CRISC REVIEW EXAMINATION QUESTIONS WITH ALL CORRECT ANSWERS – UPDATED!!
5 views 0 purchase
Course
CRISC
Institution
CRISC
CRISC REVIEW EXAMINATION QUESTIONS WITH ALL CORRECT ANSWERS – UPDATED!!
Which of the following would BEST help an enterprise select an appropriate risk response?
A. The degree of change in the risk environment
B. An analysis of risk that can be transferred were it not eliminated
C. The lik...
CRISC REVIEW EXAMINATION
QUESTIONS WITH ALL CORRECT
ANSWERS – UPDATED!!
Which of the following would BEST help an enterprise select an appropriate risk
response?
A. The degree of change in the risk environment
B. An analysis of risk that can be transferred were it not eliminated
C. The likelihood and impact of various risk scenarios
D. An analysis of control costs and benefits - Answer-D
Which of the following leads to the BEST optimal return on security investment?
A. Deploying maximum security protection across all of the information assets
B. Focusing on the most important information assets and then determining their
protection
C. Deploying minimum protection across all the information assets
D. Investing only after a major security incident is reported to justify investment -
Answer-B
Which of the following is MOST important for determining what security measures to put
in place for a critical
information system?
A. The number of threats to the system
B. The level of acceptable risk to the enterprise
C. The number of vulnerabilities in the system
D. The existing security budget - Answer-B
When transmitting personal information across networks, there MUST be adequate
controls over:
A. encrypting the personal information.
B. obtaining consent to transfer personal information.
C. ensuring the privacy of the personal information.
D. change management. - Answer-C
Which of the following will BEST prevent external security attacks?
A. Securing and analyzing system access logs
,B. Network address translation
C. Background checks for temporary employees
D. Static Internet protocol (IP) addressing - Answer-B
Which of the following is the BEST approach when malicious code from a spear
phishing attack resides on the
network and the finance department is concerned that scanning the network will slow
down work and delay
quarter-end reporting?
A. Instruct finance to finalize quarter-end reporting, and then perform a scan of the
entire network.
B. Block all outgoing traffic to avoid outbound communication to the expecting
command host.
C. Scan network devices that are not supporting financial reporting, and then scan the
critical finance drives at
night.
D. Perform a staff survey and ask staff to report if they are aware of the enterprise being
a target of a spear
phishing attack. - Answer-C
Which of the following BEST ensures that information systems control deficiencies are
appropriately remediated?
A. A risk mitigation plan
B. Risk reassessment
C. Control risk reevaluation
D. Countermeasure analysis - Answer-A
Which organizational function is accountable for risk policies, guidelines and standards?
A. Operations
B. IT
C. Management
D. Legal - Answer-C
The risk action plan MUST include an appropriate resolution, a date for completion and:
A. responsible personnel.
B. mitigating factors.
C. likelihood of occurrence.
D. cost of completion. - Answer-A
Which of the following BEST helps to respond to risk in a cost-effective manner?
A. Prioritizing and addressing risk according to the risk management strategy
, B. Mitigating risk on the basis of risk likelihood and magnitude of impact
C. Performing countermeasure analysis for each of the controls deployed
D. Selecting controls that are at zero or near-zero costs - Answer-A
Which of the following is BEST performed for business continuity management to meet
external
stakeholder expectations?
A. Prioritize applications based on business criticality.
B. Ensure that backup data are available to be restored.
C. Disclose the crisis management strategy statement.
D. Obtain risk assessment by an independent party. - Answer-A
Which of the following should management use to allocate resources for risk response?
A. Audit report findings
S. Penetration test results
C. Risk analysis results
D. Vulnerability test results - Answer-C
An enterprise is implementing controls to protect its product price list from being
exposed to unauthorized
individuals. The internal control requirements will come from:
A. the risk management team.
B. internal audit.
C. IT management.
D. process owners. - Answer-D
Which of the following is MOST important when mitigating or managing risk?
A. Vulnerability assessment results
B. A business impact analysis (BIA)
C. The risk tolerance level
D. A security controls framework - Answer-C
The MAIN benefit of information classification is that it helps:
A. determine how information can be further labeled.
B. establish the access control matrices.
C. determine the risk tolerance level.
D. select security measures that are proportional to risk. - Answer-D
Which of the following BEST mitigates control risk?
A. Continuous monitoring
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Perfectscorer. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.