CRISC - Certified In Risk And Information Systems Control
CRISC - Certified in Risk and Information Systems Control
Exam (elaborations)
CRISC 351-400 topic3 Questions and Answers 2023
3 views 0 purchase
Course
CRISC - Certified in Risk and Information Systems Control
Institution
CRISC - Certified In Risk And Information Systems Control
CRISC 351-400 topic3 Questions and Answers 2023
Question #:351 - (Exam Topic 3)
When is the BEST to identify risk associated with major project to determine a mitigation plan?
A. Project execution phase
B. Project initiation phase
C. Project closing phase
D. Project planning phase
D. Project...
CRISC 351-400 topic3 Questions and Answers 2023
Question #:351 - (Exam Topic 3)
When is the BEST to identify risk associated with major project to determine a mitigation
plan?
A. Project execution phase
B. Project initiation phase
C. Project closing phase
D. Project planning phase - answer D. Project planning phase
Question #:352 - (Exam Topic 3)
Of the following, who is BEST suited to assist a risk practitioner in developing a relevant
set of risk scenarios?
A. Internal auditor
B. Asset owner
C. Finance manager
D. Control owner - answer B. Asset owner
Question #:353 - (Exam Topic 3)
An organization has used generic risk scenarios to populate its risk register. Which of the following presents the GREATEST challenge to assigning of the associated risk entries?
A. The volume of risk scenarios is too large
B. Risk aggregation has not been completed
C. Risk scenarios are not applicable
D. The risk analysts for each scenario is incomplete - answer C. Risk scenarios are not applicable
Question #:354 - (Exam Topic 3)
Which of the following should be of GREATEST concern when reviewing the results of an independent control assessment to determine the effectiveness of a vendor's control environment?
A. The report was provided directly from the vendor.
B. The risk associated with multiple control gaps was accepted.
C. The control owners disagreed with the auditor's recommendations.
D. The controls had recurring noncompliance. - answer A. The report was provided directly from the vendor.
Question #:355 - (Exam Topic 3)
Which of the following BEST measures the impact of business interruptions caused by an IT service outage?
A. Sustained financial loss
B. Cost of remediation efforts C. Duration of service outage
D. Average time to recovery - answer A. Sustained financial loss
Question #:356 - (Exam Topic 3)
Which of the following should be included in a risk scenario to be used for risk analysis?
A. Risk appetite
B. Threat type
C. Risk tolerance
D. Residual risk - answer B. Threat type
Question #:357 - (Exam Topic 3)
A risk practitioner has become aware of production data being used in a test environment. Which of the following should be the practitioner's PRIMARY concern?
A. Sensitivity of the data
B. Readability of test data
C. Security of the test environment
D. Availability of data to authorized staff - answer A. Sensitivity of the data
Question #:358 - (Exam Topic 3)
Which of the following findings of a security awareness program assessment would cause the GREATEST concern to a risk practitioner?
A. The program has not decreased threat counts.
B. The program has not considered business impact.
C. The program has been significantly revised
D. The program uses non-customized training modules. - answer B. The program has not considered business impact.
Question #:359 - (Exam Topic 3)
Analyzing trends in key control indicators (KCIs) BEST enables a risk practitioner to proactively identify impacts on an organization's:
A. risk classification methods
B. risk-based capital allocation
C. risk portfolio
D. risk culture - answer C. risk portfolio.
Question #:360 - (Exam Topic 3)
Which of the following BEST informs decision-makers about the value of a notice and consent control for the collection of personal information?
A. A comparison of the costs of notice and consent control options
B. Examples of regulatory fines incurred by industry peers for noncompliance
C. A report of critical controls showing the importance of notice and consent
D. A cost-benefit analysis of the control versus probable legal action - answer D. A cost-benefit analysis of the control versus probable legal action
Question #:361 - (Exam Topic 3)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $25.99. You're not tied to anything after your purchase.