CRISC FULL EXAM ALL SOLUTION LATEST EDITION GUARANTEED GRADE A+
11 views 0 purchase
Course
CRISC FULL
Institution
CRISC FULL
Which of the following is the MOST important reason for conducting security awareness programs throughout
an enterprise?
A. Reducing the risk of a social engineering attack
B. Training personnel in security incident response
C. Informing business units about the security strategy
D. Maintainin...
CRISC FULL EXAM ALL SOLUTION
LATEST EDITION GUARANTEED GRADE A+
Which of the following is the MOST important reason for conducting
security awareness programs throughout
an enterprise?
A. Reducing the risk of a social engineering attack
B. Training personnel in security incident response
C. Informing business units about the security strategy
D. Maintaining evidence of training records to ensure compliance
A
Which of the following is MOST important to determine when defining
risk management strategies?
A. Risk assessment criteria
B. IT architecture complexity
C. An enterprise disaster recovery plan (DRP)
D. Organizational objectives
D
Which of the following is the MOST important information to include
in a risk management strategic plan?
A. Risk management staffing requirements
B. The risk management mission statement
C. Risk mitigation investment plans
D. The current state and desired future state
D
Information that is no longer required to support the main purpose of
the business from an information security
perspective should be:
A. analyzed under the retention policy.
B. protected under the information classification policy.
C. analyzed under the backup policy.
D. protected under the business impact analysis (BIA).
A
An enterprise has outsourced the majority of its IT department to a
third party whose servers are in a foreign
country. Which of the following is the MOST critical security
consideration?
A. A security breach notification may get delayed due to the time
difference.
B. Additional network intrusion detection sensors should be installed,
resulting in additional cost.
C. The enterprise could be unable to monitor compliance with its
,internal security and privacy guidelines.
D. Laws and regulations of the country of origin may not be
enforceable in the foreign country.
D
An enterprise recently developed a breakthrough technology that could
provide a significant competitive edge.
Which of the following FIRST governs how this information is to be
protected from within the enterprise?
A. The data classification policy
B. The acceptable use policy
C. Encryption standards
D. The access control policy
A
Malware has been detected that redirects users' computers to web
sites crafted specifically for the purpose of fraud.
The malware changes domain name system (DNS) server settings,
redirecting users to sites under the hackers'
control. This scenario BEST describes a:
C
What is the MOST effective method to evaluate the potential impact of
legal, regulatory and contractual
requirements on business objectives?
A. A compliance-oriented gap analysis
B. Interviews with business process stakeholders
C. A mapping of compliance requirements to policies and procedures
D. A compliance-oriented business impact analysis (BIA)
D
Which of the following is the BEST way to ensure that an accurate
risk register is maintained over time?
A. Monitor key risk indicators (KRJs), and record the findings in the
risk register.
B. Publish the risk register centrally with workflow features that
periodically poll risk assessors.
C. Distribute the risk register to business process owners for review
and updating.
D. Utilize audit personnel to perform regular audits and to maintain
the risk register.
B
Shortly after performing the annual review and revision of corporate
policies, a risk practitioner becomes aware that
a new law may affect security requirements for the human resources
system. The risk practitioner should:
A. analyze what systems and technology-related processes may be
impacted.
,B. ensure necessary adjustments are implemented during the next
review cycle.
C. initiate an ad hoc revision of the corporate policy.
D. notify the system custodian to implement changes.
A
Which of the following is the PRIMARY objective of a risk management
program?
A. Maintain residual risk at an acceptable level
B. Implement preventive controls for every threat
C. Remove all inherent risk
D. Reduce inherent risk to zero
A
Assessing information systems risk is BEST achieved by:
A. using the enterprise's past actual loss experience to determine
current exposure.
B. reviewing published loss statistics from comparable organizations.
C. evaluating threats associated with existing information systems
assets and information systems projects.
D. reviewing information systems control weaknesses identified in
audit reports.
C
Which of the following is the MOST important requirement for setting
up an information security infrastructure for
a new system?
A. Performing a business impact analysis (BIA)
B. Considering personal devices as part of the security policy
C. Basing the information security infrastructure on a risk
assessment
D. Initiating IT security training and familiarization
C
The PRIMARY concern of a risk practitioner reviewing a formal data
retention policy is:
A. storage availability.
B. applicable organizational standards.
C. generally accepted industry best practices.
D. business requirements.
D
Which of the following areas is MOST susceptible to the introduction
of an information-security-related vulnerability?
A. Tape backup management
B. Database management
C. Configuration management
D. Incident response management
C
, Which of the following is the GREATEST risk of a policy that
inadequately defines data and system ownership?
A. Audit recommendations may not be implemented.
B. Users may have unauthorized access to originate, modify or delete
data.
C. User management coordination does not exist.
D. Specific user accountability cannot be established.
B
We have an expert-written solution to this problem!
A lack of adequate controls represents:
A. a vulnerability.
B. an impact.
C. an asset.
D. a threat.
A
The PRIMARY focus of managing IT-related business risk is to protect:
A. information.
B. hardware.
C. applications.
D. databases.
A
Which of the following provides the BEST view of risk management?
A. An interdisciplinary team
B. A third-party risk assessment service provider
C. The enterprise's IT department
D. The enterprise's internal compliance department
A
Which of the following approaches to corporate policy BEST supports
an enterprise's expansion to other regions,
where different local laws apply?
A. A global policy that does not contain content that might be
disputed at a local level
B. A global policy that is locally amended to comply with local laws
C. A global policy that complies with law at corporate headquarters
and that all employees must follow
D. Local policies to accommodate laws within each region
B
Which of the following is the BEST indicator that incident response
training is effective?
A. Decreased reporting of security incidents to the incident response
team
B. Increased reporting of security incidents to the incident response
team
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Allan100. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.