Back to Certified in Risk and Information Systems Control CRISC questions

Scenario-based practice

Drag and Drop Matching Questions

Practise Certified in Risk and Information Systems Control CRISC practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
CRISC
exam code
ISACA
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CRISC topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each risk response strategy to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Eliminate the activity that causes the risk

Reduce the likelihood or impact of the risk

Shift the risk to a third party, e.g., insurance

Acknowledge the risk and take no further action

Question 2mediummatching
Full question →

Match each information security objective to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Data is accessible only to authorized parties

Data is accurate and complete

Data is accessible when needed

Actions can be traced to individuals

Question 3mediummatching
Full question →

Match each key risk indicator (KRI) to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Measures availability risk

Measures access control risk

Measures vulnerability management risk

Measures security awareness risk

Question 4mediummatching
Full question →

Match each compliance framework to its primary focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Information security management system

Cybersecurity risk management framework

Payment card data security

Healthcare data privacy and security

Question 5mediummatching
Full question →

Match each control type to its example.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Firewall blocking unauthorized traffic

Intrusion detection system alerts

Backup restoration after data loss

Security warning banners

Question 6mediummatching
Full question →

Match each CRISC domain to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Establish and maintain a risk management framework

Identify and analyze IT risks

Select and implement risk mitigation controls

Continuously monitor and report risk status

Question 7mediummatching
Full question →

Match each risk management term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Risk level before controls are applied

Risk level after controls are applied

Amount of risk the organization is willing to accept

Acceptable deviation from risk appetite

Question 8mediummatching
Full question →

Match each risk assessment method to its characteristic.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses numerical values like ALE and SLE

Uses ordinal scales like high/medium/low

Combines numeric values with qualitative scales

Evaluates risks based on hypothetical events

Question 9mediummatching
Full question →

Match each risk analysis formula to its component.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Asset value × exposure factor

Annual frequency of occurrence

SLE × ARO

Percentage of asset lost per incident

Question 10mediummatching
Full question →

Match each risk management process step to its activity.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Find and list potential risks

Determine likelihood and impact

Compare risk levels to risk criteria

Select and implement controls

These CRISC practice questions are part of Courseiva's free ISACA certification practice question bank. Courseiva provides original exam-style CRISC questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.