CRISC IT Risk Identification

Question 1

Which CRISC domain is primarily responsible for identifying IT risk scenarios that could affect business objectives?

Accepted Answer

IT Risk Identification

Answer

The IT Risk Identification domain focuses on recognizing IT risk scenarios linked to business objectives and stakeholder requirements.

Question 2

What is a risk scenario in the context of CRISC?

Accepted Answer

A documented description of a threat that could negatively impact business objectives

Answer

A risk scenario describes a threat event, its cause, and its potential impact on IT and business objectives.

Question 3

Which of the following best describes a threat actor in IT risk identification?

Accepted Answer

Any entity that could exploit a vulnerability to cause harm

Answer

A threat actor is any person, group, or system that could exploit vulnerabilities to negatively affect the organization.

Question 4

During IT risk identification, which asset classification approach is most useful?

Accepted Answer

Categorizing assets by their criticality and sensitivity to business operations

Answer

Classifying assets by criticality and sensitivity helps prioritize which assets require the most rigorous risk identification.

Question 5

What is the primary purpose of maintaining a risk register?

Accepted Answer

To document identified risks, their attributes, and status for tracking and communication

Answer

A risk register is the central repository for recording all identified risks along with their likelihood, impact, owner, and response status.

CRISC - Certified in Risk and Information Systems Control Practice Test