CRISC test CRISC Certified in Risk and Information
Systems Control Questions With Complete Solutions
A framework is a generally Correct Answer methodology for a
set of activities or processes
A practice is Correct Answer normalized process that has been
tried and proven as generally acceptable within a larger
community of practice
A standard is Correct Answer mandatory set of procedures or
processes used by the organization, and standards usually fit into
an overall framework
A threat agent is Correct Answer something that causes or
initiates a threat against a vulnerability
A threat is Correct Answer danger of harm that can be enacted
on an asset
Access controls directly support Correct Answer
confidentiality and integrity goals of security
Access controls indirectly support Correct Answer goal of
availability
Accountability means Correct Answer a person is going to be
held responsible for their actions on a system or with regard to
their interaction with data
, Accountability there are different ways to do this Correct
Answer through auditing
Administrative controls are Correct Answer implemented as
policies, procedures, rules and regulations, and other types of
directives or governance
An access control essentially means Correct Answer
proactively ensure that only authorized personnel are able to
access data or the information systems that process that data
An organization's risk appetite is driven by Correct Answer
corporate risk culture
Another word for sensitivity level? Correct Answer
classification level
Authentication is Correct Answer second part of that process,
where your identity is verified with a centralized database
containing your authentication credentials
Authorization dictates what Correct Answer what you can or
can't do on the network, in a system, or with a resource
Authorization has a few different components Correct Answer
First, there is need to know. This means there must be a valid
reason or need for an individual to access a resource, and only to
a certain degree.
Second, an individual may have to be trusted, or cleared, to
access a resource.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.
