100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CRISC: Questions With Expert Verified Solutions $19.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. CRISC - Certified In Risk And Information Systems Control
  4.  
  5. CRISC - Certified in Risk and Information Systems Control

Exam (elaborations)

CRISC: Questions With Expert Verified Solutions

 0 view  0 purchase
  • Course
  • CRISC - Certified in Risk and Information Systems Control
  • Institution
  • CRISC - Certified In Risk And Information Systems Control

CRISC: Questions With Expert Verified Solutions

Preview 3 out of 25  pages

Document information

  • November 20, 2024
  • 25
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • crisc questions with expert verified solutions

Written for

  • CRISC - Certified in Risk and Information Systems Control
  • CRISC - Certified in Risk and Information Systems Control

Seller

avatar-seller
Studyhall

Reviews received

Content preview

CRISC: Questions With Expert Verified Solutions

An enterprise recently developed a breakthrough technology that could
provide a significant competitive edge. Which of the following FIRST governs
how this information is to be protected from within the enterprise?

A. The data classification policy
B. The acceptable use policy
C. Encryption standards
D. The access control policy Right Ans - A. Data classification policy
describes the data classification categories; levels of protection to be provided
for each category of data; and roles and responsibilities of potential users,
including data owners

Which of the following is the BEST way to ensure that an accurate risk register
is maintained over time?

A. Monitor KRIs and record findings in the risk register
B. Publish the risk register centrally with workflow features that periodically
poll risk assessors
C. Distribute the risk register to business process owners for review and
updating
D. Utilize audit personnel to perform regular audits and to maintain the risk
register Right Ans - B. Centrally publishing the risk register and enabling
periodic polling of risk assessors through workflow features will ensure
accuracy of content. A knowledge management platform with workflow and
polling features will automate the process of maintaining the risk register

Which of the following is the MOST important requirement for setting up an
information security infrastructure for a new system?

A. Performing a BIA
B. Considering personal devices as part of the security policy
C. Basing the information security infrastructure on a risk assessment
D. Initiating IT security training and familiarization Right Ans - C. The
information security infrastructure should be based on a risk assessment

The MAIN objective of IT risk management is to:

,A. prevent loss of IT assets
B. provide timely management reports
C. ensure regulatory compliance
D. enable risk-aware business decisions Right Ans - D. IT risk management
should be conducted as part of enterprise risk management (ERM), the
ultimate objective of which is to enable risk-aware business decisions

Which of the following is the PRIMARY reason that a risk practitioner
determines the security boundary prior to conducting a risk assessment?

A. To determine which laws and regulations apply
B. To determine the scope of the risk assessment
C. To determine the business owner(s) of the system
D. To decide between conducting a quantitative or qualitative analysis
Right Ans - B. The primary reason for determining the security boundary is to
establish what systems and components are included in the risk assessment

The PRIMARY advantage of creating and maintaining a risk register is to:

A. ensure than an inventory of potential risk is maintained
B. record all risk scenarios considered during the risk identification process
C. collect similar data on all risk identified within the organization
D. run reports based on various risk scenarios Right Ans - A. Once
important assets and the risk that may impact these assets are identified, the
risk register is used as an inventory of that risk. The risk register can help
enterprises accelerate their risk decision making and establish accountability
for specific risk

The board of directors of a one-year-old start-up company has asked their CIO
to create all of the enterprise's IT policies and procedures. Which of the
following should the CIO create FIRST?

A. The strategic IT plan
B. The data classification scheme
C. The information architecture document
D. The technology infrastructure plan Right Ans - A. The strategic IT plan is
the first policy to be created when setting up an enterprise's governance
model

, A BIA is primarily used to:

A. estimate the resources required to resume and return to normal operations
after a disruption
B. evaluate the impact of a disruption to an enterprise's ability to operate over
time
C. calculate the likelihood and impact of known threats on specific functions
D. evaluate high-level business requirements Right Ans - B

Which of the following is the BIGGEST concern for a CISO regarding
interconnections with systems outside of the enterprise?

A. Requirements to comply with each other's contractual security
requirements
B. Uncertainty that the other system will be available as needed
C. The ability to perform risk assessments on the other system
D. Ensuring that communication between the two systems is encrypted
through a VPN Right Ans - A

Which of the following BEST determines compliance with the risk appetite of
an enterprise?

A. Balance between preventive and detective controls
B. Inherent risk and acceptable risk level
C. Residual risk level and acceptable risk level
D. Balance between countermeasures and preventive controls Right Ans - C

Risk scenarios should be created primarily based on which of the following:

A. Input from senior management
B. Previous security incidents
C. Threats that the enterprise faces
D. Results of the risk analysis Right Ans - C

Which of the following is the BEST indicator of an effective information risk
management program?

A. The security policy is made widely available
B. Risk is considered before all decisions

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Studyhall. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $19.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75057 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$19.99
  • (0)
  Add to cart