question 6

Which technique involves reviewing process flows to identify where IT risks could emerge?

Accepted Answer

Business process analysis

Answer

Penetration testing

Answer

Capacity planning

Answer

Change management review