100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CRISC Exam Question with correct Answers Latest 2022 $17.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. CRISC
  4.  
  5. CRISC

Exam (elaborations)

CRISC Exam Question with correct Answers Latest 2022
 4 views  0 purchase
  • Course
  • CRISC
  • Institution
  • CRISC

CRISC Exam Question with correct Answers Latest 2022

Preview 2 out of 10  pages

Document information

  • November 18, 2022
  • 10
  • 2022/2023
  • Exam (elaborations)
  • Questions & answers

Subjects

  • crisc exam question with correct answers latest 2022

Written for

  • CRISC
All documents for this subject (124)

Seller

avatar-seller
miriam4880

Content preview

CRISC Exam Question with correct
Answers Latest 2022
What is the difference between a standard and a policy? - ANSWER Standard = A
mandatory action, explicit rules, controls or configuration settings that are designed to
support and conform to a policy. A standard should make a policy more meaningful and
effective by including accepted specifications for hardware, software or behavior.
Standards should always point to the policy to which they relate.
Policy = IT policies help organizations to properly articulate the organization's desired
behavior, mitigate risk and contribute to achieving the organization's goals.

What are the 4 risk elements? - ANSWER Threats, Vulnerabilities, Likelihood, and
Impact. Threats exploit vulnerabilities and the level of risk is based on likelihood and the
impact to the system.

Describe risk appetite vs. risk tollerance - ANSWER Risk appetite is how much risk an
organization is willing to endure; Risk Tolerance is how much variation from that amount
is acceptable.

Name the 6 steps of the NIST Risk Management Framework (RMF) - ANSWER 1.
Categorize Information Systems
2. Select Security Controls
3. Implement Security Controls
4. Assess Security Controls
5. Authorize Information Systems
6. Monitor Security Controls

Which framework is developed by ISACA and integrates other frameworks?
a) (Val) IT
b) IT Assurance Framework (ITAF)
c) COBIT 5
d) Risk IT - ANSWER c. COBIT 5

What are the 3 domains of ISACA's Risk IT Framework? - ANSWER Risk Governance
(RG), Risk Evaluation (RE), Risk Response (RR)

What are the tenets of risk management? - ANSWER confidentiality, integrity, and
availability

Which legal act requires U.S. Federal Govt agencies to establish an information security
program? - ANSWER Federal Information Security Management Act (FISMA)

, What is the Gramm-Leach-Bliley Act (GLBA) - ANSWER GLBA requires periodic risk
analysis performed on processes that deal with nonpublic financial information and
personal financial data.

The Risk Governance (RG) domain of the Risk IT framework is comprised of what 3
processes? - ANSWER RG1: Establish and maintain a common risk view
RG2: Integrate with ERM
RG3: Make risk-aware business decisions

The Risk Evaluation (RE) domain of the Risk IT framework is comprised of what 3
processes? - ANSWER RE1: Collect Data
RE2: Analyze Risk
RE3: Maintain risk profile

The Risk Response (RR) domain of the Risk IT framework is comprised of what 3
processes? - ANSWER RR1: Articulate risk
RR2: Manage risk
RR3: React to events

What is a threat agent? - ANSWER The entity causing or enacting a threat against a
vulnerability.

What is the simple risk formula? - ANSWER threats x vulnerabilities = risk

What are the key areas of concern for emerging technologies? - ANSWER
Interoperability and Compatibility

What are the 5 components of a risk scenario? - ANSWER 1) Threat agent
2) Threat
3) Asset
4) Vulnerability
5) Time/location

Describe the bottom-up approach to risk scenario generation - ANSWER Look at all
potential scenarios beginning with what asset, process, or area of concern the risk
scenarios might affect.

Describe the top-down approach to risk scenario generation - ANSWER Develop risk
scenarios from a specific business objective perspective

What document would list the different risk scenarios? - ANSWER The risk register
could include:
Risk factors
Threats & vulnerabilities
Scenarios
Severity or Priority

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller miriam4880. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $17.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75323 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$17.99
  • (0)
  Add to cart