CRISC EXAM TEST BANK QUESTIONS WITH ALL CORRECT ANSWERS GRADED A+
0 view 0 purchase
Course
CRISC
Institution
CRISC
CRISC EXAM TEST BANK QUESTIONS WITH ALL CORRECT ANSWERS GRADED A+
The MOST important external factors that should be considered in a risk assessment effort are:
A.
proposed new security tools and technologies.
B.
the number of viruses and other malware being developed.
C.
interna...
CRISC EXAM TEST BANK QUESTIONS
WITH ALL CORRECT ANSWERS
GRADED A+
The MOST important external factors that should be considered in a risk assessment
effort are:
A.
proposed new security tools and technologies.
B.
the number of viruses and other malware being developed.
C.
international crime statistics and political unrest.
D.
supply chain and market conditions. - Answer-D.
A. It is always good to watch for new technologies and tools that can help the
enterprise, especially ones that staff may want to bring into the office. But a risk
assessment should not be based on proposed new products.
B. The number of new malware types being developed is something worth watching, but
it is not a factor that the risk professional can use in the calculation of risk for a risk
assessment report.
C. International crime statistics and political unrest may cause problems, but these are
not the most important factors to be considered in a risk assessment effort.
D. Risk assessment should consider both internal and external factors, including supply
chain and market conditions. Supply chain problems (e.g., lack of raw material, strikes
at a transportation company or supplier) can severely interrupt operations. A new
competitor in the market or even a new company opening up in the area may affect
availability of trained staff or pose a risk to growth and profitability.
It is MOST important that risk appetite be aligned with business objectives to ensure
that:
A.
resources are directed toward areas of low risk tolerance.
,B.
major risk is identified and eliminated.
C.
IT and business goals are aligned.
D.
the risk strategy is adequately communicated. - Answer-(A)
A. Risk appetite is the amount of risk that an enterprise is willing to take on in pursuit of
value. Aligning it with business objectives allows an enterprise to evaluate and deploy
valuable resources toward those objectives where the risk tolerance (for loss) is low.
B. There is no link between aligning risk appetite with business objectives and
identification and elimination of major risk. Moreover, risk cannot be eliminated; it can
be reduced to an acceptable level using various risk response options.
C. Alignment of risk appetite with business objectives does converge IT and business
goals to a point, but alignment is not limited to these two areas. Other areas include
organizational, strategic and financial objectives, among other objectives.
D. Communication of the risk strategy does not depend on aligning risk appetite with
business objectives.
Which of the following is true about IT risk?
A.
IT risk cannot be assessed and measured quantitatively.
B.
IT risk should be calculated separately from business risk.
C.
IT risk management is the responsibility of the IT department.
D.
IT risk exists whether or not it is detected or recognized by an enterprise - Answer-(D)
A. IT risk, like any business risk, can be assessed both quantitatively and qualitatively. It
is very difficult and incomplete to measure risk quantitatively.
B. IT risk is one type of business risk.
C. IT risk is the responsibility of senior management, not just the IT department.
, D. The enterprise must identify, acknowledge and respond to risk; ignorance of risk is
not acceptable.
Scope Creep - Answer-also called requirement creep, refers to uncontrolled changes in
a project's scope. Unless the scope of the project is controlled, its duration and budget
cannot be effectively held to account, resulting in a high probability that the project will
go over budget as it seeks to meet changing requirements.
Which of the following information in the risk register BEST helps in developing proper
risk scenarios? A list of:
A.
potential threats to assets.
B.
residual risk on individual assets.
C.
accepted risk.
D.
security incidents. - Answer-(A)
A. Potential threats that may impact the various business assets will help in developing
scenarios on how these threats can exploit vulnerabilities and cause a risk and
therefore help in developing proper risk scenarios.
B. Residual risk on individual assets does not help in developing a proper risk scenario.
C. Accepted risk is generally a small subset of entries within the risk register. Accepted
risk should be included in the risk register to ensure that events that may affect the
current decision of the enterprise to accept the risk are monitored.
D. Previous security incidents of the enterprise itself or entities with a similar profile may
inspire similar risk scenarios to be included in the risk register. However, the best
approach to create a meaningful risk register is to capture potential threats on tangible
and intangible asset
When assessing strategic IT risk, the FIRST step is:
A.
summarizing IT project risk.
B.
understanding organizational strategy from senior executives.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Perfectscorer. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
