CRISC IT Risk Assessment Techniques

Question 1

Which risk assessment technique uses historical data and probability distributions to simulate thousands of possible risk scenarios?

Accepted Answer

Monte Carlo simulation

Answer

Monte Carlo simulation runs large numbers of probabilistic simulations based on historical data to estimate the range of possible risk outcomes.

Question 2

In a qualitative risk assessment, risks are PRIMARILY evaluated using:

Accepted Answer

Descriptive scales such as High, Medium, and Low

Answer

Qualitative risk assessment uses descriptive scales rather than numerical values to rate likelihood and impact of risks.

Question 3

The PRIMARY advantage of quantitative risk assessment over qualitative is:

Accepted Answer

It provides dollar-value estimates that support financial decision-making

Answer

Quantitative risk assessment produces financial estimates (e.g., ALE) that directly support cost-benefit analysis and budget decisions.

Question 4

Which formula correctly represents Annualized Loss Expectancy (ALE)?

Accepted Answer

ALE = SLE × ARO

Answer

ALE is calculated by multiplying Single Loss Expectancy (SLE) by the Annualized Rate of Occurrence (ARO) to estimate annual risk cost.

Question 5

A threat-vulnerability pairing is used in risk assessment to determine:

Accepted Answer

The likelihood that a specific threat will exploit a given vulnerability

Answer

Pairing threats with vulnerabilities helps assessors determine the probability that a specific threat source will successfully exploit an existing weakness.

CRISC - Certified in Risk and Information Systems Control Practice Test

CRISC - Certified in Risk and Information Systems Control Practice Test

CRISC IT Risk Assessment Techniques