CRISC · topic practice

Risk and Control Monitoring and Reporting practice questions

Practise Certified in Risk and Information Systems Control CRISC Risk and Control Monitoring and Reporting practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Risk and Control Monitoring and Reporting

What the exam tests

What to know about Risk and Control Monitoring and Reporting

Risk and Control Monitoring and Reporting questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Risk and Control Monitoring and Reporting exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Risk and Control Monitoring and Reporting questions

20 questions · select your answer, then reveal the explanation

A security analyst notices that the number of failed login attempts has significantly increased over the past week. The SIEM alerts are not being triggered because the threshold was set too high. What is the MOST effective immediate action to improve monitoring?

A risk manager is reviewing the control monitoring reports and finds that a key control's effectiveness rating has dropped from 'effective' to 'partially effective' due to increased errors in manual data entry. Which of the following is the BEST course of action?

A company has implemented a new control to detect unauthorized access attempts. What is the PRIMARY purpose of monitoring this control?

A risk practitioner is designing a monitoring dashboard for senior management. Which key performance indicator (KPI) would be MOST useful for tracking control effectiveness over time?

A company has multiple business units each using different risk assessment methodologies. The risk committee wants consistent monitoring reports. What is the BEST approach to achieve consistency?

During a control monitoring review, it is discovered that a detective control has a high false positive rate. What is the MOST significant impact of this issue?

A risk officer is evaluating the effectiveness of a control that prevents unauthorized changes to configuration files. The control has not detected any unauthorized changes in the past year. What does this indicate?

A large organization is implementing a continuous monitoring program for its critical systems. Which of the following is the MOST important factor for the program's success?

A control owner reports that a preventive control is operating as designed, but the risk owner is concerned that residual risk remains high. What should the risk practitioner do NEXT?

A company's risk monitoring report shows that a key risk indicator (KRI) has exceeded the threshold for three consecutive months. What is the MOST appropriate action?

Question 11hardmultiple choice
Read the full NAT/PAT explanation →

A risk practitioner is reviewing the results of a control self-assessment (CSA) and finds that the control owner rated a control as 'effective' but an independent audit found control weaknesses. What is the BEST explanation for this discrepancy?

Which TWO of the following are primary objectives of control monitoring?

Which THREE of the following are key components of an effective risk reporting framework?

Which TWO of the following are examples of detective controls?

Which THREE of the following are characteristics of leading key risk indicators (KRIs)?

Refer to the exhibit. The SIEM alert triggered, but the security team did not respond because they were investigating another incident. What is the BEST way to prevent such monitoring gaps in the future?

Exhibit

Refer to the exhibit.

```
SIEM Alert: High Severity
Rule: Multiple Failed Logins
Threshold: 10 failures in 5 minutes
Triggered at: 2024-03-15 14:23:45
Source IP: 192.168.1.100
Target: DC01
Event Count: 15 failures in 4 minutes
```

Refer to the exhibit. The control test failed because unauthorized access attempts were detected. The remediation plan suggests additional logging. Is this remediation appropriate?

Exhibit

Refer to the exhibit.

```
Control Test Result: Access Control Review
Control ID: AC-01
Test Date: 2024-03-20
Expected Result: No unauthorized access attempts
Actual Result: 3 unauthorized access attempts detected
Status: Failed
Remediation: Implement additional logging
```

Refer to the exhibit. What action should the risk practitioner recommend FIRST?

Exhibit

Refer to the exhibit.

```
Risk Monitoring Dashboard
KRI: Percentage of systems with critical patches not applied
Threshold: <5%
Current value: 8%
Trend: Increasing
Status: Red
```
Question 19hardmultiple choice
Read the full NAT/PAT explanation →

A multinational financial services company has implemented a continuous monitoring program for its trading systems. The program uses automated scripts to check system configurations against a baseline every hour. Recently, the company experienced a significant security incident where a malicious actor exploited a misconfigured firewall rule to exfiltrate sensitive customer data. Post-incident analysis revealed that the misconfiguration had been present for 72 hours before detection. The monitoring scripts did not detect the change because the baseline had been updated two weeks prior to include the misconfiguration as part of a planned change that was later reversed without updating the baseline. The company's change management process requires that all configuration changes be approved and documented, but the reversal of the change was not documented. The incident response team was only alerted when a customer reported suspicious activity. The risk practitioner is tasked with recommending improvements to prevent recurrence. Which of the following is the BEST course of action?

A retail company has a risk monitoring program that tracks key risk indicators (KRIs) for its e-commerce platform. One KRI measures the number of failed payment transactions as a percentage of total transactions. The threshold is set at 2%. Over the past quarter, the KRI has been fluctuating between 1.8% and 2.5%, breaching the threshold several times. Each time the KRI exceeded the threshold, the risk owner performed a manual investigation and found that the failures were due to transient network issues that resolved on their own. The risk owner has now requested that the threshold be raised to 3% to avoid unnecessary investigations. The risk practitioner is evaluating this request. What should the risk practitioner do?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Risk and Control Monitoring and Reporting sessions

Start a Risk and Control Monitoring and Reporting only practice session

Every question in these sessions is drawn from the Risk and Control Monitoring and Reporting domain — nothing else.

Related practice questions

Related CRISC topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CRISC exam test about Risk and Control Monitoring and Reporting?
Risk and Control Monitoring and Reporting questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Risk and Control Monitoring and Reporting questions in a focused session?
Yes — the session launcher on this page draws every question from the Risk and Control Monitoring and Reporting domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CRISC topics?
Use the topic links above to move to related areas, or go back to the CRISC question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CRISC exam covers. They are not copied from any real exam or dump site.