CRISC FULL EXAM PRACTICE QUESTIONS AND ASNWERS (100% Pass)

CRISC FULL EXAM PRACTICE QUESTIONS AND ASNWERS (100% Pass) Which of the following is the MOST important reason for conducting security awareness programs throughout an enterprise? A. Reducing the risk of a social engineering attack B. Training personnel in security incident response C. Informing business units about the security strategy D. Maintaining evidence of training records to ensure compliance - Answer️️ -A Which of the following is MOST important to determine when defining risk management strategies? A. Risk assessment criteria B. IT architecture complexity C. An enterprise disaster recovery plan (DRP) D. Organizational objectives - Answer️️ -D ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 2 Which of the following is the MOST important information to include in a risk management strategic plan? A. Risk management staffing requirements B. The risk management mission statement C. Risk mitigation investment plans D. The current state and desired future state - Answer️️ -D Information that is no longer required to support the main purpose of the business from an information security perspective should be: A. analyzed under the retention policy. B. protected under the information classification policy. C. analyzed under the backup policy. D. protected under the business impact analysis (BIA). - Answer️️ -A An enterprise has outsourced the majority of its IT department to a third party whose servers are in a foreign country. Which of the following is the MOST critical security consideration? A. A security breach notification may get delayed due to the time difference. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 3 B. Additional network intrusion detection sensors should be installed, resulting in additional cost. C. The enterprise could be unable to monitor compliance with its internal security and privacy guidelines. D. Laws and regulations of the country of origin may not be enforceable in the foreign country. - Answer️️ -D An enterprise recently developed a breakthrough technology that could provide a significant competitive edge. Which of the following FIRST governs how this information is to be protected from within the enterprise? A. The data classification policy B. The acceptable use policy C. Encryption standards D. The access control policy - Answer️️ -A Malware has been detected that redirects users' computers to web sites crafted specifically for the purpose of fraud. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 4 The malware changes domain name system (DNS) server settings, redirecting users to sites under the hackers' control. This scenario BEST describes a: - Answer️️ -C What is the MOST effective method to evaluate the potential impact of legal, regulatory and contractual requirements on business objectives? A. A compliance-oriented gap analysis B. Interviews with business process stakeholders C. A mapping of compliance requirements to policies and procedures D. A compliance-oriented business impact analysis (BIA) - Answer️️ -D Which of the following is the BEST way to ensure that an accurate risk register is maintained over time? A. Monitor key risk indicators (KRJs), and record the findings in the risk register. B. Publish the risk register centrally with workflow features that periodically poll risk assessors. C. Distribute the risk register to business process owners for review and updating. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 5 D. Utilize audit personnel to perform regular audits and to maintain the risk register. - Answer️️ -B Shortly after performing the annual review and revision of corporate policies, a risk practitioner becomes aware that a new law may affect security requirements for the human resources system. The risk practitioner should: A. analyze what systems and technology-related processes may be impacted. B. ensure necessary adjustments are implemented during the next review cycle. C. initiate an ad hoc revision of the corporate policy. D. notify the system custodian to implement changes. - Answer️️ -A Which of the following is the PRIMARY objective of a risk management program? A. Maintain residual risk at an acceptable level B. Implement preventive controls for every threat C. Remove all inherent risk D. Reduce inherent risk to zero - Answer️️ -A Assessing information systems risk is BEST achieved by: ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 6 A. using the enterprise's past actual loss experience to determine current exposure. B. reviewing published loss statistics from comparable organizations. C. evaluating threats associated with existing information systems assets and information systems projects. D. reviewing information systems control weaknesses identified in audit reports. - Answer️️ -C Which of the following is the MOST important requirement f