Exam (elaborations)
CRISC FULL QUESTIONS WITH COMPLETE SOLUTIONS
- Course
- Institution
CRISC FULL QUESTIONS WITH COMPLETE SOLUTIONS
[Show more]
Content preview
CRISC FULL QUESTIONS WITH COMPLETESOLUTIONS
A business case developed to support risk mitigation efforts for
a complex application development project should
be retained until:
A. the project is approved.
B. user acceptance of the application.
C. the application is deployed.
D. the application's end of life Correct Answer D
A business impact analysis (BIA) is PRIMARILY used to:
A. estimate the resources required to resume and return to
normal operations after a disruption.
B. evaluate the impact of a disruption to an enterprise's ability to
operate over time.
C. calculate the likelihood and impact of known threats on
specific functions.
D. evaluate high-level business requirements. Correct Answer
B
A chief information security officer (CISO) has recommended
several controls such as anti-malware to protect the
enterprise's information systems. Which approach to handling
risk is the CIsa recommending?
A. Risk transference
B. Risk mitigation
C. Risk acceptance
D. Risk avoidance Correct Answer B
,A company has set the unacceptable error level at 10 percent.
Which of the following tools can be used to trigger a
warning when the error level reaches eight percent?
A. A fault tree analysis
B. Statistical process control (SPC)
C. A key performance indicator (KPI)
D. A failure modes and effects analysis (FMEA) Correct
Answer C
A company is confident about the state of its organizational
security and compliance program. Many improvements
have been made since the last security review was conducted
one year ago. What should the company do to evaluate
its current risk profile?
A. Review previous findings and ensure that all issues have been
resolved.
B. Conduct follow-up audits in areas that were found deficient
in the previous review.
C. Monitor the results of the key risk indicators (KRJs) and use
those to develop targeted assessments.
D. Perform a new enterprise risk assessment using an
independent expert. Correct Answer D
A database administrator notices that the externally hosted, web-
based corporate address book application requires
users to authenticate, but that the traffic between the application
and users is not encrypted. The MOST appropriate
course of action is to:
A. notify the business owner and the security manager of the
discovery and propose an addition to the
risk register.
,B. contact the application administrators and request that they
enable encryption of the application's web traffic.
C. alert all staff about the vulnerability and advise them not to
log on from public networks.
D. accept that current controls are suitable for nonsensitive
business data. Correct Answer A
A global enterprise that is subject to regulation by multiple
governmental jurisdictions with differing
requirements should:
A. bring all locations into conformity with the aggregate
requirements of all governmental jurisdictions.
B. bring all locations into conformity with a generally accepted
set of industry best practices.
C. establish a baseline standard incorporating those requirements
that all jurisdictions have in common.
D. establish baseline standards for all locations and add
supplemental standards as required. Correct Answer D
A global financial institution has decided not to take any further
action on a denial-of-service (DoS) vulnerability
found by the risk assessment team. The MOST likely reason for
making this decision is that:
A. the needed countermeasure is too complicated to deploy.
B. there are sufficient safeguards in place to prevent this risk
from happening.
C. the likelihood of the risk occurring is unknown.
D. the cost of countermeasure outweighs the value of the asset
and potential loss. Correct Answer D
, A key objective when monitoring information systems control
effectiveness against the enterprise's external
requirements is to:
A. design the applicable information security controls for
external audits.
B. create the enterprise's information security policy provisions
for third parties.
C. ensure that the enterprise's legal obligations have been
satisfied.
D. identify those legal obligations that apply to the enterprise's
security practices. Correct Answer C
A lack of adequate controls represents:
A. a vulnerability.
B. an impact.
C. an asset.
D. a threat. Correct Answer A
A lack of adequate controls represents:
A. an impact.
B. a risk indicator.
C. a vulnerability.
D. a threat. Correct Answer C
A MAJOR risk of using single sign-on (SSO) is that it:
A. uses complex technologies for password management.
B. may potentially bypass the enterprise firewall.
C. is prone to distributed denial-of-service (DDoS) attacks.
D. may be a potential single point of compromise. Correct
Answer D
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $22.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75057 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now