Exam (elaborations)
CRISC – Questions With Proper Solutions
- Course
- Institution
CRISC – Questions With Proper Solutions
[Show more]
Content preview
CRISC – Questions With Proper SolutionsHow many steps in NIST RMF? Right Ans - 6
Name steps of the NIST RMF Right Ans - 1) Categorize Info Systems
2) Select Security Controls
3) Implement Security Controls
4) Assess Security Controls
5) Authorize Info Systems
6) Monitor Security Controls
What are the layers of COBIT? Right Ans - Governance and Management
What are the Management layers of COBIT? Right Ans - 1) Align, Plan, and
Organize
2) Build, Acquire, and Implement
3) Deliver, Service, and Support
4) Monitor, Evaluate, and Assess
What are the layers of ISACA Risk IT Framework? Right Ans - 1) Risk
Governance
2) Risk Evaluation
3) Risk Response
What are the levels of SDLC? Right Ans - 1) Initiation
2) Requirements
3) Design
4) Development/Acquisition
5) Implementation
6) Operations/Maintenance
7) Disposal/Retirement
What does SDLC stand for? Right Ans - Software Development Life Cycle
What is the NIST Business Continuity Document? Right Ans - 800-34
"Contingency Planning Guide for Federal Information Systems"
What components of risk do Risk Scenarios include? Right Ans - 1) Asset
2)Threat
, 3) Threat Agent
4) Vulnerability
5) Time/Location
They leave off likelihood and impact
What elements should a Risk Register include? Right Ans - 1) Risk factors
2) Threat agents, threats, and vulnerabilities
3) Risk scenarios
4) Criticality, severity, or priority of risk
5) Asset information
6) Impact of the risk on an asset
7) Likelihood of the threat exploiting the vulnerability
8) Current status of risk response actions
9) Resources that may be committed to respond to risk
10) Risk ownership information
11) Planned milestones toward risk response
Which publication contains the NIST RMF? Right Ans - 800-37
What are the distinctive processes of the NIST RMF? Right Ans - 1) Prepare
for assessment
2) Conduct assessment
3) Communicate results
4) Maintain assessment
Who developed the OCTAVE Methodology? Right Ans - Carnegie Mellon
University
What is special about OCTAVE? Right Ans - Designed for big businesses
What sets OCTAVE Allegro apart? Right Ans - Includes more business-
centered and operation risk approaches
What sets OCTAVE-S apart? Right Ans - Designed for smaller organizations
What is ISO/IEC 27005:2011? Right Ans - It is a basic risk management
standard that is totally geared towards Information Security
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Studyhall. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75057 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now