CRISC EXAM REVIEW; QUESTIONS
WITH DETAILED VERIFIED ANSWERS;
ALREADY GRADED A; 2026
A highly probable indicator designed to accurately predict
import levels of risk. - correct answer- Key risk indicators
(KRI)
Administrative Controls - correct answer- Policies or
procedures serving to protect an asset.
Annual loss expectancy calculation (ALE) - correct answer-
ALE = Single loss expectancy (SLE) x Annual rate of occurrence
(ARO)
Asymmetric Key Cryptography - correct answer- 2 keys:
1) private key 2) public key
Private key only known by you; public key is known to the world
If you encrypt with one key you can only decrypt with the other
key (i.e. if you encrypt with private then you need to decrypt
with public and vice versa)
,Australian Signals Directorate - correct answer-
Subjective effectiveness terms like Essential, Excellent, Good,
and Average. Subjective maintenance cost terms like High,
Medium, Low.
Balanced scorecard (BSC) - correct answer- Developed by
Robert S. Kaplan and David P. Norton as a coherent set of
performance measures organized into four categories that
includes traditional financial measures, but adds customer,
internal business process, and learning and growth perspectives.
Black-box test - correct answer- A blind penetration test
with no prior knowledge of the system design and architecture.
Bow-Tie Analysis - correct answer- Diagrams relationships
between elements of risk from causes to events and then to
impacts, but looks at the pathway that the threat led to the
consequence.
Business impact analysis/assessment (BIA) - correct answer-
Evaluating the criticality and sensitivity of information assets.
, An exercise that determines the impact of losing the support of
any resource to an enterprise, establishes the escalation of that
loss over time, identifies the minimum resources needed to
recover, and prioritizes the recovery of processes and the
supporting system.
Scope Note: This process also includes addressing:
- Income loss
- Unexpected expense
- Legal issues (regulatory compliance or contractual)
- Interdependent processes
- Loss of public reputation or public confidence
Business Opportunity - correct answer- When an
organization is will to take a risk.
CMMI 5 levels - correct answer- Capability Maturity
Model Integration, a standard for improving processes within
organizations
1. Initial
2. Repeatable
3. Defined
WITH DETAILED VERIFIED ANSWERS;
ALREADY GRADED A; 2026
A highly probable indicator designed to accurately predict
import levels of risk. - correct answer- Key risk indicators
(KRI)
Administrative Controls - correct answer- Policies or
procedures serving to protect an asset.
Annual loss expectancy calculation (ALE) - correct answer-
ALE = Single loss expectancy (SLE) x Annual rate of occurrence
(ARO)
Asymmetric Key Cryptography - correct answer- 2 keys:
1) private key 2) public key
Private key only known by you; public key is known to the world
If you encrypt with one key you can only decrypt with the other
key (i.e. if you encrypt with private then you need to decrypt
with public and vice versa)
,Australian Signals Directorate - correct answer-
Subjective effectiveness terms like Essential, Excellent, Good,
and Average. Subjective maintenance cost terms like High,
Medium, Low.
Balanced scorecard (BSC) - correct answer- Developed by
Robert S. Kaplan and David P. Norton as a coherent set of
performance measures organized into four categories that
includes traditional financial measures, but adds customer,
internal business process, and learning and growth perspectives.
Black-box test - correct answer- A blind penetration test
with no prior knowledge of the system design and architecture.
Bow-Tie Analysis - correct answer- Diagrams relationships
between elements of risk from causes to events and then to
impacts, but looks at the pathway that the threat led to the
consequence.
Business impact analysis/assessment (BIA) - correct answer-
Evaluating the criticality and sensitivity of information assets.
, An exercise that determines the impact of losing the support of
any resource to an enterprise, establishes the escalation of that
loss over time, identifies the minimum resources needed to
recover, and prioritizes the recovery of processes and the
supporting system.
Scope Note: This process also includes addressing:
- Income loss
- Unexpected expense
- Legal issues (regulatory compliance or contractual)
- Interdependent processes
- Loss of public reputation or public confidence
Business Opportunity - correct answer- When an
organization is will to take a risk.
CMMI 5 levels - correct answer- Capability Maturity
Model Integration, a standard for improving processes within
organizations
1. Initial
2. Repeatable
3. Defined
