100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CRISC Exam Questions With Complete Solution1 $10.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. CRISC - Certified In Risk And Information Systems Control
  4.  
  5. CRISC - Certified in Risk and Information Systems Control

Exam (elaborations)

CRISC Exam Questions With Complete Solution1
 3 views  0 purchase
  • Course
  • CRISC - Certified in Risk and Information Systems Control
  • Institution
  • CRISC - Certified In Risk And Information Systems Control

CRISC Exam Questions With Complete Solution1

Preview 3 out of 17  pages

Document information

  • November 7, 2024
  • 17
  • 2024/2025
  • Exam (elaborations)
  • Unknown

Subjects

  • crisc exam questions with complete solution1

Written for

  • CRISC - Certified in Risk and Information Systems Control
  • CRISC - Certified in Risk and Information Systems Control

Seller

avatar-seller
Classroom

Reviews received

Content preview

CRISC Exam Questions With Complete Solutions

A highly probable indicator designed to accurately predict
import levels of risk. Correct Answer Key risk indicators (KRI)

Administrative Controls Correct Answer Policies or procedures
serving to protect an asset.

Annual loss expectancy calculation (ALE) Correct Answer
ALE = Single loss expectancy (SLE) x Annual rate of
occurrence (ARO)

Asymmetric Key Cryptography Correct Answer 2 keys: 1)
private key 2) public key

Private key only known by you; public key is known to the
world

If you encrypt with one key you can only decrypt with the other
key (i.e. if you encrypt with private then you need to decrypt
with public and vice versa)

Australian Signals Directorate Correct Answer Subjective
effectiveness terms like Essential, Excellent, Good, and
Average. Subjective maintenance cost terms like High, Medium,
Low.

Balanced scorecard (BSC) Correct Answer Developed by
Robert S. Kaplan and David P. Norton as a coherent set of
performance measures organized into four categories that

,includes traditional financial measures, but adds customer,
internal business process, and learning and growth perspectives.

Black-box test Correct Answer A blind penetration test with no
prior knowledge of the system design and architecture.

Bow-Tie Analysis Correct Answer Diagrams relationships
between elements of risk from causes to events and then to
impacts, but looks at the pathway that the threat led to the
consequence.

Business impact analysis/assessment (BIA) Correct Answer
Evaluating the criticality and sensitivity of information assets.

An exercise that determines the impact of losing the support of
any resource to an enterprise, establishes the escalation of that
loss over time, identifies the minimum resources needed to
recover, and prioritizes the recovery of processes and the
supporting system.

Scope Note: This process also includes addressing:
- Income loss
- Unexpected expense
- Legal issues (regulatory compliance or contractual)
- Interdependent processes
- Loss of public reputation or public confidence

Business Opportunity Correct Answer When an organization is
will to take a risk.

, CMMI 5 levels Correct Answer Capability Maturity Model
Integration, a standard for improving processes within
organizations
1. Initial
2. Repeatable
3. Defined
4. Quantitatively Managed
5. Optimizing

COBIT vs. NIST Correct Answer COBIT originally released as
an IT process and control framework linking IT to business
requirements and later became a full IT Governance Framework.
NIST represents the current state-of-the practice safeguards and
countermeasures for US federal information systems. The 18
areas represent a broad-based, balanced information security
program that addresses the management, operational, and
technical aspects of protecting US federal information and
information systems.

Common Controls Provider Correct Answer Entity responsible
for controls that span the enterprise

Common controls provider Correct Answer Entity responsible
for controls used across several different assets and systems.

Computer emergency response team (CERT) Correct Answer
A group of people integrated at the enterprise with clear lines of
reporting and responsibilities for standby support in case of an
information systems emergency. This group will act as an
efficient corrective control, and should also act as a single point

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79373 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.99
  • (0)
  Add to cart